_CAP_CPU(r2, 0x4068aea3, &(0x7f0000000140)={0x7b})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x100, 0x40000004, 0x0, 0x0, 0x0, 0x4cb, 0x80000000], 0x10000})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

03:47:17 executing program 1:
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
r2 = dup3(r0, r1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
r3 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r3, &(0x7f0000000180)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000140)={<r4=>0xffffffffffffffff}, 0x106}}, 0x20)
write$RDMA_USER_CM_CMD_QUERY_ROUTE(0xffffffffffffffff, &(0x7f0000000000)={0x5, 0x10, 0xfa00, {0x0, r4}}, 0x18)

03:47:17 executing program 4:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = dup2(r0, r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
bpf$PROG_LOAD(0x5, 0x0, 0x0)

03:47:17 executing program 2:
r0 = socket$alg(0x26, 0x5, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = fcntl$dupfd(r1, 0x0, r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
bind$alg(r0, &(0x7f0000000200)={0x26, 'skcipher\x00', 0x0, 0x0, 'lrw(serpent)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, 0x0, 0x0)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000000)="06a60a990ceebfe2f0dd40ebc0c6544b", 0x10)

03:47:17 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, 0x0)
openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x48186, 0x0)
ioctl$int_in(0xffffffffffffffff, 0x800000c004500a, &(0x7f0000000300))
socket$inet(0x2, 0x80001, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IPVS_CMD_DEL_DEST(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000240)={0x0, <r2=>0x0})
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0xa000000}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(0xffffffffffffffff, 0x4068aea3, &(0x7f0000000140)={0x7b})
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x40000004, 0x0, 0x0, 0x0, 0x4cb, 0x80000000], 0x10000})

03:47:17 executing program 3:
r0 = gettid()
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
chdir(0x0)
r1 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r1, 0x800)
lseek(r1, 0x0, 0x2)
r2 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r1, r2, 0x0, 0x8400fffffffa)
sendfile(r1, r2, 0x0, 0x280900)
timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x1c9c380}}, 0x0)
tkill(r0, 0x401104000000016)

03:47:17 executing program 4:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = dup2(r0, r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
bpf$PROG_LOAD(0x5, 0x0, 0x0)

03:47:17 executing program 1:
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
r2 = dup3(r0, r1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
r3 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r3, &(0x7f0000000180)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000140)={<r4=>0xffffffffffffffff}, 0x106}}, 0x20)
write$RDMA_USER_CM_CMD_QUERY_ROUTE(0xffffffffffffffff, &(0x7f0000000000)={0x5, 0x10, 0xfa00, {0x0, r4}}, 0x18)

[ 1793.341840][   T26] audit: type=1800 audit(1580356037.702:174): pid=25586 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.3" name="bus" dev="sda1" ino=17489 res=0
03:47:17 executing program 2:
r0 = socket$alg(0x26, 0x5, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = fcntl$dupfd(r1, 0x0, r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
bind$alg(r0, &(0x7f0000000200)={0x26, 'skcipher\x00', 0x0, 0x0, 'lrw(serpent)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, 0x0, 0x0)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000000)="06a60a990ceebfe2f0dd40ebc0c6544b", 0x10)

03:47:17 executing program 4:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = dup2(r0, r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
bpf$PROG_LOAD(0x5, 0x0, 0x0)

03:47:17 executing program 3:
r0 = gettid()
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
chdir(0x0)
r1 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r1, 0x800)
lseek(r1, 0x0, 0x2)
r2 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r1, r2, 0x0, 0x8400fffffffa)
sendfile(r1, r2, 0x0, 0x280900)
timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x1c9c380}}, 0x0)
tkill(r0, 0x401104000000016)

03:47:17 executing program 1:
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
r2 = dup3(r0, r1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
r3 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r3, &(0x7f0000000180)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000140), 0x106}}, 0x20)
write$RDMA_USER_CM_CMD_QUERY_ROUTE(r3, 0x0, 0x0)

[ 1793.806130][   T26] audit: type=1800 audit(1580356038.172:175): pid=25623 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.3" name="bus" dev="sda1" ino=17537 res=0
03:47:18 executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000007000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, &(0x7f0000000040))
ioctl$KVM_GET_REG_LIST(0xffffffffffffffff, 0xc008aeb0, 0x0)
dup(0xffffffffffffffff)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r3 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x48186, 0x0)
ioctl$int_in(r3, 0x0, &(0x7f0000000300))
socket$inet(0x2, 0x80001, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00')
sendmsg$IPVS_CMD_DEL_DEST(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x28, r5, 0x1, 0x0, 0x0, {}, [@IPVS_CMD_ATTR_SERVICE={0x14, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_PORT={0x6}, @IPVS_SVC_ATTR_PROTOCOL={0x6}]}]}, 0x28}}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000240)={0x0, <r6=>0x0})
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x7c15000000000000}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r6+30000000}, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(r2, 0x4068aea3, &(0x7f0000000140)={0x7b})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x100, 0x40000004, 0x0, 0x0, 0x0, 0x4cb, 0x80000000], 0x10000})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

03:47:18 executing program 2:
r0 = socket$alg(0x26, 0x5, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = fcntl$dupfd(r1, 0x0, r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
bind$alg(r0, &(0x7f0000000200)={0x26, 'skcipher\x00', 0x0, 0x0, 'lrw(serpent)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000c18000), 0x0)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000000)="06a60a990ceebfe2f0dd40ebc0c6544b", 0x10)

03:47:18 executing program 4:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = dup2(r0, r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x0, 0x4, &(0x7f0000001fd8)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x2a, 0xffffffbd}, [@ldst={0x6, 0x2, 0x5}]}, &(0x7f0000003ff6)='GPL\x00', 0x1, 0xff06, &(0x7f000000cf3d)=""/195}, 0x48)

03:47:18 executing program 1:
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
r2 = dup3(r0, r1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
r3 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r3, &(0x7f0000000180)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000140), 0x106}}, 0x20)
write$RDMA_USER_CM_CMD_QUERY_ROUTE(r3, 0x0, 0x0)

03:47:18 executing program 3:
r0 = gettid()
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
chdir(0x0)
r1 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r1, 0x800)
lseek(r1, 0x0, 0x2)
r2 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r1, r2, 0x0, 0x8400fffffffa)
sendfile(r1, r2, 0x0, 0x280900)
timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x1c9c380}}, 0x0)
tkill(r0, 0x401104000000016)

03:47:18 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, 0x0)
openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x48186, 0x0)
ioctl$int_in(0xffffffffffffffff, 0x800000c004500a, &(0x7f0000000300))
socket$inet(0x2, 0x80001, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IPVS_CMD_DEL_DEST(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000240)={0x0, <r2=>0x0})
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0xb000000}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(0xffffffffffffffff, 0x4068aea3, &(0x7f0000000140)={0x7b})
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x40000004, 0x0, 0x0, 0x0, 0x4cb, 0x80000000], 0x10000})

03:47:18 executing program 2:
r0 = socket$alg(0x26, 0x5, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = fcntl$dupfd(r1, 0x0, r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
bind$alg(r0, &(0x7f0000000200)={0x26, 'skcipher\x00', 0x0, 0x0, 'lrw(serpent)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000c18000), 0x0)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000000)="06a60a990ceebfe2f0dd40ebc0c6544b", 0x10)

03:47:18 executing program 1:
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
r2 = dup3(r0, r1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
r3 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r3, &(0x7f0000000180)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000140), 0x106}}, 0x20)
write$RDMA_USER_CM_CMD_QUERY_ROUTE(r3, 0x0, 0x0)

[ 1794.396686][   T26] audit: type=1800 audit(1580356038.762:176): pid=25649 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.3" name="bus" dev="sda1" ino=16723 res=0
03:47:18 executing program 4:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = dup2(r0, r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x0, 0x4, &(0x7f0000001fd8)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x2a, 0xffffffbd}, [@ldst={0x6, 0x2, 0x5}]}, &(0x7f0000003ff6)='GPL\x00', 0x1, 0xff06, &(0x7f000000cf3d)=""/195}, 0x48)

03:47:18 executing program 3:
r0 = gettid()
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r1 = creat(0x0, 0x0)
ftruncate(r1, 0x800)
lseek(r1, 0x0, 0x2)
r2 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r1, r2, 0x0, 0x8400fffffffa)
sendfile(r1, r2, 0x0, 0x280900)
timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x1c9c380}}, 0x0)
tkill(r0, 0x401104000000016)

03:47:19 executing program 2:
r0 = socket$alg(0x26, 0x5, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = fcntl$dupfd(r1, 0x0, r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
bind$alg(r0, &(0x7f0000000200)={0x26, 'skcipher\x00', 0x0, 0x0, 'lrw(serpent)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000c18000), 0x0)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000000)="06a60a990ceebfe2f0dd40ebc0c6544b", 0x10)

03:47:19 executing program 1:
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
r2 = dup3(r0, r1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
r3 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r3, &(0x7f0000000180)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000140), 0x106}}, 0x20)
write$RDMA_USER_CM_CMD_QUERY_ROUTE(r3, &(0x7f0000000000)={0x5, 0x10, 0xfa00, {0x0}}, 0x18)

03:47:19 executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000007000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, &(0x7f0000000040))
ioctl$KVM_GET_REG_LIST(0xffffffffffffffff, 0xc008aeb0, 0x0)
dup(0xffffffffffffffff)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r3 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x48186, 0x0)
ioctl$int_in(r3, 0x0, &(0x7f0000000300))
socket$inet(0x2, 0x80001, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00')
sendmsg$IPVS_CMD_DEL_DEST(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x28, r5, 0x1, 0x0, 0x0, {}, [@IPVS_CMD_ATTR_SERVICE={0x14, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_PORT={0x6}, @IPVS_SVC_ATTR_PROTOCOL={0x6}]}]}, 0x28}}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000240)={0x0, <r6=>0x0})
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x9a02000000000000}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r6+30000000}, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(r2, 0x4068aea3, &(0x7f0000000140)={0x7b})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x100, 0x40000004, 0x0, 0x0, 0x0, 0x4cb, 0x80000000], 0x10000})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

03:47:19 executing program 4:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = dup2(r0, r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x0, 0x4, &(0x7f0000001fd8)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x2a, 0xffffffbd}, [@ldst={0x6, 0x2, 0x5}]}, &(0x7f0000003ff6)='GPL\x00', 0x1, 0xff06, &(0x7f000000cf3d)=""/195}, 0x48)

03:47:19 executing program 2:
r0 = socket$alg(0x26, 0x5, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = fcntl$dupfd(r1, 0x0, r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
bind$alg(r0, &(0x7f0000000200)={0x26, 'skcipher\x00', 0x0, 0x0, 'lrw(serpent)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5820fae9d", 0x8)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000000)="06a60a990ceebfe2f0dd40ebc0c6544b", 0x10)

03:47:19 executing program 1:
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
r2 = dup3(r0, r1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
r3 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r3, &(0x7f0000000180)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000140), 0x106}}, 0x20)
write$RDMA_USER_CM_CMD_QUERY_ROUTE(r3, &(0x7f0000000000)={0x5, 0x10, 0xfa00, {0x0}}, 0x18)

03:47:19 executing program 3:
r0 = gettid()
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r1 = creat(0x0, 0x0)
ftruncate(r1, 0x800)
lseek(r1, 0x0, 0x2)
r2 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r1, r2, 0x0, 0x8400fffffffa)
sendfile(r1, r2, 0x0, 0x280900)
timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x1c9c380}}, 0x0)
tkill(r0, 0x401104000000016)

03:47:19 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, 0x0)
openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x48186, 0x0)
ioctl$int_in(0xffffffffffffffff, 0x800000c004500a, &(0x7f0000000300))
socket$inet(0x2, 0x80001, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IPVS_CMD_DEL_DEST(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000240)={0x0, <r2=>0x0})
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0xb000200}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(0xffffffffffffffff, 0x4068aea3, &(0x7f0000000140)={0x7b})
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x40000004, 0x0, 0x0, 0x0, 0x4cb, 0x80000000], 0x10000})

03:47:19 executing program 4:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = dup2(r0, r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x1, 0x0, 0x0, &(0x7f0000003ff6)='GPL\x00', 0x1, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x78)

03:47:19 executing program 2:
r0 = socket$alg(0x26, 0x5, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = fcntl$dupfd(r1, 0x0, r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
bind$alg(r0, &(0x7f0000000200)={0x26, 'skcipher\x00', 0x0, 0x0, 'lrw(serpent)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5820fae9d", 0x8)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000000)="06a60a990ceebfe2f0dd40ebc0c6544b", 0x10)

03:47:20 executing program 3:
r0 = gettid()
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r1 = creat(0x0, 0x0)
ftruncate(r1, 0x800)
lseek(r1, 0x0, 0x2)
r2 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r1, r2, 0x0, 0x8400fffffffa)
sendfile(r1, r2, 0x0, 0x280900)
timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x1c9c380}}, 0x0)
tkill(r0, 0x401104000000016)

03:47:20 executing program 2:
r0 = socket$alg(0x26, 0x5, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = fcntl$dupfd(r1, 0x0, r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
bind$alg(r0, &(0x7f0000000200)={0x26, 'skcipher\x00', 0x0, 0x0, 'lrw(serpent)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5820fae9d", 0x8)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000000)="06a60a990ceebfe2f0dd40ebc0c6544b", 0x10)

03:47:20 executing program 1:
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
r2 = dup3(r0, r1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
r3 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r3, &(0x7f0000000180)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000140), 0x106}}, 0x20)
write$RDMA_USER_CM_CMD_QUERY_ROUTE(r3, &(0x7f0000000000)={0x5, 0x10, 0xfa00, {0x0}}, 0x18)

03:47:20 executing program 4:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = dup2(r0, r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x1, 0x0, 0x0, &(0x7f0000003ff6)='GPL\x00', 0x1, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x78)

03:47:20 executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000007000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, &(0x7f0000000040))
ioctl$KVM_GET_REG_LIST(0xffffffffffffffff, 0xc008aeb0, 0x0)
dup(0xffffffffffffffff)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r3 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x48186, 0x0)
ioctl$int_in(r3, 0x0, &(0x7f0000000300))
socket$inet(0x2, 0x80001, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00')
sendmsg$IPVS_CMD_DEL_DEST(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x28, r5, 0x1, 0x0, 0x0, {}, [@IPVS_CMD_ATTR_SERVICE={0x14, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_PORT={0x6}, @IPVS_SVC_ATTR_PROTOCOL={0x6}]}]}, 0x28}}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000240)={0x0, <r6=>0x0})
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0xa305000000000000}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r6+30000000}, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(r2, 0x4068aea3, &(0x7f0000000140)={0x7b})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x100, 0x40000004, 0x0, 0x0, 0x0, 0x4cb, 0x80000000], 0x10000})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

03:47:20 executing program 3:
r0 = gettid()
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r1 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(0xffffffffffffffff, 0x800)
lseek(r1, 0x0, 0x2)
r2 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r1, r2, 0x0, 0x8400fffffffa)
sendfile(r1, r2, 0x0, 0x280900)
timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x1c9c380}}, 0x0)
tkill(r0, 0x401104000000016)

03:47:20 executing program 2:
r0 = socket$alg(0x26, 0x5, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = fcntl$dupfd(r1, 0x0, r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
bind$alg(r0, &(0x7f0000000200)={0x26, 'skcipher\x00', 0x0, 0x0, 'lrw(serpent)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5820fae9d6dcd3292", 0xc)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000000)="06a60a990ceebfe2f0dd40ebc0c6544b", 0x10)

03:47:20 executing program 4:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = dup2(r0, r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x1, 0x0, 0x0, &(0x7f0000003ff6)='GPL\x00', 0x1, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x78)

03:47:20 executing program 1:
r0 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff7fffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9f, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
openat$snapshot(0xffffffffffffff9c, 0x0, 0x0, 0x0)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, r1, 0x0)
ioctl$PERF_EVENT_IOC_SET_OUTPUT(r0, 0x2405, r1)
ioctl$PERF_EVENT_IOC_SET_OUTPUT(r0, 0x2405, r1)

03:47:20 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, 0x0)
openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x48186, 0x0)
ioctl$int_in(0xffffffffffffffff, 0x800000c004500a, &(0x7f0000000300))
socket$inet(0x2, 0x80001, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IPVS_CMD_DEL_DEST(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000240)={0x0, <r2=>0x0})
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0xd000000}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(0xffffffffffffffff, 0x4068aea3, &(0x7f0000000140)={0x7b})
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x40000004, 0x0, 0x0, 0x0, 0x4cb, 0x80000000], 0x10000})

03:47:20 executing program 4:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = dup2(r0, r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x1, 0x4, &(0x7f0000001fd8)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x0, 0xffffffbd}, [@ldst={0x6, 0x2, 0x5}]}, &(0x7f0000003ff6)='GPL\x00', 0x1, 0xff06, &(0x7f000000cf3d)=""/195}, 0x48)

03:47:20 executing program 2:
r0 = socket$alg(0x26, 0x5, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = fcntl$dupfd(r1, 0x0, r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
bind$alg(r0, &(0x7f0000000200)={0x26, 'skcipher\x00', 0x0, 0x0, 'lrw(serpent)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5820fae9d6dcd3292", 0xc)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000000)="06a60a990ceebfe2f0dd40ebc0c6544b", 0x10)

03:47:20 executing program 1:
r0 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff7fffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9f, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
openat$snapshot(0xffffffffffffff9c, 0x0, 0x0, 0x0)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, r1, 0x0)
ioctl$PERF_EVENT_IOC_SET_OUTPUT(r0, 0x2405, r1)
ioctl$PERF_EVENT_IOC_SET_OUTPUT(r0, 0x2405, r1)

[ 1796.308287][   T26] audit: type=1800 audit(1580356040.672:177): pid=25762 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.3" name="bus" dev="loop3" ino=184 res=0
03:47:20 executing program 4:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = dup2(r0, r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x1, 0x4, &(0x7f0000001fd8)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x0, 0xffffffbd}, [@ldst={0x6, 0x2, 0x5}]}, &(0x7f0000003ff6)='GPL\x00', 0x1, 0xff06, &(0x7f000000cf3d)=""/195}, 0x48)

03:47:20 executing program 3:
r0 = gettid()
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r1 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(0xffffffffffffffff, 0x800)
lseek(r1, 0x0, 0x2)
r2 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r1, r2, 0x0, 0x8400fffffffa)
sendfile(r1, r2, 0x0, 0x280900)
timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x1c9c380}}, 0x0)
tkill(r0, 0x401104000000016)

03:47:20 executing program 2:
r0 = socket$alg(0x26, 0x5, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = fcntl$dupfd(r1, 0x0, r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
bind$alg(r0, &(0x7f0000000200)={0x26, 'skcipher\x00', 0x0, 0x0, 'lrw(serpent)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5820fae9d6dcd3292", 0xc)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000000)="06a60a990ceebfe2f0dd40ebc0c6544b", 0x10)

[ 1796.832024][   T26] audit: type=1800 audit(1580356041.192:178): pid=25792 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.3" name="bus" dev="loop3" ino=185 res=0
03:47:21 executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000007000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, &(0x7f0000000040))
ioctl$KVM_GET_REG_LIST(0xffffffffffffffff, 0xc008aeb0, 0x0)
dup(0xffffffffffffffff)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r3 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x48186, 0x0)
ioctl$int_in(r3, 0x0, &(0x7f0000000300))
socket$inet(0x2, 0x80001, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00')
sendmsg$IPVS_CMD_DEL_DEST(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x28, r5, 0x1, 0x0, 0x0, {}, [@IPVS_CMD_ATTR_SERVICE={0x14, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_PORT={0x6}, @IPVS_SVC_ATTR_PROTOCOL={0x6}]}]}, 0x28}}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000240)={0x0, <r6=>0x0})
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0xfefdffff00000000}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r6+30000000}, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(r2, 0x4068aea3, &(0x7f0000000140)={0x7b})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x100, 0x40000004, 0x0, 0x0, 0x0, 0x4cb, 0x80000000], 0x10000})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

03:47:21 executing program 4:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = dup2(r0, r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x1, 0x4, &(0x7f0000001fd8)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x0, 0xffffffbd}, [@ldst={0x6, 0x2, 0x5}]}, &(0x7f0000003ff6)='GPL\x00', 0x1, 0xff06, &(0x7f000000cf3d)=""/195}, 0x48)

03:47:21 executing program 1:
perf_event_open(&(0x7f0000001340)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41bf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r0, &(0x7f0000000100)={0x2, 0x0, @local}, 0x10)
setsockopt$sock_int(r0, 0x1, 0x6, &(0x7f0000000380)=0x1a, 0x4)
setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000080)=0x27fc, 0x4)
fcntl$setstatus(r0, 0x4, 0x4b800)
connect$inet(r0, &(0x7f0000000200)={0x2, 0x0, @broadcast}, 0x10)
sendmmsg(r0, &(0x7f0000007fc0), 0x4000000000001a8, 0x0)

03:47:21 executing program 3:
r0 = gettid()
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r1 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(0xffffffffffffffff, 0x800)
lseek(r1, 0x0, 0x2)
r2 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r1, r2, 0x0, 0x8400fffffffa)
sendfile(r1, r2, 0x0, 0x280900)
timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x1c9c380}}, 0x0)
tkill(r0, 0x401104000000016)

03:47:21 executing program 2:
r0 = socket$alg(0x26, 0x5, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = fcntl$dupfd(r1, 0x0, r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
bind$alg(r0, &(0x7f0000000200)={0x26, 'skcipher\x00', 0x0, 0x0, 'lrw(serpent)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5820fae9d6dcd3292ea54", 0xe)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000000)="06a60a990ceebfe2f0dd40ebc0c6544b", 0x10)

[ 1797.227712][   T26] audit: type=1800 audit(1580356041.592:179): pid=25813 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.3" name="bus" dev="loop3" ino=186 res=0
03:47:21 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, 0x0)
openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x48186, 0x0)
ioctl$int_in(0xffffffffffffffff, 0x800000c004500a, &(0x7f0000000300))
socket$inet(0x2, 0x80001, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IPVS_CMD_DEL_DEST(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000240)={0x0, <r2=>0x0})
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0xe000000}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(0xffffffffffffffff, 0x4068aea3, &(0x7f0000000140)={0x7b})
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x40000004, 0x0, 0x0, 0x0, 0x4cb, 0x80000000], 0x10000})

03:47:21 executing program 1:
r0 = socket$unix(0x1, 0x1, 0x0)
r1 = socket$unix(0x1, 0x1, 0x0)
bind$unix(r1, &(0x7f0000366000)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0xc)
listen(r1, 0x0)
connect$unix(r0, &(0x7f0000932000)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0xc)
r2 = accept4(r1, 0x0, 0x0, 0x0)
fcntl$setlease(r2, 0x406, 0x0)

03:47:21 executing program 4:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = dup2(r0, r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x1, 0x3, &(0x7f0000001fd8)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x2a, 0xffffffbd}}, &(0x7f0000003ff6)='GPL\x00', 0x1, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x78)

03:47:21 executing program 2:
r0 = socket$alg(0x26, 0x5, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = fcntl$dupfd(r1, 0x0, r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
bind$alg(r0, &(0x7f0000000200)={0x26, 'skcipher\x00', 0x0, 0x0, 'lrw(serpent)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5820fae9d6dcd3292ea54", 0xe)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000000)="06a60a990ceebfe2f0dd40ebc0c6544b", 0x10)

03:47:21 executing program 3:
r0 = gettid()
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r1 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r1, 0x0)
lseek(r1, 0x0, 0x2)
r2 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r1, r2, 0x0, 0x8400fffffffa)
sendfile(r1, r2, 0x0, 0x280900)
timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x1c9c380}}, 0x0)
tkill(r0, 0x401104000000016)

03:47:21 executing program 2:
r0 = socket$alg(0x26, 0x5, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = fcntl$dupfd(r1, 0x0, r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
bind$alg(r0, &(0x7f0000000200)={0x26, 'skcipher\x00', 0x0, 0x0, 'lrw(serpent)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5820fae9d6dcd3292ea54", 0xe)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000000)="06a60a990ceebfe2f0dd40ebc0c6544b", 0x10)

03:47:21 executing program 1:
r0 = timerfd_create(0x0, 0x0)
close(r0)
r1 = socket$unix(0x1, 0x1, 0x0)
bind$unix(r1, &(0x7f0000366000)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0xc)
listen(r0, 0x0)

[ 1797.718270][   T26] audit: type=1800 audit(1580356042.082:180): pid=25838 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.3" name="bus" dev="sda1" ino=17691 res=0
03:47:22 executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000007000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, &(0x7f0000000040))
ioctl$KVM_GET_REG_LIST(0xffffffffffffffff, 0xc008aeb0, 0x0)
dup(0xffffffffffffffff)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r3 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x48186, 0x0)
ioctl$int_in(r3, 0x0, &(0x7f0000000300))
socket$inet(0x2, 0x80001, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00')
sendmsg$IPVS_CMD_DEL_DEST(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x28, r5, 0x1, 0x0, 0x0, {}, [@IPVS_CMD_ATTR_SERVICE={0x14, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_PORT={0x6}, @IPVS_SVC_ATTR_PROTOCOL={0x6}]}]}, 0x28}}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000240)={0x0, <r6=>0x0})
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0xfeffffff00000000}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r6+30000000}, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(r2, 0x4068aea3, &(0x7f0000000140)={0x7b})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x100, 0x40000004, 0x0, 0x0, 0x0, 0x4cb, 0x80000000], 0x10000})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

03:47:22 executing program 4:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = dup2(r0, r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x1, 0x3, &(0x7f0000001fd8)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x2a, 0xffffffbd}}, &(0x7f0000003ff6)='GPL\x00', 0x1, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x78)

03:47:22 executing program 1:
perf_event_open(&(0x7f0000001340)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41bf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r0, &(0x7f0000000100)={0x2, 0x0, @local}, 0x10)
setsockopt$sock_int(r0, 0x1, 0x6, &(0x7f0000000380)=0x1a, 0x4)
sendmsg$inet(0xffffffffffffffff, &(0x7f0000008980)={0x0, 0x0, 0x0, 0x0, &(0x7f0000008800)=[@ip_tos_int={{0x14}}, @ip_tos_u8={{0x11}}], 0x30}, 0x0)
write(0xffffffffffffffff, 0x0, 0x0)
r1 = socket(0x1e, 0x4, 0x0)
recvmsg$can_j1939(0xffffffffffffffff, &(0x7f00000004c0)={&(0x7f0000000180)=@llc={0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, @local}, 0x80, 0x0}, 0x120)
sendmmsg(r1, &(0x7f0000000b00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0)
setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000080)=0x27fc, 0x4)
fcntl$setstatus(r0, 0x4, 0x4b800)
connect$inet(r0, &(0x7f0000000200)={0x2, 0x0, @broadcast}, 0x10)
clock_gettime(0x0, &(0x7f0000000500))
ioctl$TUNSETNOCSUM(0xffffffffffffffff, 0x400454c8, 0x0)
sendmmsg(r0, &(0x7f0000007fc0), 0x4000000000001a8, 0x0)

03:47:22 executing program 2:
r0 = socket$alg(0x26, 0x5, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = fcntl$dupfd(r1, 0x0, r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
bind$alg(r0, &(0x7f0000000200)={0x26, 'skcipher\x00', 0x0, 0x0, 'lrw(serpent)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5820fae9d6dcd3292ea54c7", 0xf)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000000)="06a60a990ceebfe2f0dd40ebc0c6544b", 0x10)

03:47:22 executing program 3:
r0 = gettid()
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r1 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r1, 0x0)
lseek(r1, 0x0, 0x2)
r2 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r1, r2, 0x0, 0x8400fffffffa)
sendfile(r1, r2, 0x0, 0x280900)
timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x1c9c380}}, 0x0)
tkill(r0, 0x401104000000016)

[ 1798.180196][   T26] audit: type=1800 audit(1580356042.542:181): pid=25869 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.3" name="bus" dev="loop3" ino=187 res=0
03:47:22 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, 0x0)
openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x48186, 0x0)
ioctl$int_in(0xffffffffffffffff, 0x800000c004500a, &(0x7f0000000300))
socket$inet(0x2, 0x80001, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IPVS_CMD_DEL_DEST(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000240)={0x0, <r2=>0x0})
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0xf000000}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(0xffffffffffffffff, 0x4068aea3, &(0x7f0000000140)={0x7b})
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x40000004, 0x0, 0x0, 0x0, 0x4cb, 0x80000000], 0x10000})

03:47:22 executing program 1:
perf_event_open(&(0x7f0000001340)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41bf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r0, &(0x7f0000000100)={0x2, 0x0, @local}, 0x10)
setsockopt$sock_int(r0, 0x1, 0x6, &(0x7f0000000380)=0x1a, 0x4)
sendmsg$inet(0xffffffffffffffff, &(0x7f0000008980)={0x0, 0x0, 0x0, 0x0, &(0x7f0000008800)=[@ip_tos_int={{0x14}}, @ip_tos_u8={{0x11}}], 0x30}, 0x0)
write(0xffffffffffffffff, 0x0, 0x0)
r1 = socket(0x1e, 0x4, 0x0)
recvmsg$can_j1939(0xffffffffffffffff, &(0x7f00000004c0)={&(0x7f0000000180)=@llc={0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, @local}, 0x80, 0x0}, 0x120)
sendmmsg(r1, &(0x7f0000000b00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0)
setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000080)=0x27fc, 0x4)
fcntl$setstatus(r0, 0x4, 0x4b800)
connect$inet(r0, &(0x7f0000000200)={0x2, 0x0, @broadcast}, 0x10)
clock_gettime(0x0, &(0x7f0000000500))
ioctl$TUNSETNOCSUM(0xffffffffffffffff, 0x400454c8, 0x0)
sendmmsg(r0, &(0x7f0000007fc0), 0x4000000000001a8, 0x0)

03:47:22 executing program 4:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = dup2(r0, r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x1, 0x3, &(0x7f0000001fd8)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x2a, 0xffffffbd}}, &(0x7f0000003ff6)='GPL\x00', 0x1, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x78)

03:47:22 executing program 2:
r0 = socket$alg(0x26, 0x5, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = fcntl$dupfd(r1, 0x0, r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
bind$alg(r0, &(0x7f0000000200)={0x26, 'skcipher\x00', 0x0, 0x0, 'lrw(serpent)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5820fae9d6dcd3292ea54c7", 0xf)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000000)="06a60a990ceebfe2f0dd40ebc0c6544b", 0x10)

03:47:22 executing program 3:
r0 = gettid()
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r1 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r1, 0x0)
lseek(r1, 0x0, 0x2)
r2 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r1, r2, 0x0, 0x8400fffffffa)
sendfile(r1, r2, 0x0, 0x280900)
timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x1c9c380}}, 0x0)
tkill(r0, 0x401104000000016)

03:47:22 executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000007000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, &(0x7f0000000040))
ioctl$KVM_GET_REG_LIST(0xffffffffffffffff, 0xc008aeb0, 0x0)
dup(0xffffffffffffffff)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r3 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x48186, 0x0)
ioctl$int_in(r3, 0x0, &(0x7f0000000300))
socket$inet(0x2, 0x80001, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00')
sendmsg$IPVS_CMD_DEL_DEST(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x28, r5, 0x1, 0x0, 0x0, {}, [@IPVS_CMD_ATTR_SERVICE={0x14, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_PORT={0x6}, @IPVS_SVC_ATTR_PROTOCOL={0x6}]}]}, 0x28}}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000240)={0x0, <r6=>0x0})
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0xffffff7f00000000}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r6+30000000}, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(r2, 0x4068aea3, &(0x7f0000000140)={0x7b})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x100, 0x40000004, 0x0, 0x0, 0x0, 0x4cb, 0x80000000], 0x10000})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

03:47:22 executing program 4:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = dup2(r0, r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x1, 0x4, &(0x7f0000001fd8)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x2a, 0xffffffbd}, [@ldst={0x0, 0x2, 0x5}]}, &(0x7f0000003ff6)='GPL\x00', 0x1, 0xff06, &(0x7f000000cf3d)=""/195}, 0x48)

[ 1798.681899][   T26] audit: type=1800 audit(1580356043.042:182): pid=25893 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.3" name="bus" dev="loop3" ino=188 res=0
03:47:23 executing program 4:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = dup2(r0, r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x1, 0x4, &(0x7f0000001fd8)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x2a, 0xffffffbd}, [@ldst={0x0, 0x2, 0x5}]}, &(0x7f0000003ff6)='GPL\x00', 0x1, 0xff06, &(0x7f000000cf3d)=""/195}, 0x48)

03:47:23 executing program 2:
r0 = socket$alg(0x26, 0x5, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = fcntl$dupfd(r1, 0x0, r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
bind$alg(r0, &(0x7f0000000200)={0x26, 'skcipher\x00', 0x0, 0x0, 'lrw(serpent)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5820fae9d6dcd3292ea54c7", 0xf)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000000)="06a60a990ceebfe2f0dd40ebc0c6544b", 0x10)

03:47:23 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, 0x0)
openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x48186, 0x0)
ioctl$int_in(0xffffffffffffffff, 0x800000c004500a, &(0x7f0000000300))
socket$inet(0x2, 0x80001, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IPVS_CMD_DEL_DEST(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000240)={0x0, <r2=>0x0})
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x10000000}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(0xffffffffffffffff, 0x4068aea3, &(0x7f0000000140)={0x7b})
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x40000004, 0x0, 0x0, 0x0, 0x4cb, 0x80000000], 0x10000})

03:47:23 executing program 4:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = dup2(r0, r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x1, 0x4, &(0x7f0000001fd8)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x2a, 0xffffffbd}, [@ldst={0x0, 0x2, 0x5}]}, &(0x7f0000003ff6)='GPL\x00', 0x1, 0xff06, &(0x7f000000cf3d)=""/195}, 0x48)

03:47:23 executing program 3:
r0 = gettid()
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r1 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r1, 0x800)
lseek(0xffffffffffffffff, 0x0, 0x2)
r2 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r1, r2, 0x0, 0x8400fffffffa)
sendfile(r1, r2, 0x0, 0x280900)
timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x1c9c380}}, 0x0)
tkill(r0, 0x401104000000016)

03:47:23 executing program 1:
perf_event_open(&(0x7f0000001340)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41bf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r0, &(0x7f0000000100)={0x2, 0x0, @local}, 0x10)
setsockopt$sock_int(r0, 0x1, 0x6, &(0x7f0000000380)=0x1a, 0x4)
sendmsg$inet(0xffffffffffffffff, &(0x7f0000008980)={0x0, 0x0, 0x0, 0x0, &(0x7f0000008800)=[@ip_tos_int={{0x14}}, @ip_tos_u8={{0x11}}], 0x30}, 0x0)
write(0xffffffffffffffff, 0x0, 0x0)
sendmsg$IPSET_CMD_TEST(0xffffffffffffffff, 0x0, 0x0)
setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000080)=0x27fc, 0x4)
fcntl$setstatus(r0, 0x4, 0x4b800)
connect$inet(r0, &(0x7f0000000200)={0x2, 0x0, @broadcast}, 0x10)
sendmmsg(r0, &(0x7f0000007fc0), 0x4000000000001a8, 0x0)

03:47:23 executing program 2:
r0 = socket$alg(0x26, 0x5, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = fcntl$dupfd(r1, 0x0, r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
bind$alg(r0, &(0x7f0000000200)={0x26, 'skcipher\x00', 0x0, 0x0, 'lrw(serpent)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5820fae9d6dcd3292ea54c7be", 0x10)
setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, &(0x7f0000000000)="06a60a990ceebfe2f0dd40ebc0c6544b", 0x10)

03:47:23 executing program 4:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = dup2(r0, r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x1, 0x4, &(0x7f0000001fd8)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x2a, 0xffffffbd}, [@ldst={0x6, 0x0, 0x5}]}, &(0x7f0000003ff6)='GPL\x00', 0x1, 0xff06, &(0x7f000000cf3d)=""/195}, 0x48)

[ 1799.327637][   T26] audit: type=1800 audit(1580356043.692:183): pid=25928 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.3" name="bus" dev="loop3" ino=189 res=0
03:47:23 executing program 3:
r0 = gettid()
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r1 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r1, 0x800)
lseek(0xffffffffffffffff, 0x0, 0x2)
r2 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r1, r2, 0x0, 0x8400fffffffa)
sendfile(r1, r2, 0x0, 0x280900)
timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x1c9c380}}, 0x0)
tkill(r0, 0x401104000000016)

03:47:23 executing program 2:
r0 = socket$alg(0x26, 0x5, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = fcntl$dupfd(r1, 0x0, r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
bind$alg(r0, &(0x7f0000000200)={0x26, 'skcipher\x00', 0x0, 0x0, 'lrw(serpent)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5820fae9d6dcd3292ea54c7be", 0x10)
setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, &(0x7f0000000000)="06a60a990ceebfe2f0dd40ebc0c6544b", 0x10)

03:47:23 executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000007000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, &(0x7f0000000040))
ioctl$KVM_GET_REG_LIST(0xffffffffffffffff, 0xc008aeb0, 0x0)
dup(0xffffffffffffffff)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r3 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x48186, 0x0)
ioctl$int_in(r3, 0x0, &(0x7f0000000300))
socket$inet(0x2, 0x80001, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00')
sendmsg$IPVS_CMD_DEL_DEST(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x28, r5, 0x1, 0x0, 0x0, {}, [@IPVS_CMD_ATTR_SERVICE={0x14, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_PORT={0x6}, @IPVS_SVC_ATTR_PROTOCOL={0x6}]}]}, 0x28}}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000240)={0x0, <r6=>0x0})
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0xffffffff00000000}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r6+30000000}, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(r2, 0x4068aea3, &(0x7f0000000140)={0x7b})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x100, 0x40000004, 0x0, 0x0, 0x0, 0x4cb, 0x80000000], 0x10000})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

03:47:23 executing program 4:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = dup2(r0, r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x1, 0x4, &(0x7f0000001fd8)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x2a, 0xffffffbd}, [@ldst={0x6, 0x0, 0x5}]}, &(0x7f0000003ff6)='GPL\x00', 0x1, 0xff06, &(0x7f000000cf3d)=""/195}, 0x48)

03:47:23 executing program 1:
perf_event_open(&(0x7f0000001340)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41bf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r0, &(0x7f0000000100)={0x2, 0x0, @local}, 0x10)
setsockopt$sock_int(r0, 0x1, 0x6, &(0x7f0000000380)=0x1a, 0x4)
sendmsg$inet(0xffffffffffffffff, &(0x7f0000008980)={0x0, 0x0, 0x0, 0x0, &(0x7f0000008800)=[@ip_tos_int={{0x14}}, @ip_tos_u8={{0x11}}], 0x30}, 0x0)
write(0xffffffffffffffff, 0x0, 0x0)
sendmsg$IPSET_CMD_TEST(0xffffffffffffffff, 0x0, 0x0)
setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000080)=0x27fc, 0x4)
fcntl$setstatus(r0, 0x4, 0x4b800)
connect$inet(r0, &(0x7f0000000200)={0x2, 0x0, @broadcast}, 0x10)
sendmmsg(r0, &(0x7f0000007fc0), 0x4000000000001a8, 0x0)

03:47:24 executing program 2:
r0 = socket$alg(0x26, 0x5, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = fcntl$dupfd(r1, 0x0, r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
bind$alg(r0, &(0x7f0000000200)={0x26, 'skcipher\x00', 0x0, 0x0, 'lrw(serpent)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5820fae9d6dcd3292ea54c7be", 0x10)
setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, &(0x7f0000000000)="06a60a990ceebfe2f0dd40ebc0c6544b", 0x10)

03:47:24 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, 0x0)
openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x48186, 0x0)
ioctl$int_in(0xffffffffffffffff, 0x800000c004500a, &(0x7f0000000300))
socket$inet(0x2, 0x80001, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IPVS_CMD_DEL_DEST(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000240)={0x0, <r2=>0x0})
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x11000000}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(0xffffffffffffffff, 0x4068aea3, &(0x7f0000000140)={0x7b})
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x40000004, 0x0, 0x0, 0x0, 0x4cb, 0x80000000], 0x10000})

03:47:24 executing program 4:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = dup2(r0, r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x1, 0x4, &(0x7f0000001fd8)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x2a, 0xffffffbd}, [@ldst={0x6, 0x0, 0x5}]}, &(0x7f0000003ff6)='GPL\x00', 0x1, 0xff06, &(0x7f000000cf3d)=""/195}, 0x48)

[ 1799.852490][   T26] audit: type=1800 audit(1580356044.212:184): pid=25955 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.3" name="bus" dev="loop3" ino=190 res=0
03:47:24 executing program 1:
pipe(&(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = socket$inet_udp(0x2, 0x2, 0x0)
close(r2)
socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_LIST(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="1c000000040601010000000000000002000000000500010007"], 0x1}}, 0x0)
write$binfmt_misc(r1, &(0x7f0000000000)=ANY=[], 0xfffffecc)
splice(r0, 0x0, r2, 0x0, 0x80001600, 0x0)

03:47:24 executing program 3:
r0 = gettid()
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r1 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r1, 0x800)
lseek(0xffffffffffffffff, 0x0, 0x2)
r2 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r1, r2, 0x0, 0x8400fffffffa)
sendfile(r1, r2, 0x0, 0x280900)
timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x1c9c380}}, 0x0)
tkill(r0, 0x401104000000016)

03:47:24 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, 0x0)
openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x48186, 0x0)
ioctl$int_in(0xffffffffffffffff, 0x800000c004500a, &(0x7f0000000300))
socket$inet(0x2, 0x80001, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IPVS_CMD_DEL_DEST(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000240)={0x0, <r2=>0x0})
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x12000000}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(0xffffffffffffffff, 0x4068aea3, &(0x7f0000000140)={0x7b})
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x40000004, 0x0, 0x0, 0x0, 0x4cb, 0x80000000], 0x10000})

03:47:24 executing program 4:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = dup2(r0, r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x1, 0x4, &(0x7f0000001fd8)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x2a, 0xffffffbd}, [@ldst={0x6, 0x2}]}, &(0x7f0000003ff6)='GPL\x00', 0x1, 0xff06, &(0x7f000000cf3d)=""/195}, 0x48)

03:47:24 executing program 2:
r0 = socket$alg(0x26, 0x5, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = fcntl$dupfd(r1, 0x0, r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
bind$alg(r0, &(0x7f0000000200)={0x26, 'skcipher\x00', 0x0, 0x0, 'lrw(serpent)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5820fae9d6dcd3292ea54c7be", 0x10)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, 0x0, 0x0)

03:47:24 executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000007000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, &(0x7f0000000040))
ioctl$KVM_GET_REG_LIST(0xffffffffffffffff, 0xc008aeb0, 0x0)
dup(0xffffffffffffffff)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r3 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x48186, 0x0)
ioctl$int_in(r3, 0x0, &(0x7f0000000300))
socket$inet(0x2, 0x80001, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00')
sendmsg$IPVS_CMD_DEL_DEST(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x28, r5, 0x1, 0x0, 0x0, {}, [@IPVS_CMD_ATTR_SERVICE={0x14, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_PORT={0x6}, @IPVS_SVC_ATTR_PROTOCOL={0x6}]}]}, 0x28}}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000240)={0x0, <r6=>0x0})
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x2}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r6+30000000}, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(r2, 0x4068aea3, &(0x7f0000000140)={0x7b})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x100, 0x40000004, 0x0, 0x0, 0x0, 0x4cb, 0x80000000], 0x10000})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

[ 1800.380082][   T26] audit: type=1800 audit(1580356044.742:185): pid=25997 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.3" name="bus" dev="loop3" ino=191 res=0
03:47:24 executing program 4:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = dup2(r0, r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x1, 0x4, &(0x7f0000001fd8)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x2a, 0xffffffbd}, [@ldst={0x6, 0x2}]}, &(0x7f0000003ff6)='GPL\x00', 0x1, 0xff06, &(0x7f000000cf3d)=""/195}, 0x48)

03:47:24 executing program 2:
r0 = socket$alg(0x26, 0x5, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = fcntl$dupfd(r1, 0x0, r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
bind$alg(r0, &(0x7f0000000200)={0x26, 'skcipher\x00', 0x0, 0x0, 'lrw(serpent)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5820fae9d6dcd3292ea54c7be", 0x10)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, 0x0, 0x0)

03:47:24 executing program 3:
r0 = gettid()
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r1 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r1, 0x800)
lseek(r1, 0x0, 0x0)
r2 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r1, r2, 0x0, 0x8400fffffffa)
sendfile(r1, r2, 0x0, 0x280900)
timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x1c9c380}}, 0x0)
tkill(r0, 0x401104000000016)

03:47:24 executing program 4:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = dup2(r0, r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x1, 0x4, &(0x7f0000001fd8)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x2a, 0xffffffbd}, [@ldst={0x6, 0x2}]}, &(0x7f0000003ff6)='GPL\x00', 0x1, 0xff06, &(0x7f000000cf3d)=""/195}, 0x48)

03:47:25 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, 0x0)
openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x48186, 0x0)
ioctl$int_in(0xffffffffffffffff, 0x800000c004500a, &(0x7f0000000300))
socket$inet(0x2, 0x80001, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IPVS_CMD_DEL_DEST(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000240)={0x0, <r2=>0x0})
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1d000000}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(0xffffffffffffffff, 0x4068aea3, &(0x7f0000000140)={0x7b})
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x40000004, 0x0, 0x0, 0x0, 0x4cb, 0x80000000], 0x10000})

03:47:25 executing program 2:
r0 = socket$alg(0x26, 0x5, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = fcntl$dupfd(r1, 0x0, r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
bind$alg(r0, &(0x7f0000000200)={0x26, 'skcipher\x00', 0x0, 0x0, 'lrw(serpent)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5820fae9d6dcd3292ea54c7be", 0x10)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, 0x0, 0x0)

03:47:25 executing program 1:
write$sndseq(0xffffffffffffffff, &(0x7f0000000480), 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
mknod(&(0x7f0000000040)='./file0\x00', 0x1040, 0x0)
open(&(0x7f00000000c0)='./file0\x00', 0xa001, 0x0)
timer_create(0x0, &(0x7f0000066000)={0x0, 0x12}, &(0x7f00009b1ffc))
open(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)
openat$zero(0xffffffffffffff9c, 0x0, 0x0, 0x0)
openat$zero(0xffffffffffffff9c, 0x0, 0x0, 0x0)

03:47:25 executing program 4:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = dup2(r0, r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x1, 0x4, &(0x7f0000001fd8)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x2a, 0xffffffbd}, [@ldst={0x6, 0x2, 0x5}]}, 0x0, 0x1, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x78)

[ 1800.852577][   T26] audit: type=1800 audit(1580356045.212:186): pid=26026 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.3" name="bus" dev="loop3" ino=192 res=0
03:47:25 executing program 2:
r0 = socket$alg(0x26, 0x5, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = fcntl$dupfd(r1, 0x0, r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
bind$alg(r0, &(0x7f0000000200)={0x26, 'skcipher\x00', 0x0, 0x0, 'lrw(serpent)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5820fae9d6dcd3292ea54c7be", 0x10)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000000), 0x0)

03:47:25 executing program 4:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = dup2(r0, r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x1, 0x4, &(0x7f0000001fd8)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x2a, 0xffffffbd}, [@ldst={0x6, 0x2, 0x5}]}, 0x0, 0x1, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x78)

03:47:25 executing program 1:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ptmx\x00', 0x0, 0x0)
ioctl$TCSETA(r0, 0x5406, &(0x7f0000000000)={0xfffe, 0x0, 0x0, 0xb627, 0x0, "04032e7afffffff1"})

03:47:25 executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000007000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, &(0x7f0000000040))
ioctl$KVM_GET_REG_LIST(0xffffffffffffffff, 0xc008aeb0, 0x0)
dup(0xffffffffffffffff)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r3 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x48186, 0x0)
ioctl$int_in(r3, 0x0, &(0x7f0000000300))
socket$inet(0x2, 0x80001, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00')
sendmsg$IPVS_CMD_DEL_DEST(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x28, r5, 0x1, 0x0, 0x0, {}, [@IPVS_CMD_ATTR_SERVICE={0x14, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_PORT={0x6}, @IPVS_SVC_ATTR_PROTOCOL={0x6}]}]}, 0x28}}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000240)={0x0, <r6=>0x0})
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x3}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r6+30000000}, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(r2, 0x4068aea3, &(0x7f0000000140)={0x7b})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x100, 0x40000004, 0x0, 0x0, 0x0, 0x4cb, 0x80000000], 0x10000})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

03:47:25 executing program 2:
r0 = socket$alg(0x26, 0x5, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = fcntl$dupfd(r1, 0x0, r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
bind$alg(r0, &(0x7f0000000200)={0x26, 'skcipher\x00', 0x0, 0x0, 'lrw(serpent)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5820fae9d6dcd3292ea54c7be", 0x10)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000000), 0x0)

03:47:25 executing program 3:
r0 = gettid()
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r1 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r1, 0x800)
lseek(r1, 0x0, 0x0)
r2 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r1, r2, 0x0, 0x8400fffffffa)
sendfile(r1, r2, 0x0, 0x280900)
timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x1c9c380}}, 0x0)
tkill(r0, 0x401104000000016)

03:47:25 executing program 4:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = dup2(r0, r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x1, 0x4, &(0x7f0000001fd8)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x2a, 0xffffffbd}, [@ldst={0x6, 0x2, 0x5}]}, 0x0, 0x1, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x78)

03:47:25 executing program 1:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000013c0)='/dev/ptmx\x00', 0x1, 0x0)
ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000080))
r1 = syz_open_pts(r0, 0x0)
r2 = fcntl$dupfd(r0, 0x0, r1)
write$P9_RSYMLINK(r2, &(0x7f0000000180)={0xfffffffffffffffa}, 0x6393a6ed)
openat$procfs(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/crypto\x00', 0x0, 0x0)
pselect6(0x40, &(0x7f0000000000), &(0x7f0000000040)={0x7f}, 0x0, 0x0, 0x0)

03:47:26 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, 0x0)
openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x48186, 0x0)
ioctl$int_in(0xffffffffffffffff, 0x800000c004500a, &(0x7f0000000300))
socket$inet(0x2, 0x80001, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IPVS_CMD_DEL_DEST(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000240)={0x0, <r2=>0x0})
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1f000000}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(0xffffffffffffffff, 0x4068aea3, &(0x7f0000000140)={0x7b})
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x40000004, 0x0, 0x0, 0x0, 0x4cb, 0x80000000], 0x10000})

03:47:26 executing program 2:
r0 = socket$alg(0x26, 0x5, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = fcntl$dupfd(r1, 0x0, r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
bind$alg(r0, &(0x7f0000000200)={0x26, 'skcipher\x00', 0x0, 0x0, 'lrw(serpent)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5820fae9d6dcd3292ea54c7be", 0x10)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000000), 0x0)

03:47:26 executing program 4:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = dup2(r0, r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x1, 0x4, &(0x7f0000001fd8)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x2a, 0xffffffbd}, [@ldst={0x6, 0x2, 0x5}]}, &(0x7f0000003ff6)='GPL\x00', 0x0, 0xff06, &(0x7f000000cf3d)=""/195}, 0x48)

[ 1801.617035][   T26] audit: type=1800 audit(1580356045.982:187): pid=26062 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.3" name="bus" dev="sda1" ino=16593 res=0
03:47:26 executing program 3:
r0 = gettid()
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r1 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r1, 0x800)
lseek(r1, 0x0, 0x0)
r2 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r1, r2, 0x0, 0x8400fffffffa)
sendfile(r1, r2, 0x0, 0x280900)
timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x1c9c380}}, 0x0)
tkill(r0, 0x401104000000016)

03:47:26 executing program 2:
r0 = socket$alg(0x26, 0x5, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = fcntl$dupfd(r1, 0x0, r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
bind$alg(r0, &(0x7f0000000200)={0x26, 'skcipher\x00', 0x0, 0x0, 'lrw(serpent)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5820fae9d6dcd3292ea54c7be", 0x10)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000000)="06a60a990ceebfe2", 0x8)

03:47:26 executing program 4:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = dup2(r0, r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x1, 0x4, &(0x7f0000001fd8)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x2a, 0xffffffbd}, [@ldst={0x6, 0x2, 0x5}]}, &(0x7f0000003ff6)='GPL\x00', 0x0, 0xff06, &(0x7f000000cf3d)=""/195}, 0x48)

03:47:26 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, 0x0)
openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x48186, 0x0)
ioctl$int_in(0xffffffffffffffff, 0x800000c004500a, &(0x7f0000000300))
socket$inet(0x2, 0x80001, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IPVS_CMD_DEL_DEST(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000240)={0x0, <r2=>0x0})
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x20000000}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(0xffffffffffffffff, 0x4068aea3, &(0x7f0000000140)={0x7b})
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x40000004, 0x0, 0x0, 0x0, 0x4cb, 0x80000000], 0x10000})

[ 1802.055525][   T26] audit: type=1800 audit(1580356046.422:188): pid=26094 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.3" name="bus" dev="loop3" ino=193 res=0
03:47:26 executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000007000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, &(0x7f0000000040))
ioctl$KVM_GET_REG_LIST(0xffffffffffffffff, 0xc008aeb0, 0x0)
dup(0xffffffffffffffff)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r3 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x48186, 0x0)
ioctl$int_in(r3, 0x0, &(0x7f0000000300))
socket$inet(0x2, 0x80001, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00')
sendmsg$IPVS_CMD_DEL_DEST(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x28, r5, 0x1, 0x0, 0x0, {}, [@IPVS_CMD_ATTR_SERVICE={0x14, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_PORT={0x6}, @IPVS_SVC_ATTR_PROTOCOL={0x6}]}]}, 0x28}}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000240)={0x0, <r6=>0x0})
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x4}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r6+30000000}, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(r2, 0x4068aea3, &(0x7f0000000140)={0x7b})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x100, 0x40000004, 0x0, 0x0, 0x0, 0x4cb, 0x80000000], 0x10000})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

03:47:26 executing program 3:
r0 = gettid()
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r1 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r1, 0x800)
lseek(r1, 0x0, 0x2)
r2 = open(0x0, 0x84002, 0x0)
sendfile(r1, r2, 0x0, 0x8400fffffffa)
sendfile(r1, r2, 0x0, 0x280900)
timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x1c9c380}}, 0x0)
tkill(r0, 0x401104000000016)

03:47:26 executing program 4:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = dup2(r0, r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x1, 0x4, &(0x7f0000001fd8)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x2a, 0xffffffbd}, [@ldst={0x6, 0x2, 0x5}]}, &(0x7f0000003ff6)='GPL\x00', 0x0, 0xff06, &(0x7f000000cf3d)=""/195}, 0x48)

03:47:26 executing program 2:
r0 = socket$alg(0x26, 0x5, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = fcntl$dupfd(r1, 0x0, r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
bind$alg(r0, &(0x7f0000000200)={0x26, 'skcipher\x00', 0x0, 0x0, 'lrw(serpent)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5820fae9d6dcd3292ea54c7be", 0x10)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000000)="06a60a990ceebfe2", 0x8)

03:47:27 executing program 1:
perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x7e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000)='/dev/net/tun\x00', 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'\x00', 0x10005812})
io_setup(0x2, &(0x7f0000000240)=<r1=>0x0)
io_submit(r1, 0x1, &(0x7f00000006c0)=[&(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0, r0, &(0x7f0000000340)="81", 0xa}])

03:47:27 executing program 2:
r0 = socket$alg(0x26, 0x5, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = fcntl$dupfd(r1, 0x0, r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
bind$alg(r0, &(0x7f0000000200)={0x26, 'skcipher\x00', 0x0, 0x0, 'lrw(serpent)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5820fae9d6dcd3292ea54c7be", 0x10)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000000)="06a60a990ceebfe2", 0x8)

03:47:27 executing program 4:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = dup2(r0, r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x1, 0x4, &(0x7f0000001fd8)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x2a, 0xffffffbd}, [@ldst={0x6, 0x2, 0x5}]}, &(0x7f0000003ff6)='GPL\x00', 0x1, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x78)

03:47:27 executing program 3:
r0 = gettid()
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r1 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r1, 0x800)
lseek(r1, 0x0, 0x2)
r2 = open(0x0, 0x84002, 0x0)
sendfile(r1, r2, 0x0, 0x8400fffffffa)
sendfile(r1, r2, 0x0, 0x280900)
timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x1c9c380}}, 0x0)
tkill(r0, 0x401104000000016)

03:47:27 executing program 2:
r0 = socket$alg(0x26, 0x5, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = fcntl$dupfd(r1, 0x0, r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
bind$alg(r0, &(0x7f0000000200)={0x26, 'skcipher\x00', 0x0, 0x0, 'lrw(serpent)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5820fae9d6dcd3292ea54c7be", 0x10)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000000)="06a60a990ceebfe2f0dd40eb", 0xc)

03:47:27 executing program 4:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = dup2(r0, r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x1, 0x4, &(0x7f0000001fd8)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x2a, 0xffffffbd}, [@ldst={0x6, 0x2, 0x5}]}, &(0x7f0000003ff6)='GPL\x00', 0x1, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x78)

03:47:27 executing program 2:
r0 = socket$alg(0x26, 0x5, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = fcntl$dupfd(r1, 0x0, r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
bind$alg(r0, &(0x7f0000000200)={0x26, 'skcipher\x00', 0x0, 0x0, 'lrw(serpent)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5820fae9d6dcd3292ea54c7be", 0x10)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000000)="06a60a990ceebfe2f0dd40eb", 0xc)

03:47:27 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, 0x0)
openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x48186, 0x0)
ioctl$int_in(0xffffffffffffffff, 0x800000c004500a, &(0x7f0000000300))
socket$inet(0x2, 0x80001, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IPVS_CMD_DEL_DEST(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000240)={0x0, <r2=>0x0})
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x40000000}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(0xffffffffffffffff, 0x4068aea3, &(0x7f0000000140)={0x7b})
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x40000004, 0x0, 0x0, 0x0, 0x4cb, 0x80000000], 0x10000})

03:47:27 executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000007000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, &(0x7f0000000040))
ioctl$KVM_GET_REG_LIST(0xffffffffffffffff, 0xc008aeb0, 0x0)
dup(0xffffffffffffffff)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r3 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x48186, 0x0)
ioctl$int_in(r3, 0x0, &(0x7f0000000300))
socket$inet(0x2, 0x80001, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00')
sendmsg$IPVS_CMD_DEL_DEST(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x28, r5, 0x1, 0x0, 0x0, {}, [@IPVS_CMD_ATTR_SERVICE={0x14, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_PORT={0x6}, @IPVS_SVC_ATTR_PROTOCOL={0x6}]}]}, 0x28}}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000240)={0x0, <r6=>0x0})
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x5}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r6+30000000}, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(r2, 0x4068aea3, &(0x7f0000000140)={0x7b})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x100, 0x40000004, 0x0, 0x0, 0x0, 0x4cb, 0x80000000], 0x10000})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

03:47:27 executing program 4:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = dup2(r0, r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x1, 0x4, &(0x7f0000001fd8)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x2a, 0xffffffbd}, [@ldst={0x6, 0x2, 0x5}]}, &(0x7f0000003ff6)='GPL\x00', 0x1, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x78)

03:47:27 executing program 3:
r0 = gettid()
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r1 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r1, 0x800)
lseek(r1, 0x0, 0x2)
r2 = open(0x0, 0x84002, 0x0)
sendfile(r1, r2, 0x0, 0x8400fffffffa)
sendfile(r1, r2, 0x0, 0x280900)
timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x1c9c380}}, 0x0)
tkill(r0, 0x401104000000016)

03:47:27 executing program 2:
r0 = socket$alg(0x26, 0x5, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = fcntl$dupfd(r1, 0x0, r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
bind$alg(r0, &(0x7f0000000200)={0x26, 'skcipher\x00', 0x0, 0x0, 'lrw(serpent)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5820fae9d6dcd3292ea54c7be", 0x10)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000000)="06a60a990ceebfe2f0dd40eb", 0xc)

03:47:28 executing program 1:
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000240)="6653070000053c07bc3376003639405cb4aed12f000000000015ffa8ee79cfde47a110526616", 0x26}], 0x4, 0x0)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
tkill(r0, 0x3c)
ptrace$cont(0x18, r0, 0x0, 0x0)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x20, r0, 0x0, 0x0)

03:47:28 executing program 2:
r0 = socket$alg(0x26, 0x5, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = fcntl$dupfd(r1, 0x0, r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
bind$alg(r0, &(0x7f0000000200)={0x26, 'skcipher\x00', 0x0, 0x0, 'lrw(serpent)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5820fae9d6dcd3292ea54c7be", 0x10)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000000)="06a60a990ceebfe2f0dd40ebc0c6", 0xe)

03:47:28 executing program 4:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = dup2(r0, r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x1, 0x4, &(0x7f0000001fd8)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x2a, 0xffffffbd}, [@ldst={0x6, 0x2, 0x5}]}, &(0x7f0000003ff6)='GPL\x00', 0x1, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000000), 0x10}, 0x78)

03:47:28 executing program 3:
r0 = gettid()
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r1 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r1, 0x800)
lseek(r1, 0x0, 0x2)
r2 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x8400fffffffa)
sendfile(r1, r2, 0x0, 0x280900)
timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x1c9c380}}, 0x0)
tkill(r0, 0x401104000000016)

03:47:28 executing program 2:
r0 = socket$alg(0x26, 0x5, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = fcntl$dupfd(r1, 0x0, r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
bind$alg(r0, &(0x7f0000000200)={0x26, 'skcipher\x00', 0x0, 0x0, 'lrw(serpent)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5820fae9d6dcd3292ea54c7be", 0x10)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000000)="06a60a990ceebfe2f0dd40ebc0c6", 0xe)

03:47:28 executing program 2:
r0 = socket$alg(0x26, 0x5, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = fcntl$dupfd(r1, 0x0, r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
bind$alg(r0, &(0x7f0000000200)={0x26, 'skcipher\x00', 0x0, 0x0, 'lrw(serpent)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5820fae9d6dcd3292ea54c7be", 0x10)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000000)="06a60a990ceebfe2f0dd40ebc0c6", 0xe)

03:47:28 executing program 4:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = dup2(r0, r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x1, 0x4, &(0x7f0000001fd8)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x2a, 0xffffffbd}, [@ldst={0x6, 0x2, 0x5}]}, &(0x7f0000003ff6)='GPL\x00', 0x1, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000000), 0x10}, 0x78)

[ 1804.027632][   T26] audit: type=1804 audit(1580356048.392:189): pid=26298 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir731071256/syzkaller.n2STls/1585/file0/bus" dev="sda1" ino=17169 res=1
[ 1804.063440][T26302] ptrace attach of "/root/syz-executor.1"[26301] was attempted by "/root/syz-executor.1"[26302]
03:47:28 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, 0x0)
openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x48186, 0x0)
ioctl$int_in(0xffffffffffffffff, 0x800000c004500a, &(0x7f0000000300))
socket$inet(0x2, 0x80001, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IPVS_CMD_DEL_DEST(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000240)={0x0, <r2=>0x0})
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x401f0000}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(0xffffffffffffffff, 0x4068aea3, &(0x7f0000000140)={0x7b})
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x40000004, 0x0, 0x0, 0x0, 0x4cb, 0x80000000], 0x10000})

03:47:28 executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000007000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, &(0x7f0000000040))
ioctl$KVM_GET_REG_LIST(0xffffffffffffffff, 0xc008aeb0, 0x0)
dup(0xffffffffffffffff)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r3 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x48186, 0x0)
ioctl$int_in(r3, 0x0, &(0x7f0000000300))
socket$inet(0x2, 0x80001, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00')
sendmsg$IPVS_CMD_DEL_DEST(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x28, r5, 0x1, 0x0, 0x0, {}, [@IPVS_CMD_ATTR_SERVICE={0x14, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_PORT={0x6}, @IPVS_SVC_ATTR_PROTOCOL={0x6}]}]}, 0x28}}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000240)={0x0, <r6=>0x0})
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x6}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r6+30000000}, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(r2, 0x4068aea3, &(0x7f0000000140)={0x7b})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x100, 0x40000004, 0x0, 0x0, 0x0, 0x4cb, 0x80000000], 0x10000})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

03:47:28 executing program 1:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = fcntl$dupfd(r1, 0x0, r0)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
r3 = syz_open_procfs(0x0, &(0x7f0000000180)='net/psched\x00')
pipe(&(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
splice(r4, 0x0, r3, 0x0, 0x81420000a77, 0x0)
clone(0x0, 0x0, 0x0, 0x0, 0x0)
write$binfmt_elf64(r5, &(0x7f0000000000)=ANY=[@ANYBLOB=' '], 0x1)

03:47:28 executing program 2:
r0 = socket$alg(0x26, 0x5, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = fcntl$dupfd(r1, 0x0, r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
bind$alg(r0, &(0x7f0000000200)={0x26, 'skcipher\x00', 0x0, 0x0, 'lrw(serpent)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5820fae9d6dcd3292ea54c7be", 0x10)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000000)="06a60a990ceebfe2f0dd40ebc0c654", 0xf)

03:47:28 executing program 4:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = dup2(r0, r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x1, 0x4, &(0x7f0000001fd8)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x2a, 0xffffffbd}, [@ldst={0x6, 0x2, 0x5}]}, &(0x7f0000003ff6)='GPL\x00', 0x1, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000000), 0x10}, 0x78)

03:47:28 executing program 3:
r0 = gettid()
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r1 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r1, 0x800)
lseek(r1, 0x0, 0x2)
r2 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x8400fffffffa)
sendfile(r1, r2, 0x0, 0x280900)
timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x1c9c380}}, 0x0)
tkill(r0, 0x401104000000016)

03:47:28 executing program 4:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = dup2(r0, r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x1, 0x4, &(0x7f0000001fd8)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x2a, 0xffffffbd}, [@ldst={0x6, 0x2, 0x5}]}, &(0x7f0000003ff6)='GPL\x00', 0x1, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, 0x0}, 0x78)

[ 1804.601388][   T26] audit: type=1804 audit(1580356048.962:190): pid=26337 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir731071256/syzkaller.n2STls/1586/file0/bus" dev="loop3" ino=197 res=1
03:47:29 executing program 4:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = dup2(r0, r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x1, 0x4, &(0x7f0000001fd8)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x2a, 0xffffffbd}, [@ldst={0x6, 0x2, 0x5}]}, &(0x7f0000003ff6)='GPL\x00', 0x1, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, 0x0}, 0x78)

03:47:29 executing program 2:
r0 = socket$alg(0x26, 0x5, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = fcntl$dupfd(r1, 0x0, r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
bind$alg(r0, &(0x7f0000000200)={0x26, 'skcipher\x00', 0x0, 0x0, 'lrw(serpent)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5820fae9d6dcd3292ea54c7be", 0x10)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000000)="06a60a990ceebfe2f0dd40ebc0c654", 0xf)

03:47:29 executing program 1:
openat$bsg(0xffffffffffffff9c, &(0x7f0000000080)='/dev/bsg\x00', 0x200840, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000280)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
write$binfmt_elf32(r0, 0x0, 0x0)
pipe(&(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
write(r3, &(0x7f0000000340), 0x41395527)
vmsplice(r2, &(0x7f0000000000)=[{0x0}], 0x1, 0x0)
recvmmsg(r1, &(0x7f00000068c0)=[{{0x0, 0x0, 0x0}}], 0x284, 0x122, 0x0)

03:47:29 executing program 3:
r0 = gettid()
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r1 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r1, 0x800)
lseek(r1, 0x0, 0x2)
r2 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x8400fffffffa)
sendfile(r1, r2, 0x0, 0x280900)
timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x1c9c380}}, 0x0)
tkill(r0, 0x401104000000016)

03:47:29 executing program 4:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = dup2(r0, r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x1, 0x4, &(0x7f0000001fd8)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x2a, 0xffffffbd}, [@ldst={0x6, 0x2, 0x5}]}, &(0x7f0000003ff6)='GPL\x00', 0x1, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, 0x0}, 0x78)

[ 1805.031287][   T26] audit: type=1804 audit(1580356049.392:191): pid=26363 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir731071256/syzkaller.n2STls/1587/file0/bus" dev="loop3" ino=198 res=1
03:47:29 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, 0x0)
openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x48186, 0x0)
ioctl$int_in(0xffffffffffffffff, 0x800000c004500a, &(0x7f0000000300))
socket$inet(0x2, 0x80001, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IPVS_CMD_DEL_DEST(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000240)={0x0, <r2=>0x0})
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x4d010000}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(0xffffffffffffffff, 0x4068aea3, &(0x7f0000000140)={0x7b})
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x40000004, 0x0, 0x0, 0x0, 0x4cb, 0x80000000], 0x10000})

03:47:29 executing program 2:
r0 = socket$alg(0x26, 0x5, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = fcntl$dupfd(r1, 0x0, r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
bind$alg(r0, &(0x7f0000000200)={0x26, 'skcipher\x00', 0x0, 0x0, 'lrw(serpent)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5820fae9d6dcd3292ea54c7be", 0x10)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000000)="06a60a990ceebfe2f0dd40ebc0c654", 0xf)

03:47:29 executing program 4:
syz_read_part_table(0x9, 0x0, &(0x7f0000000480))
creat(&(0x7f0000000280)='./file0\x00', 0x0)

03:47:29 executing program 3:
r0 = gettid()
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r1 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r1, 0x800)
lseek(r1, 0x0, 0x2)
r2 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(0xffffffffffffffff, r2, 0x0, 0x8400fffffffa)
sendfile(r1, r2, 0x0, 0x280900)
timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x1c9c380}}, 0x0)
tkill(r0, 0x401104000000016)

03:47:29 executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000007000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, &(0x7f0000000040))
ioctl$KVM_GET_REG_LIST(0xffffffffffffffff, 0xc008aeb0, 0x0)
dup(0xffffffffffffffff)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r3 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x48186, 0x0)
ioctl$int_in(r3, 0x0, &(0x7f0000000300))
socket$inet(0x2, 0x80001, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00')
sendmsg$IPVS_CMD_DEL_DEST(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x28, r5, 0x1, 0x0, 0x0, {}, [@IPVS_CMD_ATTR_SERVICE={0x14, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_PORT={0x6}, @IPVS_SVC_ATTR_PROTOCOL={0x6}]}]}, 0x28}}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000240)={0x0, <r6=>0x0})
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x7}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r6+30000000}, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(r2, 0x4068aea3, &(0x7f0000000140)={0x7b})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x100, 0x40000004, 0x0, 0x0, 0x0, 0x4cb, 0x80000000], 0x10000})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

03:47:29 executing program 4:
perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x7e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000100)}, 0x0, 0x3, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000300)='nl80211\x00')
socket(0x10, 0x0, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
socket$netlink(0x10, 0x3, 0x0)
sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, 0x0}, 0x0)
socket(0x10, 0x2, 0x0)
write(0xffffffffffffffff, &(0x7f0000000000)="1c0000001a009b8a14000000ff0000adf87e28000000000000", 0x19)
perf_event_open(&(0x7f0000000700)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
r1 = creat(&(0x7f0000000180)='./file0\x00', 0x0)
fallocate(r1, 0x0, 0x0, 0x2000402)
fallocate(r0, 0x0, 0x0, 0x110001)
ioctl$EXT4_IOC_MOVE_EXT(r0, 0xc028660f, &(0x7f00000000c0)={0x4, r1})
r2 = socket(0x1e, 0x1, 0x0)
bind$tipc(r2, &(0x7f0000000040)=@name={0x1e, 0x2, 0x3, {{0x41}, 0x2}}, 0x10)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040)='nl80211\x00')
sendmsg$NL80211_CMD_NEW_INTERFACE(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x14, r4, 0x405, 0x0, 0x0, {0x7e}}, 0x14}}, 0x0)
sendmsg$NL80211_CMD_DEL_INTERFACE(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000140)={0x24, r4, 0x0, 0x70bd29, 0x25dfdbfd, {}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x3}, @NL80211_ATTR_IFINDEX={0x8}]}, 0x24}}, 0x0)
r5 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r5, 0x6, 0x13, &(0x7f00000000c0)=0x100000001, 0x4)
connect$inet6(r5, &(0x7f0000000180)={0xa, 0x0, 0x0, @loopback}, 0x1c)

03:47:29 executing program 2:
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
mount$bpf(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000180)='bpf\x00', 0x0, 0x0)
mount$overlay(0x400000, &(0x7f0000000100)='./file0\x00', &(0x7f00000001c0)='overlay\x00', 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB=',lowerdir=.:file0'])
chdir(&(0x7f0000000080)='./file0\x00')
r0 = socket(0x10, 0x2, 0x0)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, <r1=>0x0}, &(0x7f0000cab000)=0xfd08283856736a22)
setuid(r1)
lstat(&(0x7f0000000b40)='./file0\x00', &(0x7f0000000ac0))

[ 1805.589635][   T26] audit: type=1800 audit(1580356049.952:192): pid=26403 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.3" name="bus" dev="loop3" ino=199 res=0
[ 1805.738578][T26561] overlayfs: overlapping lowerdir path
03:47:30 executing program 1:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000140)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = dup3(r1, r0, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
r3 = socket$vsock_stream(0x28, 0x1, 0x0)
getsockopt$sock_cred(r3, 0x1, 0x11, &(0x7f0000caaffb)={0x0, <r4=>0x0}, &(0x7f0000cab000)=0xc)
setresuid(0x0, r4, 0x0)
syz_open_procfs(0x0, &(0x7f00000002c0)='comm\x00')

03:47:30 executing program 2:
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
mount$bpf(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000180)='bpf\x00', 0x0, 0x0)
mount$overlay(0x400000, &(0x7f0000000100)='./file0\x00', &(0x7f00000001c0)='overlay\x00', 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB=',lowerdir=.:file0'])
chdir(&(0x7f0000000080)='./file0\x00')
r0 = socket(0x10, 0x2, 0x0)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, <r1=>0x0}, &(0x7f0000cab000)=0xfd08283856736a22)
setuid(r1)
lstat(&(0x7f0000000b40)='./file0\x00', &(0x7f0000000ac0))

03:47:30 executing program 3:
r0 = gettid()
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r1 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r1, 0x800)
lseek(r1, 0x0, 0x2)
r2 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(0xffffffffffffffff, r2, 0x0, 0x8400fffffffa)
sendfile(r1, r2, 0x0, 0x280900)
timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x1c9c380}}, 0x0)
tkill(r0, 0x401104000000016)

03:47:30 executing program 1:
r0 = openat$procfs(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/crypto\x00', 0x0, 0x0)
r1 = socket(0x10, 0x80002, 0x0)
sendfile(r1, r0, 0x0, 0x7ffff004)

03:47:30 executing program 4:
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
mount$bpf(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000180)='bpf\x00', 0x0, 0x0)
mount$overlay(0x400000, &(0x7f0000000100)='./file0\x00', &(0x7f00000001c0)='overlay\x00', 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB=',lowerdir=.:file0'])
chdir(&(0x7f0000000080)='./file0\x00')
r0 = socket(0x10, 0x2, 0x0)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, <r1=>0x0}, &(0x7f0000cab000)=0xfd08283856736a22)
setuid(r1)
creat(&(0x7f0000000000)='./bus\x00', 0x0)

[ 1806.124783][   T26] audit: type=1800 audit(1580356050.492:193): pid=26616 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.3" name="bus" dev="loop3" ino=200 res=0
03:47:30 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, 0x0)
openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x48186, 0x0)
ioctl$int_in(0xffffffffffffffff, 0x800000c004500a, &(0x7f0000000300))
socket$inet(0x2, 0x80001, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IPVS_CMD_DEL_DEST(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000240)={0x0, <r2=>0x0})
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x64000000}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(0xffffffffffffffff, 0x4068aea3, &(0x7f0000000140)={0x7b})
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x40000004, 0x0, 0x0, 0x0, 0x4cb, 0x80000000], 0x10000})

03:47:30 executing program 4:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000140)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = dup3(r1, r0, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r3 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000003c0)="6653070000053c07bc3376003639405cb4aed12f000000000015ffa8ee79cfde47a110526616e608ceae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e651996156ccb77207672c5995c9e79066e3ceb991601d4b8a6355ddc55368aa1938f1a25958737a63d7da119b71c4444cf18e38d2b30dbb21ad45e199815491be65c3154ad160c3b3dc8100cbb96a06f8b0dd4cfd90b52ebf91d96ad7ec5678f5900c32c2393f1d4010577a7ab0f26501c03a7c3e1d2104e948cd2ae1cb42fbb1490201f72a1390327ba114af6071764f185268dac8650786bc215fe30e91", 0xed}], 0x4, 0x0)
ptrace$setopts(0x4206, r3, 0x0, 0x0)
tkill(r3, 0x3c)
ptrace$cont(0x18, r3, 0x0, 0x0)
ptrace$setregs(0xd, r3, 0x0, &(0x7f0000000080))
ptrace$cont(0x20, r3, 0x0, 0x0)

03:47:30 executing program 2:
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000000)='/dev/fuse\x00', 0x2, 0x0)
mount$fuse(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000180)='fuse\x00', 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
unlink(&(0x7f0000000380)='./file0/file0\x00')
mkdir(&(0x7f0000000040)='./file0/file0\x00', 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
dup3(r1, r0, 0x0)

03:47:30 executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000007000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, &(0x7f0000000040))
ioctl$KVM_GET_REG_LIST(0xffffffffffffffff, 0xc008aeb0, 0x0)
dup(0xffffffffffffffff)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r3 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x48186, 0x0)
ioctl$int_in(r3, 0x0, &(0x7f0000000300))
socket$inet(0x2, 0x80001, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00')
sendmsg$IPVS_CMD_DEL_DEST(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x28, r5, 0x1, 0x0, 0x0, {}, [@IPVS_CMD_ATTR_SERVICE={0x14, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_PORT={0x6}, @IPVS_SVC_ATTR_PROTOCOL={0x6}]}]}, 0x28}}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000240)={0x0, <r6=>0x0})
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x8}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r6+30000000}, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(r2, 0x4068aea3, &(0x7f0000000140)={0x7b})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x100, 0x40000004, 0x0, 0x0, 0x0, 0x4cb, 0x80000000], 0x10000})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

03:47:30 executing program 3:
r0 = gettid()
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r1 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r1, 0x800)
lseek(r1, 0x0, 0x2)
r2 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(0xffffffffffffffff, r2, 0x0, 0x8400fffffffa)
sendfile(r1, r2, 0x0, 0x280900)
timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x1c9c380}}, 0x0)
tkill(r0, 0x401104000000016)

03:47:30 executing program 1:
r0 = openat$procfs(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/crypto\x00', 0x0, 0x0)
r1 = socket(0x10, 0x80002, 0x0)
sendfile(r1, r0, 0x0, 0x7ffff004)

03:47:31 executing program 4:
pipe(&(0x7f0000000200))
perf_event_open(&(0x7f0000000400)={0x2, 0x70, 0x69, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$uinput(0xffffffffffffff9c, 0x0, 0x0, 0x0)
mkdir(&(0x7f0000000040)='./file0\x00', 0x194)
mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0)
chdir(&(0x7f00000000c0)='./file0\x00')
creat(&(0x7f0000000080)='./file0\x00', 0x81)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4007, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet6(0xa, 0x1, 0x0)
bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1a)
r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
r3 = dup3(r1, r2, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
sendmsg$IPSET_CMD_SWAP(r3, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000003c0)=ANY=[@ANYBLOB="300000000606010400000000000000000321000809000300e201800000b870b805000100070000000506000000000000004eab911e4333bcae5d50d92f9900"], 0x1}, 0x1, 0x0, 0x0, 0x40041}, 0x4000000)
add_key(0x0, &(0x7f0000000300)={'syz', 0x1}, &(0x7f0000000340), 0x0, 0xfffffffffffffffb)
add_key(0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe)
keyctl$link(0x8, 0x0, 0x0)
add_key(0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe)
keyctl$link(0x8, 0x0, 0x0)
add_key$user(0x0, 0x0, 0x0, 0x0, 0xfffffffffffffff8)
keyctl$dh_compute(0x17, 0x0, 0x0, 0x0, 0x0)
add_key$keyring(0x0, 0x0, 0x0, 0x0, 0x0)
keyctl$reject(0x13, 0x0, 0x0, 0x0, 0x0)
rename(0x0, 0x0)
setsockopt$inet6_int(r0, 0x29, 0xb, &(0x7f0000000140)=0x73, 0x4)
sendto$inet6(r0, 0x0, 0xfffffffffffffc69, 0x20000030, &(0x7f0000000040)={0xa, 0x4e20, 0x0, @loopback}, 0x1c)

[ 1806.811956][   T26] audit: type=1800 audit(1580356051.172:194): pid=26762 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.3" name="bus" dev="loop3" ino=201 res=0
03:47:31 executing program 2:
mkdir(&(0x7f0000000240)='./file1\x00', 0x0)
mkdir(&(0x7f0000000180)='./bus\x00', 0x0)
mkdir(&(0x7f0000000280)='./file0\x00', 0x0)
mount$overlay(0x400000, &(0x7f0000000000)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB='lowerdir=./bus,workdir=./file1,upperdir=./file0'])
chdir(&(0x7f00000002c0)='./bus\x00')
r0 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0)
r1 = open(&(0x7f0000000400)='./bus\x00', 0x0, 0x0)
ioctl$FICLONE(r0, 0x40049409, r1)

03:47:31 executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000007000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, &(0x7f0000000040))
ioctl$KVM_GET_REG_LIST(0xffffffffffffffff, 0xc008aeb0, 0x0)
dup(0xffffffffffffffff)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r3 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x48186, 0x0)
ioctl$int_in(r3, 0x0, &(0x7f0000000300))
socket$inet(0x2, 0x80001, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00')
sendmsg$IPVS_CMD_DEL_DEST(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x28, r5, 0x1, 0x0, 0x0, {}, [@IPVS_CMD_ATTR_SERVICE={0x14, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_PORT={0x6}, @IPVS_SVC_ATTR_PROTOCOL={0x6}]}]}, 0x28}}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000240)={0x0, <r6=>0x0})
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x9}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r6+30000000}, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(r2, 0x4068aea3, &(0x7f0000000140)={0x7b})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x100, 0x40000004, 0x0, 0x0, 0x0, 0x4cb, 0x80000000], 0x10000})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

03:47:31 executing program 4:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IP_VS_SO_SET_ZERO(0xffffffffffffffff, 0x0, 0x48f, &(0x7f0000000040)={0x0, @multicast2, 0x0, 0x0, 'none\x00'}, 0x2c)
setsockopt$IP_VS_SO_SET_ZERO(r0, 0x0, 0x60, &(0x7f0000000000)={0x0, @broadcast, 0x0, 0x0, 'wlc\x00', 0x0, 0x1100000, 0x23000}, 0x2c)

03:47:31 executing program 1:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = fcntl$dupfd(r0, 0x0, r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
r2 = socket$inet6(0xa, 0x800000000000002, 0x0)
connect$inet6(r2, &(0x7f0000000000)={0xa, 0x0, 0x0, @dev, 0x1}, 0x1c)
setsockopt$sock_linger(r2, 0x1, 0x3c, &(0x7f0000000180)={0x1}, 0x8)
sendmmsg(r2, &(0x7f0000004d80)=[{{0x0, 0x0, &(0x7f0000000640)=[{&(0x7f0000000200)="d43bb4185658b15e90ad7ceed2ae05e0729484a3898e62c1dccca657492b64eed3f663b94d04e94ee6bafb67aea02807", 0x30}, {&(0x7f0000000380)="824bd31c4fa03743b2ab1311eb27fba318c212ec77042663c85708f63db6f63d788abbf9d3ac2997d48528111c307660c2", 0x31}], 0x2, 0x0, 0x0, 0xffffffe0}}], 0x1, 0x24004000)

03:47:31 executing program 3:
r0 = gettid()
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r1 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r1, 0x800)
lseek(r1, 0x0, 0x2)
r2 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r1, 0xffffffffffffffff, 0x0, 0x8400fffffffa)
sendfile(r1, r2, 0x0, 0x280900)
timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x1c9c380}}, 0x0)
tkill(r0, 0x401104000000016)

[ 1807.115660][   T26] audit: type=1804 audit(1580356051.482:195): pid=26877 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir491121220/syzkaller.I6Dy3N/684/bus/bus" dev="overlay" ino=17419 res=1
[ 1807.191586][T26877] overlayfs: filesystem on './file0' not supported as upperdir
[ 1807.248869][   T26] audit: type=1804 audit(1580356051.612:196): pid=26892 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir491121220/syzkaller.I6Dy3N/684/bus/bus" dev="overlay" ino=17419 res=1
03:47:31 executing program 2:
mkdir(&(0x7f0000000240)='./file1\x00', 0x0)
mkdir(&(0x7f0000000180)='./bus\x00', 0x0)
mkdir(&(0x7f0000000280)='./file0\x00', 0x0)
mount$overlay(0x400000, &(0x7f0000000000)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB='lowerdir=./bus,workdir=./file1,upperdir=./file0'])
chdir(&(0x7f00000002c0)='./bus\x00')
r0 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0)
r1 = open(&(0x7f0000000400)='./bus\x00', 0x0, 0x0)
ioctl$FICLONE(r0, 0x40049409, r1)

03:47:31 executing program 1:
r0 = syz_open_dev$usbfs(&(0x7f0000000040)='/dev/bus/usb/00#/00#\x00', 0x4000000000000071, 0x28001)
ioctl$USBDEVFS_CONTROL(r0, 0xc0185500, &(0x7f0000000000)={0x23, 0x3, 0x17, 0x0, 0x0, 0x0, 0x0})
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={<r1=>0xffffffffffffffff})
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
syz_genetlink_get_family_id$batadv(&(0x7f00000000c0)='batadv\x00')
socket$netlink(0x10, 0x3, 0x0)
socket(0x10, 0x0, 0x0)
sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0)
getsockname$packet(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
r3 = syz_open_procfs(0x0, &(0x7f0000000000)='clear_refs\x00')
r4 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='stat\x00')
sendfile(r3, r4, 0x0, 0x1)
ioctl$TCXONC(0xffffffffffffffff, 0x540a, 0x0)
socket$netlink(0x10, 0x3, 0x0)
socket(0x0, 0x0, 0x0)
syz_open_procfs(0x0, 0x0)
syz_open_procfs(0xffffffffffffffff, 0x0)

03:47:31 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, 0x0)
openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x48186, 0x0)
ioctl$int_in(0xffffffffffffffff, 0x800000c004500a, &(0x7f0000000300))
socket$inet(0x2, 0x80001, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IPVS_CMD_DEL_DEST(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000240)={0x0, <r2=>0x0})
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x7c150000}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(0xffffffffffffffff, 0x4068aea3, &(0x7f0000000140)={0x7b})
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x40000004, 0x0, 0x0, 0x0, 0x4cb, 0x80000000], 0x10000})

[ 1807.506216][   T26] audit: type=1800 audit(1580356051.862:197): pid=26900 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.3" name="bus" dev="loop3" ino=202 res=0
03:47:32 executing program 4:
socket(0x10, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, 0x0}, 0x0)
socket(0x10, 0x2, 0x0)
write(0xffffffffffffffff, &(0x7f0000000000), 0x0)
perf_event_open(&(0x7f0000000700)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
r1 = creat(&(0x7f0000000180)='./file0\x00', 0x0)
fallocate(r1, 0x0, 0x0, 0x2000402)
fallocate(r0, 0x0, 0x0, 0x110001)
ioctl$EXT4_IOC_MOVE_EXT(r0, 0xc028660f, &(0x7f00000000c0)={0x4, r1})
socket(0x0, 0x0, 0x0)
bind$tipc(0xffffffffffffffff, 0x0, 0x0)
setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0)

03:47:32 executing program 3:
r0 = gettid()
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r1 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r1, 0x800)
lseek(r1, 0x0, 0x2)
r2 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r1, 0xffffffffffffffff, 0x0, 0x8400fffffffa)
sendfile(r1, r2, 0x0, 0x280900)
timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x1c9c380}}, 0x0)
tkill(r0, 0x401104000000016)

03:47:32 executing program 1:
syz_open_dev$sndtimer(&(0x7f0000000080)='/dev/snd/timer\x00', 0x0, 0x0)
r0 = syz_open_dev$sndtimer(0x0, 0x0, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000040)={{0x100000001, 0x0, 0x0, 0x0, 0xfffffffe}})

[ 1807.746913][   T26] audit: type=1804 audit(1580356052.112:198): pid=27021 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir491121220/syzkaller.I6Dy3N/685/bus/bus" dev="overlay" ino=16523 res=1
03:47:32 executing program 2:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
r0 = getpid()
sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5, 0x3}, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0)
pipe(&(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
fcntl$setpipe(r3, 0x407, 0x0)
write(r3, &(0x7f0000000340), 0x41395527)
vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0)
mkdir(0x0, 0x0)
socket$packet(0x11, 0x3, 0x300)
r4 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000100)='/dev/fuse\x00', 0x2, 0x0)
read$FUSE(r4, &(0x7f0000000580), 0xefee)
write$FUSE_CREATE_OPEN(0xffffffffffffffff, &(0x7f0000000380)={0xa0, 0x0, 0x0, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8}}}}, 0xa0)
r5 = syz_open_dev$loop(&(0x7f00000000c0)='/dev/loop#\x00', 0x0, 0x82)
r6 = memfd_create(&(0x7f0000000280)='t\x05\x00\x00\x00\x8c\x00\x822@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xcb\xe8\xfe\xd6\xa6\xea', 0x0)
pwritev(r6, &(0x7f0000000340)=[{&(0x7f0000000040)='\'', 0x1}], 0x1, 0x81805)
ioctl$LOOP_CHANGE_FD(r5, 0x4c00, r6)
sendfile(r5, r5, &(0x7f0000000000), 0x2000005)
ioctl$LOOP_SET_FD(r5, 0x4c00, r6)
keyctl$get_keyring_id(0x0, 0x0, 0x0)

03:47:32 executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000007000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, &(0x7f0000000040))
ioctl$KVM_GET_REG_LIST(0xffffffffffffffff, 0xc008aeb0, 0x0)
dup(0xffffffffffffffff)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r3 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x48186, 0x0)
ioctl$int_in(r3, 0x0, &(0x7f0000000300))
socket$inet(0x2, 0x80001, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00')
sendmsg$IPVS_CMD_DEL_DEST(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x28, r5, 0x1, 0x0, 0x0, {}, [@IPVS_CMD_ATTR_SERVICE={0x14, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_PORT={0x6}, @IPVS_SVC_ATTR_PROTOCOL={0x6}]}]}, 0x28}}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000240)={0x0, <r6=>0x0})
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0xa}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r6+30000000}, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(r2, 0x4068aea3, &(0x7f0000000140)={0x7b})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x100, 0x40000004, 0x0, 0x0, 0x0, 0x4cb, 0x80000000], 0x10000})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

03:47:32 executing program 1:
syz_open_dev$sndtimer(&(0x7f0000000080)='/dev/snd/timer\x00', 0x0, 0x0)
r0 = syz_open_dev$sndtimer(0x0, 0x0, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000040)={{0x100000001, 0x0, 0x0, 0x0, 0xfffffffe}})

[ 1808.071988][   T26] audit: type=1800 audit(1580356052.432:199): pid=27114 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.3" name="bus" dev="loop3" ino=203 res=0
03:47:32 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, 0x0)
openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x48186, 0x0)
ioctl$int_in(0xffffffffffffffff, 0x800000c004500a, &(0x7f0000000300))
socket$inet(0x2, 0x80001, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IPVS_CMD_DEL_DEST(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000240)={0x0, <r2=>0x0})
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x9a020000}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(0xffffffffffffffff, 0x4068aea3, &(0x7f0000000140)={0x7b})
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x40000004, 0x0, 0x0, 0x0, 0x4cb, 0x80000000], 0x10000})

03:47:32 executing program 3:
r0 = gettid()
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r1 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r1, 0x800)
lseek(r1, 0x0, 0x2)
r2 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r1, 0xffffffffffffffff, 0x0, 0x8400fffffffa)
sendfile(r1, r2, 0x0, 0x280900)
timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x1c9c380}}, 0x0)
tkill(r0, 0x401104000000016)

03:47:32 executing program 1:
syz_open_dev$sndtimer(&(0x7f0000000080)='/dev/snd/timer\x00', 0x0, 0x0)
r0 = syz_open_dev$sndtimer(0x0, 0x0, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000040)={{0x100000001, 0x0, 0x0, 0x0, 0xfffffffe}})

[ 1808.363249][    C1] protocol 88fb is buggy, dev hsr_slave_0
[ 1808.369036][    C1] protocol 88fb is buggy, dev hsr_slave_1
03:47:32 executing program 1:
creat(&(0x7f0000000000)='./file0\x00', 0x0)
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
mount(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000540)='gfs2\x00', 0x0, &(0x7f00000002c0)='\x1a\xa86\x8a\x9b\xf8]\xc5\x06c\x9a\x11V!\xad?\x9ate\xe9\xe0\x7f^\x03c\xd8\x00\t\xe9\xe0\xea\fY6\n\xda\xfe\x86l\xcc\r<\xfc\xf11\x15\x9d:)O{\xbf\xea\xe1\xc68*$?\xb5}9\x02\xf3E\xb8)bX\x88c\xe5:TE\x9b\xfe\xb7\x00\x00\x00\x00\x00\x00\x00\x00\x82\x00\x00\x00\x00\x00l\x00W\xe6XT\\l\xd6J\xf2\x12\xc4\x9e\xd4\xbe8<\v\x868%l0\xa17\x8bjY%\xb3\x1b,g\x8d\xfa\x9e\f&\xc4\xc0\x81\x9a\x91\x9e\xe3\xe6\xa6\xd8\xb80\xe4NW=\x10\x8d\xcc\xcbU\x1dg\xd9\xc5\x92\x94\x95\x10\xe3\xe8\xa8\xbfW\x00\x16\x90o=\x80`\xe2\xd1\xb2\xac\x92\x95F\xc0\xb5,\a\x00\x00\x00\xe7\xd6A\x8b\x11Qx\xa0\xa4\xa2_h\xcc\xe0\nXpo\x9f=\xa4\xff\xaf\xb4\x02P\xaa\r46X\x8b\xfb\xc7/\x8b\xa5\x06\x11\xc9\x0fl\x00'/243)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
r2 = fcntl$dupfd(r1, 0x0, r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
tkill(r0, 0x11)
wait4(0x0, 0x0, 0x0, 0x0)

03:47:32 executing program 4:
perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x7e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x3, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_genetlink_get_family_id$nl80211(0x0)
socket(0x10, 0x0, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, 0x0}, 0x0)
socket(0x10, 0x2, 0x0)
perf_event_open(&(0x7f0000000700)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
r1 = creat(&(0x7f0000000180)='./file0\x00', 0x0)
fallocate(r1, 0x0, 0x0, 0x2000402)
fallocate(r0, 0x0, 0x0, 0x110001)
ioctl$EXT4_IOC_MOVE_EXT(r0, 0xc028660f, &(0x7f00000000c0)={0x4, r1})
r2 = socket(0x1e, 0x1, 0x0)
bind$tipc(r2, &(0x7f0000000040)=@name={0x1e, 0x2, 0x3, {{0x41}, 0x2}}, 0x10)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040)='nl80211\x00')
sendmsg$NL80211_CMD_NEW_INTERFACE(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x14, r4, 0x405, 0x0, 0x0, {0x7e}}, 0x14}}, 0x0)
sendmsg$NL80211_CMD_DEL_INTERFACE(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000140)={0x24, r4, 0x0, 0x0, 0x25dfdbfd, {}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x3}, @NL80211_ATTR_IFINDEX={0x8}]}, 0x24}}, 0x0)
r5 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r5, 0x6, 0x13, &(0x7f00000000c0)=0x100000001, 0x4)
connect$inet6(r5, &(0x7f0000000180)={0xa, 0x0, 0x0, @loopback}, 0x1c)

03:47:32 executing program 1:
syz_emit_ethernet(0x3a, &(0x7f0000000040)={@random="8bd1cdd23102", @link_local, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x2c, 0x0, 0x0, 0x0, 0x6, 0x0, @local, @broadcast}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, {[@window={0x3, 0x3}]}}}}}}}, &(0x7f0000000000)={0x0, 0x3, [0x2, 0x533]})

[ 1808.600262][   T26] audit: type=1800 audit(1580356052.962:200): pid=27173 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.3" name="bus" dev="loop3" ino=204 res=0
03:47:33 executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000007000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, &(0x7f0000000040))
ioctl$KVM_GET_REG_LIST(0xffffffffffffffff, 0xc008aeb0, 0x0)
dup(0xffffffffffffffff)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r3 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x48186, 0x0)
ioctl$int_in(r3, 0x0, &(0x7f0000000300))
socket$inet(0x2, 0x80001, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00')
sendmsg$IPVS_CMD_DEL_DEST(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x28, r5, 0x1, 0x0, 0x0, {}, [@IPVS_CMD_ATTR_SERVICE={0x14, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_PORT={0x6}, @IPVS_SVC_ATTR_PROTOCOL={0x6}]}]}, 0x28}}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000240)={0x0, <r6=>0x0})
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0xb}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r6+30000000}, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(r2, 0x4068aea3, &(0x7f0000000140)={0x7b})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x100, 0x40000004, 0x0, 0x0, 0x0, 0x4cb, 0x80000000], 0x10000})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

03:47:33 executing program 3:
r0 = gettid()
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r1 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r1, 0x800)
lseek(r1, 0x0, 0x2)
r2 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r1, r2, 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x280900)
timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x1c9c380}}, 0x0)
tkill(r0, 0x401104000000016)

03:47:33 executing program 1:
mkdir(&(0x7f0000000240)='./file1\x00', 0x0)
mkdir(&(0x7f0000000180)='./bus\x00', 0x0)
mkdir(&(0x7f0000000280)='./file0\x00', 0x0)
mount$overlay(0x400000, &(0x7f0000000000)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB='lowerdir=./bus,workdir=./file1,upperdir=./file0'])
chdir(&(0x7f00000002c0)='./bus\x00')
r0 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0)
write$P9_RWALK(r0, &(0x7f00000003c0)=ANY=[@ANYRES64], 0x8)
r1 = open(&(0x7f0000000400)='./bus\x00', 0x14103e, 0x0)
mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x7ffffe, 0x11, r1, 0x0)
r2 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
read$char_usb(r2, &(0x7f0000000440)=""/196, 0xc4)

[ 1809.010346][   T26] audit: type=1800 audit(1580356053.372:201): pid=27301 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.3" name="bus" dev="loop3" ino=205 res=0
03:47:33 executing program 2:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
r0 = getpid()
sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5, 0x3}, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0)
pipe(&(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
fcntl$setpipe(r3, 0x407, 0x0)
write(r3, &(0x7f0000000340), 0x41395527)
vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0)
mkdir(0x0, 0x0)
socket$packet(0x11, 0x3, 0x300)
r4 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000100)='/dev/fuse\x00', 0x2, 0x0)
read$FUSE(r4, &(0x7f0000000580), 0xefee)
write$FUSE_CREATE_OPEN(0xffffffffffffffff, &(0x7f0000000380)={0xa0, 0x0, 0x0, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8}}}}, 0xa0)
r5 = syz_open_dev$loop(&(0x7f00000000c0)='/dev/loop#\x00', 0x0, 0x82)
r6 = memfd_create(&(0x7f0000000280)='t\x05\x00\x00\x00\x8c\x00\x822@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xcb\xe8\xfe\xd6\xa6\xea', 0x0)
pwritev(r6, &(0x7f0000000340)=[{&(0x7f0000000040)='\'', 0x1}], 0x1, 0x81805)
ioctl$LOOP_CHANGE_FD(r5, 0x4c00, r6)
sendfile(r5, r5, &(0x7f0000000000), 0x2000005)
ioctl$LOOP_SET_FD(r5, 0x4c00, r6)
keyctl$get_keyring_id(0x0, 0x0, 0x0)

03:47:33 executing program 4:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = fcntl$dupfd(r0, 0x0, r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
r2 = socket$inet6(0xa, 0x800000000000002, 0x0)
connect$inet6(r2, &(0x7f0000000000)={0xa, 0x0, 0x0, @dev, 0x1}, 0x1c)
setsockopt$sock_linger(r2, 0x1, 0x3c, &(0x7f0000000180)={0x1}, 0x8)
sendmmsg(r2, &(0x7f0000004d80)=[{{0x0, 0x0, &(0x7f0000000640)=[{&(0x7f0000000200)="d43bb4185658b15e90ad7ceed2ae05e0729484a3898e62c1dccca657492b64eed3f663b94d04e94ee6bafb67aea02807", 0x30}, {&(0x7f0000000380)="824bd31c4fa03743b2ab1311eb27fba318c212ec77042663c85708f63db6f63d788abbf9d3ac2997d48528111c307660c2", 0x31}], 0x2, 0x0, 0x0, 0xffffffe0}}], 0x2, 0x24004000)

03:47:33 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, 0x0)
openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x48186, 0x0)
ioctl$int_in(0xffffffffffffffff, 0x800000c004500a, &(0x7f0000000300))
socket$inet(0x2, 0x80001, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IPVS_CMD_DEL_DEST(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000240)={0x0, <r2=>0x0})
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0xa6050000}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(0xffffffffffffffff, 0x4068aea3, &(0x7f0000000140)={0x7b})
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x40000004, 0x0, 0x0, 0x0, 0x4cb, 0x80000000], 0x10000})

03:47:33 executing program 4:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
r0 = getpid()
sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5, 0x3}, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0)
pipe(&(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
fcntl$setpipe(r3, 0x407, 0x0)
write(r3, &(0x7f0000000340), 0x41395527)
vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0)
mkdir(0x0, 0x0)
socket$packet(0x11, 0x3, 0x300)
r4 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000100)='/dev/fuse\x00', 0x2, 0x0)
read$FUSE(r4, &(0x7f0000000580), 0xefee)
write$FUSE_CREATE_OPEN(0xffffffffffffffff, &(0x7f0000000380)={0xa0, 0x0, 0x0, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8}}}}, 0xa0)
r5 = syz_open_dev$loop(&(0x7f00000000c0)='/dev/loop#\x00', 0x0, 0x82)
r6 = memfd_create(&(0x7f0000000280)='t\x05\x00\x00\x00\x8c\x00\x822@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xcb\xe8\xfe\xd6\xa6\xea', 0x0)
pwritev(r6, &(0x7f0000000340)=[{&(0x7f0000000040)='\'', 0x1}], 0x1, 0x81805)
ioctl$LOOP_CHANGE_FD(r5, 0x4c00, r6)
sendfile(r5, r5, &(0x7f0000000000), 0x2000005)
ioctl$LOOP_SET_FD(r5, 0x4c00, r6)
keyctl$get_keyring_id(0x0, 0x0, 0x0)

03:47:33 executing program 3:
r0 = gettid()
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r1 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r1, 0x800)
lseek(r1, 0x0, 0x2)
r2 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r1, r2, 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x280900)
timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x1c9c380}}, 0x0)
tkill(r0, 0x401104000000016)

[ 1809.308612][T27297] overlayfs: filesystem on './file0' not supported as upperdir
[ 1809.365863][   T26] audit: type=1800 audit(1580356053.732:202): pid=27420 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed comm="syz-executor.1" name="bus" dev="overlay" ino=17009 res=0
[ 1809.394148][   T26] audit: type=1800 audit(1580356053.732:203): pid=27412 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed comm="syz-executor.1" name="bus" dev="overlay" ino=17009 res=0
03:47:33 executing program 1:
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
mount$bpf(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000180)='bpf\x00', 0x0, 0x0)
mount$overlay(0x400000, &(0x7f0000000100)='./file0\x00', &(0x7f00000001c0)='overlay\x00', 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB=',lowerdir=.:file0'])
creat(&(0x7f0000000000)='./bus\x00', 0x0)
chdir(&(0x7f0000000080)='./file0\x00')
r0 = socket(0x10, 0x2, 0x0)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, <r1=>0x0}, &(0x7f0000cab000)=0xfd08283856736a22)
setuid(r1)
open(&(0x7f0000000280)='./bus\x00', 0x0, 0x0)

[ 1809.592996][   T26] audit: type=1800 audit(1580356053.952:204): pid=27436 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.3" name="bus" dev="loop3" ino=206 res=0
03:47:34 executing program 4:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
r0 = getpid()
sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5, 0x3}, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0)
pipe(&(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
fcntl$setpipe(r3, 0x407, 0x0)
write(r3, &(0x7f0000000340), 0x41395527)
vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0)
mkdir(0x0, 0x0)
socket$packet(0x11, 0x3, 0x300)
r4 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000100)='/dev/fuse\x00', 0x2, 0x0)
read$FUSE(r4, &(0x7f0000000580), 0xefee)
write$FUSE_CREATE_OPEN(0xffffffffffffffff, &(0x7f0000000380)={0xa0, 0x0, 0x0, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8}}}}, 0xa0)
r5 = syz_open_dev$loop(&(0x7f00000000c0)='/dev/loop#\x00', 0x0, 0x82)
r6 = memfd_create(&(0x7f0000000280)='t\x05\x00\x00\x00\x8c\x00\x822@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xcb\xe8\xfe\xd6\xa6\xea', 0x0)
pwritev(r6, &(0x7f0000000340)=[{&(0x7f0000000040)='\'', 0x1}], 0x1, 0x81805)
ioctl$LOOP_CHANGE_FD(r5, 0x4c00, r6)
sendfile(r5, r5, &(0x7f0000000000), 0x2000005)
ioctl$LOOP_SET_FD(r5, 0x4c00, r6)
keyctl$get_keyring_id(0x0, 0x0, 0x0)

03:47:34 executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000007000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, &(0x7f0000000040))
ioctl$KVM_GET_REG_LIST(0xffffffffffffffff, 0xc008aeb0, 0x0)
dup(0xffffffffffffffff)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r3 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x48186, 0x0)
ioctl$int_in(r3, 0x0, &(0x7f0000000300))
socket$inet(0x2, 0x80001, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00')
sendmsg$IPVS_CMD_DEL_DEST(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x28, r5, 0x1, 0x0, 0x0, {}, [@IPVS_CMD_ATTR_SERVICE={0x14, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_PORT={0x6}, @IPVS_SVC_ATTR_PROTOCOL={0x6}]}]}, 0x28}}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000240)={0x0, <r6=>0x0})
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0xd}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r6+30000000}, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(r2, 0x4068aea3, &(0x7f0000000140)={0x7b})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x100, 0x40000004, 0x0, 0x0, 0x0, 0x4cb, 0x80000000], 0x10000})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

03:47:34 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, 0x0)
openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x48186, 0x0)
ioctl$int_in(0xffffffffffffffff, 0x800000c004500a, &(0x7f0000000300))
socket$inet(0x2, 0x80001, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IPVS_CMD_DEL_DEST(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000240)={0x0, <r2=>0x0})
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0xfeffffff}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(0xffffffffffffffff, 0x4068aea3, &(0x7f0000000140)={0x7b})
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x40000004, 0x0, 0x0, 0x0, 0x4cb, 0x80000000], 0x10000})

[ 1809.803220][    C1] protocol 88fb is buggy, dev hsr_slave_0
[ 1809.803260][    C0] protocol 88fb is buggy, dev hsr_slave_0
[ 1809.809001][    C1] protocol 88fb is buggy, dev hsr_slave_1
[ 1809.814737][    C0] protocol 88fb is buggy, dev hsr_slave_1
03:47:34 executing program 3:
r0 = gettid()
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r1 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r1, 0x800)
lseek(r1, 0x0, 0x2)
r2 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r1, r2, 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x280900)
timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x1c9c380}}, 0x0)
tkill(r0, 0x401104000000016)

03:47:34 executing program 4:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
r0 = getpid()
sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5, 0x3}, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0)
pipe(&(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
fcntl$setpipe(r3, 0x407, 0x0)
write(r3, &(0x7f0000000340), 0x41395527)
vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0)
mkdir(0x0, 0x0)
socket$packet(0x11, 0x3, 0x300)
r4 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000100)='/dev/fuse\x00', 0x2, 0x0)
read$FUSE(r4, &(0x7f0000000580), 0xefee)
write$FUSE_CREATE_OPEN(0xffffffffffffffff, &(0x7f0000000380)={0xa0, 0x0, 0x0, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8}}}}, 0xa0)
r5 = syz_open_dev$loop(&(0x7f00000000c0)='/dev/loop#\x00', 0x0, 0x82)
r6 = memfd_create(&(0x7f0000000280)='t\x05\x00\x00\x00\x8c\x00\x822@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xcb\xe8\xfe\xd6\xa6\xea', 0x0)
pwritev(r6, &(0x7f0000000340)=[{&(0x7f0000000040)='\'', 0x1}], 0x1, 0x81805)
ioctl$LOOP_CHANGE_FD(r5, 0x4c00, r6)
sendfile(r5, r5, &(0x7f0000000000), 0x2000005)
ioctl$LOOP_SET_FD(r5, 0x4c00, r6)
keyctl$get_keyring_id(0x0, 0x0, 0x0)

[ 1810.069705][T27666] overlayfs: overlapping lowerdir path
03:47:34 executing program 1:
r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000080)='/dev/bsg\x00', 0x200840, 0x0)
r1 = socket$inet6_udp(0xa, 0x2, 0x0)
fcntl$dupfd(0xffffffffffffffff, 0x406, r1)
getpeername$netlink(r0, &(0x7f0000000080), &(0x7f0000000100)=0xc)
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0)
r2 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000000)='/dev/fuse\x00', 0x2, 0x0)
mount$fuse(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000180)='fuse\x00', 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB='dd=', @ANYRESHEX=r2, @ANYBLOB])
unlink(&(0x7f0000000380)='./file0/file0\x00')
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000280)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
write$binfmt_elf32(r3, 0x0, 0x0)
prlimit64(0x0, 0x0, &(0x7f0000000280)={0x9}, 0x0)
sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0)
pipe(&(0x7f0000000200)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
write(r6, &(0x7f0000000340), 0x41395527)
vmsplice(r5, &(0x7f0000000000)=[{0x0}], 0x1, 0x0)
recvmmsg(r4, &(0x7f00000068c0)=[{{0x0, 0x0, 0x0}}], 0x284, 0x122, 0x0)

03:47:34 executing program 2:
perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x7e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000100)}, 0x0, 0x3, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000300)='nl80211\x00')
socket(0x0, 0x0, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
socket$netlink(0x10, 0x3, 0x0)
sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, 0x0}, 0x0)
socket(0x10, 0x2, 0x0)
write(0xffffffffffffffff, 0x0, 0x0)
perf_event_open(&(0x7f0000000700)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
r1 = creat(&(0x7f0000000180)='./file0\x00', 0x0)
fallocate(r1, 0x0, 0x0, 0x0)
fallocate(r0, 0x0, 0x0, 0x0)
ioctl$EXT4_IOC_MOVE_EXT(r0, 0xc028660f, &(0x7f00000000c0)={0x4, r1})
r2 = socket(0x1e, 0x1, 0x0)
bind$tipc(r2, &(0x7f0000000040)=@name={0x1e, 0x2, 0x3, {{0x41}, 0x2}}, 0x10)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040)='nl80211\x00')
sendmsg$NL80211_CMD_NEW_INTERFACE(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x14, r4, 0x405, 0x0, 0x0, {0x7e}}, 0x14}}, 0x0)
sendmsg$NL80211_CMD_DEL_INTERFACE(0xffffffffffffffff, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)

03:47:34 executing program 4:
openat$bsg(0xffffffffffffff9c, &(0x7f0000000080)='/dev/bsg\x00', 0x200840, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff)
getpeername$netlink(0xffffffffffffffff, 0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0)
openat$fuse(0xffffffffffffff9c, 0x0, 0x2, 0x0)
mount$fuse(0x0, 0x0, &(0x7f0000000180)='fuse\x00', 0x0, 0x0)
unlink(0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000280)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
write$binfmt_elf32(r0, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0)
socket$inet6(0xa, 0x2, 0x0)
pipe(&(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
fcntl$setpipe(r3, 0x407, 0x0)
write(r3, &(0x7f0000000340), 0x41395527)
vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)
sched_setattr(0x0, &(0x7f00000002c0)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0)
recvmmsg(r1, &(0x7f00000068c0)=[{{0x0, 0x0, 0x0}}], 0x284, 0x122, 0x0)
umount2(0x0, 0xa)
readahead(0xffffffffffffffff, 0x0, 0x0)

03:47:34 executing program 3:
r0 = gettid()
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r1 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r1, 0x800)
lseek(r1, 0x0, 0x2)
r2 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r1, r2, 0x0, 0x8400fffffffa)
sendfile(0xffffffffffffffff, r2, 0x0, 0x280900)
timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x1c9c380}}, 0x0)
tkill(r0, 0x401104000000016)

03:47:34 executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000007000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, &(0x7f0000000040))
ioctl$KVM_GET_REG_LIST(0xffffffffffffffff, 0xc008aeb0, 0x0)
dup(0xffffffffffffffff)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r3 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x48186, 0x0)
ioctl$int_in(r3, 0x0, &(0x7f0000000300))
socket$inet(0x2, 0x80001, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00')
sendmsg$IPVS_CMD_DEL_DEST(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x28, r5, 0x1, 0x0, 0x0, {}, [@IPVS_CMD_ATTR_SERVICE={0x14, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_PORT={0x6}, @IPVS_SVC_ATTR_PROTOCOL={0x6}]}]}, 0x28}}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000240)={0x0, <r6=>0x0})
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0xe}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r6+30000000}, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(r2, 0x4068aea3, &(0x7f0000000140)={0x7b})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x100, 0x40000004, 0x0, 0x0, 0x0, 0x4cb, 0x80000000], 0x10000})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

03:47:34 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, 0x0)
openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x48186, 0x0)
ioctl$int_in(0xffffffffffffffff, 0x800000c004500a, &(0x7f0000000300))
socket$inet(0x2, 0x80001, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IPVS_CMD_DEL_DEST(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000240)={0x0, <r2=>0x0})
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0xffffff7f}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(0xffffffffffffffff, 0x4068aea3, &(0x7f0000000140)={0x7b})
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x40000004, 0x0, 0x0, 0x0, 0x4cb, 0x80000000], 0x10000})

[ 1810.480438][T27776] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2
[ 1810.487989][T27789] fuse: Unknown parameter 'dd'
03:47:35 executing program 4:
mkdirat(0xffffffffffffff9c, 0x0, 0x0)
unlink(0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000280)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
write$binfmt_elf32(r0, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
r2 = getpid()
sched_setattr(r2, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0)
r3 = socket$inet6(0xa, 0x2, 0x0)
recvmmsg(r3, &(0x7f0000002380)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0)
pipe(&(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
fcntl$setpipe(r5, 0x407, 0x0)
write(r5, &(0x7f0000000340), 0x41395527)
vmsplice(r4, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)
sched_setattr(0x0, &(0x7f00000002c0)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0)
recvmmsg(r1, &(0x7f00000068c0)=[{{0x0, 0x0, 0x0}}], 0x284, 0x122, 0x0)

[ 1810.654227][T27786] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2
03:47:35 executing program 2:
perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x7e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000100)}, 0x0, 0x3, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000300)='nl80211\x00')
socket(0x0, 0x0, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
socket$netlink(0x10, 0x3, 0x0)
sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, 0x0}, 0x0)
socket(0x10, 0x2, 0x0)
write(0xffffffffffffffff, 0x0, 0x0)
perf_event_open(&(0x7f0000000700)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
r1 = creat(&(0x7f0000000180)='./file0\x00', 0x0)
fallocate(r1, 0x0, 0x0, 0x0)
fallocate(r0, 0x0, 0x0, 0x0)
ioctl$EXT4_IOC_MOVE_EXT(r0, 0xc028660f, &(0x7f00000000c0)={0x4, r1})
r2 = socket(0x1e, 0x1, 0x0)
bind$tipc(r2, &(0x7f0000000040)=@name={0x1e, 0x2, 0x3, {{0x41}, 0x2}}, 0x10)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040)='nl80211\x00')
sendmsg$NL80211_CMD_NEW_INTERFACE(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x14, r4, 0x405, 0x0, 0x0, {0x7e}}, 0x14}}, 0x0)
sendmsg$NL80211_CMD_DEL_INTERFACE(0xffffffffffffffff, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)

03:47:35 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, 0x0)
openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x48186, 0x0)
ioctl$int_in(0xffffffffffffffff, 0x800000c004500a, &(0x7f0000000300))
socket$inet(0x2, 0x80001, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IPVS_CMD_DEL_DEST(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000240)={0x0, <r2=>0x0})
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0xfffffffe}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(0xffffffffffffffff, 0x4068aea3, &(0x7f0000000140)={0x7b})
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x40000004, 0x0, 0x0, 0x0, 0x4cb, 0x80000000], 0x10000})

03:47:35 executing program 3:
r0 = gettid()
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r1 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r1, 0x800)
lseek(r1, 0x0, 0x2)
r2 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r1, r2, 0x0, 0x8400fffffffa)
sendfile(0xffffffffffffffff, r2, 0x0, 0x280900)
timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x1c9c380}}, 0x0)
tkill(r0, 0x401104000000016)

03:47:35 executing program 4:
syz_open_dev$sndtimer(&(0x7f0000000080)='/dev/snd/timer\x00', 0x0, 0x0)
r0 = syz_open_dev$sndtimer(0x0, 0x0, 0x0)
ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000040)={{0x100000001}})
ioctl$SNDRV_TIMER_IOCTL_START(r0, 0x54a0)
ioctl$SNDRV_TIMER_IOCTL_PARAMS(r0, 0x40505412, &(0x7f0000000140)={0x0, 0xfffffffb})

03:47:35 executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000007000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, &(0x7f0000000040))
ioctl$KVM_GET_REG_LIST(0xffffffffffffffff, 0xc008aeb0, 0x0)
dup(0xffffffffffffffff)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r3 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x48186, 0x0)
ioctl$int_in(r3, 0x0, &(0x7f0000000300))
socket$inet(0x2, 0x80001, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00')
sendmsg$IPVS_CMD_DEL_DEST(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x28, r5, 0x1, 0x0, 0x0, {}, [@IPVS_CMD_ATTR_SERVICE={0x14, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_PORT={0x6}, @IPVS_SVC_ATTR_PROTOCOL={0x6}]}]}, 0x28}}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000240)={0x0, <r6=>0x0})
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0xf}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r6+30000000}, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(r2, 0x4068aea3, &(0x7f0000000140)={0x7b})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x100, 0x40000004, 0x0, 0x0, 0x0, 0x4cb, 0x80000000], 0x10000})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

[ 1811.084309][T28021] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2
03:47:35 executing program 1:
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f0000000380)='./file0\x00', 0x1000000, 0x2, &(0x7f0000000240)=[{&(0x7f0000000080)="ffffffff6b66732e666174000204010002000370fff8", 0x16}, {&(0x7f0000000140)="eaed36f0bf8c35d52af9631f", 0xc, 0x1000}], 0x0, 0x0)
r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0)
getdents(r0, &(0x7f0000000580)=""/111, 0x6f)

03:47:35 executing program 2:
io_setup(0x0, &(0x7f00000003c0))

03:47:35 executing program 3:
r0 = gettid()
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r1 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r1, 0x800)
lseek(r1, 0x0, 0x2)
r2 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r1, r2, 0x0, 0x8400fffffffa)
sendfile(0xffffffffffffffff, r2, 0x0, 0x280900)
timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x1c9c380}}, 0x0)
tkill(r0, 0x401104000000016)

03:47:35 executing program 4:
syz_open_dev$sndtimer(&(0x7f0000000080)='/dev/snd/timer\x00', 0x0, 0x0)
r0 = syz_open_dev$sndtimer(0x0, 0x0, 0x0)
ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000040)={{0x100000001}})
ioctl$SNDRV_TIMER_IOCTL_START(r0, 0x54a0)
ioctl$SNDRV_TIMER_IOCTL_PARAMS(r0, 0x40505412, &(0x7f0000000140)={0x0, 0xfffffffb})

03:47:36 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, 0x0)
openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x48186, 0x0)
ioctl$int_in(0xffffffffffffffff, 0x800000c004500a, &(0x7f0000000300))
socket$inet(0x2, 0x80001, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IPVS_CMD_DEL_DEST(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000240)={0x0, <r2=>0x0})
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x10000000000}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(0xffffffffffffffff, 0x4068aea3, &(0x7f0000000140)={0x7b})
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x40000004, 0x0, 0x0, 0x0, 0x4cb, 0x80000000], 0x10000})

03:47:36 executing program 1:
mkdir(&(0x7f0000000240)='./file1\x00', 0x0)
mkdir(&(0x7f0000000180)='./bus\x00', 0x0)
mkdir(&(0x7f0000000140)='./file0\x00', 0x0)
mount$overlay(0x400000, &(0x7f0000000000)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB='lowerdir=./bus,workdir=./file1,upperdir=./file0'])

03:47:36 executing program 2:
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
mount$bpf(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000180)='bpf\x00', 0x0, 0x0)
mount$overlay(0x400000, &(0x7f0000000100)='./file0\x00', &(0x7f00000001c0)='overlay\x00', 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB=',lowerdir=.:file0'])
r0 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
io_submit(0x0, 0x0, 0x0)
write$P9_RSYMLINK(r0, &(0x7f0000000140)={0x14}, 0x14)
chdir(&(0x7f0000000080)='./file0\x00')
open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0)

03:47:36 executing program 4:
syz_open_dev$sndtimer(&(0x7f0000000080)='/dev/snd/timer\x00', 0x0, 0x0)
r0 = syz_open_dev$sndtimer(0x0, 0x0, 0x0)
ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000040)={{0x100000001}})
ioctl$SNDRV_TIMER_IOCTL_START(r0, 0x54a0)
ioctl$SNDRV_TIMER_IOCTL_PARAMS(r0, 0x40505412, &(0x7f0000000140)={0x0, 0xfffffffb})

03:47:36 executing program 1:
perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x7e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000100)}, 0x0, 0x3, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000300)='nl80211\x00')
socket(0x10, 0x0, 0x0)
sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0)
perf_event_open(&(0x7f0000000700)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
r1 = creat(&(0x7f0000000180)='./file0\x00', 0x0)
fallocate(r1, 0x0, 0x0, 0x2000402)
fallocate(r0, 0x0, 0x0, 0x110001)
ioctl$EXT4_IOC_MOVE_EXT(r0, 0xc028660f, &(0x7f00000000c0)={0x4, r1})
bind$tipc(0xffffffffffffffff, &(0x7f0000000040)=@name={0x1e, 0x2, 0x3, {{0x41}, 0x2}}, 0x10)
sendmsg$NL80211_CMD_NEW_INTERFACE(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x14, 0x0, 0x405, 0x0, 0x0, {0x7e}}, 0x14}}, 0x0)
sendmsg$NL80211_CMD_DEL_INTERFACE(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000140)={0x1c, 0x0, 0x0, 0x0, 0x25dfdbfd, {}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x3}]}, 0x1c}}, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)

03:47:36 executing program 3:
r0 = gettid()
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r1 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r1, 0x800)
lseek(r1, 0x0, 0x2)
r2 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r1, r2, 0x0, 0x8400fffffffa)
sendfile(r1, 0xffffffffffffffff, 0x0, 0x280900)
timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x1c9c380}}, 0x0)
tkill(r0, 0x401104000000016)

03:47:36 executing program 4:
syz_open_dev$sndtimer(&(0x7f0000000080)='/dev/snd/timer\x00', 0x0, 0x0)
r0 = syz_open_dev$sndtimer(0x0, 0x0, 0x0)
ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000040)={{0x100000001}})
ioctl$SNDRV_TIMER_IOCTL_START(r0, 0x54a0)
ioctl$SNDRV_TIMER_IOCTL_PARAMS(r0, 0x40505412, &(0x7f0000000140)={0x0, 0xfffffffb})

03:47:36 executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000007000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, &(0x7f0000000040))
ioctl$KVM_GET_REG_LIST(0xffffffffffffffff, 0xc008aeb0, 0x0)
dup(0xffffffffffffffff)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r3 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x48186, 0x0)
ioctl$int_in(r3, 0x0, &(0x7f0000000300))
socket$inet(0x2, 0x80001, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00')
sendmsg$IPVS_CMD_DEL_DEST(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x28, r5, 0x1, 0x0, 0x0, {}, [@IPVS_CMD_ATTR_SERVICE={0x14, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_PORT={0x6}, @IPVS_SVC_ATTR_PROTOCOL={0x6}]}]}, 0x28}}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000240)={0x0, <r6=>0x0})
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x10}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r6+30000000}, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(r2, 0x4068aea3, &(0x7f0000000140)={0x7b})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x100, 0x40000004, 0x0, 0x0, 0x0, 0x4cb, 0x80000000], 0x10000})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

03:47:36 executing program 2:
syz_open_dev$sndtimer(&(0x7f0000000080)='/dev/snd/timer\x00', 0x0, 0x0)
r0 = syz_open_dev$sndtimer(0x0, 0x0, 0x0)
clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000040)={{0x2}})

03:47:36 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, 0x0)
openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x48186, 0x0)
ioctl$int_in(0xffffffffffffffff, 0x800000c004500a, &(0x7f0000000300))
socket$inet(0x2, 0x80001, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IPVS_CMD_DEL_DEST(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000240)={0x0, <r2=>0x0})
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x150b0d264ea}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(0xffffffffffffffff, 0x4068aea3, &(0x7f0000000140)={0x7b})
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x40000004, 0x0, 0x0, 0x0, 0x4cb, 0x80000000], 0x10000})

[ 1812.380746][   T26] kauditd_printk_skb: 4 callbacks suppressed
[ 1812.380764][   T26] audit: type=1800 audit(1580356056.742:209): pid=28297 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.3" name="bus" dev="loop3" ino=211 res=0
03:47:36 executing program 2:
r0 = socket(0x10, 0x2, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={<r1=>0xffffffffffffffff})
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
r3 = dup2(r1, r2)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
sendto(r0, &(0x7f0000000140)="120000001200e7ef007b1a3fcd00000000a1", 0x12, 0x0, 0x0, 0x0)
recvmmsg(r0, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0x80, &(0x7f0000000380)=[{&(0x7f0000000040)=""/95, 0x249}, {&(0x7f00000000c0)=""/85, 0x4e4}, {&(0x7f0000000600)=""/4096, 0x1098}, {&(0x7f0000000400)=""/120, 0x22a}, {&(0x7f0000000480)=""/60, 0xc6}, {&(0x7f0000000280)=""/77, 0xf}, {&(0x7f0000000540)=""/154, 0x9a}, {&(0x7f0000000340)=""/22, 0x16}], 0x8, &(0x7f0000000180)=""/191, 0x1f9}}], 0x4000000000001de, 0x6, &(0x7f0000003700)={0x77359400})

03:47:36 executing program 4:
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000100)='/dev/fuse\x00', 0x2, 0x0)
mount$fuse(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000080)='fuse\x00', 0x0, &(0x7f0000000400)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}, 0x2c, {'user_id'}, 0x2c, {'group_id'}})
r1 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000080)='/dev/bsg\x00', 0x200840, 0x0)
r2 = socket$inet6_udp(0xa, 0x2, 0x0)
fcntl$dupfd(r1, 0x406, r2)
write$FUSE_INTERRUPT(r1, &(0x7f00000000c0)={0x10, 0x0, 0x2}, 0x10)
read$FUSE(r0, &(0x7f0000000580), 0xefee)
r3 = openat$bsg(0xffffffffffffff9c, 0x0, 0x200840, 0x0)
fcntl$dupfd(r3, 0x406, 0xffffffffffffffff)
write$FUSE_INIT(r3, &(0x7f0000000140)={0x50, 0xffffffffffffffda, 0x2, {0x7, 0x1b, 0xffff, 0x2030c07, 0x0, 0x8}}, 0x50)
mkdir(&(0x7f0000000080)='./file0\x00', 0x0)
r4 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000000)='/dev/fuse\x00', 0x2, 0x0)
mount$fuse(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000180)='fuse\x00', 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r4, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
r5 = socket$inet6(0xa, 0x2, 0x0)
dup3(r5, r4, 0x0)

03:47:36 executing program 3:
r0 = gettid()
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r1 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r1, 0x800)
lseek(r1, 0x0, 0x2)
r2 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r1, r2, 0x0, 0x8400fffffffa)
sendfile(r1, 0xffffffffffffffff, 0x0, 0x280900)
timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x1c9c380}}, 0x0)
tkill(r0, 0x401104000000016)

03:47:37 executing program 4:
r0 = syz_open_dev$sndtimer(&(0x7f0000000080)='/dev/snd/timer\x00', 0x0, 0x0)
fgetxattr(r0, &(0x7f0000000040)=@known='trusted.overlay.origin\x00', &(0x7f0000000100)=""/244, 0xf4)

03:47:37 executing program 2:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
r0 = getpid()
sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5, 0x3}, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0)
fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0)
write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527)
vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0)
r2 = syz_open_dev$loop(&(0x7f00000000c0)='/dev/loop#\x00', 0x0, 0x82)
r3 = memfd_create(&(0x7f0000000280)='t\x05\x00\x00\x00\x8c\x00\x822@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xcb\xe8\xfe\xd6\xa6\xea', 0x0)
pwritev(r3, &(0x7f0000000340)=[{&(0x7f0000000040)='\'', 0x1}], 0x1, 0x81805)
ioctl$LOOP_CHANGE_FD(r2, 0x4c00, r3)
sendfile(r2, r2, &(0x7f0000000000), 0x2000005)
ioctl$LOOP_SET_FD(r2, 0x4c00, r3)
keyctl$get_keyring_id(0x0, 0x0, 0x0)

03:47:37 executing program 1:
syz_open_dev$sndtimer(&(0x7f0000000080)='/dev/snd/timer\x00', 0x0, 0x0)
r0 = syz_open_dev$sndtimer(0x0, 0x0, 0x0)
ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0xc0505405, &(0x7f0000000040)={{0x100000001, 0x0, 0x0, 0x3, 0xfffffffe}})

03:47:37 executing program 4:
socket(0x0, 0x0, 0x0)
write(0xffffffffffffffff, 0x0, 0x0)
perf_event_open(&(0x7f0000000700)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
r1 = creat(&(0x7f0000000180)='./file0\x00', 0x0)
fallocate(r1, 0x0, 0x0, 0x2000402)
fallocate(r0, 0x0, 0x0, 0x110001)
ioctl$EXT4_IOC_MOVE_EXT(r0, 0xc028660f, &(0x7f00000000c0)={0x4, r1})
bind$tipc(0xffffffffffffffff, 0x0, 0x0)
setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f00000000c0)=0x100000001, 0x4)

[ 1812.812871][   T26] audit: type=1800 audit(1580356057.172:210): pid=28432 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.3" name="bus" dev="loop3" ino=212 res=0
03:47:37 executing program 1:
setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, 0x0, 0x0)
r0 = socket$inet6(0xa, 0x80003, 0x6b)
setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000080)=ANY=[@ANYBLOB="7261770000000000000000000000000000000000000000000000000000000000c1030000030000002004000000000000800200000000000000000000000000005003000050030000500300005003000050030000030000000000000000000000fe8000000000000000000000000000bbff020000000000000000000000000001000000000000000000000000000000000000000000000000000000000000000076657468315f746f5f626f6e640000006e6574706369300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000500280020000000001000000000000000000000000000000000000005001686173686c696d69740000000000000000000000000000000000000000027465616d5f736c6176655f310000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000fe18b61a000800000000000000000000000000005800686173686c696d697400000000000000000000000000000000000000000173797a6b616c6c657231000000000000000000000000000004000000000000000000000005000000a60000000000000000000000000000003000434f4e4e4d41524b00000000000000000000000000000000000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a800d0000000000000000000000000000000000000000000000000002800434c4153534946590000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a800d0000000000000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000000feffffff"], 0x1)

03:47:37 executing program 3:
r0 = gettid()
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r1 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r1, 0x800)
lseek(r1, 0x0, 0x2)
r2 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r1, r2, 0x0, 0x8400fffffffa)
sendfile(r1, 0xffffffffffffffff, 0x0, 0x280900)
timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x1c9c380}}, 0x0)
tkill(r0, 0x401104000000016)

[ 1813.093683][T28555] x_tables: ip6_tables: CLASSIFY target: used from hooks PREROUTING, but only usable from FORWARD/OUTPUT/POSTROUTING
[ 1813.113457][T28560] x_tables: ip6_tables: CLASSIFY target: used from hooks PREROUTING, but only usable from FORWARD/OUTPUT/POSTROUTING
03:47:37 executing program 1:
setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, 0x0, 0x0)
r0 = socket$inet6(0xa, 0x80003, 0x6b)
setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000080)=ANY=[@ANYBLOB="7261770000000000000000000000000000000000000000000000000000000000c1030000030000002004000000000000800200000000000000000000000000005003000050030000500300005003000050030000030000000000000000000000fe8000000000000000000000000000bbff020000000000000000000000000001000000000000000000000000000000000000000000000000000000000000000076657468315f746f5f626f6e640000006e6574706369300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000500280020000000001000000000000000000000000000000000000005001686173686c696d69740000000000000000000000000000000000000000027465616d5f736c6176655f310000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000fe18b61a000800000000000000000000000000005800686173686c696d697400000000000000000000000000000000000000000173797a6b616c6c657231000000000000000000000000000004000000000000000000000005000000a60000000000000000000000000000003000434f4e4e4d41524b00000000000000000000000000000000000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a800d0000000000000000000000000000000000000000000000000002800434c4153534946590000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a800d0000000000000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000000feffffff"], 0x1)

03:47:37 executing program 4:
r0 = socket$inet6(0xa, 0x1, 0x0)
sendto$inet6(r0, 0x0, 0xfffffffffffffc69, 0x20000030, &(0x7f0000000040)={0xa, 0x0, 0x0, @loopback}, 0x1c)

03:47:37 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, 0x0)
openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x48186, 0x0)
ioctl$int_in(0xffffffffffffffff, 0x800000c004500a, &(0x7f0000000300))
socket$inet(0x2, 0x80001, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IPVS_CMD_DEL_DEST(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000240)={0x0, <r2=>0x0})
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1000000000000}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(0xffffffffffffffff, 0x4068aea3, &(0x7f0000000140)={0x7b})
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x40000004, 0x0, 0x0, 0x0, 0x4cb, 0x80000000], 0x10000})

03:47:37 executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000007000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, &(0x7f0000000040))
ioctl$KVM_GET_REG_LIST(0xffffffffffffffff, 0xc008aeb0, 0x0)
dup(0xffffffffffffffff)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r3 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x48186, 0x0)
ioctl$int_in(r3, 0x0, &(0x7f0000000300))
socket$inet(0x2, 0x80001, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00')
sendmsg$IPVS_CMD_DEL_DEST(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x28, r5, 0x1, 0x0, 0x0, {}, [@IPVS_CMD_ATTR_SERVICE={0x14, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_PORT={0x6}, @IPVS_SVC_ATTR_PROTOCOL={0x6}]}]}, 0x28}}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000240)={0x0, <r6=>0x0})
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x11}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r6+30000000}, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(r2, 0x4068aea3, &(0x7f0000000140)={0x7b})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x100, 0x40000004, 0x0, 0x0, 0x0, 0x4cb, 0x80000000], 0x10000})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

[ 1813.467137][   T26] audit: type=1800 audit(1580356057.832:211): pid=28568 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.3" name="bus" dev="loop3" ino=213 res=0
[ 1813.503848][T28574] x_tables: ip6_tables: CLASSIFY target: used from hooks PREROUTING, but only usable from FORWARD/OUTPUT/POSTROUTING
03:47:37 executing program 4:
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
mount$bpf(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000180)='bpf\x00', 0x0, 0x0)
mount$overlay(0x400000, &(0x7f0000000100)='./file0\x00', &(0x7f00000001c0)='overlay\x00', 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB=',lowerdir=.:file0'])
r0 = socket(0x10, 0x2, 0x0)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, <r1=>0x0}, &(0x7f0000cab000)=0xfd08283856736a22)
setuid(r1)
chdir(&(0x7f0000000080)='./file0\x00')

03:47:38 executing program 3:
r0 = gettid()
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r1 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r1, 0x800)
lseek(r1, 0x0, 0x2)
r2 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r1, r2, 0x0, 0x8400fffffffa)
sendfile(r1, r2, 0x0, 0x0)
timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x1c9c380}}, 0x0)
tkill(r0, 0x401104000000016)

03:47:38 executing program 2:
syz_open_dev$sndtimer(&(0x7f0000000080)='/dev/snd/timer\x00', 0x0, 0x0)
r0 = syz_open_dev$sndtimer(0x0, 0x0, 0x0)
clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000040)={{0x3}})

03:47:38 executing program 1:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0)
ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, "00000000000000000000000000ddc1517600"})
r1 = syz_open_pts(r0, 0x0)
ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000200)=0x1b)
ioctl$TCSETS(r0, 0x5404, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0x0, "fe6740d4f8a23374aea4d6a0573ea7d3198c96"})

03:47:38 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, 0x0)
openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x48186, 0x0)
ioctl$int_in(0xffffffffffffffff, 0x800000c004500a, &(0x7f0000000300))
socket$inet(0x2, 0x80001, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IPVS_CMD_DEL_DEST(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000240)={0x0, <r2=>0x0})
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x10000000000000}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(0xffffffffffffffff, 0x4068aea3, &(0x7f0000000140)={0x7b})
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x40000004, 0x0, 0x0, 0x0, 0x4cb, 0x80000000], 0x10000})

03:47:38 executing program 1:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ptmx\x00', 0x8000000000006, 0x0)
ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0xfe})
write$binfmt_aout(r0, &(0x7f0000000240)=ANY=[], 0x35b)
ioctl$TCSETA(r0, 0x5406, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0xb627, 0x0, "04032e7afffffff1"})
r1 = syz_open_pts(r0, 0x0)
ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000100)={0x17})

03:47:38 executing program 4:
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0xa, &(0x7f0000000040)=0x78, 0x4)
bind$inet(r0, &(0x7f0000000100)={0x2, 0x4e23, @broadcast}, 0x10)
sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @loopback}, 0x10)
dup(0xffffffffffffffff)
socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_inet_SIOCSIFFLAGS(0xffffffffffffffff, 0x8914, 0x0)
sendmsg$TIPC_NL_PEER_REMOVE(0xffffffffffffffff, 0x0, 0x0)
socketpair$unix(0x1, 0x0, 0x0, 0x0)
socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(0xffffffffffffffff, 0x0, 0x0)
connect$inet(0xffffffffffffffff, 0x0, 0x0)
sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0)
getsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, 0x0, 0x0)
dup(0xffffffffffffffff)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0)
syz_genetlink_get_family_id$devlink(0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000140)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
open(0x0, 0x0, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x0, 0x10, 0xffffffffffffffff, 0x0)
r3 = open(&(0x7f00000009c0)='./bus\x00', 0x141042, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x0, 0x11, r3, 0x0)
sendmsg$DEVLINK_CMD_GET(0xffffffffffffffff, 0x0, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
openat$zero(0xffffffffffffff9c, 0x0, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
sendto$inet(r0, &(0x7f00000000c0)="e0", 0xffd4, 0x0, 0x0, 0x0)

03:47:38 executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000007000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, &(0x7f0000000040))
ioctl$KVM_GET_REG_LIST(0xffffffffffffffff, 0xc008aeb0, 0x0)
dup(0xffffffffffffffff)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r3 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x48186, 0x0)
ioctl$int_in(r3, 0x0, &(0x7f0000000300))
socket$inet(0x2, 0x80001, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00')
sendmsg$IPVS_CMD_DEL_DEST(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x28, r5, 0x1, 0x0, 0x0, {}, [@IPVS_CMD_ATTR_SERVICE={0x14, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_PORT={0x6}, @IPVS_SVC_ATTR_PROTOCOL={0x6}]}]}, 0x28}}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000240)={0x0, <r6=>0x0})
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x12}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r6+30000000}, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(r2, 0x4068aea3, &(0x7f0000000140)={0x7b})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x100, 0x40000004, 0x0, 0x0, 0x0, 0x4cb, 0x80000000], 0x10000})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

03:47:38 executing program 2:
perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x7e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000100)}, 0x0, 0x3, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000300)='nl80211\x00')
socket(0x10, 0x0, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
socket$netlink(0x10, 0x3, 0x0)
sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, 0x0}, 0x0)
socket(0x10, 0x2, 0x0)
write(0xffffffffffffffff, 0x0, 0x0)
perf_event_open(&(0x7f0000000700)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
r1 = creat(&(0x7f0000000180)='./file0\x00', 0x0)
fallocate(r1, 0x0, 0x0, 0x2000402)
fallocate(r0, 0x0, 0x0, 0x110001)
ioctl$EXT4_IOC_MOVE_EXT(r0, 0xc028660f, &(0x7f00000000c0)={0x4, r1})
r2 = socket(0x1e, 0x1, 0x0)
bind$tipc(r2, &(0x7f0000000040)=@name={0x1e, 0x2, 0x3, {{0x41}, 0x2}}, 0x10)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040)='nl80211\x00')
sendmsg$NL80211_CMD_NEW_INTERFACE(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x14, r4, 0x405, 0x0, 0x0, {0x7e}}, 0x14}}, 0x0)
sendmsg$NL80211_CMD_DEL_INTERFACE(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000140)={0x24, r4, 0x0, 0x70bd29, 0x25dfdbfd, {}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x3}, @NL80211_ATTR_IFINDEX={0x8}]}, 0x24}}, 0x0)
r5 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r5, 0x6, 0x13, &(0x7f00000000c0)=0x100000001, 0x4)
connect$inet6(r5, &(0x7f0000000180)={0xa, 0x0, 0x0, @loopback}, 0x1c)

[ 1814.145294][   T26] audit: type=1800 audit(1580356058.512:212): pid=28723 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.3" name="bus" dev="sda1" ino=17010 res=0
03:47:38 executing program 1:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ptmx\x00', 0x8000000000006, 0x0)
ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0xfe})
write$binfmt_aout(r0, &(0x7f0000000240)=ANY=[], 0x35b)
ioctl$TCSETA(r0, 0x5406, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0xb627, 0x0, "04032e7afffffff1"})
r1 = syz_open_pts(r0, 0x0)
ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000100)={0x17})

03:47:38 executing program 3:
r0 = gettid()
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r1 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r1, 0x800)
lseek(r1, 0x0, 0x2)
r2 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r1, r2, 0x0, 0x8400fffffffa)
sendfile(r1, r2, 0x0, 0x0)
timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x1c9c380}}, 0x0)
tkill(r0, 0x401104000000016)

03:47:38 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, 0x0)
openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x48186, 0x0)
ioctl$int_in(0xffffffffffffffff, 0x800000c004500a, &(0x7f0000000300))
socket$inet(0x2, 0x80001, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IPVS_CMD_DEL_DEST(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000240)={0x0, <r2=>0x0})
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x40000000000000}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(0xffffffffffffffff, 0x4068aea3, &(0x7f0000000140)={0x7b})
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x40000004, 0x0, 0x0, 0x0, 0x4cb, 0x80000000], 0x10000})

[ 1814.517202][T28836] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2
[ 1814.521694][   T26] audit: type=1800 audit(1580356058.882:213): pid=28847 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.3" name="bus" dev="loop3" ino=214 res=0
03:47:38 executing program 4:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
r0 = getpid()
sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5, 0x3}, 0x0)
socket$inet6(0xa, 0x2, 0x0)
write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527)
sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0)
socket$packet(0x11, 0x3, 0x300)
read$FUSE(0xffffffffffffffff, 0x0, 0x0)
write$FUSE_CREATE_OPEN(0xffffffffffffffff, &(0x7f0000000380)={0xa0, 0x0, 0x0, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8}}}}, 0xa0)
r1 = syz_open_dev$loop(&(0x7f00000000c0)='/dev/loop#\x00', 0x0, 0x82)
r2 = memfd_create(&(0x7f0000000280)='t\x05\x00\x00\x00\x8c\x00\x822@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xcb\xe8\xfe\xd6\xa6\xea', 0x0)
pwritev(r2, &(0x7f0000000340)=[{&(0x7f0000000040)='\'', 0x1}], 0x1, 0x81805)
ioctl$LOOP_CHANGE_FD(r1, 0x4c00, r2)
sendfile(r1, r1, &(0x7f0000000000), 0x2000005)

03:47:38 executing program 1:

03:47:39 executing program 3:
r0 = gettid()
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r1 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r1, 0x800)
lseek(r1, 0x0, 0x2)
r2 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r1, r2, 0x0, 0x8400fffffffa)
sendfile(r1, r2, 0x0, 0x0)
timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x1c9c380}}, 0x0)
tkill(r0, 0x401104000000016)

03:47:39 executing program 2:

03:47:39 executing program 1:

03:47:39 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, 0x0)
openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x48186, 0x0)
ioctl$int_in(0xffffffffffffffff, 0x800000c004500a, &(0x7f0000000300))
socket$inet(0x2, 0x80001, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IPVS_CMD_DEL_DEST(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000240)={0x0, <r2=>0x0})
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x80000000000000}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(0xffffffffffffffff, 0x4068aea3, &(0x7f0000000140)={0x7b})
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x40000004, 0x0, 0x0, 0x0, 0x4cb, 0x80000000], 0x10000})

03:47:39 executing program 4:

03:47:39 executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000007000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, &(0x7f0000000040))
ioctl$KVM_GET_REG_LIST(0xffffffffffffffff, 0xc008aeb0, 0x0)
dup(0xffffffffffffffff)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r3 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x48186, 0x0)
ioctl$int_in(r3, 0x0, &(0x7f0000000300))
socket$inet(0x2, 0x80001, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00')
sendmsg$IPVS_CMD_DEL_DEST(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x28, r5, 0x1, 0x0, 0x0, {}, [@IPVS_CMD_ATTR_SERVICE={0x14, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_PORT={0x6}, @IPVS_SVC_ATTR_PROTOCOL={0x6}]}]}, 0x28}}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000240)={0x0, <r6=>0x0})
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1d}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r6+30000000}, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(r2, 0x4068aea3, &(0x7f0000000140)={0x7b})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x100, 0x40000004, 0x0, 0x0, 0x0, 0x4cb, 0x80000000], 0x10000})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

03:47:39 executing program 1:
openat$bsg(0xffffffffffffff9c, &(0x7f0000000080)='/dev/bsg\x00', 0x0, 0x0)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
fcntl$dupfd(0xffffffffffffffff, 0x0, r0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000280)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
write$binfmt_elf32(r1, 0x0, 0x0)
pipe(&(0x7f0000000200)={<r3=>0xffffffffffffffff})
vmsplice(r3, 0x0, 0x0, 0x0)
recvmmsg(r2, &(0x7f00000068c0)=[{{0x0, 0x0, 0x0}}], 0x284, 0x122, 0x0)

03:47:39 executing program 4:
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000100)='/dev/fuse\x00', 0x2, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
mount$fuse(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000080)='fuse\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])

03:47:39 executing program 2:

[ 1815.288346][   T26] audit: type=1800 audit(1580356059.652:214): pid=28985 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.3" name="bus" dev="loop3" ino=215 res=0
03:47:39 executing program 1:

03:47:39 executing program 3:
r0 = gettid()
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r1 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r1, 0x800)
lseek(r1, 0x0, 0x2)
r2 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r1, r2, 0x0, 0x8400fffffffa)
sendfile(r1, r2, 0x0, 0x280900)
timer_create(0x0, 0x0, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x1c9c380}}, 0x0)
tkill(r0, 0x401104000000016)

03:47:39 executing program 2:

03:47:39 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, 0x0)
openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x48186, 0x0)
ioctl$int_in(0xffffffffffffffff, 0x800000c004500a, &(0x7f0000000300))
socket$inet(0x2, 0x80001, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IPVS_CMD_DEL_DEST(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000240)={0x0, <r2=>0x0})
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x803e0000000000}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(0xffffffffffffffff, 0x4068aea3, &(0x7f0000000140)={0x7b})
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x40000004, 0x0, 0x0, 0x0, 0x4cb, 0x80000000], 0x10000})

03:47:40 executing program 4:

03:47:40 executing program 1:

03:47:40 executing program 2:

[ 1815.820795][   T26] audit: type=1800 audit(1580356060.182:215): pid=29115 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.3" name="bus" dev="loop3" ino=216 res=0
03:47:40 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, 0x0)
openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x48186, 0x0)
ioctl$int_in(0xffffffffffffffff, 0x800000c004500a, &(0x7f0000000300))
socket$inet(0x2, 0x80001, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IPVS_CMD_DEL_DEST(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000240)={0x0, <r2=>0x0})
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0xd0070000000000}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(0xffffffffffffffff, 0x4068aea3, &(0x7f0000000140)={0x7b})
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x40000004, 0x0, 0x0, 0x0, 0x4cb, 0x80000000], 0x10000})

03:47:40 executing program 4:

03:47:40 executing program 1:

03:47:40 executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000007000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, &(0x7f0000000040))
ioctl$KVM_GET_REG_LIST(0xffffffffffffffff, 0xc008aeb0, 0x0)
dup(0xffffffffffffffff)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r3 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x48186, 0x0)
ioctl$int_in(r3, 0x0, &(0x7f0000000300))
socket$inet(0x2, 0x80001, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00')
sendmsg$IPVS_CMD_DEL_DEST(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x28, r5, 0x1, 0x0, 0x0, {}, [@IPVS_CMD_ATTR_SERVICE={0x14, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_PORT={0x6}, @IPVS_SVC_ATTR_PROTOCOL={0x6}]}]}, 0x28}}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000240)={0x0, <r6=>0x0})
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x64}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r6+30000000}, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(r2, 0x4068aea3, &(0x7f0000000140)={0x7b})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x100, 0x40000004, 0x0, 0x0, 0x0, 0x4cb, 0x80000000], 0x10000})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

03:47:40 executing program 2:

03:47:40 executing program 2:

03:47:43 executing program 3:
r0 = gettid()
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r1 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r1, 0x800)
lseek(r1, 0x0, 0x2)
r2 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r1, r2, 0x0, 0x8400fffffffa)
sendfile(r1, r2, 0x0, 0x280900)
timer_create(0x0, 0x0, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x1c9c380}}, 0x0)
tkill(r0, 0x401104000000016)

03:47:43 executing program 1:

03:47:43 executing program 4:

03:47:43 executing program 2:

03:47:43 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, 0x0)
openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x48186, 0x0)
ioctl$int_in(0xffffffffffffffff, 0x800000c004500a, &(0x7f0000000300))
socket$inet(0x2, 0x80001, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IPVS_CMD_DEL_DEST(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000240)={0x0, <r2=>0x0})
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x100000000000000}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(0xffffffffffffffff, 0x4068aea3, &(0x7f0000000140)={0x7b})
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x40000004, 0x0, 0x0, 0x0, 0x4cb, 0x80000000], 0x10000})

03:47:43 executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000007000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, &(0x7f0000000040))
ioctl$KVM_GET_REG_LIST(0xffffffffffffffff, 0xc008aeb0, 0x0)
dup(0xffffffffffffffff)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r3 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x48186, 0x0)
ioctl$int_in(r3, 0x0, &(0x7f0000000300))
socket$inet(0x2, 0x80001, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00')
sendmsg$IPVS_CMD_DEL_DEST(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x28, r5, 0x1, 0x0, 0x0, {}, [@IPVS_CMD_ATTR_SERVICE={0x14, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_PORT={0x6}, @IPVS_SVC_ATTR_PROTOCOL={0x6}]}]}, 0x28}}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000240)={0x0, <r6=>0x0})
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x14d}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r6+30000000}, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(r2, 0x4068aea3, &(0x7f0000000140)={0x7b})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x100, 0x40000004, 0x0, 0x0, 0x0, 0x4cb, 0x80000000], 0x10000})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

03:47:43 executing program 1:

03:47:43 executing program 4:

03:47:43 executing program 2:

03:47:43 executing program 1:

03:47:43 executing program 2:

[ 1819.113880][   T26] audit: type=1800 audit(1580356063.482:216): pid=29181 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.3" name="bus" dev="loop3" ino=217 res=0
03:47:43 executing program 4:

03:47:46 executing program 2:

03:47:46 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, 0x0)
openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x48186, 0x0)
ioctl$int_in(0xffffffffffffffff, 0x800000c004500a, &(0x7f0000000300))
socket$inet(0x2, 0x80001, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IPVS_CMD_DEL_DEST(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000240)={0x0, <r2=>0x0})
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x200000000000000}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(0xffffffffffffffff, 0x4068aea3, &(0x7f0000000140)={0x7b})
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x40000004, 0x0, 0x0, 0x0, 0x4cb, 0x80000000], 0x10000})

03:47:46 executing program 4:

03:47:46 executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000007000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, &(0x7f0000000040))
ioctl$KVM_GET_REG_LIST(0xffffffffffffffff, 0xc008aeb0, 0x0)
dup(0xffffffffffffffff)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r3 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x48186, 0x0)
ioctl$int_in(r3, 0x0, &(0x7f0000000300))
socket$inet(0x2, 0x80001, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00')
sendmsg$IPVS_CMD_DEL_DEST(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x28, r5, 0x1, 0x0, 0x0, {}, [@IPVS_CMD_ATTR_SERVICE={0x14, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_PORT={0x6}, @IPVS_SVC_ATTR_PROTOCOL={0x6}]}]}, 0x28}}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000240)={0x0, <r6=>0x0})
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x29a}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r6+30000000}, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(r2, 0x4068aea3, &(0x7f0000000140)={0x7b})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x100, 0x40000004, 0x0, 0x0, 0x0, 0x4cb, 0x80000000], 0x10000})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

03:47:46 executing program 3:
r0 = gettid()
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r1 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r1, 0x800)
lseek(r1, 0x0, 0x2)
r2 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r1, r2, 0x0, 0x8400fffffffa)
sendfile(r1, r2, 0x0, 0x280900)
timer_create(0x0, 0x0, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x1c9c380}}, 0x0)
tkill(r0, 0x401104000000016)

03:47:46 executing program 1:

03:47:46 executing program 1:

03:47:46 executing program 1:

03:47:46 executing program 2:

03:47:46 executing program 4:

03:47:46 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, 0x0)
openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x48186, 0x0)
ioctl$int_in(0xffffffffffffffff, 0x800000c004500a, &(0x7f0000000300))
socket$inet(0x2, 0x80001, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IPVS_CMD_DEL_DEST(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000240)={0x0, <r2=>0x0})
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x300000000000000}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(0xffffffffffffffff, 0x4068aea3, &(0x7f0000000140)={0x7b})
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x40000004, 0x0, 0x0, 0x0, 0x4cb, 0x80000000], 0x10000})

[ 1822.223124][   T26] audit: type=1800 audit(1580356066.582:217): pid=29221 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.3" name="bus" dev="loop3" ino=218 res=0
03:47:46 executing program 4:

03:47:46 executing program 2:

03:47:46 executing program 1:

03:47:47 executing program 4:

03:47:47 executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000007000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, &(0x7f0000000040))
ioctl$KVM_GET_REG_LIST(0xffffffffffffffff, 0xc008aeb0, 0x0)
dup(0xffffffffffffffff)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r3 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x48186, 0x0)
ioctl$int_in(r3, 0x0, &(0x7f0000000300))
socket$inet(0x2, 0x80001, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00')
sendmsg$IPVS_CMD_DEL_DEST(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x28, r5, 0x1, 0x0, 0x0, {}, [@IPVS_CMD_ATTR_SERVICE={0x14, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_PORT={0x6}, @IPVS_SVC_ATTR_PROTOCOL={0x6}]}]}, 0x28}}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000240)={0x0, <r6=>0x0})
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x300}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r6+30000000}, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(r2, 0x4068aea3, &(0x7f0000000140)={0x7b})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x100, 0x40000004, 0x0, 0x0, 0x0, 0x4cb, 0x80000000], 0x10000})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

03:47:49 executing program 1:

03:47:49 executing program 2:

03:47:49 executing program 4:

03:47:49 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, 0x0)
openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x48186, 0x0)
ioctl$int_in(0xffffffffffffffff, 0x800000c004500a, &(0x7f0000000300))
socket$inet(0x2, 0x80001, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IPVS_CMD_DEL_DEST(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000240)={0x0, <r2=>0x0})
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x400000000000000}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(0xffffffffffffffff, 0x4068aea3, &(0x7f0000000140)={0x7b})
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x40000004, 0x0, 0x0, 0x0, 0x4cb, 0x80000000], 0x10000})

03:47:49 executing program 3:
r0 = gettid()
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r1 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r1, 0x800)
lseek(r1, 0x0, 0x2)
r2 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r1, r2, 0x0, 0x8400fffffffa)
sendfile(r1, r2, 0x0, 0x280900)
timer_create(0x0, &(0x7f0000000000)={0x0, 0x0, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x1c9c380}}, 0x0)
tkill(r0, 0x401104000000016)

03:47:49 executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000007000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, &(0x7f0000000040))
ioctl$KVM_GET_REG_LIST(0xffffffffffffffff, 0xc008aeb0, 0x0)
dup(0xffffffffffffffff)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r3 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x48186, 0x0)
ioctl$int_in(r3, 0x0, &(0x7f0000000300))
socket$inet(0x2, 0x80001, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00')
sendmsg$IPVS_CMD_DEL_DEST(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x28, r5, 0x1, 0x0, 0x0, {}, [@IPVS_CMD_ATTR_SERVICE={0x14, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_PORT={0x6}, @IPVS_SVC_ATTR_PROTOCOL={0x6}]}]}, 0x28}}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000240)={0x0, <r6=>0x0})
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x500}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r6+30000000}, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(r2, 0x4068aea3, &(0x7f0000000140)={0x7b})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x100, 0x40000004, 0x0, 0x0, 0x0, 0x4cb, 0x80000000], 0x10000})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

03:47:49 executing program 4:

03:47:49 executing program 2:

03:47:49 executing program 1:

[ 1825.350923][   T26] audit: type=1800 audit(1580356069.712:218): pid=29281 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.3" name="bus" dev="loop3" ino=219 res=0
03:47:49 executing program 1:

03:47:49 executing program 4:

03:47:49 executing program 1:

03:47:50 executing program 2:

03:47:50 executing program 1:

03:47:50 executing program 4:

03:47:50 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, 0x0)
openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x48186, 0x0)
ioctl$int_in(0xffffffffffffffff, 0x800000c004500a, &(0x7f0000000300))
socket$inet(0x2, 0x80001, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IPVS_CMD_DEL_DEST(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000240)={0x0, <r2=>0x0})
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x500000000000000}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(0xffffffffffffffff, 0x4068aea3, &(0x7f0000000140)={0x7b})
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x40000004, 0x0, 0x0, 0x0, 0x4cb, 0x80000000], 0x10000})

03:47:52 executing program 3:
r0 = gettid()
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r1 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r1, 0x800)
lseek(r1, 0x0, 0x2)
r2 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r1, r2, 0x0, 0x8400fffffffa)
sendfile(r1, r2, 0x0, 0x280900)
timer_create(0x0, &(0x7f0000000000)={0x0, 0x0, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x1c9c380}}, 0x0)
tkill(r0, 0x401104000000016)

03:47:52 executing program 2:

03:47:52 executing program 1:
r0 = getpid()
sched_setscheduler(r0, 0x5, &(0x7f0000000380))
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$KVM_SET_VCPU_EVENTS(0xffffffffffffffff, 0x4040aea0, 0x0)
r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000180)='/dev/uinput\x00', 0x400000000000002, 0x0)
ioctl$UI_SET_ABSBIT(r1, 0x40045567, 0x0)
ioctl$UI_SET_EVBIT(r1, 0x40045564, 0x3)
r2 = dup(r1)
write$uinput_user_dev(r2, &(0x7f0000000980)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8]}, 0x45c)
ioctl$UI_SET_ABSBIT(0xffffffffffffffff, 0x40045567, 0x1)
ioctl$UI_DEV_CREATE(r2, 0x5501)

03:47:52 executing program 4:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000200)={0x2, 0x4e20, @multicast1}, 0x10)
connect$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x18}}, 0x10)
sendmmsg$inet(r0, &(0x7f0000003b40)=[{{0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000001940)="a5", 0xc01}], 0x1, 0x0, 0x0, 0x1cb}}, {{0x0, 0x0, &(0x7f0000000680)=[{&(0x7f0000000600)="da", 0xf570}], 0x1}}], 0x4000000000001cc, 0x4000000)

03:47:52 executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000007000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, &(0x7f0000000040))
ioctl$KVM_GET_REG_LIST(0xffffffffffffffff, 0xc008aeb0, 0x0)
dup(0xffffffffffffffff)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r3 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x48186, 0x0)
ioctl$int_in(r3, 0x0, &(0x7f0000000300))
socket$inet(0x2, 0x80001, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00')
sendmsg$IPVS_CMD_DEL_DEST(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x28, r5, 0x1, 0x0, 0x0, {}, [@IPVS_CMD_ATTR_SERVICE={0x14, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_PORT={0x6}, @IPVS_SVC_ATTR_PROTOCOL={0x6}]}]}, 0x28}}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000240)={0x0, <r6=>0x0})
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x5a3}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r6+30000000}, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(r2, 0x4068aea3, &(0x7f0000000140)={0x7b})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x100, 0x40000004, 0x0, 0x0, 0x0, 0x4cb, 0x80000000], 0x10000})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

03:47:52 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, 0x0)
openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x48186, 0x0)
ioctl$int_in(0xffffffffffffffff, 0x800000c004500a, &(0x7f0000000300))
socket$inet(0x2, 0x80001, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IPVS_CMD_DEL_DEST(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000240)={0x0, <r2=>0x0})
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x600000000000000}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(0xffffffffffffffff, 0x4068aea3, &(0x7f0000000140)={0x7b})
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x40000004, 0x0, 0x0, 0x0, 0x4cb, 0x80000000], 0x10000})

03:47:52 executing program 2:
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000340)={0x0}}, 0x0)
getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c00000010000d0700000000ff03000000000010", @ANYRES32=r2, @ANYBLOB="00000000e60000001c0012000c000100626f6e64000000000c0002000800010006000000"], 0x3c}}, 0x0)
r3 = socket$netlink(0x10, 0x3, 0x0)
r4 = socket$packet(0x11, 0x3, 0x300)
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200))
sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newlink={0x28, 0x10, 0x825, 0x0, 0x0, {0xa, 0x0, 0x0, r5}, [@IFLA_PROTO_DOWN={0x8, 0xa, 0xf}]}, 0x28}}, 0x0)

[ 1828.423863][T29329] input: syz0 as /devices/virtual/input/input60
03:47:52 executing program 4:
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = socket$alg(0x26, 0x5, 0x0)
openat$hwrng(0xffffffffffffff9c, 0x0, 0x0, 0x0)
bind$alg(r0, &(0x7f0000000040)={0x26, 'hash\x00', 0x0, 0x0, 'sha1\x00'}, 0x58)
r1 = accept4$alg(r0, 0x0, 0x0, 0x0)
sendto(r1, &(0x7f00005c8f58), 0xfffffffffffffd65, 0x0, 0x0, 0xfffffffffffffe29)

03:47:52 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, 0x0)
openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x48186, 0x0)
ioctl$int_in(0xffffffffffffffff, 0x800000c004500a, &(0x7f0000000300))
socket$inet(0x2, 0x80001, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IPVS_CMD_DEL_DEST(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000240)={0x0, <r2=>0x0})
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x700000000000000}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(0xffffffffffffffff, 0x4068aea3, &(0x7f0000000140)={0x7b})
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x40000004, 0x0, 0x0, 0x0, 0x4cb, 0x80000000], 0x10000})

[ 1828.556103][T29329] input: syz0 as /devices/virtual/input/input61
[ 1828.568433][T29441] netlink: 'syz-executor.2': attribute type 1 has an invalid length.
[ 1828.618112][   T26] audit: type=1800 audit(1580356072.982:219): pid=29439 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.3" name="bus" dev="loop3" ino=220 res=0
[ 1828.652797][T29443] 8021q: adding VLAN 0 to HW filter on device bond1
03:47:53 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, 0x0)
openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x48186, 0x0)
ioctl$int_in(0xffffffffffffffff, 0x800000c004500a, &(0x7f0000000300))
socket$inet(0x2, 0x80001, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IPVS_CMD_DEL_DEST(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000240)={0x0, <r2=>0x0})
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x300000000000000}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(0xffffffffffffffff, 0x4068aea3, &(0x7f0000000140)={0x7b})
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x40000004, 0x0, 0x0, 0x0, 0x4cb, 0x80000000], 0x10000})

[ 1828.761270][T29443] bond0: (slave bond1): Enslaving as an active interface with an up link
[ 1828.893759][T29443] netlink: 'syz-executor.2': attribute type 1 has an invalid length.
03:47:53 executing program 4:
r0 = gettid()
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r1 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r1, 0x800)
lseek(r1, 0x0, 0x2)
r2 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r1, r2, 0x0, 0x8400fffffffa)
sendfile(r1, r2, 0x0, 0x0)
timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x1c9c380}}, 0x0)
tkill(r0, 0x401104000000016)

03:47:53 executing program 2:
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000340)={0x0}}, 0x0)
getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c00000010000d0700000000ff03000000000010", @ANYRES32=r2, @ANYBLOB="00000000e60000001c0012000c000100626f6e64000000000c0002000800010006000000"], 0x3c}}, 0x0)
r3 = socket$netlink(0x10, 0x3, 0x0)
r4 = socket$packet(0x11, 0x3, 0x300)
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200))
sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newlink={0x28, 0x10, 0x825, 0x0, 0x0, {0xa, 0x0, 0x0, r5}, [@IFLA_PROTO_DOWN={0x8, 0xa, 0xf}]}, 0x28}}, 0x0)

[ 1829.101731][   T26] audit: type=1800 audit(1580356073.452:220): pid=29563 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.4" name="bus" dev="loop4" ino=221 res=0
[ 1829.170416][T29567] netlink: 'syz-executor.2': attribute type 1 has an invalid length.
[ 1829.244308][T29649] 8021q: adding VLAN 0 to HW filter on device bond2
[ 1829.257209][T29649] bond0: (slave bond2): Enslaving as an active interface with an up link
03:47:55 executing program 3:
r0 = gettid()
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r1 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r1, 0x800)
lseek(r1, 0x0, 0x2)
r2 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r1, r2, 0x0, 0x8400fffffffa)
sendfile(r1, r2, 0x0, 0x280900)
timer_create(0x0, &(0x7f0000000000)={0x0, 0x0, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x1c9c380}}, 0x0)
tkill(r0, 0x401104000000016)

03:47:55 executing program 4:
r0 = gettid()
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r1 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r1, 0x800)
lseek(r1, 0x0, 0x2)
r2 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r1, r2, 0x0, 0x8400fffffffa)
sendfile(r1, r2, 0x0, 0x0)
timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x1c9c380}}, 0x0)
tkill(r0, 0x401104000000016)

03:47:55 executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000007000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, &(0x7f0000000040))
ioctl$KVM_GET_REG_LIST(0xffffffffffffffff, 0xc008aeb0, 0x0)
dup(0xffffffffffffffff)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r3 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x48186, 0x0)
ioctl$int_in(r3, 0x0, &(0x7f0000000300))
socket$inet(0x2, 0x80001, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00')
sendmsg$IPVS_CMD_DEL_DEST(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x28, r5, 0x1, 0x0, 0x0, {}, [@IPVS_CMD_ATTR_SERVICE={0x14, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_PORT={0x6}, @IPVS_SVC_ATTR_PROTOCOL={0x6}]}]}, 0x28}}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000240)={0x0, <r6=>0x0})
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x600}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r6+30000000}, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(r2, 0x4068aea3, &(0x7f0000000140)={0x7b})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x100, 0x40000004, 0x0, 0x0, 0x0, 0x4cb, 0x80000000], 0x10000})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

03:47:55 executing program 1:
r0 = gettid()
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r1 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r1, 0x800)
lseek(r1, 0x0, 0x2)
r2 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r1, r2, 0x0, 0x8400fffffffa)
sendfile(r1, r2, 0x0, 0x0)
timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x1c9c380}}, 0x0)
tkill(r0, 0x401104000000016)

03:47:55 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, 0x0)
openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x48186, 0x0)
ioctl$int_in(0xffffffffffffffff, 0x800000c004500a, &(0x7f0000000300))
socket$inet(0x2, 0x80001, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IPVS_CMD_DEL_DEST(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000240)={0x0, <r2=>0x0})
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x800000000000000}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(0xffffffffffffffff, 0x4068aea3, &(0x7f0000000140)={0x7b})
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x40000004, 0x0, 0x0, 0x0, 0x4cb, 0x80000000], 0x10000})

03:47:55 executing program 2:
r0 = gettid()
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r1 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r1, 0x800)
lseek(r1, 0x0, 0x2)
r2 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r1, r2, 0x0, 0x8400fffffffa)
sendfile(r1, 0xffffffffffffffff, 0x0, 0x280900)
timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x1c9c380}}, 0x0)
tkill(r0, 0x401104000000016)

[ 1831.566924][   T26] audit: type=1800 audit(1580356075.932:221): pid=29694 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.2" name="bus" dev="loop2" ino=222 res=0
[ 1831.766352][   T26] audit: type=1800 audit(1580356076.132:222): pid=29700 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.1" name="bus" dev="loop1" ino=223 res=0
03:47:56 executing program 4:
r0 = gettid()
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r1 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r1, 0x800)
lseek(r1, 0x0, 0x2)
r2 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r1, r2, 0x0, 0x8400fffffffa)
sendfile(r1, r2, 0x0, 0x0)
timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x1c9c380}}, 0x0)
tkill(r0, 0x401104000000016)

03:47:56 executing program 2:
r0 = gettid()
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r1 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r1, 0x800)
lseek(r1, 0x0, 0x2)
r2 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r1, r2, 0x0, 0x8400fffffffa)
sendfile(r1, 0xffffffffffffffff, 0x0, 0x280900)
timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x1c9c380}}, 0x0)
tkill(r0, 0x401104000000016)

03:47:56 executing program 1:
r0 = gettid()
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r1 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r1, 0x800)
lseek(r1, 0x0, 0x2)
r2 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r1, r2, 0x0, 0x8400fffffffa)
sendfile(0xffffffffffffffff, r2, 0x0, 0x280900)
timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x1c9c380}}, 0x0)
tkill(r0, 0x401104000000016)

03:47:56 executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000007000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, &(0x7f0000000040))
ioctl$KVM_GET_REG_LIST(0xffffffffffffffff, 0xc008aeb0, 0x0)
dup(0xffffffffffffffff)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r3 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x48186, 0x0)
ioctl$int_in(r3, 0x0, &(0x7f0000000300))
socket$inet(0x2, 0x80001, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00')
sendmsg$IPVS_CMD_DEL_DEST(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x28, r5, 0x1, 0x0, 0x0, {}, [@IPVS_CMD_ATTR_SERVICE={0x14, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_PORT={0x6}, @IPVS_SVC_ATTR_PROTOCOL={0x6}]}]}, 0x28}}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000240)={0x0, <r6=>0x0})
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x700}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r6+30000000}, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(r2, 0x4068aea3, &(0x7f0000000140)={0x7b})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x100, 0x40000004, 0x0, 0x0, 0x0, 0x4cb, 0x80000000], 0x10000})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

[ 1832.109522][   T26] audit: type=1800 audit(1580356076.472:223): pid=29825 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.3" name="bus" dev="sda1" ino=17505 res=0
[ 1832.213345][   T26] audit: type=1800 audit(1580356076.532:224): pid=29824 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.4" name="bus" dev="loop4" ino=224 res=0
[ 1832.382131][   T26] audit: type=1800 audit(1580356076.742:225): pid=29828 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.2" name="bus" dev="loop2" ino=225 res=0
03:47:56 executing program 4:
r0 = gettid()
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r1 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r1, 0x800)
lseek(r1, 0x0, 0x2)
r2 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r1, r2, 0x0, 0x8400fffffffa)
sendfile(0xffffffffffffffff, r2, 0x0, 0x280900)
timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x1c9c380}}, 0x0)
tkill(r0, 0x401104000000016)

03:47:56 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, 0x0)
openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x48186, 0x0)
ioctl$int_in(0xffffffffffffffff, 0x800000c004500a, &(0x7f0000000300))
socket$inet(0x2, 0x80001, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IPVS_CMD_DEL_DEST(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000240)={0x0, <r2=>0x0})
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x900000000000000}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(0xffffffffffffffff, 0x4068aea3, &(0x7f0000000140)={0x7b})
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x40000004, 0x0, 0x0, 0x0, 0x4cb, 0x80000000], 0x10000})

[ 1832.562106][   T26] audit: type=1800 audit(1580356076.912:226): pid=29936 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.1" name="bus" dev="loop1" ino=226 res=0
03:47:59 executing program 3:
r0 = gettid()
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r1 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r1, 0x800)
lseek(r1, 0x0, 0x2)
r2 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r1, r2, 0x0, 0x8400fffffffa)
sendfile(r1, r2, 0x0, 0x280900)
timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, 0x0)
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x1c9c380}}, 0x0)
tkill(r0, 0x401104000000016)

03:47:59 executing program 2:
r0 = gettid()
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r1 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r1, 0x800)
lseek(r1, 0x0, 0x2)
r2 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r1, r2, 0x0, 0x8400fffffffa)
sendfile(0xffffffffffffffff, r2, 0x0, 0x280900)
timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x1c9c380}}, 0x0)
tkill(r0, 0x401104000000016)

03:47:59 executing program 1:
r0 = gettid()
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r1 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r1, 0x800)
lseek(r1, 0x0, 0x2)
r2 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r1, r2, 0x0, 0x8400fffffffa)
sendfile(0xffffffffffffffff, r2, 0x0, 0x280900)
timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x1c9c380}}, 0x0)
tkill(r0, 0x401104000000016)

03:47:59 executing program 4:
r0 = gettid()
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r1 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r1, 0x800)
lseek(r1, 0x0, 0x2)
r2 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r1, r2, 0x0, 0x8400fffffffa)
sendfile(0xffffffffffffffff, r2, 0x0, 0x280900)
timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x1c9c380}}, 0x0)
tkill(r0, 0x401104000000016)

03:47:59 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, 0x0)
openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x48186, 0x0)
ioctl$int_in(0xffffffffffffffff, 0x800000c004500a, &(0x7f0000000300))
socket$inet(0x2, 0x80001, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IPVS_CMD_DEL_DEST(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000240)={0x0, <r2=>0x0})
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0xa00000000000000}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(0xffffffffffffffff, 0x4068aea3, &(0x7f0000000140)={0x7b})
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x40000004, 0x0, 0x0, 0x0, 0x4cb, 0x80000000], 0x10000})

03:47:59 executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000007000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, &(0x7f0000000040))
ioctl$KVM_GET_REG_LIST(0xffffffffffffffff, 0xc008aeb0, 0x0)
dup(0xffffffffffffffff)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r3 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x48186, 0x0)
ioctl$int_in(r3, 0x0, &(0x7f0000000300))
socket$inet(0x2, 0x80001, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00')
sendmsg$IPVS_CMD_DEL_DEST(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x28, r5, 0x1, 0x0, 0x0, {}, [@IPVS_CMD_ATTR_SERVICE={0x14, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_PORT={0x6}, @IPVS_SVC_ATTR_PROTOCOL={0x6}]}]}, 0x28}}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000240)={0x0, <r6=>0x0})
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x900}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r6+30000000}, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(r2, 0x4068aea3, &(0x7f0000000140)={0x7b})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x100, 0x40000004, 0x0, 0x0, 0x0, 0x4cb, 0x80000000], 0x10000})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

[ 1835.155297][   T26] audit: type=1800 audit(1580356079.522:227): pid=30099 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.3" name="bus" dev="loop3" ino=227 res=0
[ 1835.287842][   T26] audit: type=1800 audit(1580356079.562:228): pid=30100 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.2" name="bus" dev="sda1" ino=17549 res=0
03:47:59 executing program 4:
r0 = gettid()
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r1 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r1, 0x800)
lseek(r1, 0x0, 0x2)
r2 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r1, r2, 0x0, 0x8400fffffffa)
sendfile(0xffffffffffffffff, r2, 0x0, 0x280900)
timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x1c9c380}}, 0x0)
tkill(r0, 0x401104000000016)

03:47:59 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, 0x0)
openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x48186, 0x0)
ioctl$int_in(0xffffffffffffffff, 0x800000c004500a, &(0x7f0000000300))
socket$inet(0x2, 0x80001, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IPVS_CMD_DEL_DEST(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000240)={0x0, <r2=>0x0})
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0xb00000000000000}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(0xffffffffffffffff, 0x4068aea3, &(0x7f0000000140)={0x7b})
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x40000004, 0x0, 0x0, 0x0, 0x4cb, 0x80000000], 0x10000})

[ 1835.319130][   T26] audit: type=1800 audit(1580356079.652:229): pid=30090 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.1" name="bus" dev="loop1" ino=228 res=0
03:47:59 executing program 2:
r0 = gettid()
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r1 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r1, 0x800)
lseek(r1, 0x0, 0x2)
r2 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r1, r2, 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x280900)
timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x1c9c380}}, 0x0)
tkill(r0, 0x401104000000016)

03:47:59 executing program 1:
r0 = gettid()
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r1 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r1, 0x800)
lseek(r1, 0x0, 0x2)
r2 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r1, r2, 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x280900)
timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x1c9c380}}, 0x0)
tkill(r0, 0x401104000000016)

03:48:00 executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000007000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, &(0x7f0000000040))
ioctl$KVM_GET_REG_LIST(0xffffffffffffffff, 0xc008aeb0, 0x0)
dup(0xffffffffffffffff)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r3 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x48186, 0x0)
ioctl$int_in(r3, 0x0, &(0x7f0000000300))
socket$inet(0x2, 0x80001, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00')
sendmsg$IPVS_CMD_DEL_DEST(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x28, r5, 0x1, 0x0, 0x0, {}, [@IPVS_CMD_ATTR_SERVICE={0x14, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_PORT={0x6}, @IPVS_SVC_ATTR_PROTOCOL={0x6}]}]}, 0x28}}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000240)={0x0, <r6=>0x0})
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0xa00}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r6+30000000}, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(r2, 0x4068aea3, &(0x7f0000000140)={0x7b})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x100, 0x40000004, 0x0, 0x0, 0x0, 0x4cb, 0x80000000], 0x10000})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

03:48:00 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, 0x0)
openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x48186, 0x0)
ioctl$int_in(0xffffffffffffffff, 0x800000c004500a, &(0x7f0000000300))
socket$inet(0x2, 0x80001, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IPVS_CMD_DEL_DEST(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000240)={0x0, <r2=>0x0})
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x9a020000}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(0xffffffffffffffff, 0x4068aea3, &(0x7f0000000140)={0x7b})
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x40000004, 0x0, 0x0, 0x0, 0x4cb, 0x80000000], 0x10000})

[ 1835.801602][   T26] audit: type=1800 audit(1580356080.162:230): pid=30301 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.2" name="bus" dev="loop2" ino=229 res=0
03:48:02 executing program 3:
r0 = gettid()
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r1 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r1, 0x800)
lseek(r1, 0x0, 0x2)
r2 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r1, r2, 0x0, 0x8400fffffffa)
sendfile(r1, r2, 0x0, 0x280900)
timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, 0x0)
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x1c9c380}}, 0x0)
tkill(r0, 0x401104000000016)

03:48:02 executing program 2:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, 0x0)
openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x48186, 0x0)
ioctl$int_in(0xffffffffffffffff, 0x800000c004500a, &(0x7f0000000300))
socket$inet(0x2, 0x80001, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IPVS_CMD_DEL_DEST(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000240)={0x0, <r2=>0x0})
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x9a020000}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(0xffffffffffffffff, 0x4068aea3, &(0x7f0000000140)={0x7b})
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x40000004, 0x0, 0x0, 0x0, 0x4cb, 0x80000000], 0x10000})

03:48:02 executing program 1:
r0 = gettid()
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r1 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r1, 0x800)
lseek(r1, 0x0, 0x2)
r2 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(0xffffffffffffffff, r2, 0x0, 0x8400fffffffa)
sendfile(r1, r2, 0x0, 0x280900)
timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x1c9c380}}, 0x0)
tkill(r0, 0x401104000000016)

03:48:02 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, 0x0)
openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x48186, 0x0)
ioctl$int_in(0xffffffffffffffff, 0x800000c004500a, &(0x7f0000000300))
socket$inet(0x2, 0x80001, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IPVS_CMD_DEL_DEST(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000240)={0x0, <r2=>0x0})
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0xb00020000000000}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(0xffffffffffffffff, 0x4068aea3, &(0x7f0000000140)={0x7b})
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x40000004, 0x0, 0x0, 0x0, 0x4cb, 0x80000000], 0x10000})

03:48:02 executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000007000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, &(0x7f0000000040))
ioctl$KVM_GET_REG_LIST(0xffffffffffffffff, 0xc008aeb0, 0x0)
dup(0xffffffffffffffff)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r3 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x48186, 0x0)
ioctl$int_in(r3, 0x0, &(0x7f0000000300))
socket$inet(0x2, 0x80001, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00')
sendmsg$IPVS_CMD_DEL_DEST(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x28, r5, 0x1, 0x0, 0x0, {}, [@IPVS_CMD_ATTR_SERVICE={0x14, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_PORT={0x6}, @IPVS_SVC_ATTR_PROTOCOL={0x6}]}]}, 0x28}}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000240)={0x0, <r6=>0x0})
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0xb00}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r6+30000000}, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(r2, 0x4068aea3, &(0x7f0000000140)={0x7b})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x100, 0x40000004, 0x0, 0x0, 0x0, 0x4cb, 0x80000000], 0x10000})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

03:48:02 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, 0x0)
openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x48186, 0x0)
ioctl$int_in(0xffffffffffffffff, 0x800000c004500a, &(0x7f0000000300))
socket$inet(0x2, 0x80001, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IPVS_CMD_DEL_DEST(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000240)={0x0, <r2=>0x0})
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x9a020000}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(0xffffffffffffffff, 0x4068aea3, &(0x7f0000000140)={0x7b})
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x40000004, 0x0, 0x0, 0x0, 0x4cb, 0x80000000], 0x10000})

[ 1838.272892][   T26] kauditd_printk_skb: 1 callbacks suppressed
[ 1838.272910][   T26] audit: type=1800 audit(1580356082.632:232): pid=30476 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.3" name="bus" dev="loop3" ino=230 res=0
03:48:02 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, 0x0)
openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x48186, 0x0)
ioctl$int_in(0xffffffffffffffff, 0x800000c004500a, &(0x7f0000000300))
socket$inet(0x2, 0x80001, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IPVS_CMD_DEL_DEST(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000240)={0x0, <r2=>0x0})
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0xd00000000000000}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(0xffffffffffffffff, 0x4068aea3, &(0x7f0000000140)={0x7b})
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x40000004, 0x0, 0x0, 0x0, 0x4cb, 0x80000000], 0x10000})

03:48:02 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, 0x0)
openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x48186, 0x0)
ioctl$int_in(0xffffffffffffffff, 0x800000c004500a, &(0x7f0000000300))
socket$inet(0x2, 0x80001, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IPVS_CMD_DEL_DEST(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000240)={0x0, <r2=>0x0})
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x9a020000}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(0xffffffffffffffff, 0x4068aea3, &(0x7f0000000140)={0x7b})
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x40000004, 0x0, 0x0, 0x0, 0x4cb, 0x80000000], 0x10000})

[ 1838.523129][   T26] audit: type=1800 audit(1580356082.882:233): pid=30462 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.1" name="bus" dev="sda1" ino=17574 res=0
03:48:03 executing program 4:
r0 = gettid()
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r1 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r1, 0x800)
lseek(r1, 0x0, 0x2)
r2 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(0xffffffffffffffff, r2, 0x0, 0x8400fffffffa)
sendfile(r1, r2, 0x0, 0x280900)
timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x1c9c380}}, 0x0)
tkill(r0, 0x401104000000016)

03:48:03 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, 0x0)
openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x48186, 0x0)
ioctl$int_in(0xffffffffffffffff, 0x800000c004500a, &(0x7f0000000300))
socket$inet(0x2, 0x80001, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IPVS_CMD_DEL_DEST(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000240)={0x0, <r2=>0x0})
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0xe00000000000000}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(0xffffffffffffffff, 0x4068aea3, &(0x7f0000000140)={0x7b})
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x40000004, 0x0, 0x0, 0x0, 0x4cb, 0x80000000], 0x10000})

03:48:03 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, 0x0)
openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x48186, 0x0)
ioctl$int_in(0xffffffffffffffff, 0x800000c004500a, &(0x7f0000000300))
socket$inet(0x2, 0x80001, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IPVS_CMD_DEL_DEST(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000240)={0x0, <r2=>0x0})
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x401f0000}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(0xffffffffffffffff, 0x4068aea3, &(0x7f0000000140)={0x7b})
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x40000004, 0x0, 0x0, 0x0, 0x4cb, 0x80000000], 0x10000})

[ 1838.837196][   T26] audit: type=1800 audit(1580356083.202:234): pid=30602 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.4" name="bus" dev="loop4" ino=231 res=0
03:48:03 executing program 2:
r0 = gettid()
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r1 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r1, 0x800)
lseek(r1, 0x0, 0x2)
r2 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x8400fffffffa)
sendfile(r1, r2, 0x0, 0x280900)
timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x1c9c380}}, 0x0)
tkill(r0, 0x401104000000016)

[ 1839.173581][   T26] audit: type=1804 audit(1580356083.532:235): pid=30686 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir491121220/syzkaller.I6Dy3N/720/file0/bus" dev="loop2" ino=232 res=1
03:48:05 executing program 3:
r0 = gettid()
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r1 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r1, 0x800)
lseek(r1, 0x0, 0x2)
r2 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r1, r2, 0x0, 0x8400fffffffa)
sendfile(r1, r2, 0x0, 0x280900)
timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, 0x0)
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x1c9c380}}, 0x0)
tkill(r0, 0x401104000000016)

03:48:05 executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000007000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, &(0x7f0000000040))
ioctl$KVM_GET_REG_LIST(0xffffffffffffffff, 0xc008aeb0, 0x0)
dup(0xffffffffffffffff)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r3 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x48186, 0x0)
ioctl$int_in(r3, 0x0, &(0x7f0000000300))
socket$inet(0x2, 0x80001, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00')
sendmsg$IPVS_CMD_DEL_DEST(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x28, r5, 0x1, 0x0, 0x0, {}, [@IPVS_CMD_ATTR_SERVICE={0x14, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_PORT={0x6}, @IPVS_SVC_ATTR_PROTOCOL={0x6}]}]}, 0x28}}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000240)={0x0, <r6=>0x0})
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0xd00}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r6+30000000}, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(r2, 0x4068aea3, &(0x7f0000000140)={0x7b})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x100, 0x40000004, 0x0, 0x0, 0x0, 0x4cb, 0x80000000], 0x10000})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

03:48:05 executing program 4:
r0 = gettid()
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r1 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r1, 0x800)
lseek(r1, 0x0, 0x2)
r2 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(0xffffffffffffffff, r2, 0x0, 0x8400fffffffa)
sendfile(r1, r2, 0x0, 0x280900)
timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x1c9c380}}, 0x0)
tkill(r0, 0x401104000000016)

03:48:05 executing program 2:
r0 = gettid()
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r1 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r1, 0x800)
lseek(r1, 0x0, 0x0)
r2 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r1, r2, 0x0, 0x8400fffffffa)
sendfile(r1, r2, 0x0, 0x280900)
timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x1c9c380}}, 0x0)
tkill(r0, 0x401104000000016)

03:48:05 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, 0x0)
openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x48186, 0x0)
ioctl$int_in(0xffffffffffffffff, 0x800000c004500a, &(0x7f0000000300))
socket$inet(0x2, 0x80001, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IPVS_CMD_DEL_DEST(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000240)={0x0, <r2=>0x0})
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0xf00000000000000}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(0xffffffffffffffff, 0x4068aea3, &(0x7f0000000140)={0x7b})
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x40000004, 0x0, 0x0, 0x0, 0x4cb, 0x80000000], 0x10000})

03:48:05 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000007000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, &(0x7f0000000040))
ioctl$KVM_GET_REG_LIST(0xffffffffffffffff, 0xc008aeb0, 0x0)
dup(0xffffffffffffffff)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r3 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x48186, 0x0)
ioctl$int_in(r3, 0x0, &(0x7f0000000300))
socket$inet(0x2, 0x80001, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00')
sendmsg$IPVS_CMD_DEL_DEST(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x28, r5, 0x1, 0x0, 0x0, {}, [@IPVS_CMD_ATTR_SERVICE={0x14, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_PORT={0x6}, @IPVS_SVC_ATTR_PROTOCOL={0x6}]}]}, 0x28}}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000240)={0x0, <r6=>0x0})
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0xffffffff00000000}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r6+30000000}, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(r2, 0x4068aea3, &(0x7f0000000140)={0x7b})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x100, 0x40000004, 0x0, 0x0, 0x0, 0x4cb, 0x80000000], 0x10000})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

[ 1841.320133][   T26] audit: type=1800 audit(1580356085.682:236): pid=30740 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.4" name="bus" dev="loop4" ino=233 res=0
03:48:06 executing program 4:
r0 = gettid()
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r1 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r1, 0x800)
lseek(r1, 0x0, 0x2)
r2 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(0xffffffffffffffff, r2, 0x0, 0x8400fffffffa)
sendfile(r1, r2, 0x0, 0x280900)
timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x1c9c380}}, 0x0)
tkill(r0, 0x401104000000016)

03:48:06 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, 0x0)
openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x48186, 0x0)
ioctl$int_in(0xffffffffffffffff, 0x800000c004500a, &(0x7f0000000300))
socket$inet(0x2, 0x80001, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IPVS_CMD_DEL_DEST(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000240)={0x0, <r2=>0x0})
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1000000000000000}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(0xffffffffffffffff, 0x4068aea3, &(0x7f0000000140)={0x7b})
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x40000004, 0x0, 0x0, 0x0, 0x4cb, 0x80000000], 0x10000})

[ 1841.717616][   T26] audit: type=1800 audit(1580356086.082:237): pid=30774 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.2" name="bus" dev="sda1" ino=17587 res=0
[ 1841.927933][   T26] audit: type=1800 audit(1580356086.242:238): pid=30861 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.3" name="bus" dev="sda1" ino=17504 res=0
03:48:06 executing program 2:
r0 = gettid()
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r1 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r1, 0x800)
lseek(r1, 0x0, 0x2)
r2 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r1, r2, 0x0, 0x8400fffffffa)
sendfile(r1, r2, 0x0, 0x280900)
timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, 0x0)
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x1c9c380}}, 0x0)
tkill(r0, 0x401104000000016)

[ 1842.003893][   T26] audit: type=1800 audit(1580356086.332:239): pid=30869 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.4" name="bus" dev="loop4" ino=234 res=0
03:48:06 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000007000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, &(0x7f0000000040))
ioctl$KVM_GET_REG_LIST(0xffffffffffffffff, 0xc008aeb0, 0x0)
dup(0xffffffffffffffff)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r3 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x48186, 0x0)
ioctl$int_in(r3, 0x0, &(0x7f0000000300))
socket$inet(0x2, 0x80001, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00')
sendmsg$IPVS_CMD_DEL_DEST(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x28, r5, 0x1, 0x0, 0x0, {}, [@IPVS_CMD_ATTR_SERVICE={0x14, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_PORT={0x6}, @IPVS_SVC_ATTR_PROTOCOL={0x6}]}]}, 0x28}}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000240)={0x0, <r6=>0x0})
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0xfeffffff00000000}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r6+30000000}, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(r2, 0x4068aea3, &(0x7f0000000140)={0x7b})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x100, 0x40000004, 0x0, 0x0, 0x0, 0x4cb, 0x80000000], 0x10000})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

03:48:06 executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000007000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, &(0x7f0000000040))
ioctl$KVM_GET_REG_LIST(0xffffffffffffffff, 0xc008aeb0, 0x0)
dup(0xffffffffffffffff)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r3 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x48186, 0x0)
ioctl$int_in(r3, 0x0, &(0x7f0000000300))
socket$inet(0x2, 0x80001, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00')
sendmsg$IPVS_CMD_DEL_DEST(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x28, r5, 0x1, 0x0, 0x0, {}, [@IPVS_CMD_ATTR_SERVICE={0x14, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_PORT={0x6}, @IPVS_SVC_ATTR_PROTOCOL={0x6}]}]}, 0x28}}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000240)={0x0, <r6=>0x0})
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0xe00}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r6+30000000}, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(r2, 0x4068aea3, &(0x7f0000000140)={0x7b})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x100, 0x40000004, 0x0, 0x0, 0x0, 0x4cb, 0x80000000], 0x10000})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

[ 1842.353334][   T26] audit: type=1800 audit(1580356086.712:240): pid=30983 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.2" name="bus" dev="loop2" ino=235 res=0
03:48:06 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000007000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, &(0x7f0000000040))
ioctl$KVM_GET_REG_LIST(0xffffffffffffffff, 0xc008aeb0, 0x0)
dup(0xffffffffffffffff)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r3 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x48186, 0x0)
ioctl$int_in(r3, 0x0, &(0x7f0000000300))
socket$inet(0x2, 0x80001, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00')
sendmsg$IPVS_CMD_DEL_DEST(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x28, r5, 0x1, 0x0, 0x0, {}, [@IPVS_CMD_ATTR_SERVICE={0x14, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_PORT={0x6}, @IPVS_SVC_ATTR_PROTOCOL={0x6}]}]}, 0x28}}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000240)={0x0, <r6=>0x0})
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0xffffffff00000000}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r6+30000000}, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(r2, 0x4068aea3, &(0x7f0000000140)={0x7b})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x100, 0x40000004, 0x0, 0x0, 0x0, 0x4cb, 0x80000000], 0x10000})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

03:48:08 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000007000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, &(0x7f0000000040))
ioctl$KVM_GET_REG_LIST(0xffffffffffffffff, 0xc008aeb0, 0x0)
dup(0xffffffffffffffff)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r3 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x48186, 0x0)
ioctl$int_in(r3, 0x0, &(0x7f0000000300))
socket$inet(0x2, 0x80001, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00')
sendmsg$IPVS_CMD_DEL_DEST(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x28, r5, 0x1, 0x0, 0x0, {}, [@IPVS_CMD_ATTR_SERVICE={0x14, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_PORT={0x6}, @IPVS_SVC_ATTR_PROTOCOL={0x6}]}]}, 0x28}}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000240)={0x0, <r6=>0x0})
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0xfeffffff00000000}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r6+30000000}, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(r2, 0x4068aea3, &(0x7f0000000140)={0x7b})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x100, 0x40000004, 0x0, 0x0, 0x0, 0x4cb, 0x80000000], 0x10000})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

03:48:08 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, 0x0)
openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x48186, 0x0)
ioctl$int_in(0xffffffffffffffff, 0x800000c004500a, &(0x7f0000000300))
socket$inet(0x2, 0x80001, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IPVS_CMD_DEL_DEST(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000240)={0x0, <r2=>0x0})
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1100000000000000}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(0xffffffffffffffff, 0x4068aea3, &(0x7f0000000140)={0x7b})
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x40000004, 0x0, 0x0, 0x0, 0x4cb, 0x80000000], 0x10000})

03:48:08 executing program 3:
r0 = gettid()
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r1 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r1, 0x800)
lseek(r1, 0x0, 0x2)
r2 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r1, r2, 0x0, 0x8400fffffffa)
sendfile(r1, r2, 0x0, 0x280900)
timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000))
timer_settime(0x0, 0x0, 0x0, 0x0)
tkill(r0, 0x401104000000016)

03:48:08 executing program 1:
r0 = gettid()
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r1 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r1, 0x0)
lseek(r1, 0x0, 0x2)
r2 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r1, r2, 0x0, 0x8400fffffffa)
sendfile(r1, r2, 0x0, 0x280900)
timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x1c9c380}}, 0x0)
tkill(r0, 0x401104000000016)

03:48:08 executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000007000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, &(0x7f0000000040))
ioctl$KVM_GET_REG_LIST(0xffffffffffffffff, 0xc008aeb0, 0x0)
dup(0xffffffffffffffff)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r3 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x48186, 0x0)
ioctl$int_in(r3, 0x0, &(0x7f0000000300))
socket$inet(0x2, 0x80001, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00')
sendmsg$IPVS_CMD_DEL_DEST(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x28, r5, 0x1, 0x0, 0x0, {}, [@IPVS_CMD_ATTR_SERVICE={0x14, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_PORT={0x6}, @IPVS_SVC_ATTR_PROTOCOL={0x6}]}]}, 0x28}}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000240)={0x0, <r6=>0x0})
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0xf00}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r6+30000000}, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(r2, 0x4068aea3, &(0x7f0000000140)={0x7b})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x100, 0x40000004, 0x0, 0x0, 0x0, 0x4cb, 0x80000000], 0x10000})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

[ 1844.701310][   T26] audit: type=1800 audit(1580356089.062:241): pid=31141 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.1" name="bus" dev="sda1" ino=16849 res=0
03:48:09 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000007000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, &(0x7f0000000040))
ioctl$KVM_GET_REG_LIST(0xffffffffffffffff, 0xc008aeb0, 0x0)
dup(0xffffffffffffffff)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r3 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x48186, 0x0)
ioctl$int_in(r3, 0x0, &(0x7f0000000300))
socket$inet(0x2, 0x80001, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00')
sendmsg$IPVS_CMD_DEL_DEST(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x28, r5, 0x1, 0x0, 0x0, {}, [@IPVS_CMD_ATTR_SERVICE={0x14, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_PORT={0x6}, @IPVS_SVC_ATTR_PROTOCOL={0x6}]}]}, 0x28}}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000240)={0x0, <r6=>0x0})
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0xfeffffff00000000}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r6+30000000}, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(r2, 0x4068aea3, &(0x7f0000000140)={0x7b})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x100, 0x40000004, 0x0, 0x0, 0x0, 0x4cb, 0x80000000], 0x10000})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

03:48:09 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000007000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, &(0x7f0000000040))
ioctl$KVM_GET_REG_LIST(0xffffffffffffffff, 0xc008aeb0, 0x0)
dup(0xffffffffffffffff)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r3 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x48186, 0x0)
ioctl$int_in(r3, 0x0, &(0x7f0000000300))
socket$inet(0x2, 0x80001, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00')
sendmsg$IPVS_CMD_DEL_DEST(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x28, r5, 0x1, 0x0, 0x0, {}, [@IPVS_CMD_ATTR_SERVICE={0x14, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_PORT={0x6}, @IPVS_SVC_ATTR_PROTOCOL={0x6}]}]}, 0x28}}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000240)={0x0, <r6=>0x0})
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0xfefdffff00000000}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r6+30000000}, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(r2, 0x4068aea3, &(0x7f0000000140)={0x7b})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x100, 0x40000004, 0x0, 0x0, 0x0, 0x4cb, 0x80000000], 0x10000})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

03:48:09 executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000007000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, &(0x7f0000000040))
ioctl$KVM_GET_REG_LIST(0xffffffffffffffff, 0xc008aeb0, 0x0)
dup(0xffffffffffffffff)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r3 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x48186, 0x0)
ioctl$int_in(r3, 0x0, &(0x7f0000000300))
socket$inet(0x2, 0x80001, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00')
sendmsg$IPVS_CMD_DEL_DEST(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x28, r5, 0x1, 0x0, 0x0, {}, [@IPVS_CMD_ATTR_SERVICE={0x14, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_PORT={0x6}, @IPVS_SVC_ATTR_PROTOCOL={0x6}]}]}, 0x28}}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000240)={0x0, <r6=>0x0})
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1100}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r6+30000000}, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(r2, 0x4068aea3, &(0x7f0000000140)={0x7b})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x100, 0x40000004, 0x0, 0x0, 0x0, 0x4cb, 0x80000000], 0x10000})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

[ 1844.931938][   T26] audit: type=1800 audit(1580356089.292:242): pid=31242 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.3" name="bus" dev="sda1" ino=16785 res=0
03:48:09 executing program 2:
r0 = gettid()
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270ff", 0x15}], 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r1 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r1, 0x800)
lseek(r1, 0x0, 0x2)
r2 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r1, r2, 0x0, 0x8400fffffffa)
sendfile(r1, r2, 0x0, 0x280900)
timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x1c9c380}}, 0x0)
tkill(r0, 0x401104000000016)

03:48:09 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, 0x0)
openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x48186, 0x0)
ioctl$int_in(0xffffffffffffffff, 0x800000c004500a, &(0x7f0000000300))
socket$inet(0x2, 0x80001, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IPVS_CMD_DEL_DEST(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000240)={0x0, <r2=>0x0})
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1200000000000000}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(0xffffffffffffffff, 0x4068aea3, &(0x7f0000000140)={0x7b})
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x40000004, 0x0, 0x0, 0x0, 0x4cb, 0x80000000], 0x10000})

03:48:09 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000007000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, &(0x7f0000000040))
ioctl$KVM_GET_REG_LIST(0xffffffffffffffff, 0xc008aeb0, 0x0)
dup(0xffffffffffffffff)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r3 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x48186, 0x0)
ioctl$int_in(r3, 0x0, &(0x7f0000000300))
socket$inet(0x2, 0x80001, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00')
sendmsg$IPVS_CMD_DEL_DEST(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x28, r5, 0x1, 0x0, 0x0, {}, [@IPVS_CMD_ATTR_SERVICE={0x14, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_PORT={0x6}, @IPVS_SVC_ATTR_PROTOCOL={0x6}]}]}, 0x28}}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000240)={0x0, <r6=>0x0})
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x4d01000000000000}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r6+30000000}, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(r2, 0x4068aea3, &(0x7f0000000140)={0x7b})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x100, 0x40000004, 0x0, 0x0, 0x0, 0x4cb, 0x80000000], 0x10000})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

[ 1845.347362][T31369] FAT-fs (loop2): invalid media value (0x00)
[ 1845.353530][T31369] FAT-fs (loop2): Can't find a valid FAT filesystem
[ 1845.449870][   T26] audit: type=1800 audit(1580356089.812:243): pid=31369 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.2" name="bus" dev="sda1" ino=16993 res=0
03:48:09 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000007000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, &(0x7f0000000040))
ioctl$KVM_GET_REG_LIST(0xffffffffffffffff, 0xc008aeb0, 0x0)
dup(0xffffffffffffffff)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r3 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x48186, 0x0)
ioctl$int_in(r3, 0x0, &(0x7f0000000300))
socket$inet(0x2, 0x80001, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00')
sendmsg$IPVS_CMD_DEL_DEST(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x28, r5, 0x1, 0x0, 0x0, {}, [@IPVS_CMD_ATTR_SERVICE={0x14, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_PORT={0x6}, @IPVS_SVC_ATTR_PROTOCOL={0x6}]}]}, 0x28}}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000240)={0x0, <r6=>0x0})
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x4d01000000000000}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r6+30000000}, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(r2, 0x4068aea3, &(0x7f0000000140)={0x7b})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x100, 0x40000004, 0x0, 0x0, 0x0, 0x4cb, 0x80000000], 0x10000})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

03:48:09 executing program 1:
r0 = gettid()
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270ff", 0x15}], 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r1 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r1, 0x800)
lseek(r1, 0x0, 0x2)
r2 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r1, r2, 0x0, 0x8400fffffffa)
sendfile(r1, r2, 0x0, 0x280900)
timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x1c9c380}}, 0x0)
tkill(r0, 0x401104000000016)

[ 1845.605870][T31478] FAT-fs (loop1): invalid media value (0x00)
[ 1845.627287][T31478] FAT-fs (loop1): Can't find a valid FAT filesystem
[ 1845.664903][   T26] audit: type=1800 audit(1580356090.032:244): pid=31478 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.1" name="bus" dev="sda1" ino=16807 res=0
03:48:10 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000007000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, &(0x7f0000000040))
ioctl$KVM_GET_REG_LIST(0xffffffffffffffff, 0xc008aeb0, 0x0)
dup(0xffffffffffffffff)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r3 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x48186, 0x0)
ioctl$int_in(r3, 0x0, &(0x7f0000000300))
socket$inet(0x2, 0x80001, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00')
sendmsg$IPVS_CMD_DEL_DEST(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x28, r5, 0x1, 0x0, 0x0, {}, [@IPVS_CMD_ATTR_SERVICE={0x14, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_PORT={0x6}, @IPVS_SVC_ATTR_PROTOCOL={0x6}]}]}, 0x28}}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000240)={0x0, <r6=>0x0})
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x4d01000000000000}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r6+30000000}, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(r2, 0x4068aea3, &(0x7f0000000140)={0x7b})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x100, 0x40000004, 0x0, 0x0, 0x0, 0x4cb, 0x80000000], 0x10000})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

03:48:12 executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000007000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, &(0x7f0000000040))
ioctl$KVM_GET_REG_LIST(0xffffffffffffffff, 0xc008aeb0, 0x0)
dup(0xffffffffffffffff)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r3 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x48186, 0x0)
ioctl$int_in(r3, 0x0, &(0x7f0000000300))
socket$inet(0x2, 0x80001, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00')
sendmsg$IPVS_CMD_DEL_DEST(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x28, r5, 0x1, 0x0, 0x0, {}, [@IPVS_CMD_ATTR_SERVICE={0x14, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_PORT={0x6}, @IPVS_SVC_ATTR_PROTOCOL={0x6}]}]}, 0x28}}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000240)={0x0, <r6=>0x0})
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1200}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r6+30000000}, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(r2, 0x4068aea3, &(0x7f0000000140)={0x7b})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x100, 0x40000004, 0x0, 0x0, 0x0, 0x4cb, 0x80000000], 0x10000})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

03:48:12 executing program 2:
r0 = gettid()
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270ff", 0x15}], 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r1 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r1, 0x800)
lseek(r1, 0x0, 0x2)
r2 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r1, r2, 0x0, 0x8400fffffffa)
sendfile(r1, r2, 0x0, 0x280900)
timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x1c9c380}}, 0x0)
tkill(r0, 0x401104000000016)

03:48:12 executing program 1:
r0 = gettid()
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270ff", 0x15}], 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r1 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r1, 0x800)
lseek(r1, 0x0, 0x2)
r2 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r1, r2, 0x0, 0x8400fffffffa)
sendfile(r1, r2, 0x0, 0x280900)
timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x1c9c380}}, 0x0)
tkill(r0, 0x401104000000016)

03:48:12 executing program 4:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
dup2(r0, r0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200)
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x1, 0x4, &(0x7f0000001fd8)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x2a, 0xffffffbd}, [@ldst={0x6, 0x2, 0x5}]}, &(0x7f0000003ff6)='GPL\x00', 0x1, 0xff06, &(0x7f000000cf3d)=""/195}, 0x48)

03:48:12 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, 0x0)
openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x48186, 0x0)
ioctl$int_in(0xffffffffffffffff, 0x800000c004500a, &(0x7f0000000300))
socket$inet(0x2, 0x80001, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IPVS_CMD_DEL_DEST(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000240)={0x0, <r2=>0x0})
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1d00000000000000}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(0xffffffffffffffff, 0x4068aea3, &(0x7f0000000140)={0x7b})
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x40000004, 0x0, 0x0, 0x0, 0x4cb, 0x80000000], 0x10000})

03:48:12 executing program 3:
r0 = gettid()
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r1 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r1, 0x800)
lseek(r1, 0x0, 0x2)
r2 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r1, r2, 0x0, 0x8400fffffffa)
sendfile(r1, r2, 0x0, 0x280900)
timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000))
timer_settime(0x0, 0x0, 0x0, 0x0)
tkill(r0, 0x401104000000016)

[ 1847.956357][T31711] FAT-fs (loop2): invalid media value (0x00)
[ 1847.962462][T31711] FAT-fs (loop2): Can't find a valid FAT filesystem
[ 1848.009477][   T26] audit: type=1800 audit(1580356092.372:245): pid=31723 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.1" name="bus" dev="sda1" ino=17313 res=0
[ 1848.023223][T31710] FAT-fs (loop1): invalid media value (0x00)
[ 1848.036124][T31710] FAT-fs (loop1): Can't find a valid FAT filesystem
03:48:12 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, 0x0)
openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x48186, 0x0)
ioctl$int_in(0xffffffffffffffff, 0x800000c004500a, &(0x7f0000000300))
socket$inet(0x2, 0x80001, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IPVS_CMD_DEL_DEST(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000240)={0x0, <r2=>0x0})
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1f00000000000000}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(0xffffffffffffffff, 0x4068aea3, &(0x7f0000000140)={0x7b})
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x40000004, 0x0, 0x0, 0x0, 0x4cb, 0x80000000], 0x10000})

[ 1848.058516][   T26] audit: type=1800 audit(1580356092.372:246): pid=31725 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.2" name="bus" dev="sda1" ino=17297 res=0
03:48:12 executing program 4:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
dup2(r0, r0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200)
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x1, 0x4, &(0x7f0000001fd8)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x2a, 0xffffffbd}, [@ldst={0x6, 0x2, 0x5}]}, &(0x7f0000003ff6)='GPL\x00', 0x1, 0xff06, &(0x7f000000cf3d)=""/195}, 0x48)

[ 1848.110401][   T26] audit: type=1800 audit(1580356092.472:247): pid=31730 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.3" name="bus" dev="sda1" ino=17347 res=0
03:48:12 executing program 4:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = dup2(r0, 0xffffffffffffffff)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x1, 0x4, &(0x7f0000001fd8)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x2a, 0xffffffbd}, [@ldst={0x6, 0x2, 0x5}]}, &(0x7f0000003ff6)='GPL\x00', 0x1, 0xff06, &(0x7f000000cf3d)=""/195}, 0x48)

03:48:12 executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000007000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, &(0x7f0000000040))
ioctl$KVM_GET_REG_LIST(0xffffffffffffffff, 0xc008aeb0, 0x0)
dup(0xffffffffffffffff)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r3 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x48186, 0x0)
ioctl$int_in(r3, 0x0, &(0x7f0000000300))
socket$inet(0x2, 0x80001, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00')
sendmsg$IPVS_CMD_DEL_DEST(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x28, r5, 0x1, 0x0, 0x0, {}, [@IPVS_CMD_ATTR_SERVICE={0x14, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_PORT={0x6}, @IPVS_SVC_ATTR_PROTOCOL={0x6}]}]}, 0x28}}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000240)={0x0, <r6=>0x0})
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x157c}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r6+30000000}, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(r2, 0x4068aea3, &(0x7f0000000140)={0x7b})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x100, 0x40000004, 0x0, 0x0, 0x0, 0x4cb, 0x80000000], 0x10000})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

03:48:12 executing program 1:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = dup2(0xffffffffffffffff, r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x1, 0x4, &(0x7f0000001fd8)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x2a, 0xffffffbd}, [@ldst={0x6, 0x2, 0x5}]}, &(0x7f0000003ff6)='GPL\x00', 0x1, 0xff06, &(0x7f000000cf3d)=""/195}, 0x48)

03:48:13 executing program 4:
r0 = dup2(0xffffffffffffffff, 0xffffffffffffffff)
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x1, 0x4, &(0x7f0000001fd8)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x2a, 0xffffffbd}, [@ldst={0x6, 0x2, 0x5}]}, &(0x7f0000003ff6)='GPL\x00', 0x1, 0xff06, &(0x7f000000cf3d)=""/195}, 0x48)

03:48:13 executing program 1:
r0 = gettid()
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002", 0x11}], 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r1 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r1, 0x800)
lseek(r1, 0x0, 0x2)
r2 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r1, r2, 0x0, 0x8400fffffffa)
sendfile(r1, r2, 0x0, 0x280900)
timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x1c9c380}}, 0x0)
tkill(r0, 0x401104000000016)

03:48:13 executing program 2:
r0 = gettid()
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270ff", 0x15}], 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r1 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r1, 0x800)
lseek(r1, 0x0, 0x2)
r2 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r1, r2, 0x0, 0x8400fffffffa)
sendfile(r1, r2, 0x0, 0x280900)
timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x1c9c380}}, 0x0)
tkill(r0, 0x401104000000016)

03:48:13 executing program 4:
r0 = gettid()
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002", 0x11}], 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r1 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r1, 0x800)
lseek(r1, 0x0, 0x2)
r2 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r1, r2, 0x0, 0x8400fffffffa)
sendfile(r1, r2, 0x0, 0x280900)
timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x1c9c380}}, 0x0)
tkill(r0, 0x401104000000016)

[ 1848.940054][T31772] FAT-fs (loop1): invalid media value (0x00)
03:48:13 executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000007000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, &(0x7f0000000040))
ioctl$KVM_GET_REG_LIST(0xffffffffffffffff, 0xc008aeb0, 0x0)
dup(0xffffffffffffffff)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r3 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x48186, 0x0)
ioctl$int_in(r3, 0x0, &(0x7f0000000300))
socket$inet(0x2, 0x80001, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00')
sendmsg$IPVS_CMD_DEL_DEST(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x28, r5, 0x1, 0x0, 0x0, {}, [@IPVS_CMD_ATTR_SERVICE={0x14, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_PORT={0x6}, @IPVS_SVC_ATTR_PROTOCOL={0x6}]}]}, 0x28}}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000240)={0x0, <r6=>0x0})
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1d00}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r6+30000000}, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(r2, 0x4068aea3, &(0x7f0000000140)={0x7b})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x100, 0x40000004, 0x0, 0x0, 0x0, 0x4cb, 0x80000000], 0x10000})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

[ 1848.983362][T31772] FAT-fs (loop1): Can't find a valid FAT filesystem
[ 1849.027748][T31776] FAT-fs (loop4): invalid media value (0x00)
[ 1849.047234][T31776] FAT-fs (loop4): Can't find a valid FAT filesystem
[ 1849.086613][   T26] audit: type=1800 audit(1580356093.452:248): pid=31772 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.1" name="bus" dev="sda1" ino=16897 res=0
[ 1849.211538][T31782] FAT-fs (loop2): invalid media value (0x00)
[ 1849.369204][T31782] FAT-fs (loop2): Can't find a valid FAT filesystem
[ 1849.388465][   T26] audit: type=1800 audit(1580356093.742:249): pid=31791 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.2" name="bus" dev="sda1" ino=17441 res=0
03:48:15 executing program 3:
r0 = gettid()
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r1 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r1, 0x800)
lseek(r1, 0x0, 0x2)
r2 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r1, r2, 0x0, 0x8400fffffffa)
sendfile(r1, r2, 0x0, 0x280900)
timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000))
timer_settime(0x0, 0x0, 0x0, 0x0)
tkill(r0, 0x401104000000016)

03:48:15 executing program 4:
r0 = gettid()
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002", 0x11}], 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r1 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r1, 0x800)
lseek(r1, 0x0, 0x2)
r2 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r1, r2, 0x0, 0x8400fffffffa)
sendfile(r1, r2, 0x0, 0x280900)
timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x1c9c380}}, 0x0)
tkill(r0, 0x401104000000016)

03:48:15 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, 0x0)
openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x48186, 0x0)
ioctl$int_in(0xffffffffffffffff, 0x800000c004500a, &(0x7f0000000300))
socket$inet(0x2, 0x80001, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IPVS_CMD_DEL_DEST(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000240)={0x0, <r2=>0x0})
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x2000000000000000}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(0xffffffffffffffff, 0x4068aea3, &(0x7f0000000140)={0x7b})
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x40000004, 0x0, 0x0, 0x0, 0x4cb, 0x80000000], 0x10000})

03:48:15 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000007000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, &(0x7f0000000040))
ioctl$KVM_GET_REG_LIST(0xffffffffffffffff, 0xc008aeb0, 0x0)
dup(0xffffffffffffffff)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r3 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x48186, 0x0)
ioctl$int_in(r3, 0x0, &(0x7f0000000300))
socket$inet(0x2, 0x80001, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00')
sendmsg$IPVS_CMD_DEL_DEST(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x28, r5, 0x1, 0x0, 0x0, {}, [@IPVS_CMD_ATTR_SERVICE={0x14, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_PORT={0x6}, @IPVS_SVC_ATTR_PROTOCOL={0x6}]}]}, 0x28}}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000240)={0x0, <r6=>0x0})
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x157c}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r6+30000000}, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(r2, 0x4068aea3, &(0x7f0000000140)={0x7b})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x100, 0x40000004, 0x0, 0x0, 0x0, 0x4cb, 0x80000000], 0x10000})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

03:48:15 executing program 2:
r0 = gettid()
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002", 0x11}], 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r1 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r1, 0x800)
lseek(r1, 0x0, 0x2)
r2 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r1, r2, 0x0, 0x8400fffffffa)
sendfile(r1, r2, 0x0, 0x280900)
timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x1c9c380}}, 0x0)
tkill(r0, 0x401104000000016)

03:48:15 executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000007000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, &(0x7f0000000040))
ioctl$KVM_GET_REG_LIST(0xffffffffffffffff, 0xc008aeb0, 0x0)
dup(0xffffffffffffffff)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r3 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x48186, 0x0)
ioctl$int_in(r3, 0x0, &(0x7f0000000300))
socket$inet(0x2, 0x80001, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00')
sendmsg$IPVS_CMD_DEL_DEST(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x28, r5, 0x1, 0x0, 0x0, {}, [@IPVS_CMD_ATTR_SERVICE={0x14, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_PORT={0x6}, @IPVS_SVC_ATTR_PROTOCOL={0x6}]}]}, 0x28}}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000240)={0x0, <r6=>0x0})
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1f00}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r6+30000000}, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(r2, 0x4068aea3, &(0x7f0000000140)={0x7b})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x100, 0x40000004, 0x0, 0x0, 0x0, 0x4cb, 0x80000000], 0x10000})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

[ 1850.995968][T31916] FAT-fs (loop2): invalid media value (0x00)
[ 1851.002144][T31916] FAT-fs (loop2): Can't find a valid FAT filesystem
[ 1851.087199][   T26] audit: type=1800 audit(1580356095.452:250): pid=31916 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.2" name="bus" dev="sda1" ino=17599 res=0
[ 1851.123043][T31920] FAT-fs (loop4): invalid media value (0x00)
[ 1851.133224][T31920] FAT-fs (loop4): Can't find a valid FAT filesystem
03:48:15 executing program 4:
r0 = gettid()
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002", 0x11}], 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r1 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r1, 0x800)
lseek(r1, 0x0, 0x2)
r2 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r1, r2, 0x0, 0x8400fffffffa)
sendfile(r1, r2, 0x0, 0x280900)
timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x1c9c380}}, 0x0)
tkill(r0, 0x401104000000016)

[ 1851.298017][   T26] audit: type=1800 audit(1580356095.662:251): pid=32025 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.3" name="bus" dev="loop3" ino=236 res=0
03:48:15 executing program 2:
r0 = socket$alg(0x26, 0x5, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
fcntl$dupfd(r1, 0x0, r1)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200)
bind$alg(r0, &(0x7f0000000200)={0x26, 'skcipher\x00', 0x0, 0x0, 'lrw(serpent)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5820fae9d6dcd3292ea54c7be", 0x10)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000000)="06a60a990ceebfe2f0dd40ebc0c6544b", 0x10)

[ 1851.363166][T32039] FAT-fs (loop4): invalid media value (0x00)
[ 1851.369497][T32039] FAT-fs (loop4): Can't find a valid FAT filesystem
[ 1851.498276][   T26] audit: type=1800 audit(1580356095.862:252): pid=32039 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.4" name="bus" dev="sda1" ino=17347 res=0
03:48:16 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, 0x0)
openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x48186, 0x0)
ioctl$int_in(0xffffffffffffffff, 0x800000c004500a, &(0x7f0000000300))
socket$inet(0x2, 0x80001, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IPVS_CMD_DEL_DEST(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000240)={0x0, <r2=>0x0})
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x4000000000000000}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(0xffffffffffffffff, 0x4068aea3, &(0x7f0000000140)={0x7b})
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x40000004, 0x0, 0x0, 0x0, 0x4cb, 0x80000000], 0x10000})

03:48:16 executing program 1:
r0 = gettid()
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174", 0xb}], 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r1 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r1, 0x800)
lseek(r1, 0x0, 0x2)
r2 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r1, r2, 0x0, 0x8400fffffffa)
sendfile(r1, r2, 0x0, 0x280900)
timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x1c9c380}}, 0x0)
tkill(r0, 0x401104000000016)

03:48:16 executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000007000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, &(0x7f0000000040))
ioctl$KVM_GET_REG_LIST(0xffffffffffffffff, 0xc008aeb0, 0x0)
dup(0xffffffffffffffff)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r3 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x48186, 0x0)
ioctl$int_in(r3, 0x0, &(0x7f0000000300))
socket$inet(0x2, 0x80001, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00')
sendmsg$IPVS_CMD_DEL_DEST(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x28, r5, 0x1, 0x0, 0x0, {}, [@IPVS_CMD_ATTR_SERVICE={0x14, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_PORT={0x6}, @IPVS_SVC_ATTR_PROTOCOL={0x6}]}]}, 0x28}}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000240)={0x0, <r6=>0x0})
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1f40}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r6+30000000}, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(r2, 0x4068aea3, &(0x7f0000000140)={0x7b})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x100, 0x40000004, 0x0, 0x0, 0x0, 0x4cb, 0x80000000], 0x10000})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

03:48:16 executing program 2:
r0 = gettid()
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174", 0xb}], 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r1 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r1, 0x800)
lseek(r1, 0x0, 0x2)
r2 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r1, r2, 0x0, 0x8400fffffffa)
sendfile(r1, r2, 0x0, 0x280900)
timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x1c9c380}}, 0x0)
tkill(r0, 0x401104000000016)

[ 1851.941899][T32170] FAT-fs (loop2): bogus number of reserved sectors
[ 1851.948560][T32173] FAT-fs (loop1): bogus number of reserved sectors
[ 1851.953449][T32170] FAT-fs (loop2): Can't find a valid FAT filesystem
[ 1851.958119][T32173] FAT-fs (loop1): Can't find a valid FAT filesystem
[ 1852.036135][   T26] audit: type=1800 audit(1580356096.402:253): pid=32177 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.2" name="bus" dev="sda1" ino=17598 res=0
[ 1852.153284][   T26] audit: type=1800 audit(1580356096.422:254): pid=32178 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.1" name="bus" dev="sda1" ino=17597 res=0
03:48:18 executing program 3:
gettid()
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r0 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r1 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r0, r1, 0x0, 0x8400fffffffa)
sendfile(r0, r1, 0x0, 0x280900)
timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x1c9c380}}, 0x0)
tkill(0x0, 0x401104000000016)

03:48:18 executing program 4:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
dup2(r0, r0)
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x1, 0x4, &(0x7f0000001fd8)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x2a, 0xffffffbd}, [@ldst={0x6, 0x2, 0x5}]}, &(0x7f0000003ff6)='GPL\x00', 0x1, 0xff06, &(0x7f000000cf3d)=""/195}, 0x48)

03:48:18 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, 0x0)
openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x48186, 0x0)
ioctl$int_in(0xffffffffffffffff, 0x800000c004500a, &(0x7f0000000300))
socket$inet(0x2, 0x80001, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IPVS_CMD_DEL_DEST(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000240)={0x0, <r2=>0x0})
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x401f000000000000}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(0xffffffffffffffff, 0x4068aea3, &(0x7f0000000140)={0x7b})
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x40000004, 0x0, 0x0, 0x0, 0x4cb, 0x80000000], 0x10000})

03:48:18 executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000007000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, &(0x7f0000000040))
ioctl$KVM_GET_REG_LIST(0xffffffffffffffff, 0xc008aeb0, 0x0)
dup(0xffffffffffffffff)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r3 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x48186, 0x0)
ioctl$int_in(r3, 0x0, &(0x7f0000000300))
socket$inet(0x2, 0x80001, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00')
sendmsg$IPVS_CMD_DEL_DEST(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x28, r5, 0x1, 0x0, 0x0, {}, [@IPVS_CMD_ATTR_SERVICE={0x14, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_PORT={0x6}, @IPVS_SVC_ATTR_PROTOCOL={0x6}]}]}, 0x28}}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000240)={0x0, <r6=>0x0})
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x2000}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r6+30000000}, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(r2, 0x4068aea3, &(0x7f0000000140)={0x7b})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x100, 0x40000004, 0x0, 0x0, 0x0, 0x4cb, 0x80000000], 0x10000})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

03:48:18 executing program 1:
r0 = gettid()
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174", 0xb}], 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r1 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r1, 0x800)
lseek(r1, 0x0, 0x2)
r2 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r1, r2, 0x0, 0x8400fffffffa)
sendfile(r1, r2, 0x0, 0x280900)
timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x1c9c380}}, 0x0)
tkill(r0, 0x401104000000016)

03:48:18 executing program 2:
r0 = gettid()
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174", 0xb}], 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r1 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r1, 0x800)
lseek(r1, 0x0, 0x2)
r2 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r1, r2, 0x0, 0x8400fffffffa)
sendfile(r1, r2, 0x0, 0x280900)
timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x1c9c380}}, 0x0)
tkill(r0, 0x401104000000016)

03:48:18 executing program 4:
r0 = gettid()
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r1 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r1, 0x800)
lseek(r1, 0x0, 0x2)
r2 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r1, r2, 0x0, 0x8400fffffffa)
sendfile(r1, r2, 0x0, 0x280900)
timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000))
timer_settime(0x0, 0x0, 0x0, 0x0)
tkill(r0, 0x401104000000016)

[ 1854.384428][T32199] FAT-fs (loop2): bogus number of reserved sectors
[ 1854.436637][T32204] FAT-fs (loop1): bogus number of reserved sectors
[ 1854.446287][   T26] audit: type=1800 audit(1580356098.812:255): pid=32223 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.3" name="bus" dev="loop3" ino=237 res=0
[ 1854.602152][   T26] audit: type=1800 audit(1580356098.952:256): pid=32213 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.1" name="bus" dev="sda1" ino=17603 res=0
[ 1854.635620][T32199] FAT-fs (loop2): Can't find a valid FAT filesystem
[ 1854.647843][T32204] FAT-fs (loop1): Can't find a valid FAT filesystem
03:48:19 executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000007000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, &(0x7f0000000040))
ioctl$KVM_GET_REG_LIST(0xffffffffffffffff, 0xc008aeb0, 0x0)
dup(0xffffffffffffffff)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r3 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x48186, 0x0)
ioctl$int_in(r3, 0x0, &(0x7f0000000300))
socket$inet(0x2, 0x80001, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00')
sendmsg$IPVS_CMD_DEL_DEST(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x28, r5, 0x1, 0x0, 0x0, {}, [@IPVS_CMD_ATTR_SERVICE={0x14, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_PORT={0x6}, @IPVS_SVC_ATTR_PROTOCOL={0x6}]}]}, 0x28}}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000240)={0x0, <r6=>0x0})
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x4000}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r6+30000000}, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(r2, 0x4068aea3, &(0x7f0000000140)={0x7b})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x100, 0x40000004, 0x0, 0x0, 0x0, 0x4cb, 0x80000000], 0x10000})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

[ 1854.766584][   T26] audit: type=1800 audit(1580356099.102:257): pid=32211 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.2" name="bus" dev="sda1" ino=17609 res=0
03:48:19 executing program 4:
r0 = gettid()
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r1 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r1, 0x800)
lseek(r1, 0x0, 0x2)
r2 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r1, r2, 0x0, 0x8400fffffffa)
sendfile(r1, r2, 0x0, 0x280900)
timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000))
timer_settime(0x0, 0x0, 0x0, 0x0)
tkill(r0, 0x401104000000016)

03:48:19 executing program 2:
r0 = socket$alg(0x26, 0x5, 0x0)
socketpair$unix(0x1, 0x1, 0x0, 0x0)
r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
bind$alg(r0, &(0x7f0000000200)={0x26, 'skcipher\x00', 0x0, 0x0, 'lrw(serpent)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5820fae9d6dcd3292ea54c7be", 0x10)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000000)="06a60a990ceebfe2f0dd40ebc0c6544b", 0x10)

03:48:19 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, 0x0)
openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x48186, 0x0)
ioctl$int_in(0xffffffffffffffff, 0x800000c004500a, &(0x7f0000000300))
socket$inet(0x2, 0x80001, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IPVS_CMD_DEL_DEST(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000240)={0x0, <r2=>0x0})
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x4d01000000000000}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(0xffffffffffffffff, 0x4068aea3, &(0x7f0000000140)={0x7b})
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x40000004, 0x0, 0x0, 0x0, 0x4cb, 0x80000000], 0x10000})

[ 1855.330144][   T26] audit: type=1800 audit(1580356099.692:258): pid=32347 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.4" name="bus" dev="loop4" ino=238 res=0
03:48:19 executing program 3:
gettid()
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r0 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r1 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r0, r1, 0x0, 0x8400fffffffa)
sendfile(r0, r1, 0x0, 0x280900)
timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x1c9c380}}, 0x0)
tkill(0x0, 0x401104000000016)

03:48:19 executing program 2:
gettid()
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r0 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r1 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r0, r1, 0x0, 0x8400fffffffa)
sendfile(r0, r1, 0x0, 0x280900)
timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x1c9c380}}, 0x0)
tkill(0x0, 0x401104000000016)

03:48:19 executing program 1:
r0 = gettid()
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174", 0xb}], 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r1 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r1, 0x800)
lseek(r1, 0x0, 0x2)
r2 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r1, r2, 0x0, 0x8400fffffffa)
sendfile(r1, r2, 0x0, 0x280900)
timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x1c9c380}}, 0x0)
tkill(r0, 0x401104000000016)

03:48:19 executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000007000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, &(0x7f0000000040))
ioctl$KVM_GET_REG_LIST(0xffffffffffffffff, 0xc008aeb0, 0x0)
dup(0xffffffffffffffff)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r3 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x48186, 0x0)
ioctl$int_in(r3, 0x0, &(0x7f0000000300))
socket$inet(0x2, 0x80001, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00')
sendmsg$IPVS_CMD_DEL_DEST(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x28, r5, 0x1, 0x0, 0x0, {}, [@IPVS_CMD_ATTR_SERVICE={0x14, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_PORT={0x6}, @IPVS_SVC_ATTR_PROTOCOL={0x6}]}]}, 0x28}}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000240)={0x0, <r6=>0x0})
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x401f}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r6+30000000}, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(r2, 0x4068aea3, &(0x7f0000000140)={0x7b})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x100, 0x40000004, 0x0, 0x0, 0x0, 0x4cb, 0x80000000], 0x10000})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

03:48:20 executing program 4:
r0 = gettid()
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)}], 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r1 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r1, 0x800)
lseek(r1, 0x0, 0x2)
r2 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r1, r2, 0x0, 0x8400fffffffa)
sendfile(r1, r2, 0x0, 0x280900)
timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x1c9c380}}, 0x0)
tkill(r0, 0x401104000000016)

[ 1855.722630][T32473] FAT-fs (loop1): bogus number of reserved sectors
[ 1855.729347][T32473] FAT-fs (loop1): Can't find a valid FAT filesystem
[ 1855.767539][   T26] audit: type=1800 audit(1580356100.132:259): pid=32463 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.2" name="bus" dev="loop2" ino=239 res=0
[ 1856.034948][T32491] FAT-fs (loop4): bogus number of reserved sectors
[ 1856.041893][T32491] FAT-fs (loop4): Can't find a valid FAT filesystem
03:48:20 executing program 1:
prlimit64(0x0, 0x0, 0x0, 0x0)
getsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f0000000180), 0x0)
sched_setattr(0x0, 0x0, 0x0)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x800, 0x0, @perf_bp={&(0x7f0000000000), 0x1}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x40000000, &(0x7f0000004080))
listen(0xffffffffffffffff, 0x2)
r1 = socket$inet6(0xa, 0x800000000000002, 0x0)
sendto$inet6(r1, 0x0, 0x0, 0x3a8f7dc2ac1a8d0b, &(0x7f0000000040)={0xa, 0x4e33, 0x0, @mcast2}, 0x1c)
sendto$inet6(r1, 0x0, 0x0, 0x0, 0x0, 0x0)
getsockopt$inet_sctp6_SCTP_PR_SUPPORTED(r1, 0x84, 0x71, &(0x7f0000000080)={<r2=>0x0, 0x3}, &(0x7f0000000100)=0x8)
getsockopt$inet_sctp_SCTP_ENABLE_STREAM_RESET(0xffffffffffffffff, 0x84, 0x76, &(0x7f0000000140)={r2, 0x9}, &(0x7f00000001c0)=0x8)
ioctl$sock_inet6_SIOCSIFADDR(r0, 0x89a1, &(0x7f00000000c0)={@local={0xfe, 0x80, [0x600, 0x3ef, 0x0, 0x3f00000000000000, 0x100000000000000, 0x0, 0x1103, 0x0, 0x0, 0x0, 0x0, 0x6]}, 0x6})
r3 = openat$vcsu(0xffffffffffffff9c, &(0x7f0000000340)='/dev/vcsu\x00', 0x400, 0x0)
ioctl$KVM_ARM_SET_DEVICE_ADDR(r3, 0x4010aeab, &(0x7f0000000380)={0x100000000, 0x104800})
r4 = open(0x0, 0x2a8800, 0x16f)
ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, 0x0)
setsockopt$inet6_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, &(0x7f0000000200)=0xffffffffffffffff, 0x4)
ioctl$sock_inet6_SIOCADDRT(r0, 0x89a0, &(0x7f00000005c0)={@local={0xfe, 0x80, [0x0, 0xfeff0000]}, @ipv4={[], [], @loopback}, @ipv4={[], [], @loopback}, 0x68, 0x0, 0x0, 0x0, 0x0, 0x42})
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x8031, 0xffffffffffffffff, 0x0)
r5 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_group_source_req(r5, 0x29, 0x2e, &(0x7f0000000140)={0x0, {{0xa, 0x0, 0x0, @empty}}, {{0xa, 0x0, 0x0, @remote}}}, 0x108)
r6 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_group_source_req(r6, 0x29, 0x2e, &(0x7f0000000140)={0x0, {{0xa, 0x0, 0x0, @mcast2}}, {{0xa, 0x0, 0x0, @mcast1}}}, 0x108)
accept$inet6(r6, &(0x7f0000000400)={0xa, 0x0, 0x0, @ipv4={[], [], @dev}}, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r7=>0xffffffffffffffff})
r8 = socket$inet(0xa, 0x801, 0x84)
fcntl$setstatus(r8, 0x4, 0x0)
r9 = socket$inet6(0xa, 0x800000000000002, 0x0)
r10 = openat$procfs(0xffffffffffffff9c, &(0x7f00000003c0)='/proc/meminfo\x00', 0x0, 0x0)
sendto$inet6(r10, 0x0, 0x0, 0x2000c014, &(0x7f0000000040)={0xa, 0x4e33, 0x0, @mcast2}, 0x1c)
sendto$inet6(r9, 0x0, 0x0, 0x0, 0x0, 0x0)
getsockopt$inet_sctp6_SCTP_MAXSEG(r9, 0x84, 0xd, &(0x7f0000000240)=@assoc_id=<r11=>0x0, &(0x7f0000000280)=0x4)
getsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(r4, 0x84, 0xa, &(0x7f00000002c0)={0x7, 0xd4d3, 0x209, 0x4, 0x6, 0x9c1, 0x5, 0x6, r11}, &(0x7f0000000300)=0x20)
dup(r7)

03:48:20 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, 0x0)
openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x48186, 0x0)
ioctl$int_in(0xffffffffffffffff, 0x800000c004500a, &(0x7f0000000300))
socket$inet(0x2, 0x80001, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IPVS_CMD_DEL_DEST(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000240)={0x0, <r2=>0x0})
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x6400000000000000}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(0xffffffffffffffff, 0x4068aea3, &(0x7f0000000140)={0x7b})
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x40000004, 0x0, 0x0, 0x0, 0x4cb, 0x80000000], 0x10000})

03:48:20 executing program 4:
r0 = gettid()
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)}], 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r1 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r1, 0x800)
lseek(r1, 0x0, 0x2)
r2 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r1, r2, 0x0, 0x8400fffffffa)
sendfile(r1, r2, 0x0, 0x280900)
timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x1c9c380}}, 0x0)
tkill(r0, 0x401104000000016)

03:48:20 executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000007000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, &(0x7f0000000040))
ioctl$KVM_GET_REG_LIST(0xffffffffffffffff, 0xc008aeb0, 0x0)
dup(0xffffffffffffffff)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r3 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x48186, 0x0)
ioctl$int_in(r3, 0x0, &(0x7f0000000300))
socket$inet(0x2, 0x80001, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00')
sendmsg$IPVS_CMD_DEL_DEST(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x28, r5, 0x1, 0x0, 0x0, {}, [@IPVS_CMD_ATTR_SERVICE={0x14, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_PORT={0x6}, @IPVS_SVC_ATTR_PROTOCOL={0x6}]}]}, 0x28}}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000240)={0x0, <r6=>0x0})
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x4d01}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r6+30000000}, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(r2, 0x4068aea3, &(0x7f0000000140)={0x7b})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x100, 0x40000004, 0x0, 0x0, 0x0, 0x4cb, 0x80000000], 0x10000})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

[ 1856.539047][T32612] FAT-fs (loop4): bogus number of reserved sectors
[ 1856.596811][T32612] FAT-fs (loop4): Can't find a valid FAT filesystem
03:48:21 executing program 2:
gettid()
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r0 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r1 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r0, r1, 0x0, 0x8400fffffffa)
sendfile(r0, r1, 0x0, 0x280900)
timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x1c9c380}}, 0x0)
tkill(0x0, 0x401104000000016)

03:48:21 executing program 3:
gettid()
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r0 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r1 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r0, r1, 0x0, 0x8400fffffffa)
sendfile(r0, r1, 0x0, 0x280900)
timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x1c9c380}}, 0x0)
tkill(0x0, 0x401104000000016)

03:48:21 executing program 1:
gettid()
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r0 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r1 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r0, r1, 0x0, 0x8400fffffffa)
sendfile(r0, r1, 0x0, 0x280900)
timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x1c9c380}}, 0x0)
tkill(0x0, 0x401104000000016)

03:48:21 executing program 4:
r0 = gettid()
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)}], 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r1 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r1, 0x800)
lseek(r1, 0x0, 0x2)
r2 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r1, r2, 0x0, 0x8400fffffffa)
sendfile(r1, r2, 0x0, 0x280900)
timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x1c9c380}}, 0x0)
tkill(r0, 0x401104000000016)

[ 1856.997128][T32733] FAT-fs (loop4): bogus number of reserved sectors
[ 1857.009290][T32733] FAT-fs (loop4): Can't find a valid FAT filesystem
[ 1857.020759][   T26] kauditd_printk_skb: 2 callbacks suppressed
[ 1857.020783][   T26] audit: type=1800 audit(1580356101.382:262): pid=32725 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.2" name="bus" dev="loop2" ino=240 res=0
03:48:21 executing program 4:
r0 = gettid()
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)}], 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r1 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r1, 0x800)
lseek(r1, 0x0, 0x2)
r2 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r1, r2, 0x0, 0x8400fffffffa)
sendfile(r1, r2, 0x0, 0x280900)
timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x1c9c380}}, 0x0)
tkill(r0, 0x401104000000016)

[ 1857.373577][   T26] audit: type=1800 audit(1580356101.552:263): pid=32733 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.4" name="bus" dev="sda1" ino=17719 res=0
03:48:21 executing program 3:
r0 = gettid()
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r1 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r1, 0x800)
lseek(r1, 0x0, 0x2)
r2 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r1, r2, 0x0, 0x8400fffffffa)
sendfile(r1, r2, 0x0, 0x280900)
timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x1c9c380}}, 0x0)
tkill(r0, 0x0)

03:48:21 executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000007000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, &(0x7f0000000040))
ioctl$KVM_GET_REG_LIST(0xffffffffffffffff, 0xc008aeb0, 0x0)
dup(0xffffffffffffffff)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r3 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x48186, 0x0)
ioctl$int_in(r3, 0x0, &(0x7f0000000300))
socket$inet(0x2, 0x80001, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00')
sendmsg$IPVS_CMD_DEL_DEST(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x28, r5, 0x1, 0x0, 0x0, {}, [@IPVS_CMD_ATTR_SERVICE={0x14, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_PORT={0x6}, @IPVS_SVC_ATTR_PROTOCOL={0x6}]}]}, 0x28}}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000240)={0x0, <r6=>0x0})
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x6400}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r6+30000000}, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(r2, 0x4068aea3, &(0x7f0000000140)={0x7b})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x100, 0x40000004, 0x0, 0x0, 0x0, 0x4cb, 0x80000000], 0x10000})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

03:48:21 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, 0x0)
openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x48186, 0x0)
ioctl$int_in(0xffffffffffffffff, 0x800000c004500a, &(0x7f0000000300))
socket$inet(0x2, 0x80001, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IPVS_CMD_DEL_DEST(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000240)={0x0, <r2=>0x0})
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x7c15000000000000}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(0xffffffffffffffff, 0x4068aea3, &(0x7f0000000140)={0x7b})
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x40000004, 0x0, 0x0, 0x0, 0x4cb, 0x80000000], 0x10000})

[ 1857.597220][   T26] audit: type=1800 audit(1580356101.962:264): pid=32739 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.1" name="bus" dev="sda1" ino=17722 res=0
[ 1857.609432][  T390] FAT-fs (loop4): bogus number of reserved sectors
[ 1857.635947][  T390] FAT-fs (loop4): Can't find a valid FAT filesystem
[ 1857.838909][   T26] audit: type=1800 audit(1580356102.082:265): pid=399 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.3" name="bus" dev="loop3" ino=241 res=0
03:48:22 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, 0x0)
openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x48186, 0x0)
ioctl$int_in(0xffffffffffffffff, 0x800000c004500a, &(0x7f0000000300))
socket$inet(0x2, 0x80001, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IPVS_CMD_DEL_DEST(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000240)={0x0, <r2=>0x0})
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x9a02000000000000}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(0xffffffffffffffff, 0x4068aea3, &(0x7f0000000140)={0x7b})
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x40000004, 0x0, 0x0, 0x0, 0x4cb, 0x80000000], 0x10000})

03:48:22 executing program 4:
r0 = gettid()
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)}], 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r1 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r1, 0x800)
lseek(r1, 0x0, 0x2)
r2 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r1, r2, 0x0, 0x8400fffffffa)
sendfile(r1, r2, 0x0, 0x280900)
timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x1c9c380}}, 0x0)
tkill(r0, 0x401104000000016)

[ 1858.241355][  T527] FAT-fs (loop4): bogus number of reserved sectors
[ 1858.254591][  T527] FAT-fs (loop4): Can't find a valid FAT filesystem
03:48:22 executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000007000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, &(0x7f0000000040))
ioctl$KVM_GET_REG_LIST(0xffffffffffffffff, 0xc008aeb0, 0x0)
dup(0xffffffffffffffff)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r3 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x48186, 0x0)
ioctl$int_in(r3, 0x0, &(0x7f0000000300))
socket$inet(0x2, 0x80001, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00')
sendmsg$IPVS_CMD_DEL_DEST(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x28, r5, 0x1, 0x0, 0x0, {}, [@IPVS_CMD_ATTR_SERVICE={0x14, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_PORT={0x6}, @IPVS_SVC_ATTR_PROTOCOL={0x6}]}]}, 0x28}}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000240)={0x0, <r6=>0x0})
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x7c15}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r6+30000000}, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(r2, 0x4068aea3, &(0x7f0000000140)={0x7b})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x100, 0x40000004, 0x0, 0x0, 0x0, 0x4cb, 0x80000000], 0x10000})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

03:48:22 executing program 2:
gettid()
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r0 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r1 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r0, r1, 0x0, 0x8400fffffffa)
sendfile(r0, r1, 0x0, 0x280900)
timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x1c9c380}}, 0x0)
tkill(0x0, 0x401104000000016)

03:48:22 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, 0x0)
openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x48186, 0x0)
ioctl$int_in(0xffffffffffffffff, 0x800000c004500a, &(0x7f0000000300))
socket$inet(0x2, 0x80001, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IPVS_CMD_DEL_DEST(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000240)={0x0, <r2=>0x0})
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x7c15000000000000}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(0xffffffffffffffff, 0x4068aea3, &(0x7f0000000140)={0x7b})
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x40000004, 0x0, 0x0, 0x0, 0x4cb, 0x80000000], 0x10000})

[ 1858.362089][   T26] audit: type=1800 audit(1580356102.722:266): pid=527 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.4" name="bus" dev="sda1" ino=17731 res=0
03:48:22 executing program 3:
r0 = gettid()
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r1 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r1, 0x800)
lseek(r1, 0x0, 0x2)
r2 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r1, r2, 0x0, 0x8400fffffffa)
sendfile(r1, r2, 0x0, 0x280900)
timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x1c9c380}}, 0x0)
tkill(r0, 0x0)

03:48:22 executing program 4:
r0 = gettid()
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)}], 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r1 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r1, 0x800)
lseek(r1, 0x0, 0x2)
r2 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r1, r2, 0x0, 0x8400fffffffa)
sendfile(r1, r2, 0x0, 0x280900)
timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x1c9c380}}, 0x0)
tkill(r0, 0x401104000000016)

03:48:23 executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000007000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, &(0x7f0000000040))
ioctl$KVM_GET_REG_LIST(0xffffffffffffffff, 0xc008aeb0, 0x0)
dup(0xffffffffffffffff)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r3 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x48186, 0x0)
ioctl$int_in(r3, 0x0, &(0x7f0000000300))
socket$inet(0x2, 0x80001, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00')
sendmsg$IPVS_CMD_DEL_DEST(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x28, r5, 0x1, 0x0, 0x0, {}, [@IPVS_CMD_ATTR_SERVICE={0x14, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_PORT={0x6}, @IPVS_SVC_ATTR_PROTOCOL={0x6}]}]}, 0x28}}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000240)={0x0, <r6=>0x0})
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x9a02}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r6+30000000}, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(r2, 0x4068aea3, &(0x7f0000000140)={0x7b})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x100, 0x40000004, 0x0, 0x0, 0x0, 0x4cb, 0x80000000], 0x10000})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

[ 1858.816158][  T652] FAT-fs (loop4): bogus number of reserved sectors
[ 1858.827572][   T26] audit: type=1800 audit(1580356103.192:267): pid=643 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.2" name="bus" dev="loop2" ino=242 res=0
[ 1858.837205][  T652] FAT-fs (loop4): Can't find a valid FAT filesystem
03:48:23 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, 0x0)
openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x48186, 0x0)
ioctl$int_in(0xffffffffffffffff, 0x800000c004500a, &(0x7f0000000300))
socket$inet(0x2, 0x80001, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IPVS_CMD_DEL_DEST(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000240)={0x0, <r2=>0x0})
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0xa605000000000000}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(0xffffffffffffffff, 0x4068aea3, &(0x7f0000000140)={0x7b})
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x40000004, 0x0, 0x0, 0x0, 0x4cb, 0x80000000], 0x10000})

03:48:23 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, 0x0)
openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x48186, 0x0)
ioctl$int_in(0xffffffffffffffff, 0x800000c004500a, &(0x7f0000000300))
socket$inet(0x2, 0x80001, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IPVS_CMD_DEL_DEST(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000240)={0x0, <r2=>0x0})
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x9a02000000000000}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(0xffffffffffffffff, 0x4068aea3, &(0x7f0000000140)={0x7b})
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x40000004, 0x0, 0x0, 0x0, 0x4cb, 0x80000000], 0x10000})

[ 1859.121696][   T26] audit: type=1800 audit(1580356103.482:268): pid=744 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.3" name="bus" dev="loop3" ino=243 res=0
03:48:23 executing program 4:
r0 = gettid()
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r1 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r1, 0x800)
lseek(r1, 0x0, 0x2)
r2 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r1, r2, 0x0, 0x8400fffffffa)
sendfile(r1, r2, 0x0, 0x280900)
timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x1c9c380}}, 0x0)
tkill(r0, 0x0)

03:48:23 executing program 3:
r0 = gettid()
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r1 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r1, 0x800)
lseek(r1, 0x0, 0x2)
r2 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r1, r2, 0x0, 0x8400fffffffa)
sendfile(r1, r2, 0x0, 0x280900)
timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x1c9c380}}, 0x0)
tkill(r0, 0x0)

03:48:24 executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000007000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, &(0x7f0000000040))
ioctl$KVM_GET_REG_LIST(0xffffffffffffffff, 0xc008aeb0, 0x0)
dup(0xffffffffffffffff)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r3 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x48186, 0x0)
ioctl$int_in(r3, 0x0, &(0x7f0000000300))
socket$inet(0x2, 0x80001, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00')
sendmsg$IPVS_CMD_DEL_DEST(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x28, r5, 0x1, 0x0, 0x0, {}, [@IPVS_CMD_ATTR_SERVICE={0x14, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_PORT={0x6}, @IPVS_SVC_ATTR_PROTOCOL={0x6}]}]}, 0x28}}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000240)={0x0, <r6=>0x0})
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0xa305}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r6+30000000}, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(r2, 0x4068aea3, &(0x7f0000000140)={0x7b})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x100, 0x40000004, 0x0, 0x0, 0x0, 0x4cb, 0x80000000], 0x10000})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

[ 1859.715864][   T26] audit: type=1800 audit(1580356104.082:269): pid=789 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.4" name="bus" dev="loop4" ino=244 res=0
[ 1859.836868][   T26] audit: type=1800 audit(1580356104.162:270): pid=800 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.3" name="bus" dev="sda1" ino=16541 res=0
03:48:24 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, 0x0)
openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x48186, 0x0)
ioctl$int_in(0xffffffffffffffff, 0x800000c004500a, &(0x7f0000000300))
socket$inet(0x2, 0x80001, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IPVS_CMD_DEL_DEST(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000240)={0x0, <r2=>0x0})
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0xea64d2b050010000}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(0xffffffffffffffff, 0x4068aea3, &(0x7f0000000140)={0x7b})
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x40000004, 0x0, 0x0, 0x0, 0x4cb, 0x80000000], 0x10000})

03:48:24 executing program 2:
gettid()
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r0 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r1 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r0, r1, 0x0, 0x8400fffffffa)
sendfile(r0, r1, 0x0, 0x280900)
timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x1c9c380}}, 0x0)

03:48:24 executing program 4:
r0 = gettid()
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r1 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r1, 0x800)
lseek(r1, 0x0, 0x2)
r2 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r1, r2, 0x0, 0x8400fffffffa)
sendfile(r1, r2, 0x0, 0x280900)
timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x1c9c380}}, 0x0)
tkill(r0, 0x0)

[ 1860.219953][   T26] audit: type=1800 audit(1580356104.582:271): pid=915 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.2" name="bus" dev="loop2" ino=245 res=0
03:48:24 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, 0x0)
openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x48186, 0x0)
ioctl$int_in(0xffffffffffffffff, 0x800000c004500a, &(0x7f0000000300))
socket$inet(0x2, 0x80001, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IPVS_CMD_DEL_DEST(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000240)={0x0, <r2=>0x0})
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x9a02000000000000}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(0xffffffffffffffff, 0x4068aea3, &(0x7f0000000140)={0x7b})
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x40000004, 0x0, 0x0, 0x0, 0x4cb, 0x80000000], 0x10000})

03:48:25 executing program 3:
r0 = gettid()
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r1 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r1, 0x800)
lseek(r1, 0x0, 0x2)
r2 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r1, r2, 0x0, 0x8400fffffffa)
sendfile(r1, r2, 0x0, 0x280900)
timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x1c9c380}}, 0x0)
tkill(r0, 0x0)

03:48:25 executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000007000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, &(0x7f0000000040))
ioctl$KVM_GET_REG_LIST(0xffffffffffffffff, 0xc008aeb0, 0x0)
dup(0xffffffffffffffff)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r3 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x48186, 0x0)
ioctl$int_in(r3, 0x0, &(0x7f0000000300))
socket$inet(0x2, 0x80001, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00')
sendmsg$IPVS_CMD_DEL_DEST(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x28, r5, 0x1, 0x0, 0x0, {}, [@IPVS_CMD_ATTR_SERVICE={0x14, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_PORT={0x6}, @IPVS_SVC_ATTR_PROTOCOL={0x6}]}]}, 0x28}}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000240)={0x0, <r6=>0x0})
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x2000b}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r6+30000000}, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(r2, 0x4068aea3, &(0x7f0000000140)={0x7b})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x100, 0x40000004, 0x0, 0x0, 0x0, 0x4cb, 0x80000000], 0x10000})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

03:48:25 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, 0x0)
openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x48186, 0x0)
ioctl$int_in(0xffffffffffffffff, 0x800000c004500a, &(0x7f0000000300))
socket$inet(0x2, 0x80001, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IPVS_CMD_DEL_DEST(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000240)={0x0, <r2=>0x0})
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0xfeffffff00000000}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(0xffffffffffffffff, 0x4068aea3, &(0x7f0000000140)={0x7b})
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x40000004, 0x0, 0x0, 0x0, 0x4cb, 0x80000000], 0x10000})

03:48:25 executing program 4:
r0 = gettid()
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r1 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r1, 0x800)
lseek(r1, 0x0, 0x2)
r2 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r1, r2, 0x0, 0x8400fffffffa)
sendfile(r1, r2, 0x0, 0x280900)
timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x1c9c380}}, 0x0)
tkill(r0, 0x0)

03:48:25 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000007000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, &(0x7f0000000040))
ioctl$KVM_GET_REG_LIST(0xffffffffffffffff, 0xc008aeb0, 0x0)
dup(0xffffffffffffffff)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r3 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x48186, 0x0)
ioctl$int_in(r3, 0x0, &(0x7f0000000300))
socket$inet(0x2, 0x80001, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00')
sendmsg$IPVS_CMD_DEL_DEST(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x28, r5, 0x1, 0x0, 0x0, {}, [@IPVS_CMD_ATTR_SERVICE={0x14, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_PORT={0x6}, @IPVS_SVC_ATTR_PROTOCOL={0x6}]}]}, 0x28}}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000240)={0x0, <r6=>0x0})
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0xf00000000000000}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r6+30000000}, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(r2, 0x4068aea3, &(0x7f0000000140)={0x7b})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x100, 0x40000004, 0x0, 0x0, 0x0, 0x4cb, 0x80000000], 0x10000})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

03:48:25 executing program 2:
gettid()
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r0 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r1 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r0, r1, 0x0, 0x8400fffffffa)
sendfile(r0, r1, 0x0, 0x280900)
timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000))

03:48:25 executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000007000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, &(0x7f0000000040))
ioctl$KVM_GET_REG_LIST(0xffffffffffffffff, 0xc008aeb0, 0x0)
dup(0xffffffffffffffff)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r3 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x48186, 0x0)
ioctl$int_in(r3, 0x0, &(0x7f0000000300))
socket$inet(0x2, 0x80001, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00')
sendmsg$IPVS_CMD_DEL_DEST(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x28, r5, 0x1, 0x0, 0x0, {}, [@IPVS_CMD_ATTR_SERVICE={0x14, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_PORT={0x6}, @IPVS_SVC_ATTR_PROTOCOL={0x6}]}]}, 0x28}}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000240)={0x0, <r6=>0x0})
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x7d000}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r6+30000000}, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(r2, 0x4068aea3, &(0x7f0000000140)={0x7b})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x100, 0x40000004, 0x0, 0x0, 0x0, 0x4cb, 0x80000000], 0x10000})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

03:48:25 executing program 4:
gettid()
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r0 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r1 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r0, r1, 0x0, 0x8400fffffffa)
sendfile(r0, r1, 0x0, 0x280900)
timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x1c9c380}}, 0x0)

03:48:25 executing program 3:
r0 = gettid()
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)}], 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r1 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r1, 0x800)
lseek(r1, 0x0, 0x2)
r2 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r1, r2, 0x0, 0x8400fffffffa)
sendfile(r1, r2, 0x0, 0x280900)
timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x1c9c380}}, 0x0)
tkill(r0, 0x401104000000016)

03:48:25 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, 0x0)
openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x48186, 0x0)
ioctl$int_in(0xffffffffffffffff, 0x800000c004500a, &(0x7f0000000300))
socket$inet(0x2, 0x80001, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IPVS_CMD_DEL_DEST(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000240)={0x0, <r2=>0x0})
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0xffffff7f00000000}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(0xffffffffffffffff, 0x4068aea3, &(0x7f0000000140)={0x7b})
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x40000004, 0x0, 0x0, 0x0, 0x4cb, 0x80000000], 0x10000})

[ 1861.649384][ T1194] FAT-fs (loop3): bogus number of reserved sectors
[ 1861.666253][ T1194] FAT-fs (loop3): Can't find a valid FAT filesystem
03:48:26 executing program 1:
r0 = gettid()
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{0x0}], 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r1 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r1, 0x800)
lseek(r1, 0x0, 0x2)
r2 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r1, r2, 0x0, 0x8400fffffffa)
sendfile(r1, r2, 0x0, 0x280900)
timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x1c9c380}}, 0x0)
tkill(r0, 0x401104000000016)

03:48:26 executing program 4:
gettid()
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r0 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r1 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r0, r1, 0x0, 0x8400fffffffa)
sendfile(r0, r1, 0x0, 0x280900)
timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x1c9c380}}, 0x0)

[ 1862.036520][ T1309] FAT-fs (loop1): bogus number of reserved sectors
[ 1862.043615][ T1309] FAT-fs (loop1): Can't find a valid FAT filesystem
03:48:26 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, 0x0)
openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x48186, 0x0)
ioctl$int_in(0xffffffffffffffff, 0x800000c004500a, &(0x7f0000000300))
socket$inet(0x2, 0x80001, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IPVS_CMD_DEL_DEST(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000240)={0x0, <r2=>0x0})
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0xffffffff00000000}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(0xffffffffffffffff, 0x4068aea3, &(0x7f0000000140)={0x7b})
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x40000004, 0x0, 0x0, 0x0, 0x4cb, 0x80000000], 0x10000})

[ 1862.204472][   T26] kauditd_printk_skb: 6 callbacks suppressed
[ 1862.204494][   T26] audit: type=1800 audit(1580356106.572:278): pid=1309 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.1" name="bus" dev="sda1" ino=17603 res=0
[ 1862.413544][   T26] audit: type=1800 audit(1580356106.782:279): pid=1320 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.4" name="bus" dev="loop4" ino=249 res=0
03:48:26 executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000007000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, &(0x7f0000000040))
ioctl$KVM_GET_REG_LIST(0xffffffffffffffff, 0xc008aeb0, 0x0)
dup(0xffffffffffffffff)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r3 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x48186, 0x0)
ioctl$int_in(r3, 0x0, &(0x7f0000000300))
socket$inet(0x2, 0x80001, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00')
sendmsg$IPVS_CMD_DEL_DEST(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x28, r5, 0x1, 0x0, 0x0, {}, [@IPVS_CMD_ATTR_SERVICE={0x14, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_PORT={0x6}, @IPVS_SVC_ATTR_PROTOCOL={0x6}]}]}, 0x28}}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000240)={0x0, <r6=>0x0})
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x100000}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r6+30000000}, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(r2, 0x4068aea3, &(0x7f0000000140)={0x7b})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x100, 0x40000004, 0x0, 0x0, 0x0, 0x4cb, 0x80000000], 0x10000})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

03:48:26 executing program 2:
gettid()
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r0 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r1 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r0, r1, 0x0, 0x8400fffffffa)
sendfile(r0, r1, 0x0, 0x280900)
timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000))

03:48:26 executing program 1:
gettid()
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r0 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r1 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r0, r1, 0x0, 0x8400fffffffa)
sendfile(r0, r1, 0x0, 0x280900)
timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000))

03:48:27 executing program 3:
r0 = gettid()
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)}], 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r1 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r1, 0x800)
lseek(r1, 0x0, 0x2)
r2 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r1, r2, 0x0, 0x8400fffffffa)
sendfile(r1, r2, 0x0, 0x280900)
timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x1c9c380}}, 0x0)
tkill(r0, 0x401104000000016)

[ 1862.807545][   T26] audit: type=1800 audit(1580356107.172:280): pid=1449 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.2" name="bus" dev="loop2" ino=250 res=0
03:48:27 executing program 4:
gettid()
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r0 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r1 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r0, r1, 0x0, 0x8400fffffffa)
sendfile(r0, r1, 0x0, 0x280900)
timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x1c9c380}}, 0x0)

[ 1863.151457][ T1463] FAT-fs (loop3): bogus number of reserved sectors
03:48:27 executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000007000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, &(0x7f0000000040))
ioctl$KVM_GET_REG_LIST(0xffffffffffffffff, 0xc008aeb0, 0x0)
dup(0xffffffffffffffff)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r3 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x48186, 0x0)
ioctl$int_in(r3, 0x0, &(0x7f0000000300))
socket$inet(0x2, 0x80001, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00')
sendmsg$IPVS_CMD_DEL_DEST(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x28, r5, 0x1, 0x0, 0x0, {}, [@IPVS_CMD_ATTR_SERVICE={0x14, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_PORT={0x6}, @IPVS_SVC_ATTR_PROTOCOL={0x6}]}]}, 0x28}}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000240)={0x0, <r6=>0x0})
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x3e8000}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r6+30000000}, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(r2, 0x4068aea3, &(0x7f0000000140)={0x7b})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x100, 0x40000004, 0x0, 0x0, 0x0, 0x4cb, 0x80000000], 0x10000})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

[ 1863.199974][   T26] audit: type=1800 audit(1580356107.562:281): pid=1456 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.1" name="bus" dev="sda1" ino=17624 res=0
[ 1863.294069][ T1463] FAT-fs (loop3): Can't find a valid FAT filesystem
03:48:27 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, 0x0)
openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x48186, 0x0)
ioctl$int_in(0xffffffffffffffff, 0x800000c004500a, &(0x7f0000000300))
socket$inet(0x2, 0x80001, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IPVS_CMD_DEL_DEST(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000240)={0x0, <r2=>0x0})
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(0xffffffffffffffff, 0x4068aea3, &(0x7f0000000140)={0x7b})
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x40000004, 0x0, 0x0, 0x0, 0x4cb, 0x80000000], 0x10000})

03:48:27 executing program 3:
r0 = gettid()
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)}], 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r1 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r1, 0x800)
lseek(r1, 0x0, 0x2)
r2 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r1, r2, 0x0, 0x8400fffffffa)
sendfile(r1, r2, 0x0, 0x280900)
timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x1c9c380}}, 0x0)
tkill(r0, 0x401104000000016)

03:48:28 executing program 2:
gettid()
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r0 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r1 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r0, r1, 0x0, 0x8400fffffffa)
sendfile(r0, r1, 0x0, 0x280900)

03:48:28 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, 0x0)
openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x48186, 0x0)
ioctl$int_in(0xffffffffffffffff, 0x800000c004500a, &(0x7f0000000300))
socket$inet(0x2, 0x80001, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IPVS_CMD_DEL_DEST(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000240)={0x0, <r2=>0x0})
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0xffffff7f00000000}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(0xffffffffffffffff, 0x4068aea3, &(0x7f0000000140)={0x7b})
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x40000004, 0x0, 0x0, 0x0, 0x4cb, 0x80000000], 0x10000})

03:48:28 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, 0x0)
openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x48186, 0x0)
ioctl$int_in(0xffffffffffffffff, 0x800000c004500a, &(0x7f0000000300))
socket$inet(0x2, 0x80001, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IPVS_CMD_DEL_DEST(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000240)={0x0, <r2=>0x0})
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(0xffffffffffffffff, 0x4068aea3, &(0x7f0000000140)={0x7b})
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x40000004, 0x0, 0x0, 0x0, 0x4cb, 0x80000000], 0x10000})

[ 1863.761740][ T1602] FAT-fs (loop3): bogus number of reserved sectors
[ 1863.784558][ T1602] FAT-fs (loop3): Can't find a valid FAT filesystem
03:48:28 executing program 1:
prlimit64(0x0, 0x0, 0x0, 0x0)
getsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f0000000180), 0x0)
sched_setattr(0x0, 0x0, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x40000000, &(0x7f0000004080))
ioctl$sock_inet6_SIOCSIFADDR(0xffffffffffffffff, 0x89a1, &(0x7f00000000c0)={@local={0xfe, 0x80, [0x600, 0x3ef, 0x0, 0x3f00000000000000, 0x100000000000000, 0x0, 0x1103, 0x0, 0x0, 0x0, 0x0, 0x6]}, 0x6})
open(0x0, 0x80000, 0x100)
ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, 0x0)
ioctl$sock_inet6_SIOCADDRT(0xffffffffffffffff, 0x89a0, &(0x7f00000005c0)={@local={0xfe, 0x80, [0x0, 0xfeff0000]}, @ipv4={[], [], @loopback}, @ipv4={[], [], @loopback}, 0x68, 0x0, 0x0, 0x0, 0x0, 0x42})
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x8031, 0xffffffffffffffff, 0x0)
accept$inet6(0xffffffffffffffff, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={[], [], @dev}}, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
dup(r0)

[ 1863.851838][   T26] audit: type=1800 audit(1580356108.212:282): pid=1602 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.3" name="bus" dev="sda1" ino=16541 res=0
03:48:28 executing program 3:
gettid()
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)}], 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r0 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r1 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r0, r1, 0x0, 0x8400fffffffa)
sendfile(r0, r1, 0x0, 0x280900)
timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x1c9c380}}, 0x0)

[ 1864.262856][ T1661] FAT-fs (loop3): bogus number of reserved sectors
[ 1864.269474][ T1661] FAT-fs (loop3): Can't find a valid FAT filesystem
[ 1864.337279][   T26] audit: type=1800 audit(1580356108.702:283): pid=1661 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.3" name="bus" dev="sda1" ino=17651 res=0
03:48:28 executing program 1:
r0 = gettid()
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x0, &(0x7f0000000140), 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r1 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r1, 0x800)
lseek(r1, 0x0, 0x2)
r2 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r1, r2, 0x0, 0x8400fffffffa)
sendfile(r1, r2, 0x0, 0x280900)
timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x1c9c380}}, 0x0)
tkill(r0, 0x401104000000016)

[ 1864.415127][   T26] audit: type=1800 audit(1580356108.722:284): pid=1736 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.2" name="bus" dev="sda1" ino=17644 res=0
03:48:29 executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000007000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, &(0x7f0000000040))
ioctl$KVM_GET_REG_LIST(0xffffffffffffffff, 0xc008aeb0, 0x0)
dup(0xffffffffffffffff)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r3 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x48186, 0x0)
ioctl$int_in(r3, 0x0, &(0x7f0000000300))
socket$inet(0x2, 0x80001, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00')
sendmsg$IPVS_CMD_DEL_DEST(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x28, r5, 0x1, 0x0, 0x0, {}, [@IPVS_CMD_ATTR_SERVICE={0x14, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_PORT={0x6}, @IPVS_SVC_ATTR_PROTOCOL={0x6}]}]}, 0x28}}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000240)={0x0, <r6=>0x0})
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x400000}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r6+30000000}, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(r2, 0x4068aea3, &(0x7f0000000140)={0x7b})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x100, 0x40000004, 0x0, 0x0, 0x0, 0x4cb, 0x80000000], 0x10000})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

[ 1864.648490][ T1745] FAT-fs (loop1): bogus number of reserved sectors
[ 1864.656091][ T1745] FAT-fs (loop1): Can't find a valid FAT filesystem
03:48:29 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, 0x0)
openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x48186, 0x0)
ioctl$int_in(0xffffffffffffffff, 0x800000c004500a, &(0x7f0000000300))
socket$inet(0x2, 0x80001, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IPVS_CMD_DEL_DEST(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000240)={0x0, <r2=>0x0})
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(0xffffffffffffffff, 0x4068aea3, &(0x7f0000000140)={0x7b})
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x40000004, 0x0, 0x0, 0x0, 0x4cb, 0x80000000], 0x10000})

[ 1864.773877][   T26] audit: type=1800 audit(1580356109.142:285): pid=1745 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.1" name="bus" dev="sda1" ino=16865 res=0
03:48:29 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, 0x0)
openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x48186, 0x0)
ioctl$int_in(0xffffffffffffffff, 0x800000c004500a, &(0x7f0000000300))
socket$inet(0x2, 0x80001, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IPVS_CMD_DEL_DEST(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000240)={0x0, <r2=>0x0})
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0xffffff7f00000000}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(0xffffffffffffffff, 0x4068aea3, &(0x7f0000000140)={0x7b})
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x40000004, 0x0, 0x0, 0x0, 0x4cb, 0x80000000], 0x10000})

03:48:29 executing program 2:
gettid()
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r0 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r1 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r0, r1, 0x0, 0x8400fffffffa)
sendfile(r0, r1, 0x0, 0x280900)

03:48:29 executing program 3:
gettid()
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)}], 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r0 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r1 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r0, r1, 0x0, 0x8400fffffffa)
sendfile(r0, r1, 0x0, 0x280900)
timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x1c9c380}}, 0x0)

03:48:29 executing program 1:
gettid()
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)}], 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r0 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r1 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r0, r1, 0x0, 0x8400fffffffa)
sendfile(r0, r1, 0x0, 0x280900)
timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x1c9c380}}, 0x0)

[ 1865.266364][   T26] audit: type=1800 audit(1580356109.632:286): pid=1819 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.2" name="bus" dev="loop2" ino=251 res=0
[ 1865.427596][ T1891] FAT-fs (loop1): bogus number of reserved sectors
[ 1865.434575][ T1891] FAT-fs (loop1): Can't find a valid FAT filesystem
03:48:30 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, 0x0)
openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x48186, 0x0)
ioctl$int_in(0xffffffffffffffff, 0x800000c004500a, &(0x7f0000000300))
socket$inet(0x2, 0x80001, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IPVS_CMD_DEL_DEST(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000240)={0x0, <r2=>0x0})
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0xffffff7f00000000}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(0xffffffffffffffff, 0x4068aea3, &(0x7f0000000140)={0x7b})
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x40000004, 0x0, 0x0, 0x0, 0x4cb, 0x80000000], 0x10000})

[ 1865.620002][ T1895] FAT-fs (loop3): bogus number of reserved sectors
[ 1865.630289][ T1895] FAT-fs (loop3): Can't find a valid FAT filesystem
[ 1865.639236][   T26] audit: type=1800 audit(1580356110.002:287): pid=1902 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.3" name="bus" dev="sda1" ino=17650 res=0
03:48:30 executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000007000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, &(0x7f0000000040))
ioctl$KVM_GET_REG_LIST(0xffffffffffffffff, 0xc008aeb0, 0x0)
dup(0xffffffffffffffff)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r3 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x48186, 0x0)
ioctl$int_in(r3, 0x0, &(0x7f0000000300))
socket$inet(0x2, 0x80001, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00')
sendmsg$IPVS_CMD_DEL_DEST(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x28, r5, 0x1, 0x0, 0x0, {}, [@IPVS_CMD_ATTR_SERVICE={0x14, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_PORT={0x6}, @IPVS_SVC_ATTR_PROTOCOL={0x6}]}]}, 0x28}}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000240)={0x0, <r6=>0x0})
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x800000}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r6+30000000}, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(r2, 0x4068aea3, &(0x7f0000000140)={0x7b})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x100, 0x40000004, 0x0, 0x0, 0x0, 0x4cb, 0x80000000], 0x10000})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

03:48:30 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, 0x0)
openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x48186, 0x0)
ioctl$int_in(0xffffffffffffffff, 0x800000c004500a, &(0x7f0000000300))
socket$inet(0x2, 0x80001, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IPVS_CMD_DEL_DEST(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000240)={0x0, <r2=>0x0})
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x5}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(0xffffffffffffffff, 0x4068aea3, &(0x7f0000000140)={0x7b})
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x40000004, 0x0, 0x0, 0x0, 0x4cb, 0x80000000], 0x10000})

03:48:30 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, 0x0)
openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x48186, 0x0)
ioctl$int_in(0xffffffffffffffff, 0x800000c004500a, &(0x7f0000000300))
socket$inet(0x2, 0x80001, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IPVS_CMD_DEL_DEST(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000240)={0x0, <r2=>0x0})
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(0xffffffffffffffff, 0x4068aea3, &(0x7f0000000140)={0x7b})
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x40000004, 0x0, 0x0, 0x0, 0x4cb, 0x80000000], 0x10000})

03:48:30 executing program 2:
gettid()
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r0 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r1 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r0, r1, 0x0, 0x280900)

03:48:30 executing program 3:
gettid()
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)}], 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r0 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r1 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r0, r1, 0x0, 0x8400fffffffa)
sendfile(r0, r1, 0x0, 0x280900)
timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x1c9c380}}, 0x0)

03:48:30 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, 0x0)
openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x48186, 0x0)
ioctl$int_in(0xffffffffffffffff, 0x800000c004500a, &(0x7f0000000300))
socket$inet(0x2, 0x80001, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IPVS_CMD_DEL_DEST(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000240)={0x0, <r2=>0x0})
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(0xffffffffffffffff, 0x4068aea3, &(0x7f0000000140)={0x7b})
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x40000004, 0x0, 0x0, 0x0, 0x4cb, 0x80000000], 0x10000})

03:48:30 executing program 1:
gettid()
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)}], 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r0 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r1 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r0, r1, 0x0, 0x8400fffffffa)
sendfile(r0, r1, 0x0, 0x280900)
timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x1c9c380}}, 0x0)

03:48:30 executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000007000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, &(0x7f0000000040))
ioctl$KVM_GET_REG_LIST(0xffffffffffffffff, 0xc008aeb0, 0x0)
dup(0xffffffffffffffff)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r3 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x48186, 0x0)
ioctl$int_in(r3, 0x0, &(0x7f0000000300))
socket$inet(0x2, 0x80001, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00')
sendmsg$IPVS_CMD_DEL_DEST(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x28, r5, 0x1, 0x0, 0x0, {}, [@IPVS_CMD_ATTR_SERVICE={0x14, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_PORT={0x6}, @IPVS_SVC_ATTR_PROTOCOL={0x6}]}]}, 0x28}}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000240)={0x0, <r6=>0x0})
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x803e00}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r6+30000000}, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(r2, 0x4068aea3, &(0x7f0000000140)={0x7b})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x100, 0x40000004, 0x0, 0x0, 0x0, 0x4cb, 0x80000000], 0x10000})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

[ 1866.493374][ T2136] FAT-fs (loop3): bogus number of reserved sectors
[ 1866.540737][ T2136] FAT-fs (loop3): Can't find a valid FAT filesystem
03:48:31 executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000007000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, &(0x7f0000000040))
ioctl$KVM_GET_REG_LIST(0xffffffffffffffff, 0xc008aeb0, 0x0)
dup(0xffffffffffffffff)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r3 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x48186, 0x0)
ioctl$int_in(r3, 0x0, &(0x7f0000000300))
socket$inet(0x2, 0x80001, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00')
sendmsg$IPVS_CMD_DEL_DEST(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x28, r5, 0x1, 0x0, 0x0, {}, [@IPVS_CMD_ATTR_SERVICE={0x14, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_PORT={0x6}, @IPVS_SVC_ATTR_PROTOCOL={0x6}]}]}, 0x28}}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000240)={0x0, <r6=>0x0})
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0xd00700}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r6+30000000}, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(r2, 0x4068aea3, &(0x7f0000000140)={0x7b})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x100, 0x40000004, 0x0, 0x0, 0x0, 0x4cb, 0x80000000], 0x10000})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

[ 1866.883831][ T2259] FAT-fs (loop1): bogus number of reserved sectors
[ 1866.930567][ T2259] FAT-fs (loop1): Can't find a valid FAT filesystem
03:48:31 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, 0x0)
openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x48186, 0x0)
ioctl$int_in(0xffffffffffffffff, 0x800000c004500a, &(0x7f0000000300))
socket$inet(0x2, 0x80001, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IPVS_CMD_DEL_DEST(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000240)={0x0, <r2=>0x0})
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x6}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(0xffffffffffffffff, 0x4068aea3, &(0x7f0000000140)={0x7b})
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x40000004, 0x0, 0x0, 0x0, 0x4cb, 0x80000000], 0x10000})

03:48:31 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, 0x0)
openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x48186, 0x0)
ioctl$int_in(0xffffffffffffffff, 0x800000c004500a, &(0x7f0000000300))
socket$inet(0x2, 0x80001, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IPVS_CMD_DEL_DEST(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000240)={0x0, <r2=>0x0})
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(0xffffffffffffffff, 0x4068aea3, &(0x7f0000000140)={0x7b})
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x40000004, 0x0, 0x0, 0x0, 0x4cb, 0x80000000], 0x10000})

03:48:31 executing program 3:
r0 = gettid()
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)}], 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r1 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r1, 0x800)
lseek(r1, 0x0, 0x2)
r2 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r1, r2, 0x0, 0x8400fffffffa)
sendfile(r1, r2, 0x0, 0x280900)
timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000))
tkill(r0, 0x401104000000016)

03:48:31 executing program 2:
gettid()
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r0 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r1 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r0, r1, 0x0, 0x280900)

03:48:31 executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000007000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, &(0x7f0000000040))
ioctl$KVM_GET_REG_LIST(0xffffffffffffffff, 0xc008aeb0, 0x0)
dup(0xffffffffffffffff)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r3 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x48186, 0x0)
ioctl$int_in(r3, 0x0, &(0x7f0000000300))
socket$inet(0x2, 0x80001, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00')
sendmsg$IPVS_CMD_DEL_DEST(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x28, r5, 0x1, 0x0, 0x0, {}, [@IPVS_CMD_ATTR_SERVICE={0x14, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_PORT={0x6}, @IPVS_SVC_ATTR_PROTOCOL={0x6}]}]}, 0x28}}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000240)={0x0, <r6=>0x0})
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1000000}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r6+30000000}, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(r2, 0x4068aea3, &(0x7f0000000140)={0x7b})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x100, 0x40000004, 0x0, 0x0, 0x0, 0x4cb, 0x80000000], 0x10000})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

03:48:31 executing program 4:
gettid()
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r0 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r1 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r0, r1, 0x0, 0x280900)

[ 1867.636975][ T2392] FAT-fs (loop3): bogus number of reserved sectors
[ 1867.644052][ T2392] FAT-fs (loop3): Can't find a valid FAT filesystem
[ 1867.659972][   T26] kauditd_printk_skb: 4 callbacks suppressed
[ 1867.659990][   T26] audit: type=1800 audit(1580356112.022:292): pid=2396 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.3" name="bus" dev="sda1" ino=17656 res=0
[ 1867.877975][   T26] audit: type=1800 audit(1580356112.182:293): pid=2398 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.2" name="bus" dev="sda1" ino=17744 res=0
03:48:32 executing program 4:
gettid()
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r0 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r1 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r0, r1, 0x0, 0x280900)

03:48:32 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, 0x0)
openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x48186, 0x0)
ioctl$int_in(0xffffffffffffffff, 0x800000c004500a, &(0x7f0000000300))
socket$inet(0x2, 0x80001, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IPVS_CMD_DEL_DEST(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000240)={0x0, <r2=>0x0})
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(0xffffffffffffffff, 0x4068aea3, &(0x7f0000000140)={0x7b})
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x40000004, 0x0, 0x0, 0x0, 0x4cb, 0x80000000], 0x10000})

03:48:32 executing program 1:
gettid()
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)}], 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r0 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r1 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r0, r1, 0x0, 0x8400fffffffa)
sendfile(r0, r1, 0x0, 0x280900)
timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x1c9c380}}, 0x0)

03:48:32 executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000007000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, &(0x7f0000000040))
ioctl$KVM_GET_REG_LIST(0xffffffffffffffff, 0xc008aeb0, 0x0)
dup(0xffffffffffffffff)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r3 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x48186, 0x0)
ioctl$int_in(r3, 0x0, &(0x7f0000000300))
socket$inet(0x2, 0x80001, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00')
sendmsg$IPVS_CMD_DEL_DEST(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x28, r5, 0x1, 0x0, 0x0, {}, [@IPVS_CMD_ATTR_SERVICE={0x14, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_PORT={0x6}, @IPVS_SVC_ATTR_PROTOCOL={0x6}]}]}, 0x28}}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000240)={0x0, <r6=>0x0})
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x2000000}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r6+30000000}, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(r2, 0x4068aea3, &(0x7f0000000140)={0x7b})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x100, 0x40000004, 0x0, 0x0, 0x0, 0x4cb, 0x80000000], 0x10000})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

[ 1868.314180][ T2535] FAT-fs (loop1): bogus number of reserved sectors
[ 1868.321617][ T2535] FAT-fs (loop1): Can't find a valid FAT filesystem
[ 1868.436034][   T26] audit: type=1800 audit(1580356112.802:294): pid=2535 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.1" name="bus" dev="sda1" ino=17662 res=0
03:48:32 executing program 4:
gettid()
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r0 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r1 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r0, r1, 0x0, 0x280900)

03:48:32 executing program 2:
gettid()
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r0 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r1 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r0, r1, 0x0, 0x280900)

03:48:33 executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000007000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, &(0x7f0000000040))
ioctl$KVM_GET_REG_LIST(0xffffffffffffffff, 0xc008aeb0, 0x0)
dup(0xffffffffffffffff)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r3 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x48186, 0x0)
ioctl$int_in(r3, 0x0, &(0x7f0000000300))
socket$inet(0x2, 0x80001, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00')
sendmsg$IPVS_CMD_DEL_DEST(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x28, r5, 0x1, 0x0, 0x0, {}, [@IPVS_CMD_ATTR_SERVICE={0x14, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_PORT={0x6}, @IPVS_SVC_ATTR_PROTOCOL={0x6}]}]}, 0x28}}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000240)={0x0, <r6=>0x0})
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x3000000}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r6+30000000}, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(r2, 0x4068aea3, &(0x7f0000000140)={0x7b})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x100, 0x40000004, 0x0, 0x0, 0x0, 0x4cb, 0x80000000], 0x10000})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

[ 1868.852834][   T26] audit: type=1800 audit(1580356113.212:295): pid=2660 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.2" name="bus" dev="loop2" ino=253 res=0
03:48:33 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, 0x0)
openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x48186, 0x0)
ioctl$int_in(0xffffffffffffffff, 0x800000c004500a, &(0x7f0000000300))
socket$inet(0x2, 0x80001, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IPVS_CMD_DEL_DEST(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000240)={0x0, <r2=>0x0})
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(0xffffffffffffffff, 0x4068aea3, &(0x7f0000000140)={0x7b})
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x40000004, 0x0, 0x0, 0x0, 0x4cb, 0x80000000], 0x10000})

03:48:34 executing program 3:
r0 = gettid()
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)}], 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r1 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r1, 0x800)
lseek(r1, 0x0, 0x2)
r2 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r1, r2, 0x0, 0x8400fffffffa)
sendfile(r1, r2, 0x0, 0x280900)
timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000))
tkill(r0, 0x401104000000016)

03:48:34 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000007000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, &(0x7f0000000040))
ioctl$KVM_GET_REG_LIST(0xffffffffffffffff, 0xc008aeb0, 0x0)
dup(0xffffffffffffffff)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r3 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x48186, 0x0)
ioctl$int_in(r3, 0x0, &(0x7f0000000300))
socket$inet(0x2, 0x80001, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00')
sendmsg$IPVS_CMD_DEL_DEST(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x28, r5, 0x1, 0x0, 0x0, {}, [@IPVS_CMD_ATTR_SERVICE={0x14, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_PORT={0x6}, @IPVS_SVC_ATTR_PROTOCOL={0x6}]}]}, 0x28}}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000240)={0x0, <r6=>0x0})
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x803e00}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r6+30000000}, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(r2, 0x4068aea3, &(0x7f0000000140)={0x7b})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x100, 0x40000004, 0x0, 0x0, 0x0, 0x4cb, 0x80000000], 0x10000})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

03:48:34 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, 0x0)
openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x48186, 0x0)
ioctl$int_in(0xffffffffffffffff, 0x800000c004500a, &(0x7f0000000300))
socket$inet(0x2, 0x80001, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IPVS_CMD_DEL_DEST(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000240)={0x0, <r2=>0x0})
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x2000b}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(0xffffffffffffffff, 0x4068aea3, &(0x7f0000000140)={0x7b})
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x40000004, 0x0, 0x0, 0x0, 0x4cb, 0x80000000], 0x10000})

03:48:34 executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000007000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, &(0x7f0000000040))
ioctl$KVM_GET_REG_LIST(0xffffffffffffffff, 0xc008aeb0, 0x0)
dup(0xffffffffffffffff)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r3 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x48186, 0x0)
ioctl$int_in(r3, 0x0, &(0x7f0000000300))
socket$inet(0x2, 0x80001, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00')
sendmsg$IPVS_CMD_DEL_DEST(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x28, r5, 0x1, 0x0, 0x0, {}, [@IPVS_CMD_ATTR_SERVICE={0x14, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_PORT={0x6}, @IPVS_SVC_ATTR_PROTOCOL={0x6}]}]}, 0x28}}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000240)={0x0, <r6=>0x0})
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x4000000}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r6+30000000}, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(r2, 0x4068aea3, &(0x7f0000000140)={0x7b})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x100, 0x40000004, 0x0, 0x0, 0x0, 0x4cb, 0x80000000], 0x10000})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

03:48:34 executing program 2:
gettid()
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r0 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
sendfile(r0, 0xffffffffffffffff, 0x0, 0x8400fffffffa)
sendfile(r0, 0xffffffffffffffff, 0x0, 0x280900)

03:48:34 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, 0x0)
openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x48186, 0x0)
ioctl$int_in(0xffffffffffffffff, 0x800000c004500a, &(0x7f0000000300))
socket$inet(0x2, 0x80001, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IPVS_CMD_DEL_DEST(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000240)={0x0, <r2=>0x0})
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x9}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(0xffffffffffffffff, 0x4068aea3, &(0x7f0000000140)={0x7b})
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x40000004, 0x0, 0x0, 0x0, 0x4cb, 0x80000000], 0x10000})

[ 1870.695229][ T2817] FAT-fs (loop3): bogus number of reserved sectors
[ 1870.704451][ T2817] FAT-fs (loop3): Can't find a valid FAT filesystem
03:48:35 executing program 2:
gettid()
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r0 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
sendfile(r0, 0xffffffffffffffff, 0x0, 0x8400fffffffa)
sendfile(r0, 0xffffffffffffffff, 0x0, 0x280900)

[ 1870.867453][   T26] audit: type=1800 audit(1580356115.232:296): pid=2817 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.3" name="bus" dev="sda1" ino=17668 res=0
03:48:35 executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000007000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, &(0x7f0000000040))
ioctl$KVM_GET_REG_LIST(0xffffffffffffffff, 0xc008aeb0, 0x0)
dup(0xffffffffffffffff)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r3 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x48186, 0x0)
ioctl$int_in(r3, 0x0, &(0x7f0000000300))
socket$inet(0x2, 0x80001, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00')
sendmsg$IPVS_CMD_DEL_DEST(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x28, r5, 0x1, 0x0, 0x0, {}, [@IPVS_CMD_ATTR_SERVICE={0x14, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_PORT={0x6}, @IPVS_SVC_ATTR_PROTOCOL={0x6}]}]}, 0x28}}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000240)={0x0, <r6=>0x0})
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x5000000}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r6+30000000}, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(r2, 0x4068aea3, &(0x7f0000000140)={0x7b})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x100, 0x40000004, 0x0, 0x0, 0x0, 0x4cb, 0x80000000], 0x10000})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

03:48:35 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000007000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, &(0x7f0000000040))
ioctl$KVM_GET_REG_LIST(0xffffffffffffffff, 0xc008aeb0, 0x0)
dup(0xffffffffffffffff)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r3 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x48186, 0x0)
ioctl$int_in(r3, 0x0, &(0x7f0000000300))
socket$inet(0x2, 0x80001, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00')
sendmsg$IPVS_CMD_DEL_DEST(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x28, r5, 0x1, 0x0, 0x0, {}, [@IPVS_CMD_ATTR_SERVICE={0x14, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_PORT={0x6}, @IPVS_SVC_ATTR_PROTOCOL={0x6}]}]}, 0x28}}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000240)={0x0, <r6=>0x0})
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x3000000}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r6+30000000}, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(r2, 0x4068aea3, &(0x7f0000000140)={0x7b})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x100, 0x40000004, 0x0, 0x0, 0x0, 0x4cb, 0x80000000], 0x10000})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

03:48:35 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, 0x0)
openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x48186, 0x0)
ioctl$int_in(0xffffffffffffffff, 0x800000c004500a, &(0x7f0000000300))
socket$inet(0x2, 0x80001, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IPVS_CMD_DEL_DEST(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000240)={0x0, <r2=>0x0})
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0xa}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(0xffffffffffffffff, 0x4068aea3, &(0x7f0000000140)={0x7b})
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x40000004, 0x0, 0x0, 0x0, 0x4cb, 0x80000000], 0x10000})

03:48:35 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000007000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, &(0x7f0000000040))
ioctl$KVM_GET_REG_LIST(0xffffffffffffffff, 0xc008aeb0, 0x0)
dup(0xffffffffffffffff)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r3 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x48186, 0x0)
ioctl$int_in(r3, 0x0, &(0x7f0000000300))
socket$inet(0x2, 0x80001, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00')
sendmsg$IPVS_CMD_DEL_DEST(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x28, r5, 0x1, 0x0, 0x0, {}, [@IPVS_CMD_ATTR_SERVICE={0x14, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_PORT={0x6}, @IPVS_SVC_ATTR_PROTOCOL={0x6}]}]}, 0x28}}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000240)={0x0, <r6=>0x0})
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x803e00}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r6+30000000}, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(r2, 0x4068aea3, &(0x7f0000000140)={0x7b})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x100, 0x40000004, 0x0, 0x0, 0x0, 0x4cb, 0x80000000], 0x10000})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

03:48:35 executing program 2:
gettid()
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r0 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
sendfile(r0, 0xffffffffffffffff, 0x0, 0x8400fffffffa)
sendfile(r0, 0xffffffffffffffff, 0x0, 0x280900)

03:48:38 executing program 3:
r0 = gettid()
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)}], 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r1 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r1, 0x800)
lseek(r1, 0x0, 0x2)
r2 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r1, r2, 0x0, 0x8400fffffffa)
sendfile(r1, r2, 0x0, 0x280900)
timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000))
tkill(r0, 0x401104000000016)

03:48:38 executing program 2:
gettid()
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r0 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r0, 0x800)
r1 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r0, r1, 0x0, 0x8400fffffffa)
sendfile(r0, r1, 0x0, 0x280900)

03:48:38 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000007000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, &(0x7f0000000040))
ioctl$KVM_GET_REG_LIST(0xffffffffffffffff, 0xc008aeb0, 0x0)
dup(0xffffffffffffffff)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r3 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x48186, 0x0)
ioctl$int_in(r3, 0x0, &(0x7f0000000300))
socket$inet(0x2, 0x80001, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00')
sendmsg$IPVS_CMD_DEL_DEST(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x28, r5, 0x1, 0x0, 0x0, {}, [@IPVS_CMD_ATTR_SERVICE={0x14, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_PORT={0x6}, @IPVS_SVC_ATTR_PROTOCOL={0x6}]}]}, 0x28}}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000240)={0x0, <r6=>0x0})
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x803e00}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r6+30000000}, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(r2, 0x4068aea3, &(0x7f0000000140)={0x7b})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x100, 0x40000004, 0x0, 0x0, 0x0, 0x4cb, 0x80000000], 0x10000})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

03:48:38 executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000007000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, &(0x7f0000000040))
ioctl$KVM_GET_REG_LIST(0xffffffffffffffff, 0xc008aeb0, 0x0)
dup(0xffffffffffffffff)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r3 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x48186, 0x0)
ioctl$int_in(r3, 0x0, &(0x7f0000000300))
socket$inet(0x2, 0x80001, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00')
sendmsg$IPVS_CMD_DEL_DEST(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x28, r5, 0x1, 0x0, 0x0, {}, [@IPVS_CMD_ATTR_SERVICE={0x14, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_PORT={0x6}, @IPVS_SVC_ATTR_PROTOCOL={0x6}]}]}, 0x28}}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000240)={0x0, <r6=>0x0})
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x6000000}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r6+30000000}, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(r2, 0x4068aea3, &(0x7f0000000140)={0x7b})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x100, 0x40000004, 0x0, 0x0, 0x0, 0x4cb, 0x80000000], 0x10000})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

03:48:38 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, 0x0)
openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x48186, 0x0)
ioctl$int_in(0xffffffffffffffff, 0x800000c004500a, &(0x7f0000000300))
socket$inet(0x2, 0x80001, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IPVS_CMD_DEL_DEST(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000240)={0x0, <r2=>0x0})
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0xb}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(0xffffffffffffffff, 0x4068aea3, &(0x7f0000000140)={0x7b})
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x40000004, 0x0, 0x0, 0x0, 0x4cb, 0x80000000], 0x10000})

03:48:38 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000007000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, &(0x7f0000000040))
ioctl$KVM_GET_REG_LIST(0xffffffffffffffff, 0xc008aeb0, 0x0)
dup(0xffffffffffffffff)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r3 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x48186, 0x0)
ioctl$int_in(r3, 0x0, &(0x7f0000000300))
socket$inet(0x2, 0x80001, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00')
sendmsg$IPVS_CMD_DEL_DEST(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x28, r5, 0x1, 0x0, 0x0, {}, [@IPVS_CMD_ATTR_SERVICE={0x14, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_PORT={0x6}, @IPVS_SVC_ATTR_PROTOCOL={0x6}]}]}, 0x28}}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000240)={0x0, <r6=>0x0})
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x3000000}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r6+30000000}, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(r2, 0x4068aea3, &(0x7f0000000140)={0x7b})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x100, 0x40000004, 0x0, 0x0, 0x0, 0x4cb, 0x80000000], 0x10000})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

[ 1873.741264][   T26] audit: type=1800 audit(1580356118.102:297): pid=3079 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.2" name="bus" dev="loop2" ino=257 res=0
03:48:38 executing program 2:
gettid()
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r0 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r0, 0x800)
r1 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r0, r1, 0x0, 0x8400fffffffa)
sendfile(r0, r1, 0x0, 0x280900)

[ 1873.853432][ T3099] FAT-fs (loop3): bogus number of reserved sectors
03:48:38 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, 0x0)
openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x48186, 0x0)
ioctl$int_in(0xffffffffffffffff, 0x800000c004500a, &(0x7f0000000300))
socket$inet(0x2, 0x80001, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IPVS_CMD_DEL_DEST(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000240)={0x0, <r2=>0x0})
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0xd}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(0xffffffffffffffff, 0x4068aea3, &(0x7f0000000140)={0x7b})
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x40000004, 0x0, 0x0, 0x0, 0x4cb, 0x80000000], 0x10000})

[ 1873.895380][ T3099] FAT-fs (loop3): Can't find a valid FAT filesystem
03:48:38 executing program 4:
r0 = gettid()
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x0, 0x0, 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r1 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r1, 0x800)
lseek(r1, 0x0, 0x2)
r2 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r1, r2, 0x0, 0x8400fffffffa)
sendfile(r1, r2, 0x0, 0x280900)
timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x1c9c380}}, 0x0)
tkill(r0, 0x401104000000016)

[ 1874.007875][   T26] audit: type=1800 audit(1580356118.372:298): pid=3228 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.3" name="bus" dev="sda1" ino=16526 res=0
03:48:38 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000007000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, &(0x7f0000000040))
ioctl$KVM_GET_REG_LIST(0xffffffffffffffff, 0xc008aeb0, 0x0)
dup(0xffffffffffffffff)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r3 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x48186, 0x0)
ioctl$int_in(r3, 0x0, &(0x7f0000000300))
socket$inet(0x2, 0x80001, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00')
sendmsg$IPVS_CMD_DEL_DEST(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x28, r5, 0x1, 0x0, 0x0, {}, [@IPVS_CMD_ATTR_SERVICE={0x14, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_PORT={0x6}, @IPVS_SVC_ATTR_PROTOCOL={0x6}]}]}, 0x28}}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000240)={0x0, <r6=>0x0})
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x3000000}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r6+30000000}, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(r2, 0x4068aea3, &(0x7f0000000140)={0x7b})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x100, 0x40000004, 0x0, 0x0, 0x0, 0x4cb, 0x80000000], 0x10000})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

[ 1874.174466][ T3254] FAT-fs (loop4): bogus number of reserved sectors
[ 1874.240945][ T3254] FAT-fs (loop4): Can't find a valid FAT filesystem
[ 1874.284143][   T26] audit: type=1800 audit(1580356118.652:299): pid=3252 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.2" name="bus" dev="loop2" ino=258 res=0
03:48:38 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, 0x0)
openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x48186, 0x0)
ioctl$int_in(0xffffffffffffffff, 0x800000c004500a, &(0x7f0000000300))
socket$inet(0x2, 0x80001, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IPVS_CMD_DEL_DEST(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000240)={0x0, <r2=>0x0})
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0xe}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(0xffffffffffffffff, 0x4068aea3, &(0x7f0000000140)={0x7b})
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x40000004, 0x0, 0x0, 0x0, 0x4cb, 0x80000000], 0x10000})

03:48:38 executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000007000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, &(0x7f0000000040))
ioctl$KVM_GET_REG_LIST(0xffffffffffffffff, 0xc008aeb0, 0x0)
dup(0xffffffffffffffff)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r3 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x48186, 0x0)
ioctl$int_in(r3, 0x0, &(0x7f0000000300))
socket$inet(0x2, 0x80001, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00')
sendmsg$IPVS_CMD_DEL_DEST(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x28, r5, 0x1, 0x0, 0x0, {}, [@IPVS_CMD_ATTR_SERVICE={0x14, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_PORT={0x6}, @IPVS_SVC_ATTR_PROTOCOL={0x6}]}]}, 0x28}}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000240)={0x0, <r6=>0x0})
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x7000000}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r6+30000000}, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(r2, 0x4068aea3, &(0x7f0000000140)={0x7b})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x100, 0x40000004, 0x0, 0x0, 0x0, 0x4cb, 0x80000000], 0x10000})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

03:48:41 executing program 3:
r0 = gettid()
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)}], 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r1 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r1, 0x800)
lseek(r1, 0x0, 0x2)
r2 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r1, r2, 0x0, 0x8400fffffffa)
sendfile(r1, r2, 0x0, 0x280900)
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x1c9c380}}, 0x0)
tkill(r0, 0x401104000000016)

03:48:41 executing program 2:
gettid()
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r0 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r0, 0x800)
r1 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r0, r1, 0x0, 0x8400fffffffa)
sendfile(r0, r1, 0x0, 0x280900)

03:48:41 executing program 4:
r0 = gettid()
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x0, 0x0, 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r1 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r1, 0x800)
lseek(r1, 0x0, 0x2)
r2 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r1, r2, 0x0, 0x8400fffffffa)
sendfile(r1, r2, 0x0, 0x280900)
timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x1c9c380}}, 0x0)
tkill(r0, 0x401104000000016)

03:48:41 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000007000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, &(0x7f0000000040))
ioctl$KVM_GET_REG_LIST(0xffffffffffffffff, 0xc008aeb0, 0x0)
dup(0xffffffffffffffff)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r3 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x48186, 0x0)
ioctl$int_in(r3, 0x0, &(0x7f0000000300))
socket$inet(0x2, 0x80001, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00')
sendmsg$IPVS_CMD_DEL_DEST(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x28, r5, 0x1, 0x0, 0x0, {}, [@IPVS_CMD_ATTR_SERVICE={0x14, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_PORT={0x6}, @IPVS_SVC_ATTR_PROTOCOL={0x6}]}]}, 0x28}}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000240)={0x0, <r6=>0x0})
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x6000000}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r6+30000000}, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(r2, 0x4068aea3, &(0x7f0000000140)={0x7b})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x100, 0x40000004, 0x0, 0x0, 0x0, 0x4cb, 0x80000000], 0x10000})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

03:48:41 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, 0x0)
openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x48186, 0x0)
ioctl$int_in(0xffffffffffffffff, 0x800000c004500a, &(0x7f0000000300))
socket$inet(0x2, 0x80001, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IPVS_CMD_DEL_DEST(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000240)={0x0, <r2=>0x0})
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0xf}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(0xffffffffffffffff, 0x4068aea3, &(0x7f0000000140)={0x7b})
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x40000004, 0x0, 0x0, 0x0, 0x4cb, 0x80000000], 0x10000})

03:48:41 executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000007000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, &(0x7f0000000040))
ioctl$KVM_GET_REG_LIST(0xffffffffffffffff, 0xc008aeb0, 0x0)
dup(0xffffffffffffffff)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r3 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x48186, 0x0)
ioctl$int_in(r3, 0x0, &(0x7f0000000300))
socket$inet(0x2, 0x80001, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00')
sendmsg$IPVS_CMD_DEL_DEST(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x28, r5, 0x1, 0x0, 0x0, {}, [@IPVS_CMD_ATTR_SERVICE={0x14, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_PORT={0x6}, @IPVS_SVC_ATTR_PROTOCOL={0x6}]}]}, 0x28}}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000240)={0x0, <r6=>0x0})
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x8000000}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r6+30000000}, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(r2, 0x4068aea3, &(0x7f0000000140)={0x7b})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x100, 0x40000004, 0x0, 0x0, 0x0, 0x4cb, 0x80000000], 0x10000})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

[ 1876.831473][   T26] audit: type=1800 audit(1580356121.192:300): pid=3429 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.2" name="bus" dev="loop2" ino=259 res=0
[ 1876.881864][ T3446] FAT-fs (loop4): bogus number of reserved sectors
[ 1876.901177][ T3456] FAT-fs (loop3): bogus number of reserved sectors
[ 1876.917901][ T3446] FAT-fs (loop4): Can't find a valid FAT filesystem
03:48:41 executing program 2:
gettid()
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r0 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
lseek(r0, 0x0, 0x2)
r1 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r0, r1, 0x0, 0x8400fffffffa)
sendfile(r0, r1, 0x0, 0x280900)

[ 1876.930465][ T3456] FAT-fs (loop3): Can't find a valid FAT filesystem
[ 1876.992753][   T26] audit: type=1800 audit(1580356121.352:301): pid=3456 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.3" name="bus" dev="sda1" ino=16590 res=0
03:48:41 executing program 4:
r0 = gettid()
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x0, 0x0, 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r1 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r1, 0x800)
lseek(r1, 0x0, 0x2)
r2 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r1, r2, 0x0, 0x8400fffffffa)
sendfile(r1, r2, 0x0, 0x280900)
timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x1c9c380}}, 0x0)
tkill(r0, 0x401104000000016)

[ 1877.165396][ T3584] FAT-fs (loop4): bogus number of reserved sectors
[ 1877.184582][ T3584] FAT-fs (loop4): Can't find a valid FAT filesystem
[ 1877.308081][   T26] audit: type=1800 audit(1580356121.672:302): pid=3591 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.2" name="bus" dev="loop2" ino=260 res=0
03:48:41 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, 0x0)
openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x48186, 0x0)
ioctl$int_in(0xffffffffffffffff, 0x800000c004500a, &(0x7f0000000300))
socket$inet(0x2, 0x80001, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IPVS_CMD_DEL_DEST(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000240)={0x0, <r2=>0x0})
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x10}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(0xffffffffffffffff, 0x4068aea3, &(0x7f0000000140)={0x7b})
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x40000004, 0x0, 0x0, 0x0, 0x4cb, 0x80000000], 0x10000})

03:48:41 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, 0x0)
openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x48186, 0x0)
ioctl$int_in(0xffffffffffffffff, 0x800000c004500a, &(0x7f0000000300))
socket$inet(0x2, 0x80001, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IPVS_CMD_DEL_DEST(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000240)={0x0, <r2=>0x0})
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0xf}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(0xffffffffffffffff, 0x4068aea3, &(0x7f0000000140)={0x7b})
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x40000004, 0x0, 0x0, 0x0, 0x4cb, 0x80000000], 0x10000})

03:48:41 executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000007000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, &(0x7f0000000040))
ioctl$KVM_GET_REG_LIST(0xffffffffffffffff, 0xc008aeb0, 0x0)
dup(0xffffffffffffffff)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r3 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x48186, 0x0)
ioctl$int_in(r3, 0x0, &(0x7f0000000300))
socket$inet(0x2, 0x80001, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00')
sendmsg$IPVS_CMD_DEL_DEST(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x28, r5, 0x1, 0x0, 0x0, {}, [@IPVS_CMD_ATTR_SERVICE={0x14, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_PORT={0x6}, @IPVS_SVC_ATTR_PROTOCOL={0x6}]}]}, 0x28}}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000240)={0x0, <r6=>0x0})
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x9000000}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r6+30000000}, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(r2, 0x4068aea3, &(0x7f0000000140)={0x7b})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x100, 0x40000004, 0x0, 0x0, 0x0, 0x4cb, 0x80000000], 0x10000})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

03:48:41 executing program 2:
gettid()
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r0 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
lseek(r0, 0x0, 0x2)
r1 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r0, r1, 0x0, 0x8400fffffffa)
sendfile(r0, r1, 0x0, 0x280900)

[ 1877.870445][   T26] audit: type=1800 audit(1580356122.232:303): pid=3720 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.2" name="bus" dev="sda1" ino=16961 res=0
03:48:44 executing program 3:
r0 = gettid()
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)}], 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r1 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r1, 0x800)
lseek(r1, 0x0, 0x2)
r2 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r1, r2, 0x0, 0x8400fffffffa)
sendfile(r1, r2, 0x0, 0x280900)
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x1c9c380}}, 0x0)
tkill(r0, 0x401104000000016)

03:48:44 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000007000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, &(0x7f0000000040))
ioctl$KVM_GET_REG_LIST(0xffffffffffffffff, 0xc008aeb0, 0x0)
dup(0xffffffffffffffff)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r3 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x48186, 0x0)
ioctl$int_in(r3, 0x0, &(0x7f0000000300))
socket$inet(0x2, 0x80001, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00')
sendmsg$IPVS_CMD_DEL_DEST(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x28, r5, 0x1, 0x0, 0x0, {}, [@IPVS_CMD_ATTR_SERVICE={0x14, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_PORT={0x6}, @IPVS_SVC_ATTR_PROTOCOL={0x6}]}]}, 0x28}}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000240)={0x0, <r6=>0x0})
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x8000000}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r6+30000000}, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(r2, 0x4068aea3, &(0x7f0000000140)={0x7b})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x100, 0x40000004, 0x0, 0x0, 0x0, 0x4cb, 0x80000000], 0x10000})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

03:48:44 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, 0x0)
openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x48186, 0x0)
ioctl$int_in(0xffffffffffffffff, 0x800000c004500a, &(0x7f0000000300))
socket$inet(0x2, 0x80001, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IPVS_CMD_DEL_DEST(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000240)={0x0, <r2=>0x0})
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0xf}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(0xffffffffffffffff, 0x4068aea3, &(0x7f0000000140)={0x7b})
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x40000004, 0x0, 0x0, 0x0, 0x4cb, 0x80000000], 0x10000})

03:48:44 executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000007000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, &(0x7f0000000040))
ioctl$KVM_GET_REG_LIST(0xffffffffffffffff, 0xc008aeb0, 0x0)
dup(0xffffffffffffffff)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r3 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x48186, 0x0)
ioctl$int_in(r3, 0x0, &(0x7f0000000300))
socket$inet(0x2, 0x80001, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00')
sendmsg$IPVS_CMD_DEL_DEST(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x28, r5, 0x1, 0x0, 0x0, {}, [@IPVS_CMD_ATTR_SERVICE={0x14, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_PORT={0x6}, @IPVS_SVC_ATTR_PROTOCOL={0x6}]}]}, 0x28}}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000240)={0x0, <r6=>0x0})
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0xa000000}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r6+30000000}, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(r2, 0x4068aea3, &(0x7f0000000140)={0x7b})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x100, 0x40000004, 0x0, 0x0, 0x0, 0x4cb, 0x80000000], 0x10000})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

03:48:44 executing program 2:
gettid()
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r0 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
lseek(r0, 0x0, 0x2)
r1 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r0, r1, 0x0, 0x8400fffffffa)
sendfile(r0, r1, 0x0, 0x280900)

03:48:44 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, 0x0)
openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x48186, 0x0)
ioctl$int_in(0xffffffffffffffff, 0x800000c004500a, &(0x7f0000000300))
socket$inet(0x2, 0x80001, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IPVS_CMD_DEL_DEST(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000240)={0x0, <r2=>0x0})
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x11}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(0xffffffffffffffff, 0x4068aea3, &(0x7f0000000140)={0x7b})
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x40000004, 0x0, 0x0, 0x0, 0x4cb, 0x80000000], 0x10000})

[ 1880.001724][ T3864] FAT-fs (loop3): bogus number of reserved sectors
[ 1880.033148][ T3864] FAT-fs (loop3): Can't find a valid FAT filesystem
[ 1880.079410][   T26] audit: type=1800 audit(1580356124.442:304): pid=3867 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.2" name="bus" dev="loop2" ino=261 res=0
03:48:44 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, 0x0)
openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x48186, 0x0)
ioctl$int_in(0xffffffffffffffff, 0x800000c004500a, &(0x7f0000000300))
socket$inet(0x2, 0x80001, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IPVS_CMD_DEL_DEST(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000240)={0x0, <r2=>0x0})
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0xf}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(0xffffffffffffffff, 0x4068aea3, &(0x7f0000000140)={0x7b})
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x40000004, 0x0, 0x0, 0x0, 0x4cb, 0x80000000], 0x10000})

03:48:44 executing program 2:
gettid()
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
ftruncate(0xffffffffffffffff, 0x800)
lseek(0xffffffffffffffff, 0x0, 0x2)
r0 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(0xffffffffffffffff, r0, 0x0, 0x8400fffffffa)
sendfile(0xffffffffffffffff, r0, 0x0, 0x280900)

[ 1880.215303][   T26] audit: type=1800 audit(1580356124.442:305): pid=3864 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.3" name="bus" dev="sda1" ino=17154 res=0
03:48:44 executing program 1:
gettid()
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r0 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
lseek(r0, 0x0, 0x2)
r1 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r0, r1, 0x0, 0x8400fffffffa)
sendfile(r0, r1, 0x0, 0x280900)

03:48:44 executing program 4:
r0 = gettid()
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x0, 0x0, 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r1 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r1, 0x800)
lseek(r1, 0x0, 0x2)
r2 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r1, r2, 0x0, 0x8400fffffffa)
sendfile(r1, r2, 0x0, 0x280900)
timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x1c9c380}}, 0x0)
tkill(r0, 0x401104000000016)

03:48:44 executing program 2:
gettid()
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
ftruncate(0xffffffffffffffff, 0x800)
lseek(0xffffffffffffffff, 0x0, 0x2)
r0 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(0xffffffffffffffff, r0, 0x0, 0x8400fffffffa)
sendfile(0xffffffffffffffff, r0, 0x0, 0x280900)

03:48:45 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, 0x0)
openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x48186, 0x0)
ioctl$int_in(0xffffffffffffffff, 0x800000c004500a, &(0x7f0000000300))
socket$inet(0x2, 0x80001, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IPVS_CMD_DEL_DEST(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000240)={0x0, <r2=>0x0})
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x12}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(0xffffffffffffffff, 0x4068aea3, &(0x7f0000000140)={0x7b})
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x40000004, 0x0, 0x0, 0x0, 0x4cb, 0x80000000], 0x10000})

[ 1880.636164][ T4101] FAT-fs (loop4): bogus number of reserved sectors
[ 1880.703374][ T4101] FAT-fs (loop4): Can't find a valid FAT filesystem
[ 1880.851912][   T26] audit: type=1800 audit(1580356125.212:306): pid=4105 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.1" name="bus" dev="loop1" ino=262 res=0
03:48:47 executing program 4:
r0 = gettid()
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x0, 0x0, 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r1 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r1, 0x800)
lseek(r1, 0x0, 0x2)
r2 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r1, r2, 0x0, 0x8400fffffffa)
sendfile(r1, r2, 0x0, 0x280900)
timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x1c9c380}}, 0x0)
tkill(r0, 0x401104000000016)

03:48:47 executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000007000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, &(0x7f0000000040))
ioctl$KVM_GET_REG_LIST(0xffffffffffffffff, 0xc008aeb0, 0x0)
dup(0xffffffffffffffff)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r3 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x48186, 0x0)
ioctl$int_in(r3, 0x0, &(0x7f0000000300))
socket$inet(0x2, 0x80001, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00')
sendmsg$IPVS_CMD_DEL_DEST(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x28, r5, 0x1, 0x0, 0x0, {}, [@IPVS_CMD_ATTR_SERVICE={0x14, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_PORT={0x6}, @IPVS_SVC_ATTR_PROTOCOL={0x6}]}]}, 0x28}}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000240)={0x0, <r6=>0x0})
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0xb000000}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r6+30000000}, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(r2, 0x4068aea3, &(0x7f0000000140)={0x7b})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x100, 0x40000004, 0x0, 0x0, 0x0, 0x4cb, 0x80000000], 0x10000})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

03:48:47 executing program 1:
r0 = gettid()
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x0, 0x0, 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r1 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r1, 0x800)
lseek(r1, 0x0, 0x2)
r2 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r1, r2, 0x0, 0x8400fffffffa)
sendfile(r1, r2, 0x0, 0x280900)
timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x1c9c380}}, 0x0)
tkill(r0, 0x401104000000016)

03:48:47 executing program 3:
r0 = gettid()
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)}], 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r1 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r1, 0x800)
lseek(r1, 0x0, 0x2)
r2 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r1, r2, 0x0, 0x8400fffffffa)
sendfile(r1, r2, 0x0, 0x280900)
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x1c9c380}}, 0x0)
tkill(r0, 0x401104000000016)

03:48:47 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, 0x0)
openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x48186, 0x0)
ioctl$int_in(0xffffffffffffffff, 0x800000c004500a, &(0x7f0000000300))
socket$inet(0x2, 0x80001, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IPVS_CMD_DEL_DEST(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000240)={0x0, <r2=>0x0})
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x1d}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(0xffffffffffffffff, 0x4068aea3, &(0x7f0000000140)={0x7b})
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x40000004, 0x0, 0x0, 0x0, 0x4cb, 0x80000000], 0x10000})

03:48:47 executing program 2:
gettid()
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
ftruncate(0xffffffffffffffff, 0x800)
lseek(0xffffffffffffffff, 0x0, 0x2)
r0 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(0xffffffffffffffff, r0, 0x0, 0x8400fffffffa)
sendfile(0xffffffffffffffff, r0, 0x0, 0x280900)

[ 1883.058703][ T4233] FAT-fs (loop4): bogus number of reserved sectors
[ 1883.076680][ T4233] FAT-fs (loop4): Can't find a valid FAT filesystem
[ 1883.142144][ T4241] FAT-fs (loop1): bogus number of reserved sectors
[ 1883.209100][ T4241] FAT-fs (loop1): Can't find a valid FAT filesystem
03:48:47 executing program 4:
r0 = gettid()
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x0, 0x0, 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r1 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r1, 0x800)
lseek(r1, 0x0, 0x2)
r2 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r1, r2, 0x0, 0x8400fffffffa)
sendfile(r1, r2, 0x0, 0x280900)
timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x1c9c380}}, 0x0)
tkill(r0, 0x401104000000016)

03:48:47 executing program 2:
gettid()
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r0 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r1 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r0, r1, 0x0, 0x8400fffffffa)
sendfile(r0, r1, 0x0, 0x280900)

[ 1883.318692][ T4354] FAT-fs (loop3): bogus number of reserved sectors
03:48:47 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, 0x0)
openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x48186, 0x0)
ioctl$int_in(0xffffffffffffffff, 0x800000c004500a, &(0x7f0000000300))
socket$inet(0x2, 0x80001, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IPVS_CMD_DEL_DEST(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000240)={0x0, <r2=>0x0})
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x64}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(0xffffffffffffffff, 0x4068aea3, &(0x7f0000000140)={0x7b})
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x40000004, 0x0, 0x0, 0x0, 0x4cb, 0x80000000], 0x10000})

[ 1883.383811][ T4354] FAT-fs (loop3): Can't find a valid FAT filesystem
[ 1883.407789][   T26] audit: type=1800 audit(1580356127.772:307): pid=4358 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.3" name="bus" dev="sda1" ino=17313 res=0
[ 1883.450169][   T26] audit: type=1800 audit(1580356127.812:308): pid=4241 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.1" name="bus" dev="sda1" ino=17281 res=0
[ 1883.496458][ T4363] FAT-fs (loop4): bogus number of reserved sectors
[ 1883.505456][ T4363] FAT-fs (loop4): Can't find a valid FAT filesystem
03:48:48 executing program 4:
prlimit64(0x0, 0x0, 0x0, 0x0)
getsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f0000000180), 0x0)
sched_setattr(0x0, 0x0, 0x0)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
perf_event_open(&(0x7f0000000540)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1308, 0x0, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x40000000, &(0x7f0000004080))
ioctl$sock_inet6_SIOCSIFADDR(r0, 0x89a1, &(0x7f00000000c0)={@local={0xfe, 0x80, [0x600, 0x3ef, 0x0, 0x3f00000000000000, 0x100000000000000, 0x0, 0x1103, 0x0, 0x0, 0x0, 0x0, 0x6]}, 0x6})
r1 = open(0x0, 0x80000, 0x100)
r2 = dup(0xffffffffffffffff)
write$UHID_DESTROY(r2, &(0x7f0000000080), 0xfff2)
r3 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000100)='l2tp\x00')
write$FUSE_STATFS(r1, &(0x7f0000000280)={0x60, 0x0, 0x1, {{0x0, 0x1, 0x4, 0x3, 0x40100000, 0x5, 0x2, 0x200}}}, 0x60)
sendmsg$L2TP_CMD_TUNNEL_GET(r2, &(0x7f0000000240)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000140)={&(0x7f0000000300)=ANY=[@ANYBLOB='\\\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="000125bd7000ffdbdf250400000008000a000300000006000e00060000000500140007000000050007000300000005000600800000000800090002000000050004001bf394e418e35ef7c680000008000c000100000015f453b30e2cd7ca0ac538b8b231f86357b006f16125588456a0ec8641e4567ef32f57b1c20b9de1cb203edece3e9423dc3b0000000000000000000000000000000000000000c576ba0e3481d2d97cb80b54b0290a1b938e83f1c26ce47b564041aca52e730301e57bb6cb72a18ebc0274f79d3a7afa2d401eda29a362f9121ce991fdf9e9185b1c97b50ab9abfc7b619ce2"], 0x5c}, 0x1, 0x0, 0x0, 0x20008814}, 0x4000800)
ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, 0x0)
ioctl$ifreq_SIOCGIFINDEX_team(r2, 0x8933, &(0x7f00000001c0)={'team0\x00'})
r4 = socket$inet6(0xa, 0x800000000000002, 0x0)
sendto$inet6(r4, 0x0, 0x0, 0x3a8f7dc2ac1a8d0b, &(0x7f0000000040)={0xa, 0x4e33, 0x0, @mcast2}, 0x1c)
sendto$inet6(r4, 0x0, 0x0, 0x0, 0x0, 0x0)
r5 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_group_source_req(r5, 0x29, 0x2e, &(0x7f0000000140)={0x0, {{0xa, 0x0, 0x0, @mcast2}}, {{0xa, 0x0, 0x0, @remote}}}, 0x108)
getsockopt$inet6_IPV6_XFRM_POLICY(r5, 0x29, 0x23, &(0x7f0000000800)={{{@in6=@dev, @in6=@initdev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r6=>0x0}}, {{@in6=@initdev}, 0x0, @in=@multicast2}}, &(0x7f0000000900)=0xe8)
ioctl$sock_inet6_SIOCADDRT(r0, 0x89a0, &(0x7f00000004c0)={@loopback, @local, @ipv4={[], [], @multicast2}, 0x68, 0x0, 0x2, 0x500, 0x2, 0x42, r6})
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x8031, 0xffffffffffffffff, 0x0)
r7 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000440)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r7, &(0x7f0000000080)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000000)={<r8=>0xffffffffffffffff}, 0x13f}}, 0xffaf)
write$RDMA_USER_CM_CMD_SET_OPTION(r7, &(0x7f0000000180)={0xe, 0x3, 0xfa00, @id_resuseaddr={&(0x7f0000000480)=0x1, r8, 0x0, 0x1, 0x4}}, 0x20)
write$RDMA_USER_CM_CMD_RESOLVE_IP(r7, &(0x7f0000000100)={0x3, 0x40, 0xfa00, {{0xa, 0x4e21, 0x0, @rand_addr="6c8152fc897c644f567cfbd918eb543f"}, {0xa, 0x0, 0x0, @mcast1}, r8}}, 0x48)
r9 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000400)='/dev/dlm_plock\x00', 0x20001, 0x0)
write$RDMA_USER_CM_CMD_MIGRATE_ID(0xffffffffffffffff, &(0x7f0000000440)={0x12, 0x10, 0xfa00, {&(0x7f0000000040), r8, r9}}, 0x18)
r10 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_group_source_req(r10, 0x29, 0x2e, &(0x7f0000000140)={0x0, {{0xa, 0x0, 0x0, @mcast2}}, {{0xa, 0x0, 0x0, @remote}}}, 0x108)
accept$inet6(r10, &(0x7f0000000200)={0xa, 0x0, 0x0, @ipv4={[], [], @dev}}, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r11=>0xffffffffffffffff})
openat$adsp1(0xffffffffffffff9c, &(0x7f0000000000)='/dev/adsp1\x00', 0x42400, 0x0)
dup(r11)

[ 1883.626395][   T26] audit: type=1800 audit(1580356127.992:309): pid=4476 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.2" name="bus" dev="sda1" ino=17329 res=0
03:48:48 executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000007000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, &(0x7f0000000040))
ioctl$KVM_GET_REG_LIST(0xffffffffffffffff, 0xc008aeb0, 0x0)
dup(0xffffffffffffffff)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r3 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x48186, 0x0)
ioctl$int_in(r3, 0x0, &(0x7f0000000300))
socket$inet(0x2, 0x80001, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00')
sendmsg$IPVS_CMD_DEL_DEST(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x28, r5, 0x1, 0x0, 0x0, {}, [@IPVS_CMD_ATTR_SERVICE={0x14, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_PORT={0x6}, @IPVS_SVC_ATTR_PROTOCOL={0x6}]}]}, 0x28}}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000240)={0x0, <r6=>0x0})
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0xb000200}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r6+30000000}, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(r2, 0x4068aea3, &(0x7f0000000140)={0x7b})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x100, 0x40000004, 0x0, 0x0, 0x0, 0x4cb, 0x80000000], 0x10000})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

03:48:48 executing program 4:
prlimit64(0x0, 0x0, 0x0, 0x0)
getsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f0000000180), 0x0)
sched_setattr(0x0, 0x0, 0x0)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
perf_event_open(&(0x7f0000000540)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1308, 0x0, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x40000000, &(0x7f0000004080))
ioctl$sock_inet6_SIOCSIFADDR(r0, 0x89a1, &(0x7f00000000c0)={@local={0xfe, 0x80, [0x600, 0x3ef, 0x0, 0x3f00000000000000, 0x100000000000000, 0x0, 0x1103, 0x0, 0x0, 0x0, 0x0, 0x6]}, 0x6})
r1 = open(0x0, 0x80000, 0x100)
r2 = dup(0xffffffffffffffff)
write$UHID_DESTROY(r2, &(0x7f0000000080), 0xfff2)
r3 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000100)='l2tp\x00')
write$FUSE_STATFS(r1, &(0x7f0000000280)={0x60, 0x0, 0x1, {{0x0, 0x1, 0x4, 0x3, 0x40100000, 0x5, 0x2, 0x200}}}, 0x60)
sendmsg$L2TP_CMD_TUNNEL_GET(r2, &(0x7f0000000240)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000140)={&(0x7f0000000300)=ANY=[@ANYBLOB='\\\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="000125bd7000ffdbdf250400000008000a000300000006000e00060000000500140007000000050007000300000005000600800000000800090002000000050004001bf394e418e35ef7c680000008000c000100000015f453b30e2cd7ca0ac538b8b231f86357b006f16125588456a0ec8641e4567ef32f57b1c20b9de1cb203edece3e9423dc3b0000000000000000000000000000000000000000c576ba0e3481d2d97cb80b54b0290a1b938e83f1c26ce47b564041aca52e730301e57bb6cb72a18ebc0274f79d3a7afa2d401eda29a362f9121ce991fdf9e9185b1c97b50ab9abfc7b619ce2"], 0x5c}, 0x1, 0x0, 0x0, 0x20008814}, 0x4000800)
ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, 0x0)
ioctl$ifreq_SIOCGIFINDEX_team(r2, 0x8933, &(0x7f00000001c0)={'team0\x00'})
r4 = socket$inet6(0xa, 0x800000000000002, 0x0)
sendto$inet6(r4, 0x0, 0x0, 0x3a8f7dc2ac1a8d0b, &(0x7f0000000040)={0xa, 0x4e33, 0x0, @mcast2}, 0x1c)
sendto$inet6(r4, 0x0, 0x0, 0x0, 0x0, 0x0)
r5 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_group_source_req(r5, 0x29, 0x2e, &(0x7f0000000140)={0x0, {{0xa, 0x0, 0x0, @mcast2}}, {{0xa, 0x0, 0x0, @remote}}}, 0x108)
getsockopt$inet6_IPV6_XFRM_POLICY(r5, 0x29, 0x23, &(0x7f0000000800)={{{@in6=@dev, @in6=@initdev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r6=>0x0}}, {{@in6=@initdev}, 0x0, @in=@multicast2}}, &(0x7f0000000900)=0xe8)
ioctl$sock_inet6_SIOCADDRT(r0, 0x89a0, &(0x7f00000004c0)={@loopback, @local, @ipv4={[], [], @multicast2}, 0x68, 0x0, 0x2, 0x500, 0x2, 0x42, r6})
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x8031, 0xffffffffffffffff, 0x0)
r7 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000440)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r7, &(0x7f0000000080)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000000)={<r8=>0xffffffffffffffff}, 0x13f}}, 0xffaf)
write$RDMA_USER_CM_CMD_SET_OPTION(r7, &(0x7f0000000180)={0xe, 0x3, 0xfa00, @id_resuseaddr={&(0x7f0000000480)=0x1, r8, 0x0, 0x1, 0x4}}, 0x20)
write$RDMA_USER_CM_CMD_RESOLVE_IP(r7, &(0x7f0000000100)={0x3, 0x40, 0xfa00, {{0xa, 0x4e21, 0x0, @rand_addr="6c8152fc897c644f567cfbd918eb543f"}, {0xa, 0x0, 0x0, @mcast1}, r8}}, 0x48)
r9 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000400)='/dev/dlm_plock\x00', 0x20001, 0x0)
write$RDMA_USER_CM_CMD_MIGRATE_ID(0xffffffffffffffff, &(0x7f0000000440)={0x12, 0x10, 0xfa00, {&(0x7f0000000040), r8, r9}}, 0x18)
r10 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_group_source_req(r10, 0x29, 0x2e, &(0x7f0000000140)={0x0, {{0xa, 0x0, 0x0, @mcast2}}, {{0xa, 0x0, 0x0, @remote}}}, 0x108)
accept$inet6(r10, &(0x7f0000000200)={0xa, 0x0, 0x0, @ipv4={[], [], @dev}}, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r11=>0xffffffffffffffff})
openat$adsp1(0xffffffffffffff9c, &(0x7f0000000000)='/dev/adsp1\x00', 0x42400, 0x0)
dup(r11)

03:48:48 executing program 1:
prlimit64(0x0, 0x0, 0x0, 0x0)
getsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f0000000180), 0x0)
sched_setattr(0x0, 0x0, 0x0)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
r1 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ubi_ctrl\x00', 0x20400, 0x0)
ioctl$SNDRV_PCM_IOCTL_UNLINK(r1, 0x4161, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x40000000, &(0x7f0000004080))
r2 = openat$full(0xffffffffffffff9c, &(0x7f0000000080)='/dev/full\x00', 0x100, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$SEG6(&(0x7f0000000100)='SEG6\x00')
sendmsg$SEG6_CMD_SETHMAC(r3, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000240)={0x30, r4, 0x1, 0x0, 0x0, {}, [@SEG6_ATTR_SECRET={0x4}, @SEG6_ATTR_SECRETLEN={0x8, 0x5, 0x9}, @SEG6_ATTR_ALGID={0x8}, @SEG6_ATTR_HMACKEYID={0x8, 0x3, 0xd9a}]}, 0x10e}, 0x1, 0x6c}, 0x0)
r5 = syz_genetlink_get_family_id$SEG6(&(0x7f0000000300)='SEG6\x00')
sendmsg$SEG6_CMD_SET_TUNSRC(r2, &(0x7f00000002c0)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000280)={&(0x7f0000000200)={0x74, r5, 0x400, 0x70bd28, 0x25dfdbfe, {}, [@SEG6_ATTR_SECRETLEN={0x2d, 0x5, 0x3}, @SEG6_ATTR_ALGID={0x5, 0x6, 0x3}, @SEG6_ATTR_HMACKEYID={0x8, 0x3, 0x3f}, @SEG6_ATTR_SECRETLEN={0x5}, @SEG6_ATTR_SECRET={0x10, 0x4, [0x200, 0x8001, 0xe3]}, @SEG6_ATTR_DSTLEN={0x8, 0x2, 0x6}, @SEG6_ATTR_SECRET={0x10, 0x4, [0x7, 0x6e, 0x101]}, @SEG6_ATTR_HMACKEYID={0x8, 0x3, 0xff}, @SEG6_ATTR_ALGID={0x5, 0x6, 0x3}, @SEG6_ATTR_ALGID={0x5}]}, 0x74}, 0x1, 0x0, 0x0, 0x4040880}, 0x0)
ioctl$sock_inet6_SIOCSIFADDR(r0, 0x89a1, &(0x7f00000000c0)={@local={0xfe, 0x80, [0x600, 0x3ef, 0x0, 0x3f00000000000000, 0x100000000000000, 0x0, 0x1103, 0x0, 0x0, 0x0, 0x0, 0x6]}, 0x6})
open(0x0, 0x80000, 0x100)
ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, 0x0)
ioctl$sock_inet6_SIOCADDRT(r0, 0x89a0, &(0x7f00000005c0)={@local={0xfe, 0x80, [0x0, 0xfeff0000]}, @ipv4={[], [], @loopback}, @ipv4={[], [], @loopback}, 0x68, 0x0, 0x0, 0x0, 0x0, 0x42})
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x8031, 0xffffffffffffffff, 0x0)
r6 = openat$ubi_ctrl(0xffffffffffffff9c, 0x0, 0x228280, 0x0)
accept$unix(r6, 0x0, &(0x7f0000000e00))
write$dsp(r6, &(0x7f0000000100)="ddf5655bb86561ace6d300c6d761260164e5c2b828056f732e6869707d1212e1667819cf17fb06c275d7c55c4e11bde58cc18437e561aa4201bb40dbf242328d5893721f946727804e703a17ddd7a8bc59d367a59e7f6ea5a4", 0x59)
accept$inet6(0xffffffffffffffff, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={[], [], @dev}}, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r7=>0xffffffffffffffff})
dup(r7)

03:48:48 executing program 4:
r0 = gettid()
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x0, 0x0, 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r1 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r1, 0x800)
lseek(r1, 0x0, 0x2)
r2 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r1, r2, 0x0, 0x8400fffffffa)
sendfile(r1, r2, 0x0, 0x280900)
timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x1c9c380}}, 0x0)
tkill(r0, 0x401104000000016)

[ 1884.200725][ T4504] netlink: 'syz-executor.1': attribute type 5 has an invalid length.
[ 1884.214888][ T4504] netlink: 'syz-executor.1': attribute type 6 has an invalid length.
03:48:48 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, 0x0)
openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x48186, 0x0)
ioctl$int_in(0xffffffffffffffff, 0x800000c004500a, &(0x7f0000000300))
socket$inet(0x2, 0x80001, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IPVS_CMD_DEL_DEST(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000240)={0x0, <r2=>0x0})
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x14d}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(0xffffffffffffffff, 0x4068aea3, &(0x7f0000000140)={0x7b})
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x40000004, 0x0, 0x0, 0x0, 0x4cb, 0x80000000], 0x10000})

[ 1884.285991][ T4507] FAT-fs (loop4): bogus number of reserved sectors
[ 1884.338386][ T4507] FAT-fs (loop4): Can't find a valid FAT filesystem
03:48:50 executing program 3:
r0 = gettid()
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)}], 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r1 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r1, 0x800)
lseek(r1, 0x0, 0x2)
r2 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r1, r2, 0x0, 0x280900)
timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x1c9c380}}, 0x0)
tkill(r0, 0x401104000000016)

03:48:50 executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000007000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, &(0x7f0000000040))
ioctl$KVM_GET_REG_LIST(0xffffffffffffffff, 0xc008aeb0, 0x0)
dup(0xffffffffffffffff)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r3 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x48186, 0x0)
ioctl$int_in(r3, 0x0, &(0x7f0000000300))
socket$inet(0x2, 0x80001, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00')
sendmsg$IPVS_CMD_DEL_DEST(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x28, r5, 0x1, 0x0, 0x0, {}, [@IPVS_CMD_ATTR_SERVICE={0x14, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_PORT={0x6}, @IPVS_SVC_ATTR_PROTOCOL={0x6}]}]}, 0x28}}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000240)={0x0, <r6=>0x0})
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0xd000000}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r6+30000000}, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(r2, 0x4068aea3, &(0x7f0000000140)={0x7b})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x100, 0x40000004, 0x0, 0x0, 0x0, 0x4cb, 0x80000000], 0x10000})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

03:48:50 executing program 2:
gettid()
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r0 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r1 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r0, r1, 0x0, 0x8400fffffffa)
sendfile(r0, r1, 0x0, 0x280900)

03:48:50 executing program 4:
r0 = gettid()
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x0, 0x0, 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r1 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r1, 0x800)
lseek(r1, 0x0, 0x2)
r2 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r1, r2, 0x0, 0x8400fffffffa)
sendfile(r1, r2, 0x0, 0x280900)
timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x1c9c380}}, 0x0)
tkill(r0, 0x401104000000016)

03:48:50 executing program 1:
gettid()
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r0 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r1 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r0, r1, 0x0, 0x8400fffffffa)
sendfile(r0, r1, 0x0, 0x280900)

03:48:50 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, 0x0)
openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x48186, 0x0)
ioctl$int_in(0xffffffffffffffff, 0x800000c004500a, &(0x7f0000000300))
socket$inet(0x2, 0x80001, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IPVS_CMD_DEL_DEST(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000240)={0x0, <r2=>0x0})
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x29a}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(0xffffffffffffffff, 0x4068aea3, &(0x7f0000000140)={0x7b})
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x40000004, 0x0, 0x0, 0x0, 0x4cb, 0x80000000], 0x10000})

[ 1886.276783][ T4649] FAT-fs (loop4): bogus number of reserved sectors
[ 1886.292445][ T4649] FAT-fs (loop4): Can't find a valid FAT filesystem
[ 1886.347545][   T26] audit: type=1800 audit(1580356130.712:310): pid=4652 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.1" name="bus" dev="sda1" ino=17313 res=0
03:48:50 executing program 4:
r0 = gettid()
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x0, 0x0, 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r1 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r1, 0x800)
lseek(r1, 0x0, 0x2)
r2 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r1, r2, 0x0, 0x8400fffffffa)
sendfile(r1, r2, 0x0, 0x280900)
timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x1c9c380}}, 0x0)
tkill(r0, 0x401104000000016)

03:48:50 executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000007000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, &(0x7f0000000040))
ioctl$KVM_GET_REG_LIST(0xffffffffffffffff, 0xc008aeb0, 0x0)
dup(0xffffffffffffffff)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r3 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x48186, 0x0)
ioctl$int_in(r3, 0x0, &(0x7f0000000300))
socket$inet(0x2, 0x80001, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00')
sendmsg$IPVS_CMD_DEL_DEST(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x28, r5, 0x1, 0x0, 0x0, {}, [@IPVS_CMD_ATTR_SERVICE={0x14, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_PORT={0x6}, @IPVS_SVC_ATTR_PROTOCOL={0x6}]}]}, 0x28}}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000240)={0x0, <r6=>0x0})
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0xe000000}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r6+30000000}, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(r2, 0x4068aea3, &(0x7f0000000140)={0x7b})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x100, 0x40000004, 0x0, 0x0, 0x0, 0x4cb, 0x80000000], 0x10000})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

[ 1886.523369][ T4769] FAT-fs (loop3): bogus number of reserved sectors
[ 1886.529915][ T4769] FAT-fs (loop3): Can't find a valid FAT filesystem
[ 1886.530283][   T26] audit: type=1800 audit(1580356130.892:311): pid=4653 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.2" name="bus" dev="sda1" ino=17409 res=0
[ 1886.647714][   T26] audit: type=1800 audit(1580356130.942:312): pid=4775 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.3" name="bus" dev="sda1" ino=16523 res=0
03:48:51 executing program 3:
r0 = gettid()
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)}], 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r1 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r1, 0x800)
lseek(r1, 0x0, 0x2)
r2 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r1, r2, 0x0, 0x280900)
timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x1c9c380}}, 0x0)
tkill(r0, 0x401104000000016)

[ 1886.817920][ T4781] FAT-fs (loop4): bogus number of reserved sectors
[ 1886.874124][ T4781] FAT-fs (loop4): Can't find a valid FAT filesystem
[ 1886.952771][ T4789] FAT-fs (loop3): bogus number of reserved sectors
[ 1886.971809][ T4789] FAT-fs (loop3): Can't find a valid FAT filesystem
03:48:51 executing program 4:
r0 = gettid()
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)}], 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r1 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r1, 0x800)
lseek(r1, 0x0, 0x2)
r2 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r1, r2, 0x0, 0x280900)
timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x1c9c380}}, 0x0)
tkill(r0, 0x401104000000016)

03:48:51 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, 0x0)
openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x48186, 0x0)
ioctl$int_in(0xffffffffffffffff, 0x800000c004500a, &(0x7f0000000300))
socket$inet(0x2, 0x80001, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IPVS_CMD_DEL_DEST(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000240)={0x0, <r2=>0x0})
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x300}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(0xffffffffffffffff, 0x4068aea3, &(0x7f0000000140)={0x7b})
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x40000004, 0x0, 0x0, 0x0, 0x4cb, 0x80000000], 0x10000})

[ 1887.165227][   T26] audit: type=1800 audit(1580356131.532:313): pid=4789 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.3" name="bus" dev="sda1" ino=17426 res=0
03:48:51 executing program 2:
gettid()
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r0 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r1 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r0, r1, 0x0, 0x8400fffffffa)
sendfile(r0, r1, 0x0, 0x280900)

03:48:51 executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000007000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, &(0x7f0000000040))
ioctl$KVM_GET_REG_LIST(0xffffffffffffffff, 0xc008aeb0, 0x0)
dup(0xffffffffffffffff)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r3 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x48186, 0x0)
ioctl$int_in(r3, 0x0, &(0x7f0000000300))
socket$inet(0x2, 0x80001, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00')
sendmsg$IPVS_CMD_DEL_DEST(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x28, r5, 0x1, 0x0, 0x0, {}, [@IPVS_CMD_ATTR_SERVICE={0x14, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_PORT={0x6}, @IPVS_SVC_ATTR_PROTOCOL={0x6}]}]}, 0x28}}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000240)={0x0, <r6=>0x0})
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0xf000000}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r6+30000000}, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(r2, 0x4068aea3, &(0x7f0000000140)={0x7b})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x100, 0x40000004, 0x0, 0x0, 0x0, 0x4cb, 0x80000000], 0x10000})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

03:48:51 executing program 1:
gettid()
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r0 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r1 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r0, r1, 0x0, 0x8400fffffffa)
sendfile(r0, r1, 0x0, 0x280900)

03:48:51 executing program 3:
r0 = gettid()
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)}], 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r1 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r1, 0x800)
lseek(r1, 0x0, 0x2)
r2 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r1, r2, 0x0, 0x280900)
timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x1c9c380}}, 0x0)
tkill(r0, 0x401104000000016)

[ 1887.476687][ T4920] FAT-fs (loop4): bogus number of reserved sectors
[ 1887.527954][ T4972] FAT-fs (loop3): bogus number of reserved sectors
[ 1887.534806][ T4972] FAT-fs (loop3): Can't find a valid FAT filesystem
[ 1887.536100][ T4920] FAT-fs (loop4): Can't find a valid FAT filesystem
[ 1887.667977][   T26] audit: type=1800 audit(1580356132.032:314): pid=4972 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.3" name="bus" dev="sda1" ino=17409 res=0
[ 1887.713316][   T26] audit: type=1800 audit(1580356132.052:315): pid=4978 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.2" name="bus" dev="sda1" ino=16652 res=0
03:48:52 executing program 3:
r0 = gettid()
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)}], 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r1 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r1, 0x800)
lseek(r1, 0x0, 0x2)
sendfile(r1, 0xffffffffffffffff, 0x0, 0x8400fffffffa)
sendfile(r1, 0xffffffffffffffff, 0x0, 0x280900)
timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x1c9c380}}, 0x0)
tkill(r0, 0x401104000000016)

03:48:52 executing program 4:
r0 = gettid()
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)}], 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r1 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r1, 0x800)
lseek(r1, 0x0, 0x2)
r2 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r1, r2, 0x0, 0x280900)
timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x1c9c380}}, 0x0)
tkill(r0, 0x401104000000016)

[ 1887.924757][   T26] audit: type=1800 audit(1580356132.232:316): pid=5047 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.1" name="bus" dev="sda1" ino=16662 res=0
[ 1887.951438][ T5060] FAT-fs (loop3): bogus number of reserved sectors
[ 1887.963266][ T5060] FAT-fs (loop3): Can't find a valid FAT filesystem
03:48:52 executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000007000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, &(0x7f0000000040))
ioctl$KVM_GET_REG_LIST(0xffffffffffffffff, 0xc008aeb0, 0x0)
dup(0xffffffffffffffff)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r3 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x48186, 0x0)
ioctl$int_in(r3, 0x0, &(0x7f0000000300))
socket$inet(0x2, 0x80001, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00')
sendmsg$IPVS_CMD_DEL_DEST(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x28, r5, 0x1, 0x0, 0x0, {}, [@IPVS_CMD_ATTR_SERVICE={0x14, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_PORT={0x6}, @IPVS_SVC_ATTR_PROTOCOL={0x6}]}]}, 0x28}}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000240)={0x0, <r6=>0x0})
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x10000000}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r6+30000000}, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(r2, 0x4068aea3, &(0x7f0000000140)={0x7b})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x100, 0x40000004, 0x0, 0x0, 0x0, 0x4cb, 0x80000000], 0x10000})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

[ 1888.133117][ T5064] FAT-fs (loop4): bogus number of reserved sectors
[ 1888.149103][ T5064] FAT-fs (loop4): Can't find a valid FAT filesystem
03:48:52 executing program 3:
r0 = gettid()
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)}], 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r1 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r1, 0x800)
lseek(r1, 0x0, 0x2)
sendfile(r1, 0xffffffffffffffff, 0x0, 0x8400fffffffa)
sendfile(r1, 0xffffffffffffffff, 0x0, 0x280900)
timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x1c9c380}}, 0x0)
tkill(r0, 0x401104000000016)

03:48:52 executing program 4:
r0 = gettid()
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)}], 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r1 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r1, 0x800)
lseek(r1, 0x0, 0x2)
r2 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r1, r2, 0x0, 0x280900)
timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x1c9c380}}, 0x0)
tkill(r0, 0x401104000000016)

03:48:52 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, 0x0)
openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x48186, 0x0)
ioctl$int_in(0xffffffffffffffff, 0x800000c004500a, &(0x7f0000000300))
socket$inet(0x2, 0x80001, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IPVS_CMD_DEL_DEST(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000240)={0x0, <r2=>0x0})
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x500}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(0xffffffffffffffff, 0x4068aea3, &(0x7f0000000140)={0x7b})
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x40000004, 0x0, 0x0, 0x0, 0x4cb, 0x80000000], 0x10000})

03:48:52 executing program 2:
gettid()
chdir(&(0x7f0000000180)='./file0\x00')
r0 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r1 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r0, r1, 0x0, 0x8400fffffffa)
sendfile(r0, r1, 0x0, 0x280900)

[ 1888.537504][ T5194] FAT-fs (loop3): bogus number of reserved sectors
[ 1888.547639][ T5194] FAT-fs (loop3): Can't find a valid FAT filesystem
03:48:53 executing program 1:
r0 = gettid()
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)}], 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r1 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r1, 0x800)
lseek(r1, 0x0, 0x2)
r2 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r1, r2, 0x0, 0x280900)
timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x1c9c380}}, 0x0)
tkill(r0, 0x401104000000016)

03:48:53 executing program 4:
gettid()
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r0 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r1 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r0, r1, 0x0, 0x8400fffffffa)
sendfile(r0, r1, 0x0, 0x280900)

03:48:53 executing program 3:
r0 = gettid()
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)}], 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r1 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r1, 0x800)
lseek(r1, 0x0, 0x2)
sendfile(r1, 0xffffffffffffffff, 0x0, 0x8400fffffffa)
sendfile(r1, 0xffffffffffffffff, 0x0, 0x280900)
timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x1c9c380}}, 0x0)
tkill(r0, 0x401104000000016)

[ 1888.870411][   T26] audit: type=1800 audit(1580356133.232:317): pid=5312 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.2" name="bus" dev="sda1" ino=17233 res=0
03:48:53 executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000007000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, &(0x7f0000000040))
ioctl$KVM_GET_REG_LIST(0xffffffffffffffff, 0xc008aeb0, 0x0)
dup(0xffffffffffffffff)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r3 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x48186, 0x0)
ioctl$int_in(r3, 0x0, &(0x7f0000000300))
socket$inet(0x2, 0x80001, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00')
sendmsg$IPVS_CMD_DEL_DEST(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x28, r5, 0x1, 0x0, 0x0, {}, [@IPVS_CMD_ATTR_SERVICE={0x14, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_PORT={0x6}, @IPVS_SVC_ATTR_PROTOCOL={0x6}]}]}, 0x28}}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000240)={0x0, <r6=>0x0})
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x11000000}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r6+30000000}, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(r2, 0x4068aea3, &(0x7f0000000140)={0x7b})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x100, 0x40000004, 0x0, 0x0, 0x0, 0x4cb, 0x80000000], 0x10000})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

[ 1888.973256][ T5317] FAT-fs (loop1): bogus number of reserved sectors
[ 1888.979794][ T5317] FAT-fs (loop1): Can't find a valid FAT filesystem
[ 1889.066127][   T26] audit: type=1800 audit(1580356133.432:318): pid=5331 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.1" name="bus" dev="sda1" ino=16649 res=0
03:48:53 executing program 2:
gettid()
chdir(&(0x7f0000000180)='./file0\x00')
r0 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r1 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r0, r1, 0x0, 0x8400fffffffa)
sendfile(r0, r1, 0x0, 0x280900)

[ 1889.172994][ T5352] FAT-fs (loop3): bogus number of reserved sectors
03:48:53 executing program 4:
gettid()
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r0 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r1 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r0, r1, 0x0, 0x8400fffffffa)
sendfile(r0, r1, 0x0, 0x280900)

[ 1889.222556][ T5352] FAT-fs (loop3): Can't find a valid FAT filesystem
03:48:53 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, 0x0)
openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x48186, 0x0)
ioctl$int_in(0xffffffffffffffff, 0x800000c004500a, &(0x7f0000000300))
socket$inet(0x2, 0x80001, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IPVS_CMD_DEL_DEST(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000240)={0x0, <r2=>0x0})
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x29a}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(0xffffffffffffffff, 0x4068aea3, &(0x7f0000000140)={0x7b})
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x40000004, 0x0, 0x0, 0x0, 0x4cb, 0x80000000], 0x10000})

[ 1889.370520][   T26] audit: type=1800 audit(1580356133.732:319): pid=5452 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.2" name="bus" dev="sda1" ino=16648 res=0
03:48:53 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, 0x0)
openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x48186, 0x0)
ioctl$int_in(0xffffffffffffffff, 0x800000c004500a, &(0x7f0000000300))
socket$inet(0x2, 0x80001, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IPVS_CMD_DEL_DEST(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000240)={0x0, <r2=>0x0})
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x5a6}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(0xffffffffffffffff, 0x4068aea3, &(0x7f0000000140)={0x7b})
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x40000004, 0x0, 0x0, 0x0, 0x4cb, 0x80000000], 0x10000})

03:48:53 executing program 3:
r0 = gettid()
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)}], 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r1 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r1, 0x800)
r2 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r1, r2, 0x0, 0x8400fffffffa)
sendfile(r1, r2, 0x0, 0x280900)
timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x1c9c380}}, 0x0)
tkill(r0, 0x401104000000016)

[ 1889.651496][ T5469] FAT-fs (loop3): bogus number of reserved sectors
[ 1889.661061][ T5469] FAT-fs (loop3): Can't find a valid FAT filesystem
03:48:54 executing program 4:
gettid()
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r0 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r1 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r0, r1, 0x0, 0x8400fffffffa)
sendfile(r0, r1, 0x0, 0x280900)

03:48:54 executing program 3:
r0 = gettid()
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)}], 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r1 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r1, 0x800)
r2 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r1, r2, 0x0, 0x8400fffffffa)
sendfile(r1, r2, 0x0, 0x280900)
timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x1c9c380}}, 0x0)
tkill(r0, 0x401104000000016)

03:48:54 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, 0x0)
openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x48186, 0x0)
ioctl$int_in(0xffffffffffffffff, 0x800000c004500a, &(0x7f0000000300))
socket$inet(0x2, 0x80001, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IPVS_CMD_DEL_DEST(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000240)={0x0, <r2=>0x0})
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x600}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(0xffffffffffffffff, 0x4068aea3, &(0x7f0000000140)={0x7b})
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x40000004, 0x0, 0x0, 0x0, 0x4cb, 0x80000000], 0x10000})

03:48:54 executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000007000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, &(0x7f0000000040))
ioctl$KVM_GET_REG_LIST(0xffffffffffffffff, 0xc008aeb0, 0x0)
dup(0xffffffffffffffff)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r3 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x48186, 0x0)
ioctl$int_in(r3, 0x0, &(0x7f0000000300))
socket$inet(0x2, 0x80001, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00')
sendmsg$IPVS_CMD_DEL_DEST(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x28, r5, 0x1, 0x0, 0x0, {}, [@IPVS_CMD_ATTR_SERVICE={0x14, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_PORT={0x6}, @IPVS_SVC_ATTR_PROTOCOL={0x6}]}]}, 0x28}}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000240)={0x0, <r6=>0x0})
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x12000000}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r6+30000000}, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(r2, 0x4068aea3, &(0x7f0000000140)={0x7b})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x100, 0x40000004, 0x0, 0x0, 0x0, 0x4cb, 0x80000000], 0x10000})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

[ 1890.093701][ T5588] FAT-fs (loop3): bogus number of reserved sectors
[ 1890.194870][ T5588] FAT-fs (loop3): Can't find a valid FAT filesystem
03:48:54 executing program 2:
gettid()
chdir(&(0x7f0000000180)='./file0\x00')
r0 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r1 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r0, r1, 0x0, 0x8400fffffffa)
sendfile(r0, r1, 0x0, 0x280900)

03:48:54 executing program 3:
r0 = gettid()
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)}], 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r1 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r1, 0x800)
r2 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r1, r2, 0x0, 0x8400fffffffa)
sendfile(r1, r2, 0x0, 0x280900)
timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x1c9c380}}, 0x0)
tkill(r0, 0x401104000000016)

03:48:54 executing program 1:
r0 = gettid()
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r1 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r1, 0x800)
lseek(r1, 0x0, 0x2)
r2 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r1, r2, 0x0, 0x8400fffffffa)
sendfile(r1, r2, 0x0, 0x280900)
timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x1c9c380}}, 0x0)
tkill(r0, 0x401104000000016)

03:48:54 executing program 4:
r0 = gettid()
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', 0x0, 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r1 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r1, 0x800)
lseek(r1, 0x0, 0x2)
r2 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r1, r2, 0x0, 0x8400fffffffa)
sendfile(r1, r2, 0x0, 0x280900)
timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x1c9c380}}, 0x0)
tkill(r0, 0x401104000000016)

[ 1890.528871][ T5710] FAT-fs (loop3): bogus number of reserved sectors
[ 1890.543352][ T5710] FAT-fs (loop3): Can't find a valid FAT filesystem
[ 1890.690751][ T5716] FAT-fs (loop1): bogus number of reserved sectors
03:48:55 executing program 3:
r0 = gettid()
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)}], 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r1 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
lseek(r1, 0x0, 0x2)
r2 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r1, r2, 0x0, 0x8400fffffffa)
sendfile(r1, r2, 0x0, 0x280900)
timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x1c9c380}}, 0x0)
tkill(r0, 0x401104000000016)

[ 1890.744056][ T5716] FAT-fs (loop1): Can't find a valid FAT filesystem
[ 1890.936994][ T5733] FAT-fs (loop3): bogus number of reserved sectors
[ 1890.964846][ T5733] FAT-fs (loop3): Can't find a valid FAT filesystem
03:48:55 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, 0x0)
openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x48186, 0x0)
ioctl$int_in(0xffffffffffffffff, 0x800000c004500a, &(0x7f0000000300))
socket$inet(0x2, 0x80001, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IPVS_CMD_DEL_DEST(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000240)={0x0, <r2=>0x0})
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x4000}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(0xffffffffffffffff, 0x4068aea3, &(0x7f0000000140)={0x7b})
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x40000004, 0x0, 0x0, 0x0, 0x4cb, 0x80000000], 0x10000})

03:48:55 executing program 4:
r0 = gettid()
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', 0x0, 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r1 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r1, 0x800)
lseek(r1, 0x0, 0x2)
r2 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r1, r2, 0x0, 0x8400fffffffa)
sendfile(r1, r2, 0x0, 0x280900)
timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x1c9c380}}, 0x0)
tkill(r0, 0x401104000000016)

03:48:55 executing program 3:
r0 = gettid()
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)}], 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r1 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
lseek(r1, 0x0, 0x2)
r2 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r1, r2, 0x0, 0x8400fffffffa)
sendfile(r1, r2, 0x0, 0x280900)
timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x1c9c380}}, 0x0)
tkill(r0, 0x401104000000016)

03:48:55 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, 0x0)
openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x48186, 0x0)
ioctl$int_in(0xffffffffffffffff, 0x800000c004500a, &(0x7f0000000300))
socket$inet(0x2, 0x80001, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IPVS_CMD_DEL_DEST(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000240)={0x0, <r2=>0x0})
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x700}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(0xffffffffffffffff, 0x4068aea3, &(0x7f0000000140)={0x7b})
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x40000004, 0x0, 0x0, 0x0, 0x4cb, 0x80000000], 0x10000})

03:48:55 executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000007000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, &(0x7f0000000040))
ioctl$KVM_GET_REG_LIST(0xffffffffffffffff, 0xc008aeb0, 0x0)
dup(0xffffffffffffffff)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r3 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x48186, 0x0)
ioctl$int_in(r3, 0x0, &(0x7f0000000300))
socket$inet(0x2, 0x80001, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00')
sendmsg$IPVS_CMD_DEL_DEST(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x28, r5, 0x1, 0x0, 0x0, {}, [@IPVS_CMD_ATTR_SERVICE={0x14, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_PORT={0x6}, @IPVS_SVC_ATTR_PROTOCOL={0x6}]}]}, 0x28}}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000240)={0x0, <r6=>0x0})
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1d000000}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r6+30000000}, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(r2, 0x4068aea3, &(0x7f0000000140)={0x7b})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x100, 0x40000004, 0x0, 0x0, 0x0, 0x4cb, 0x80000000], 0x10000})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

03:48:55 executing program 2:
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r0 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r1 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r0, r1, 0x0, 0x8400fffffffa)
sendfile(r0, r1, 0x0, 0x280900)

[ 1891.379899][ T5856] FAT-fs (loop3): bogus number of reserved sectors
[ 1891.386898][ T5856] FAT-fs (loop3): Can't find a valid FAT filesystem
03:48:55 executing program 4:
r0 = gettid()
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', 0x0, 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r1 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r1, 0x800)
lseek(r1, 0x0, 0x2)
r2 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r1, r2, 0x0, 0x8400fffffffa)
sendfile(r1, r2, 0x0, 0x280900)
timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x1c9c380}}, 0x0)
tkill(r0, 0x401104000000016)

[ 1891.469091][   T26] kauditd_printk_skb: 10 callbacks suppressed
[ 1891.469110][   T26] audit: type=1800 audit(1580356135.832:330): pid=5951 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.3" name="bus" dev="sda1" ino=17537 res=0
03:48:56 executing program 3:
r0 = gettid()
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)}], 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r1 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
lseek(r1, 0x0, 0x2)
r2 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r1, r2, 0x0, 0x8400fffffffa)
sendfile(r1, r2, 0x0, 0x280900)
timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x1c9c380}}, 0x0)
tkill(r0, 0x401104000000016)

[ 1891.747942][   T26] audit: type=1800 audit(1580356136.072:331): pid=5970 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.2" name="bus" dev="loop2" ino=263 res=0
03:48:56 executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000007000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, &(0x7f0000000040))
ioctl$KVM_GET_REG_LIST(0xffffffffffffffff, 0xc008aeb0, 0x0)
dup(0xffffffffffffffff)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r3 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x48186, 0x0)
ioctl$int_in(r3, 0x0, &(0x7f0000000300))
socket$inet(0x2, 0x80001, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00')
sendmsg$IPVS_CMD_DEL_DEST(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x28, r5, 0x1, 0x0, 0x0, {}, [@IPVS_CMD_ATTR_SERVICE={0x14, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_PORT={0x6}, @IPVS_SVC_ATTR_PROTOCOL={0x6}]}]}, 0x28}}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000240)={0x0, <r6=>0x0})
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1f000000}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r6+30000000}, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(r2, 0x4068aea3, &(0x7f0000000140)={0x7b})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x100, 0x40000004, 0x0, 0x0, 0x0, 0x4cb, 0x80000000], 0x10000})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

03:48:56 executing program 4:
r0 = gettid()
syz_mount_image$vfat(0x0, &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r1 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r1, 0x800)
lseek(r1, 0x0, 0x2)
r2 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r1, r2, 0x0, 0x8400fffffffa)
sendfile(r1, r2, 0x0, 0x280900)
timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x1c9c380}}, 0x0)
tkill(r0, 0x401104000000016)

[ 1891.909989][ T6036] FAT-fs (loop3): bogus number of reserved sectors
[ 1891.924197][   T26] audit: type=1800 audit(1580356136.142:332): pid=5977 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.4" name="bus" dev="sda1" ino=16654 res=0
[ 1892.003819][ T6036] FAT-fs (loop3): Can't find a valid FAT filesystem
03:48:56 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, 0x0)
openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x48186, 0x0)
ioctl$int_in(0xffffffffffffffff, 0x800000c004500a, &(0x7f0000000300))
socket$inet(0x2, 0x80001, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IPVS_CMD_DEL_DEST(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000240)={0x0, <r2=>0x0})
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x4000}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(0xffffffffffffffff, 0x4068aea3, &(0x7f0000000140)={0x7b})
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x40000004, 0x0, 0x0, 0x0, 0x4cb, 0x80000000], 0x10000})

[ 1892.120114][   T26] audit: type=1800 audit(1580356136.482:333): pid=6094 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.3" name="bus" dev="sda1" ino=17745 res=0
03:48:56 executing program 4:
r0 = gettid()
syz_mount_image$vfat(0x0, &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r1 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r1, 0x800)
lseek(r1, 0x0, 0x2)
r2 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r1, r2, 0x0, 0x8400fffffffa)
sendfile(r1, r2, 0x0, 0x280900)
timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x1c9c380}}, 0x0)
tkill(r0, 0x401104000000016)

03:48:56 executing program 3:
r0 = gettid()
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)}], 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
ftruncate(0xffffffffffffffff, 0x800)
lseek(0xffffffffffffffff, 0x0, 0x2)
r1 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(0xffffffffffffffff, r1, 0x0, 0x8400fffffffa)
sendfile(0xffffffffffffffff, r1, 0x0, 0x280900)
timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x1c9c380}}, 0x0)
tkill(r0, 0x401104000000016)

03:48:56 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, 0x0)
openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x48186, 0x0)
ioctl$int_in(0xffffffffffffffff, 0x800000c004500a, &(0x7f0000000300))
socket$inet(0x2, 0x80001, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IPVS_CMD_DEL_DEST(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000240)={0x0, <r2=>0x0})
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x900}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(0xffffffffffffffff, 0x4068aea3, &(0x7f0000000140)={0x7b})
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x40000004, 0x0, 0x0, 0x0, 0x4cb, 0x80000000], 0x10000})

03:48:56 executing program 2:
syz_mount_image$vfat(0x0, &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r0 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r1 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r0, r1, 0x0, 0x8400fffffffa)
sendfile(r0, r1, 0x0, 0x280900)

03:48:56 executing program 4:
r0 = gettid()
syz_mount_image$vfat(0x0, &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r1 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r1, 0x800)
lseek(r1, 0x0, 0x2)
r2 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r1, r2, 0x0, 0x8400fffffffa)
sendfile(r1, r2, 0x0, 0x280900)
timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x1c9c380}}, 0x0)
tkill(r0, 0x401104000000016)

[ 1892.714236][ T6328] FAT-fs (loop3): bogus number of reserved sectors
[ 1892.726118][ T6328] FAT-fs (loop3): Can't find a valid FAT filesystem
03:48:57 executing program 3:
r0 = gettid()
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)}], 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
ftruncate(0xffffffffffffffff, 0x800)
lseek(0xffffffffffffffff, 0x0, 0x2)
r1 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(0xffffffffffffffff, r1, 0x0, 0x8400fffffffa)
sendfile(0xffffffffffffffff, r1, 0x0, 0x280900)
timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x1c9c380}}, 0x0)
tkill(r0, 0x401104000000016)

[ 1892.877090][   T26] audit: type=1800 audit(1580356137.242:334): pid=6344 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.2" name="bus" dev="sda1" ino=17751 res=0
03:48:57 executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000007000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, &(0x7f0000000040))
ioctl$KVM_GET_REG_LIST(0xffffffffffffffff, 0xc008aeb0, 0x0)
dup(0xffffffffffffffff)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r3 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x48186, 0x0)
ioctl$int_in(r3, 0x0, &(0x7f0000000300))
socket$inet(0x2, 0x80001, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00')
sendmsg$IPVS_CMD_DEL_DEST(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x28, r5, 0x1, 0x0, 0x0, {}, [@IPVS_CMD_ATTR_SERVICE={0x14, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_PORT={0x6}, @IPVS_SVC_ATTR_PROTOCOL={0x6}]}]}, 0x28}}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000240)={0x0, <r6=>0x0})
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x20000000}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r6+30000000}, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(r2, 0x4068aea3, &(0x7f0000000140)={0x7b})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x100, 0x40000004, 0x0, 0x0, 0x0, 0x4cb, 0x80000000], 0x10000})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

03:48:57 executing program 1:
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r0 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r1 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r0, r1, 0x0, 0x8400fffffffa)
sendfile(r0, r1, 0x0, 0x280900)

[ 1893.082713][ T6456] FAT-fs (loop3): bogus number of reserved sectors
03:48:57 executing program 4:
r0 = gettid()
syz_mount_image$vfat(0x0, &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r1 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r1, 0x800)
lseek(r1, 0x0, 0x2)
r2 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r1, r2, 0x0, 0x8400fffffffa)
sendfile(r1, r2, 0x0, 0x280900)
timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x1c9c380}}, 0x0)
tkill(r0, 0x401104000000016)

[ 1893.153403][ T6456] FAT-fs (loop3): Can't find a valid FAT filesystem
03:48:57 executing program 3:
r0 = gettid()
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)}], 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
ftruncate(0xffffffffffffffff, 0x800)
lseek(0xffffffffffffffff, 0x0, 0x2)
r1 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(0xffffffffffffffff, r1, 0x0, 0x8400fffffffa)
sendfile(0xffffffffffffffff, r1, 0x0, 0x280900)
timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x1c9c380}}, 0x0)
tkill(r0, 0x401104000000016)

03:48:57 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, 0x0)
openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x48186, 0x0)
ioctl$int_in(0xffffffffffffffff, 0x800000c004500a, &(0x7f0000000300))
socket$inet(0x2, 0x80001, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IPVS_CMD_DEL_DEST(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000240)={0x0, <r2=>0x0})
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0xa00}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(0xffffffffffffffff, 0x4068aea3, &(0x7f0000000140)={0x7b})
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x40000004, 0x0, 0x0, 0x0, 0x4cb, 0x80000000], 0x10000})

[ 1893.427869][   T26] audit: type=1800 audit(1580356137.792:335): pid=6480 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.1" name="bus" dev="loop1" ino=264 res=0
[ 1893.537921][ T6567] FAT-fs (loop3): bogus number of reserved sectors
[ 1893.567392][ T6567] FAT-fs (loop3): Can't find a valid FAT filesystem
03:48:58 executing program 4:
r0 = gettid()
syz_mount_image$vfat(0x0, &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r1 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r1, 0x800)
lseek(r1, 0x0, 0x2)
r2 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r1, r2, 0x0, 0x8400fffffffa)
sendfile(r1, r2, 0x0, 0x280900)
timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x1c9c380}}, 0x0)
tkill(r0, 0x401104000000016)

03:48:58 executing program 2:
syz_mount_image$vfat(0x0, &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r0 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r1 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r0, r1, 0x0, 0x8400fffffffa)
sendfile(r0, r1, 0x0, 0x280900)

03:48:58 executing program 3:
r0 = gettid()
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)}], 0x0, 0x0)
r1 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r1, 0x800)
lseek(r1, 0x0, 0x2)
r2 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r1, r2, 0x0, 0x8400fffffffa)
sendfile(r1, r2, 0x0, 0x280900)
timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x1c9c380}}, 0x0)
tkill(r0, 0x401104000000016)

03:48:58 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, 0x0)
openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x48186, 0x0)
ioctl$int_in(0xffffffffffffffff, 0x800000c004500a, &(0x7f0000000300))
socket$inet(0x2, 0x80001, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IPVS_CMD_DEL_DEST(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000240)={0x0, <r2=>0x0})
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0xb00}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(0xffffffffffffffff, 0x4068aea3, &(0x7f0000000140)={0x7b})
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x40000004, 0x0, 0x0, 0x0, 0x4cb, 0x80000000], 0x10000})

03:48:58 executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000007000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, &(0x7f0000000040))
ioctl$KVM_GET_REG_LIST(0xffffffffffffffff, 0xc008aeb0, 0x0)
dup(0xffffffffffffffff)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r3 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x48186, 0x0)
ioctl$int_in(r3, 0x0, &(0x7f0000000300))
socket$inet(0x2, 0x80001, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00')
sendmsg$IPVS_CMD_DEL_DEST(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x28, r5, 0x1, 0x0, 0x0, {}, [@IPVS_CMD_ATTR_SERVICE={0x14, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_PORT={0x6}, @IPVS_SVC_ATTR_PROTOCOL={0x6}]}]}, 0x28}}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000240)={0x0, <r6=>0x0})
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x40000000}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r6+30000000}, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(r2, 0x4068aea3, &(0x7f0000000140)={0x7b})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x100, 0x40000004, 0x0, 0x0, 0x0, 0x4cb, 0x80000000], 0x10000})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

03:48:58 executing program 4:
r0 = gettid()
syz_mount_image$vfat(0x0, &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r1 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r1, 0x800)
lseek(r1, 0x0, 0x2)
r2 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r1, r2, 0x0, 0x8400fffffffa)
sendfile(r1, r2, 0x0, 0x280900)
timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x1c9c380}}, 0x0)
tkill(r0, 0x401104000000016)

[ 1894.044256][ T6709] FAT-fs (loop3): bogus number of reserved sectors
[ 1894.149837][ T6709] FAT-fs (loop3): Can't find a valid FAT filesystem
[ 1894.167162][   T26] audit: type=1800 audit(1580356138.532:336): pid=6719 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.2" name="bus" dev="sda1" ino=16653 res=0
03:48:58 executing program 4:
syz_mount_image$vfat(0x0, &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r0 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r1 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r0, r1, 0x0, 0x8400fffffffa)
sendfile(r0, r1, 0x0, 0x280900)

03:48:58 executing program 3:
r0 = gettid()
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)}], 0x0, 0x0)
r1 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r1, 0x800)
lseek(r1, 0x0, 0x2)
r2 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r1, r2, 0x0, 0x8400fffffffa)
sendfile(r1, r2, 0x0, 0x280900)
timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x1c9c380}}, 0x0)
tkill(r0, 0x401104000000016)

03:48:58 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
setsockopt$inet_mreqsrc(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000040)={@dev, @initdev={0xac, 0x1e, 0x0, 0x0}, @multicast1}, 0xc)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x11c000})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0xffffffffffffff40, 0x0, 0x0, 0x0)
ioctl$KVM_NMI(r2, 0xae9a)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
socketpair$unix(0x1, 0x0, 0x0, 0x0)

[ 1894.628683][ T6845] FAT-fs (loop3): bogus number of reserved sectors
[ 1894.645657][ T6845] FAT-fs (loop3): Can't find a valid FAT filesystem
03:48:59 executing program 4:
syz_mount_image$vfat(0x0, &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r0 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r1 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r0, r1, 0x0, 0x8400fffffffa)
sendfile(r0, r1, 0x0, 0x280900)

[ 1894.743378][   T26] audit: type=1800 audit(1580356139.092:337): pid=6845 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.3" name="bus" dev="sda1" ino=16650 res=0
03:48:59 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
setsockopt$inet_mreqsrc(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000040)={@dev, @initdev={0xac, 0x1e, 0x0, 0x0}, @multicast1}, 0xc)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x11c000})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0xffffffffffffff40, 0x0, 0x0, 0x0)
ioctl$KVM_NMI(r2, 0xae9a)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
socketpair$unix(0x1, 0x0, 0x0, 0x0)

03:48:59 executing program 2:
syz_mount_image$vfat(0x0, &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r0 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r1 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r0, r1, 0x0, 0x8400fffffffa)
sendfile(r0, r1, 0x0, 0x280900)

03:48:59 executing program 3:
r0 = gettid()
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)}], 0x0, 0x0)
r1 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r1, 0x800)
lseek(r1, 0x0, 0x2)
r2 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r1, r2, 0x0, 0x8400fffffffa)
sendfile(r1, r2, 0x0, 0x280900)
timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x1c9c380}}, 0x0)
tkill(r0, 0x401104000000016)

[ 1895.021798][   T26] audit: type=1800 audit(1580356139.382:338): pid=6960 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.4" name="bus" dev="sda1" ino=16636 res=0
[ 1895.240980][ T7011] FAT-fs (loop3): bogus number of reserved sectors
[ 1895.269676][ T7011] FAT-fs (loop3): Can't find a valid FAT filesystem
03:48:59 executing program 4:
syz_mount_image$vfat(0x0, &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r0 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r1 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r0, r1, 0x0, 0x8400fffffffa)
sendfile(r0, r1, 0x0, 0x280900)

03:48:59 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, 0x0)
openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x48186, 0x0)
ioctl$int_in(0xffffffffffffffff, 0x800000c004500a, &(0x7f0000000300))
socket$inet(0x2, 0x80001, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IPVS_CMD_DEL_DEST(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000240)={0x0, <r2=>0x0})
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0xd00}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(0xffffffffffffffff, 0x4068aea3, &(0x7f0000000140)={0x7b})
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x40000004, 0x0, 0x0, 0x0, 0x4cb, 0x80000000], 0x10000})

03:48:59 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
setsockopt$inet_mreqsrc(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000040)={@dev, @initdev={0xac, 0x1e, 0x0, 0x0}, @multicast1}, 0xc)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x11c000})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0xffffffffffffff40, 0x0, 0x0, 0x0)
ioctl$KVM_NMI(r2, 0xae9a)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
socketpair$unix(0x1, 0x0, 0x0, 0x0)

03:48:59 executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000007000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, &(0x7f0000000040))
ioctl$KVM_GET_REG_LIST(0xffffffffffffffff, 0xc008aeb0, 0x0)
dup(0xffffffffffffffff)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r3 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x48186, 0x0)
ioctl$int_in(r3, 0x0, &(0x7f0000000300))
socket$inet(0x2, 0x80001, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00')
sendmsg$IPVS_CMD_DEL_DEST(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x28, r5, 0x1, 0x0, 0x0, {}, [@IPVS_CMD_ATTR_SERVICE={0x14, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_PORT={0x6}, @IPVS_SVC_ATTR_PROTOCOL={0x6}]}]}, 0x28}}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000240)={0x0, <r6=>0x0})
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x401f0000}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r6+30000000}, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(r2, 0x4068aea3, &(0x7f0000000140)={0x7b})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x100, 0x40000004, 0x0, 0x0, 0x0, 0x4cb, 0x80000000], 0x10000})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

[ 1895.401905][   T26] audit: type=1800 audit(1580356139.762:339): pid=7084 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.2" name="bus" dev="sda1" ino=17553 res=0
03:49:00 executing program 2:
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', 0x0, 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r0 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r1 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r0, r1, 0x0, 0x8400fffffffa)
sendfile(r0, r1, 0x0, 0x280900)

03:49:00 executing program 4:
r0 = gettid()
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r1 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r1, 0x800)
lseek(r1, 0x0, 0x2)
r2 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r1, r2, 0x0, 0x8400fffffffa)
sendfile(r1, r2, 0x0, 0x280900)
timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x1c9c380}}, 0x0)
tkill(r0, 0x401104000000016)

03:49:00 executing program 1:
sendmsg(0xffffffffffffffff, 0x0, 0x0)
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r0 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r1 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r0, r1, 0x0, 0x8400fffffffa)
sendfile(r0, r1, 0x0, 0x280900)
timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x1c9c380}}, 0x0)
tkill(0x0, 0x401104000000016)

03:49:00 executing program 3:
r0 = gettid()
chdir(&(0x7f0000000180)='./file0\x00')
r1 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r1, 0x800)
lseek(r1, 0x0, 0x2)
r2 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r1, r2, 0x0, 0x8400fffffffa)
sendfile(r1, r2, 0x0, 0x280900)
timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x1c9c380}}, 0x0)
tkill(r0, 0x401104000000016)

03:49:00 executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000007000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, &(0x7f0000000040))
ioctl$KVM_GET_REG_LIST(0xffffffffffffffff, 0xc008aeb0, 0x0)
dup(0xffffffffffffffff)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r3 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x48186, 0x0)
ioctl$int_in(r3, 0x0, &(0x7f0000000300))
socket$inet(0x2, 0x80001, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00')
sendmsg$IPVS_CMD_DEL_DEST(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x28, r5, 0x1, 0x0, 0x0, {}, [@IPVS_CMD_ATTR_SERVICE={0x14, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_PORT={0x6}, @IPVS_SVC_ATTR_PROTOCOL={0x6}]}]}, 0x28}}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000240)={0x0, <r6=>0x0})
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x4d010000}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r6+30000000}, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(r2, 0x4068aea3, &(0x7f0000000140)={0x7b})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x100, 0x40000004, 0x0, 0x0, 0x0, 0x4cb, 0x80000000], 0x10000})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

03:49:00 executing program 4:
r0 = gettid()
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r1 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r1, 0x800)
lseek(r1, 0x0, 0x2)
r2 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r1, r2, 0x0, 0x8400fffffffa)
sendfile(r1, r2, 0x0, 0x280900)
timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x1c9c380}}, 0x0)
tkill(r0, 0x401104000000016)

03:49:00 executing program 3:
r0 = gettid()
chdir(&(0x7f0000000180)='./file0\x00')
r1 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r1, 0x800)
lseek(r1, 0x0, 0x2)
r2 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r1, r2, 0x0, 0x8400fffffffa)
sendfile(r1, r2, 0x0, 0x280900)
timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x1c9c380}}, 0x0)
tkill(r0, 0x401104000000016)

03:49:00 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, 0x0)
openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x48186, 0x0)
ioctl$int_in(0xffffffffffffffff, 0x800000c004500a, &(0x7f0000000300))
socket$inet(0x2, 0x80001, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IPVS_CMD_DEL_DEST(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000240)={0x0, <r2=>0x0})
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0xe00}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(0xffffffffffffffff, 0x4068aea3, &(0x7f0000000140)={0x7b})
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x40000004, 0x0, 0x0, 0x0, 0x4cb, 0x80000000], 0x10000})

[ 1896.558283][   T26] kauditd_printk_skb: 5 callbacks suppressed
[ 1896.558302][   T26] audit: type=1800 audit(1580356140.922:345): pid=7349 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.4" name="bus" dev="loop4" ino=266 res=0
[ 1896.653394][   T26] audit: type=1800 audit(1580356140.942:346): pid=7356 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.3" name="bus" dev="sda1" ino=16664 res=0
03:49:01 executing program 2:
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', 0x0, 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r0 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r1 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r0, r1, 0x0, 0x8400fffffffa)
sendfile(r0, r1, 0x0, 0x280900)

[ 1896.870297][   T26] audit: type=1800 audit(1580356141.232:347): pid=7426 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.2" name="bus" dev="sda1" ino=16636 res=0
03:49:01 executing program 4:
r0 = gettid()
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r1 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r1, 0x800)
lseek(r1, 0x0, 0x2)
r2 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r1, r2, 0x0, 0x8400fffffffa)
sendfile(r1, r2, 0x0, 0x280900)
timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x1c9c380}}, 0x0)
tkill(r0, 0x401104000000016)

03:49:01 executing program 3:
r0 = gettid()
chdir(&(0x7f0000000180)='./file0\x00')
r1 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r1, 0x800)
lseek(r1, 0x0, 0x2)
r2 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r1, r2, 0x0, 0x8400fffffffa)
sendfile(r1, r2, 0x0, 0x280900)
timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x1c9c380}}, 0x0)
tkill(r0, 0x401104000000016)

03:49:01 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, 0x0)
openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x48186, 0x0)
ioctl$int_in(0xffffffffffffffff, 0x800000c004500a, &(0x7f0000000300))
socket$inet(0x2, 0x80001, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IPVS_CMD_DEL_DEST(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000240)={0x0, <r2=>0x0})
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0xf00}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(0xffffffffffffffff, 0x4068aea3, &(0x7f0000000140)={0x7b})
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x40000004, 0x0, 0x0, 0x0, 0x4cb, 0x80000000], 0x10000})

[ 1897.195346][   T26] audit: type=1800 audit(1580356141.562:348): pid=7480 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.3" name="bus" dev="sda1" ino=16654 res=0
03:49:01 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, 0x0)
openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x48186, 0x0)
ioctl$int_in(0xffffffffffffffff, 0x800000c004500a, &(0x7f0000000300))
socket$inet(0x2, 0x80001, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IPVS_CMD_DEL_DEST(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000240)={0x0, <r2=>0x0})
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0xe00}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(0xffffffffffffffff, 0x4068aea3, &(0x7f0000000140)={0x7b})
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x40000004, 0x0, 0x0, 0x0, 0x4cb, 0x80000000], 0x10000})

03:49:01 executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000007000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, &(0x7f0000000040))
ioctl$KVM_GET_REG_LIST(0xffffffffffffffff, 0xc008aeb0, 0x0)
dup(0xffffffffffffffff)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r3 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x48186, 0x0)
ioctl$int_in(r3, 0x0, &(0x7f0000000300))
socket$inet(0x2, 0x80001, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00')
sendmsg$IPVS_CMD_DEL_DEST(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x28, r5, 0x1, 0x0, 0x0, {}, [@IPVS_CMD_ATTR_SERVICE={0x14, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_PORT={0x6}, @IPVS_SVC_ATTR_PROTOCOL={0x6}]}]}, 0x28}}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000240)={0x0, <r6=>0x0})
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x64000000}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r6+30000000}, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(r2, 0x4068aea3, &(0x7f0000000140)={0x7b})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x100, 0x40000004, 0x0, 0x0, 0x0, 0x4cb, 0x80000000], 0x10000})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

[ 1897.386323][   T26] audit: type=1800 audit(1580356141.752:349): pid=7492 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.4" name="bus" dev="loop4" ino=267 res=0
03:49:01 executing program 3:
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)}], 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r0 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r1 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r0, r1, 0x0, 0x8400fffffffa)
sendfile(r0, r1, 0x0, 0x280900)
timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x1c9c380}}, 0x0)
tkill(0x0, 0x401104000000016)

[ 1897.559275][ T7504] FAT-fs (loop3): bogus number of reserved sectors
[ 1897.566893][ T7504] FAT-fs (loop3): Can't find a valid FAT filesystem
03:49:02 executing program 4:
sendmsg(0xffffffffffffffff, 0x0, 0x0)
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r0 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r1 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r0, r1, 0x0, 0x8400fffffffa)
sendfile(r0, r1, 0x0, 0x280900)
timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x1c9c380}}, 0x0)
tkill(0x0, 0x401104000000016)

[ 1897.637282][   T26] audit: type=1800 audit(1580356142.002:350): pid=7504 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.3" name="bus" dev="sda1" ino=17754 res=0
03:49:02 executing program 2:
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', 0x0, 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r0 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r1 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r0, r1, 0x0, 0x8400fffffffa)
sendfile(r0, r1, 0x0, 0x280900)

03:49:02 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, 0x0)
openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x48186, 0x0)
ioctl$int_in(0xffffffffffffffff, 0x800000c004500a, &(0x7f0000000300))
socket$inet(0x2, 0x80001, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IPVS_CMD_DEL_DEST(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000240)={0x0, <r2=>0x0})
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x157c}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(0xffffffffffffffff, 0x4068aea3, &(0x7f0000000140)={0x7b})
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x40000004, 0x0, 0x0, 0x0, 0x4cb, 0x80000000], 0x10000})

[ 1898.005132][   T26] audit: type=1800 audit(1580356142.372:351): pid=7621 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.2" name="bus" dev="sda1" ino=16669 res=0
03:49:02 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, 0x0)
openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x48186, 0x0)
ioctl$int_in(0xffffffffffffffff, 0x800000c004500a, &(0x7f0000000300))
socket$inet(0x2, 0x80001, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IPVS_CMD_DEL_DEST(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000240)={0x0, <r2=>0x0})
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x1100}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(0xffffffffffffffff, 0x4068aea3, &(0x7f0000000140)={0x7b})
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x40000004, 0x0, 0x0, 0x0, 0x4cb, 0x80000000], 0x10000})

[ 1898.119571][   T26] audit: type=1800 audit(1580356142.392:352): pid=7615 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.4" name="bus" dev="loop4" ino=268 res=0
03:49:02 executing program 4:
sendmsg(0xffffffffffffffff, 0x0, 0x0)
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r0 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r1 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r0, r1, 0x0, 0x8400fffffffa)
sendfile(r0, r1, 0x0, 0x280900)
timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x1c9c380}}, 0x0)
tkill(0x0, 0x401104000000016)

03:49:02 executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000007000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, &(0x7f0000000040))
ioctl$KVM_GET_REG_LIST(0xffffffffffffffff, 0xc008aeb0, 0x0)
dup(0xffffffffffffffff)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r3 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x48186, 0x0)
ioctl$int_in(r3, 0x0, &(0x7f0000000300))
socket$inet(0x2, 0x80001, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00')
sendmsg$IPVS_CMD_DEL_DEST(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x28, r5, 0x1, 0x0, 0x0, {}, [@IPVS_CMD_ATTR_SERVICE={0x14, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_PORT={0x6}, @IPVS_SVC_ATTR_PROTOCOL={0x6}]}]}, 0x28}}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000240)={0x0, <r6=>0x0})
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x7c150000}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r6+30000000}, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(r2, 0x4068aea3, &(0x7f0000000140)={0x7b})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x100, 0x40000004, 0x0, 0x0, 0x0, 0x4cb, 0x80000000], 0x10000})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

03:49:02 executing program 3:
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)}], 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r0 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r1 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r0, r1, 0x0, 0x8400fffffffa)
sendfile(r0, r1, 0x0, 0x280900)
timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x1c9c380}}, 0x0)
tkill(0x0, 0x401104000000016)

[ 1898.586501][   T26] audit: type=1800 audit(1580356142.952:353): pid=7751 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.4" name="bus" dev="loop4" ino=269 res=0
03:49:03 executing program 2:
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r0 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r1 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r0, r1, 0x0, 0x8400fffffffa)
sendfile(r0, r1, 0x0, 0x280900)

[ 1898.705083][ T7850] FAT-fs (loop3): bogus number of reserved sectors
[ 1898.711864][ T7850] FAT-fs (loop3): Can't find a valid FAT filesystem
03:49:03 executing program 4:
sendmsg(0xffffffffffffffff, 0x0, 0x0)
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r0 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r1 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r0, r1, 0x0, 0x8400fffffffa)
sendfile(r0, r1, 0x0, 0x280900)
timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x1c9c380}}, 0x0)
tkill(0x0, 0x401104000000016)

[ 1898.803685][ T7866] FAT-fs (loop2): bogus number of reserved sectors
[ 1898.810172][   T26] audit: type=1800 audit(1580356143.172:354): pid=7850 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.3" name="bus" dev="sda1" ino=16618 res=0
[ 1898.814604][ T7866] FAT-fs (loop2): Can't find a valid FAT filesystem
03:49:03 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, 0x0)
openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x48186, 0x0)
ioctl$int_in(0xffffffffffffffff, 0x800000c004500a, &(0x7f0000000300))
socket$inet(0x2, 0x80001, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IPVS_CMD_DEL_DEST(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000240)={0x0, <r2=>0x0})
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x1200}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(0xffffffffffffffff, 0x4068aea3, &(0x7f0000000140)={0x7b})
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x40000004, 0x0, 0x0, 0x0, 0x4cb, 0x80000000], 0x10000})

03:49:03 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, 0x0)
openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x48186, 0x0)
ioctl$int_in(0xffffffffffffffff, 0x800000c004500a, &(0x7f0000000300))
socket$inet(0x2, 0x80001, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IPVS_CMD_DEL_DEST(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000240)={0x0, <r2=>0x0})
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x157c}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(0xffffffffffffffff, 0x4068aea3, &(0x7f0000000140)={0x7b})
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x40000004, 0x0, 0x0, 0x0, 0x4cb, 0x80000000], 0x10000})

03:49:03 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, 0x0)
openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x48186, 0x0)
ioctl$int_in(0xffffffffffffffff, 0x800000c004500a, &(0x7f0000000300))
socket$inet(0x2, 0x80001, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IPVS_CMD_DEL_DEST(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000240)={0x0, <r2=>0x0})
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x1100}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(0xffffffffffffffff, 0x4068aea3, &(0x7f0000000140)={0x7b})
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x40000004, 0x0, 0x0, 0x0, 0x4cb, 0x80000000], 0x10000})

03:49:03 executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000007000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, &(0x7f0000000040))
ioctl$KVM_GET_REG_LIST(0xffffffffffffffff, 0xc008aeb0, 0x0)
dup(0xffffffffffffffff)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r3 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x48186, 0x0)
ioctl$int_in(r3, 0x0, &(0x7f0000000300))
socket$inet(0x2, 0x80001, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00')
sendmsg$IPVS_CMD_DEL_DEST(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x28, r5, 0x1, 0x0, 0x0, {}, [@IPVS_CMD_ATTR_SERVICE={0x14, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_PORT={0x6}, @IPVS_SVC_ATTR_PROTOCOL={0x6}]}]}, 0x28}}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000240)={0x0, <r6=>0x0})
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x9a020000}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r6+30000000}, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(r2, 0x4068aea3, &(0x7f0000000140)={0x7b})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x100, 0x40000004, 0x0, 0x0, 0x0, 0x4cb, 0x80000000], 0x10000})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

03:49:03 executing program 3:
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)}], 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r0 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r1 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r0, r1, 0x0, 0x8400fffffffa)
sendfile(r0, r1, 0x0, 0x280900)
timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x1c9c380}}, 0x0)
tkill(0x0, 0x401104000000016)

03:49:04 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, 0x0)
openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x48186, 0x0)
ioctl$int_in(0xffffffffffffffff, 0x800000c004500a, &(0x7f0000000300))
socket$inet(0x2, 0x80001, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IPVS_CMD_DEL_DEST(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000240)={0x0, <r2=>0x0})
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x157c}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(0xffffffffffffffff, 0x4068aea3, &(0x7f0000000140)={0x7b})
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x40000004, 0x0, 0x0, 0x0, 0x4cb, 0x80000000], 0x10000})

03:49:04 executing program 2:
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r0 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r1 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r0, r1, 0x0, 0x8400fffffffa)
sendfile(r0, r1, 0x0, 0x280900)

[ 1899.756605][ T8038] FAT-fs (loop3): bogus number of reserved sectors
[ 1899.773126][ T8038] FAT-fs (loop3): Can't find a valid FAT filesystem
03:49:04 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, 0x0)
openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x48186, 0x0)
ioctl$int_in(0xffffffffffffffff, 0x800000c004500a, &(0x7f0000000300))
socket$inet(0x2, 0x80001, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IPVS_CMD_DEL_DEST(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000240)={0x0, <r2=>0x0})
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x1100}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(0xffffffffffffffff, 0x4068aea3, &(0x7f0000000140)={0x7b})
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x40000004, 0x0, 0x0, 0x0, 0x4cb, 0x80000000], 0x10000})

[ 1899.951575][ T8159] FAT-fs (loop2): bogus number of reserved sectors
[ 1899.969185][ T8159] FAT-fs (loop2): Can't find a valid FAT filesystem
03:49:04 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, 0x0)
openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x48186, 0x0)
ioctl$int_in(0xffffffffffffffff, 0x800000c004500a, &(0x7f0000000300))
socket$inet(0x2, 0x80001, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IPVS_CMD_DEL_DEST(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000240)={0x0, <r2=>0x0})
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x157c}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(0xffffffffffffffff, 0x4068aea3, &(0x7f0000000140)={0x7b})
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x40000004, 0x0, 0x0, 0x0, 0x4cb, 0x80000000], 0x10000})

03:49:04 executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000007000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, &(0x7f0000000040))
ioctl$KVM_GET_REG_LIST(0xffffffffffffffff, 0xc008aeb0, 0x0)
dup(0xffffffffffffffff)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r3 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x48186, 0x0)
ioctl$int_in(r3, 0x0, &(0x7f0000000300))
socket$inet(0x2, 0x80001, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00')
sendmsg$IPVS_CMD_DEL_DEST(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x28, r5, 0x1, 0x0, 0x0, {}, [@IPVS_CMD_ATTR_SERVICE={0x14, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_PORT={0x6}, @IPVS_SVC_ATTR_PROTOCOL={0x6}]}]}, 0x28}}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000240)={0x0, <r6=>0x0})
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0xa3050000}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r6+30000000}, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(r2, 0x4068aea3, &(0x7f0000000140)={0x7b})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x100, 0x40000004, 0x0, 0x0, 0x0, 0x4cb, 0x80000000], 0x10000})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

03:49:04 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, 0x0)
openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x48186, 0x0)
ioctl$int_in(0xffffffffffffffff, 0x800000c004500a, &(0x7f0000000300))
socket$inet(0x2, 0x80001, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IPVS_CMD_DEL_DEST(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000240)={0x0, <r2=>0x0})
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x1d00}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(0xffffffffffffffff, 0x4068aea3, &(0x7f0000000140)={0x7b})
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x40000004, 0x0, 0x0, 0x0, 0x4cb, 0x80000000], 0x10000})

03:49:04 executing program 3:
r0 = gettid()
syz_mount_image$vfat(0x0, &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)}], 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r1 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r1, 0x800)
lseek(r1, 0x0, 0x2)
r2 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r1, r2, 0x0, 0x8400fffffffa)
sendfile(r1, r2, 0x0, 0x280900)
timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x1c9c380}}, 0x0)
tkill(r0, 0x401104000000016)

03:49:05 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, 0x0)
openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x48186, 0x0)
ioctl$int_in(0xffffffffffffffff, 0x800000c004500a, &(0x7f0000000300))
socket$inet(0x2, 0x80001, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IPVS_CMD_DEL_DEST(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000240)={0x0, <r2=>0x0})
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x1100}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(0xffffffffffffffff, 0x4068aea3, &(0x7f0000000140)={0x7b})
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x40000004, 0x0, 0x0, 0x0, 0x4cb, 0x80000000], 0x10000})

03:49:05 executing program 2:
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r0 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r1 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r0, r1, 0x0, 0x8400fffffffa)
sendfile(r0, r1, 0x0, 0x280900)

03:49:05 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, 0x0)
openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x48186, 0x0)
ioctl$int_in(0xffffffffffffffff, 0x800000c004500a, &(0x7f0000000300))
socket$inet(0x2, 0x80001, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IPVS_CMD_DEL_DEST(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000240)={0x0, <r2=>0x0})
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x1f00}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(0xffffffffffffffff, 0x4068aea3, &(0x7f0000000140)={0x7b})
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x40000004, 0x0, 0x0, 0x0, 0x4cb, 0x80000000], 0x10000})

[ 1900.958964][ T8411] FAT-fs (loop2): bogus number of reserved sectors
[ 1900.969051][ T8411] FAT-fs (loop2): Can't find a valid FAT filesystem
03:49:05 executing program 4:
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)}], 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r0 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r1 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r0, r1, 0x0, 0x8400fffffffa)
sendfile(r0, r1, 0x0, 0x280900)
timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x1c9c380}}, 0x0)
tkill(0x0, 0x401104000000016)

03:49:05 executing program 3:
r0 = gettid()
syz_mount_image$vfat(0x0, &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)}], 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r1 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r1, 0x800)
lseek(r1, 0x0, 0x2)
r2 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r1, r2, 0x0, 0x8400fffffffa)
sendfile(r1, r2, 0x0, 0x280900)
timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x1c9c380}}, 0x0)
tkill(r0, 0x401104000000016)

[ 1901.118343][ T8418] FAT-fs (loop4): bogus number of reserved sectors
[ 1901.125499][ T8418] FAT-fs (loop4): Can't find a valid FAT filesystem
03:49:05 executing program 1:
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r0 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r1 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r0, r1, 0x0, 0x8400fffffffa)
sendfile(r0, r1, 0x0, 0x280900)

03:49:05 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, 0x0)
openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x48186, 0x0)
ioctl$int_in(0xffffffffffffffff, 0x800000c004500a, &(0x7f0000000300))
socket$inet(0x2, 0x80001, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IPVS_CMD_DEL_DEST(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000240)={0x0, <r2=>0x0})
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x1f40}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(0xffffffffffffffff, 0x4068aea3, &(0x7f0000000140)={0x7b})
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x40000004, 0x0, 0x0, 0x0, 0x4cb, 0x80000000], 0x10000})

03:49:05 executing program 3:
r0 = gettid()
syz_mount_image$vfat(0x0, &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)}], 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r1 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r1, 0x800)
lseek(r1, 0x0, 0x2)
r2 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r1, r2, 0x0, 0x8400fffffffa)
sendfile(r1, r2, 0x0, 0x280900)
timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x1c9c380}}, 0x0)
tkill(r0, 0x401104000000016)

03:49:05 executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000007000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, &(0x7f0000000040))
ioctl$KVM_GET_REG_LIST(0xffffffffffffffff, 0xc008aeb0, 0x0)
dup(0xffffffffffffffff)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r3 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x48186, 0x0)
ioctl$int_in(r3, 0x0, &(0x7f0000000300))
socket$inet(0x2, 0x80001, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00')
sendmsg$IPVS_CMD_DEL_DEST(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x28, r5, 0x1, 0x0, 0x0, {}, [@IPVS_CMD_ATTR_SERVICE={0x14, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_PORT={0x6}, @IPVS_SVC_ATTR_PROTOCOL={0x6}]}]}, 0x28}}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000240)={0x0, <r6=>0x0})
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0xfefdffff}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r6+30000000}, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(r2, 0x4068aea3, &(0x7f0000000140)={0x7b})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x100, 0x40000004, 0x0, 0x0, 0x0, 0x4cb, 0x80000000], 0x10000})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

03:49:06 executing program 4:
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)}], 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r0 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r1 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r0, r1, 0x0, 0x8400fffffffa)
sendfile(r0, r1, 0x0, 0x280900)
timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x1c9c380}}, 0x0)
tkill(0x0, 0x401104000000016)

[ 1901.696481][ T8546] FAT-fs (loop1): bogus number of reserved sectors
[ 1901.703096][ T8546] FAT-fs (loop1): Can't find a valid FAT filesystem
[ 1901.811142][   T26] kauditd_printk_skb: 8 callbacks suppressed
[ 1901.811162][   T26] audit: type=1800 audit(1580356146.172:363): pid=8559 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.1" name="bus" dev="sda1" ino=17774 res=0
03:49:06 executing program 2:
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x0, 0x0, 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r0 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r1 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r0, r1, 0x0, 0x8400fffffffa)
sendfile(r0, r1, 0x0, 0x280900)

03:49:06 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, 0x0)
openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x48186, 0x0)
ioctl$int_in(0xffffffffffffffff, 0x800000c004500a, &(0x7f0000000300))
socket$inet(0x2, 0x80001, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IPVS_CMD_DEL_DEST(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000240)={0x0, <r2=>0x0})
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x2000}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(0xffffffffffffffff, 0x4068aea3, &(0x7f0000000140)={0x7b})
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x40000004, 0x0, 0x0, 0x0, 0x4cb, 0x80000000], 0x10000})

[ 1901.909801][ T8564] FAT-fs (loop4): bogus number of reserved sectors
[ 1901.917029][ T8564] FAT-fs (loop4): Can't find a valid FAT filesystem
03:49:06 executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000007000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, &(0x7f0000000040))
ioctl$KVM_GET_REG_LIST(0xffffffffffffffff, 0xc008aeb0, 0x0)
dup(0xffffffffffffffff)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r3 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x48186, 0x0)
ioctl$int_in(r3, 0x0, &(0x7f0000000300))
socket$inet(0x2, 0x80001, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00')
sendmsg$IPVS_CMD_DEL_DEST(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x28, r5, 0x1, 0x0, 0x0, {}, [@IPVS_CMD_ATTR_SERVICE={0x14, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_PORT={0x6}, @IPVS_SVC_ATTR_PROTOCOL={0x6}]}]}, 0x28}}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000240)={0x0, <r6=>0x0})
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0xfeffffff}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r6+30000000}, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(r2, 0x4068aea3, &(0x7f0000000140)={0x7b})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x100, 0x40000004, 0x0, 0x0, 0x0, 0x4cb, 0x80000000], 0x10000})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

03:49:06 executing program 4:
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)}], 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r0 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r1 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r0, r1, 0x0, 0x8400fffffffa)
sendfile(r0, r1, 0x0, 0x280900)
timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x1c9c380}}, 0x0)
tkill(0x0, 0x401104000000016)

[ 1902.015871][ T8679] FAT-fs (loop2): bogus number of reserved sectors
[ 1902.028477][ T8679] FAT-fs (loop2): Can't find a valid FAT filesystem
[ 1902.215288][   T26] audit: type=1800 audit(1580356146.332:364): pid=8677 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.3" name="bus" dev="sda1" ino=16663 res=0
[ 1902.236880][   T26] audit: type=1800 audit(1580356146.522:365): pid=8679 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.2" name="bus" dev="sda1" ino=16670 res=0
03:49:06 executing program 4:
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r0 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r1 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r0, r1, 0x0, 0x8400fffffffa)
sendfile(r0, r1, 0x0, 0x280900)

03:49:07 executing program 3:
r0 = gettid()
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', 0x0, 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)}], 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r1 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r1, 0x800)
lseek(r1, 0x0, 0x2)
r2 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r1, r2, 0x0, 0x8400fffffffa)
sendfile(r1, r2, 0x0, 0x280900)
timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x1c9c380}}, 0x0)
tkill(r0, 0x401104000000016)

03:49:07 executing program 1:
r0 = gettid()
syz_mount_image$vfat(0x0, &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)}], 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r1 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r1, 0x800)
lseek(r1, 0x0, 0x2)
r2 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r1, r2, 0x0, 0x8400fffffffa)
sendfile(r1, r2, 0x0, 0x280900)
timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x1c9c380}}, 0x0)
tkill(r0, 0x401104000000016)

[ 1902.811867][ T8814] FAT-fs (loop4): bogus number of reserved sectors
03:49:07 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, 0x0)
openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x48186, 0x0)
ioctl$int_in(0xffffffffffffffff, 0x800000c004500a, &(0x7f0000000300))
socket$inet(0x2, 0x80001, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IPVS_CMD_DEL_DEST(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000240)={0x0, <r2=>0x0})
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x4000}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(0xffffffffffffffff, 0x4068aea3, &(0x7f0000000140)={0x7b})
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x40000004, 0x0, 0x0, 0x0, 0x4cb, 0x80000000], 0x10000})

[ 1902.857011][ T8814] FAT-fs (loop4): Can't find a valid FAT filesystem
03:49:07 executing program 2:
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x0, 0x0, 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r0 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r1 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r0, r1, 0x0, 0x8400fffffffa)
sendfile(r0, r1, 0x0, 0x280900)

[ 1902.995712][   T26] audit: type=1800 audit(1580356147.362:366): pid=8821 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.3" name="bus" dev="sda1" ino=16636 res=0
[ 1903.094964][   T26] audit: type=1800 audit(1580356147.462:367): pid=8930 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.1" name="bus" dev="sda1" ino=16656 res=0
03:49:07 executing program 4:
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r0 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r1 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r0, r1, 0x0, 0x8400fffffffa)
sendfile(r0, r1, 0x0, 0x280900)

[ 1903.240377][ T8938] FAT-fs (loop2): bogus number of reserved sectors
[ 1903.256722][ T8938] FAT-fs (loop2): Can't find a valid FAT filesystem
03:49:07 executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000007000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, &(0x7f0000000040))
ioctl$KVM_GET_REG_LIST(0xffffffffffffffff, 0xc008aeb0, 0x0)
dup(0xffffffffffffffff)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r3 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x48186, 0x0)
ioctl$int_in(r3, 0x0, &(0x7f0000000300))
socket$inet(0x2, 0x80001, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00')
sendmsg$IPVS_CMD_DEL_DEST(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x28, r5, 0x1, 0x0, 0x0, {}, [@IPVS_CMD_ATTR_SERVICE={0x14, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_PORT={0x6}, @IPVS_SVC_ATTR_PROTOCOL={0x6}]}]}, 0x28}}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000240)={0x0, <r6=>0x0})
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0xfffffdfe}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r6+30000000}, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(r2, 0x4068aea3, &(0x7f0000000140)={0x7b})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x100, 0x40000004, 0x0, 0x0, 0x0, 0x4cb, 0x80000000], 0x10000})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

[ 1903.302901][   T26] audit: type=1800 audit(1580356147.662:368): pid=8945 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.2" name="bus" dev="sda1" ino=16663 res=0
03:49:07 executing program 3:
r0 = gettid()
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', 0x0, 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)}], 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r1 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r1, 0x800)
lseek(r1, 0x0, 0x2)
r2 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r1, r2, 0x0, 0x8400fffffffa)
sendfile(r1, r2, 0x0, 0x280900)
timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x1c9c380}}, 0x0)
tkill(r0, 0x401104000000016)

[ 1903.408936][ T8948] FAT-fs (loop4): bogus number of reserved sectors
[ 1903.437150][ T8948] FAT-fs (loop4): Can't find a valid FAT filesystem
03:49:07 executing program 1:
r0 = gettid()
syz_mount_image$vfat(0x0, &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)}], 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r1 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r1, 0x800)
lseek(r1, 0x0, 0x2)
r2 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r1, r2, 0x0, 0x8400fffffffa)
sendfile(r1, r2, 0x0, 0x280900)
timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x1c9c380}}, 0x0)
tkill(r0, 0x401104000000016)

03:49:07 executing program 4:
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r0 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r1 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r0, r1, 0x0, 0x8400fffffffa)
sendfile(r0, r1, 0x0, 0x280900)

[ 1903.568945][   T26] audit: type=1800 audit(1580356147.932:369): pid=9063 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.3" name="bus" dev="sda1" ino=16561 res=0
[ 1903.705938][ T9068] FAT-fs (loop4): bogus number of reserved sectors
[ 1903.712923][ T9068] FAT-fs (loop4): Can't find a valid FAT filesystem
03:49:08 executing program 3:
r0 = gettid()
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', 0x0, 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)}], 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r1 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r1, 0x800)
lseek(r1, 0x0, 0x2)
r2 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r1, r2, 0x0, 0x8400fffffffa)
sendfile(r1, r2, 0x0, 0x280900)
timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x1c9c380}}, 0x0)
tkill(r0, 0x401104000000016)

03:49:08 executing program 4:
r0 = gettid()
syz_mount_image$vfat(0x0, &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)}], 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r1 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r1, 0x800)
lseek(r1, 0x0, 0x2)
r2 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r1, r2, 0x0, 0x8400fffffffa)
sendfile(r1, r2, 0x0, 0x280900)
timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x1c9c380}}, 0x0)
tkill(r0, 0x401104000000016)

[ 1903.909239][   T26] audit: type=1800 audit(1580356148.272:370): pid=9087 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.1" name="bus" dev="sda1" ino=16865 res=0
03:49:08 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, 0x0)
openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x48186, 0x0)
ioctl$int_in(0xffffffffffffffff, 0x800000c004500a, &(0x7f0000000300))
socket$inet(0x2, 0x80001, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IPVS_CMD_DEL_DEST(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000240)={0x0, <r2=>0x0})
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x401f}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(0xffffffffffffffff, 0x4068aea3, &(0x7f0000000140)={0x7b})
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x40000004, 0x0, 0x0, 0x0, 0x4cb, 0x80000000], 0x10000})

[ 1904.071785][   T26] audit: type=1800 audit(1580356148.432:371): pid=9184 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.3" name="bus" dev="sda1" ino=16769 res=0
03:49:08 executing program 4:
r0 = gettid()
syz_mount_image$vfat(0x0, &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)}], 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r1 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r1, 0x800)
lseek(r1, 0x0, 0x2)
r2 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r1, r2, 0x0, 0x8400fffffffa)
sendfile(r1, r2, 0x0, 0x280900)
timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x1c9c380}}, 0x0)
tkill(r0, 0x401104000000016)

03:49:08 executing program 2:
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x0, 0x0, 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r0 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r1 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r0, r1, 0x0, 0x8400fffffffa)
sendfile(r0, r1, 0x0, 0x280900)

03:49:08 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, 0x0)
openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x48186, 0x0)
ioctl$int_in(0xffffffffffffffff, 0x800000c004500a, &(0x7f0000000300))
socket$inet(0x2, 0x80001, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IPVS_CMD_DEL_DEST(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000240)={0x0, <r2=>0x0})
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x1f00}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(0xffffffffffffffff, 0x4068aea3, &(0x7f0000000140)={0x7b})
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x40000004, 0x0, 0x0, 0x0, 0x4cb, 0x80000000], 0x10000})

03:49:08 executing program 3:
r0 = gettid()
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)}], 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r1 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r1, 0x800)
lseek(r1, 0x0, 0x2)
r2 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r1, r2, 0x0, 0x8400fffffffa)
sendfile(r1, r2, 0x0, 0x280900)
timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x1c9c380}}, 0x0)
tkill(r0, 0x401104000000016)

03:49:08 executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000007000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, &(0x7f0000000040))
ioctl$KVM_GET_REG_LIST(0xffffffffffffffff, 0xc008aeb0, 0x0)
dup(0xffffffffffffffff)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r3 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x48186, 0x0)
ioctl$int_in(r3, 0x0, &(0x7f0000000300))
socket$inet(0x2, 0x80001, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00')
sendmsg$IPVS_CMD_DEL_DEST(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x28, r5, 0x1, 0x0, 0x0, {}, [@IPVS_CMD_ATTR_SERVICE={0x14, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_PORT={0x6}, @IPVS_SVC_ATTR_PROTOCOL={0x6}]}]}, 0x28}}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000240)={0x0, <r6=>0x0})
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0xffffff7f}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r6+30000000}, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(r2, 0x4068aea3, &(0x7f0000000140)={0x7b})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x100, 0x40000004, 0x0, 0x0, 0x0, 0x4cb, 0x80000000], 0x10000})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

[ 1904.509017][ T9324] FAT-fs (loop2): bogus number of reserved sectors
[ 1904.518466][ T9324] FAT-fs (loop2): Can't find a valid FAT filesystem
[ 1904.623375][ T9351] FAT-fs (loop3): bogus number of reserved sectors
[ 1904.630054][   T26] audit: type=1800 audit(1580356148.992:372): pid=9438 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.3" name="bus" dev="sda1" ino=16849 res=0
03:49:09 executing program 4:
r0 = gettid()
syz_mount_image$vfat(0x0, &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)}], 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r1 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r1, 0x800)
lseek(r1, 0x0, 0x2)
r2 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r1, r2, 0x0, 0x8400fffffffa)
sendfile(r1, r2, 0x0, 0x280900)
timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x1c9c380}}, 0x0)
tkill(r0, 0x401104000000016)

[ 1904.705897][ T9351] FAT-fs (loop3): Can't find a valid FAT filesystem
03:49:09 executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000007000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, &(0x7f0000000040))
ioctl$KVM_GET_REG_LIST(0xffffffffffffffff, 0xc008aeb0, 0x0)
dup(0xffffffffffffffff)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r3 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x48186, 0x0)
ioctl$int_in(r3, 0x0, &(0x7f0000000300))
socket$inet(0x2, 0x80001, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00')
sendmsg$IPVS_CMD_DEL_DEST(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x28, r5, 0x1, 0x0, 0x0, {}, [@IPVS_CMD_ATTR_SERVICE={0x14, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_PORT={0x6}, @IPVS_SVC_ATTR_PROTOCOL={0x6}]}]}, 0x28}}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000240)={0x0, <r6=>0x0})
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0xfffffffe}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r6+30000000}, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(r2, 0x4068aea3, &(0x7f0000000140)={0x7b})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x100, 0x40000004, 0x0, 0x0, 0x0, 0x4cb, 0x80000000], 0x10000})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

03:49:09 executing program 3:
r0 = gettid()
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)}], 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r1 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r1, 0x800)
lseek(r1, 0x0, 0x2)
r2 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r1, r2, 0x0, 0x8400fffffffa)
sendfile(r1, r2, 0x0, 0x280900)
timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x1c9c380}}, 0x0)
tkill(r0, 0x401104000000016)

03:49:09 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, 0x0)
openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x48186, 0x0)
ioctl$int_in(0xffffffffffffffff, 0x800000c004500a, &(0x7f0000000300))
socket$inet(0x2, 0x80001, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IPVS_CMD_DEL_DEST(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000240)={0x0, <r2=>0x0})
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x4d01}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(0xffffffffffffffff, 0x4068aea3, &(0x7f0000000140)={0x7b})
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x40000004, 0x0, 0x0, 0x0, 0x4cb, 0x80000000], 0x10000})

[ 1905.135021][ T9563] FAT-fs (loop3): bogus number of reserved sectors
[ 1905.165124][ T9563] FAT-fs (loop3): Can't find a valid FAT filesystem
03:49:09 executing program 4:
r0 = gettid()
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)}], 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r1 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r1, 0x800)
lseek(r1, 0x0, 0x2)
r2 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r1, r2, 0x0, 0x8400fffffffa)
sendfile(r1, r2, 0x0, 0x280900)
timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x1c9c380}}, 0x0)
tkill(r0, 0x401104000000016)

03:49:09 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, 0x0)
openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x48186, 0x0)
ioctl$int_in(0xffffffffffffffff, 0x800000c004500a, &(0x7f0000000300))
socket$inet(0x2, 0x80001, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IPVS_CMD_DEL_DEST(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000240)={0x0, <r2=>0x0})
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x1f00}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(0xffffffffffffffff, 0x4068aea3, &(0x7f0000000140)={0x7b})
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x40000004, 0x0, 0x0, 0x0, 0x4cb, 0x80000000], 0x10000})

[ 1905.363850][ T9576] FAT-fs (loop4): bogus number of reserved sectors
[ 1905.376923][ T9576] FAT-fs (loop4): Can't find a valid FAT filesystem
03:49:09 executing program 2:
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x0, &(0x7f0000000140), 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r0 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r1 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r0, r1, 0x0, 0x8400fffffffa)
sendfile(r0, r1, 0x0, 0x280900)

03:49:09 executing program 3:
r0 = gettid()
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)}], 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r1 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r1, 0x800)
lseek(r1, 0x0, 0x2)
r2 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r1, r2, 0x0, 0x8400fffffffa)
sendfile(r1, r2, 0x0, 0x280900)
timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x1c9c380}}, 0x0)
tkill(r0, 0x401104000000016)

03:49:10 executing program 4:
r0 = gettid()
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)}], 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r1 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r1, 0x800)
lseek(r1, 0x0, 0x2)
r2 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r1, r2, 0x0, 0x8400fffffffa)
sendfile(r1, r2, 0x0, 0x280900)
timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x1c9c380}}, 0x0)
tkill(r0, 0x401104000000016)

[ 1905.615697][ T9690] FAT-fs (loop3): bogus number of reserved sectors
[ 1905.626482][ T9690] FAT-fs (loop3): Can't find a valid FAT filesystem
[ 1905.657490][ T9689] FAT-fs (loop2): bogus number of reserved sectors
[ 1905.669842][ T9689] FAT-fs (loop2): Can't find a valid FAT filesystem
03:49:10 executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000007000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, &(0x7f0000000040))
ioctl$KVM_GET_REG_LIST(0xffffffffffffffff, 0xc008aeb0, 0x0)
dup(0xffffffffffffffff)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r3 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x48186, 0x0)
ioctl$int_in(r3, 0x0, &(0x7f0000000300))
socket$inet(0x2, 0x80001, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00')
sendmsg$IPVS_CMD_DEL_DEST(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x28, r5, 0x1, 0x0, 0x0, {}, [@IPVS_CMD_ATTR_SERVICE={0x14, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_PORT={0x6}, @IPVS_SVC_ATTR_PROTOCOL={0x6}]}]}, 0x28}}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000240)={0x0, <r6=>0x0})
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x10000000000}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r6+30000000}, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(r2, 0x4068aea3, &(0x7f0000000140)={0x7b})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x100, 0x40000004, 0x0, 0x0, 0x0, 0x4cb, 0x80000000], 0x10000})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

03:49:10 executing program 3:
r0 = gettid()
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x0, 0x0, 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r1 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r1, 0x800)
lseek(r1, 0x0, 0x2)
r2 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r1, r2, 0x0, 0x8400fffffffa)
sendfile(r1, r2, 0x0, 0x280900)
timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x1c9c380}}, 0x0)
tkill(r0, 0x401104000000016)

[ 1905.815954][ T9704] FAT-fs (loop4): bogus number of reserved sectors
[ 1905.843309][ T9704] FAT-fs (loop4): Can't find a valid FAT filesystem
03:49:10 executing program 4:
r0 = gettid()
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)}], 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r1 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r1, 0x800)
lseek(r1, 0x0, 0x2)
r2 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r1, r2, 0x0, 0x8400fffffffa)
sendfile(r1, r2, 0x0, 0x280900)
timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x1c9c380}}, 0x0)
tkill(r0, 0x401104000000016)

[ 1906.072086][ T9816] FAT-fs (loop3): bogus number of reserved sectors
[ 1906.093042][ T9816] FAT-fs (loop3): Can't find a valid FAT filesystem
[ 1906.104839][ T9822] FAT-fs (loop4): bogus number of reserved sectors
[ 1906.113597][ T9822] FAT-fs (loop4): Can't find a valid FAT filesystem
03:49:10 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, 0x0)
openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x48186, 0x0)
ioctl$int_in(0xffffffffffffffff, 0x800000c004500a, &(0x7f0000000300))
socket$inet(0x2, 0x80001, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IPVS_CMD_DEL_DEST(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000240)={0x0, <r2=>0x0})
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x6400}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(0xffffffffffffffff, 0x4068aea3, &(0x7f0000000140)={0x7b})
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x40000004, 0x0, 0x0, 0x0, 0x4cb, 0x80000000], 0x10000})

03:49:10 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, 0x0)
openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x48186, 0x0)
ioctl$int_in(0xffffffffffffffff, 0x800000c004500a, &(0x7f0000000300))
socket$inet(0x2, 0x80001, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IPVS_CMD_DEL_DEST(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000240)={0x0, <r2=>0x0})
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x1f00}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(0xffffffffffffffff, 0x4068aea3, &(0x7f0000000140)={0x7b})
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x40000004, 0x0, 0x0, 0x0, 0x4cb, 0x80000000], 0x10000})

03:49:10 executing program 4:
r0 = gettid()
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)}], 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r1 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r1, 0x800)
lseek(r1, 0x0, 0x2)
r2 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r1, r2, 0x0, 0x8400fffffffa)
sendfile(r1, r2, 0x0, 0x280900)
timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x1c9c380}}, 0x0)
tkill(r0, 0x401104000000016)

03:49:10 executing program 3:
r0 = gettid()
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x0, 0x0, 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r1 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r1, 0x800)
lseek(r1, 0x0, 0x2)
r2 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r1, r2, 0x0, 0x8400fffffffa)
sendfile(r1, r2, 0x0, 0x280900)
timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x1c9c380}}, 0x0)
tkill(r0, 0x401104000000016)

03:49:10 executing program 2:
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x0, &(0x7f0000000140), 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r0 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r1 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r0, r1, 0x0, 0x8400fffffffa)
sendfile(r0, r1, 0x0, 0x280900)

[ 1906.504272][ T9942] FAT-fs (loop4): bogus number of reserved sectors
[ 1906.511805][ T9942] FAT-fs (loop4): Can't find a valid FAT filesystem
[ 1906.656641][ T9955] FAT-fs (loop2): bogus number of reserved sectors
[ 1906.681991][ T9955] FAT-fs (loop2): Can't find a valid FAT filesystem
[ 1906.709723][ T9954] FAT-fs (loop3): bogus number of reserved sectors
03:49:11 executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000007000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, &(0x7f0000000040))
ioctl$KVM_GET_REG_LIST(0xffffffffffffffff, 0xc008aeb0, 0x0)
dup(0xffffffffffffffff)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r3 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x48186, 0x0)
ioctl$int_in(r3, 0x0, &(0x7f0000000300))
socket$inet(0x2, 0x80001, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00')
sendmsg$IPVS_CMD_DEL_DEST(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x28, r5, 0x1, 0x0, 0x0, {}, [@IPVS_CMD_ATTR_SERVICE={0x14, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_PORT={0x6}, @IPVS_SVC_ATTR_PROTOCOL={0x6}]}]}, 0x28}}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000240)={0x0, <r6=>0x0})
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1501e14b21c}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r6+30000000}, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(r2, 0x4068aea3, &(0x7f0000000140)={0x7b})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x100, 0x40000004, 0x0, 0x0, 0x0, 0x4cb, 0x80000000], 0x10000})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

[ 1906.863351][ T9954] FAT-fs (loop3): Can't find a valid FAT filesystem
03:49:11 executing program 4:
r0 = gettid()
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)}], 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r1 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r1, 0x800)
lseek(r1, 0x0, 0x2)
r2 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r1, r2, 0x0, 0x8400fffffffa)
sendfile(r1, r2, 0x0, 0x280900)
timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x1c9c380}}, 0x0)
tkill(r0, 0x401104000000016)

03:49:11 executing program 3:
r0 = gettid()
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x0, 0x0, 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r1 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r1, 0x800)
lseek(r1, 0x0, 0x2)
r2 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r1, r2, 0x0, 0x8400fffffffa)
sendfile(r1, r2, 0x0, 0x280900)
timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x1c9c380}}, 0x0)
tkill(r0, 0x401104000000016)

[ 1907.077603][T10072] FAT-fs (loop4): bogus number of reserved sectors
[ 1907.102049][T10072] FAT-fs (loop4): Can't find a valid FAT filesystem
03:49:11 executing program 4:
r0 = gettid()
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)}], 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r1 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r1, 0x800)
lseek(r1, 0x0, 0x2)
r2 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r1, r2, 0x0, 0x8400fffffffa)
sendfile(r1, r2, 0x0, 0x280900)
timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x1c9c380}}, 0x0)
tkill(r0, 0x401104000000016)

[ 1907.259644][T10173] FAT-fs (loop3): bogus number of reserved sectors
03:49:11 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, 0x0)
openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x48186, 0x0)
ioctl$int_in(0xffffffffffffffff, 0x800000c004500a, &(0x7f0000000300))
socket$inet(0x2, 0x80001, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IPVS_CMD_DEL_DEST(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000240)={0x0, <r2=>0x0})
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x7c15}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(0xffffffffffffffff, 0x4068aea3, &(0x7f0000000140)={0x7b})
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x40000004, 0x0, 0x0, 0x0, 0x4cb, 0x80000000], 0x10000})

03:49:11 executing program 1:
r0 = gettid()
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x0, 0x0, 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r1 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r1, 0x800)
lseek(r1, 0x0, 0x2)
r2 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r1, r2, 0x0, 0x8400fffffffa)
sendfile(r1, r2, 0x0, 0x280900)
timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x1c9c380}}, 0x0)
tkill(r0, 0x401104000000016)

[ 1907.322198][T10173] FAT-fs (loop3): Can't find a valid FAT filesystem
[ 1907.357022][T10187] FAT-fs (loop4): bogus number of reserved sectors
[ 1907.363771][T10187] FAT-fs (loop4): Can't find a valid FAT filesystem
[ 1907.394891][   T26] kauditd_printk_skb: 8 callbacks suppressed
[ 1907.394933][   T26] audit: type=1800 audit(1580356151.762:381): pid=10189 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.3" name="bus" dev="sda1" ino=16561 res=0
03:49:11 executing program 2:
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x0, &(0x7f0000000140), 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r0 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r1 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r0, r1, 0x0, 0x8400fffffffa)
sendfile(r0, r1, 0x0, 0x280900)

03:49:12 executing program 4:
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x0, &(0x7f0000000140), 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r0 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r1 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r0, r1, 0x0, 0x8400fffffffa)
sendfile(r0, r1, 0x0, 0x280900)

[ 1907.672135][T10303] FAT-fs (loop1): bogus number of reserved sectors
03:49:12 executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000007000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, &(0x7f0000000040))
ioctl$KVM_GET_REG_LIST(0xffffffffffffffff, 0xc008aeb0, 0x0)
dup(0xffffffffffffffff)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r3 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x48186, 0x0)
ioctl$int_in(r3, 0x0, &(0x7f0000000300))
socket$inet(0x2, 0x80001, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00')
sendmsg$IPVS_CMD_DEL_DEST(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x28, r5, 0x1, 0x0, 0x0, {}, [@IPVS_CMD_ATTR_SERVICE={0x14, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_PORT={0x6}, @IPVS_SVC_ATTR_PROTOCOL={0x6}]}]}, 0x28}}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000240)={0x0, <r6=>0x0})
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1000000000000}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r6+30000000}, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(r2, 0x4068aea3, &(0x7f0000000140)={0x7b})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x100, 0x40000004, 0x0, 0x0, 0x0, 0x4cb, 0x80000000], 0x10000})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

[ 1907.723885][T10309] FAT-fs (loop4): bogus number of reserved sectors
[ 1907.730426][T10309] FAT-fs (loop4): Can't find a valid FAT filesystem
[ 1907.742352][T10303] FAT-fs (loop1): Can't find a valid FAT filesystem
03:49:12 executing program 3:
r0 = gettid()
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x0, &(0x7f0000000140), 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r1 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r1, 0x800)
lseek(r1, 0x0, 0x2)
r2 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r1, r2, 0x0, 0x8400fffffffa)
sendfile(r1, r2, 0x0, 0x280900)
timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x1c9c380}}, 0x0)
tkill(r0, 0x401104000000016)

[ 1907.772721][   T26] audit: type=1800 audit(1580356152.132:382): pid=10311 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.1" name="bus" dev="sda1" ino=16706 res=0
[ 1907.842179][T10316] FAT-fs (loop3): bogus number of reserved sectors
[ 1907.848886][T10316] FAT-fs (loop3): Can't find a valid FAT filesystem
[ 1907.983471][   T26] audit: type=1800 audit(1580356152.342:383): pid=10326 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.3" name="bus" dev="sda1" ino=16961 res=0
[ 1908.027336][T10322] FAT-fs (loop2): bogus number of reserved sectors
[ 1908.035187][T10322] FAT-fs (loop2): Can't find a valid FAT filesystem
[ 1908.113248][   T26] audit: type=1800 audit(1580356152.342:384): pid=10309 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.4" name="bus" dev="sda1" ino=16713 res=0
03:49:12 executing program 4:
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x0, &(0x7f0000000140), 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r0 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r1 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r0, r1, 0x0, 0x8400fffffffa)
sendfile(r0, r1, 0x0, 0x280900)

03:49:12 executing program 3:
r0 = gettid()
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x0, &(0x7f0000000140), 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r1 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r1, 0x800)
lseek(r1, 0x0, 0x2)
r2 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r1, r2, 0x0, 0x8400fffffffa)
sendfile(r1, r2, 0x0, 0x280900)
timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x1c9c380}}, 0x0)
tkill(r0, 0x401104000000016)

[ 1908.258401][   T26] audit: type=1800 audit(1580356152.452:385): pid=10322 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.2" name="bus" dev="sda1" ino=16993 res=0
03:49:12 executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000007000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, &(0x7f0000000040))
ioctl$KVM_GET_REG_LIST(0xffffffffffffffff, 0xc008aeb0, 0x0)
dup(0xffffffffffffffff)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r3 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x48186, 0x0)
ioctl$int_in(r3, 0x0, &(0x7f0000000300))
socket$inet(0x2, 0x80001, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00')
sendmsg$IPVS_CMD_DEL_DEST(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x28, r5, 0x1, 0x0, 0x0, {}, [@IPVS_CMD_ATTR_SERVICE={0x14, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_PORT={0x6}, @IPVS_SVC_ATTR_PROTOCOL={0x6}]}]}, 0x28}}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000240)={0x0, <r6=>0x0})
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x10000000000000}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r6+30000000}, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(r2, 0x4068aea3, &(0x7f0000000140)={0x7b})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x100, 0x40000004, 0x0, 0x0, 0x0, 0x4cb, 0x80000000], 0x10000})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

03:49:12 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, 0x0)
openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x48186, 0x0)
ioctl$int_in(0xffffffffffffffff, 0x800000c004500a, &(0x7f0000000300))
socket$inet(0x2, 0x80001, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IPVS_CMD_DEL_DEST(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000240)={0x0, <r2=>0x0})
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x9a02}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(0xffffffffffffffff, 0x4068aea3, &(0x7f0000000140)={0x7b})
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x40000004, 0x0, 0x0, 0x0, 0x4cb, 0x80000000], 0x10000})

[ 1908.513967][T10448] FAT-fs (loop3): bogus number of reserved sectors
[ 1908.545573][T10448] FAT-fs (loop3): Can't find a valid FAT filesystem
[ 1908.547415][T10447] FAT-fs (loop4): bogus number of reserved sectors
03:49:12 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, 0x0)
openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x48186, 0x0)
ioctl$int_in(0xffffffffffffffff, 0x800000c004500a, &(0x7f0000000300))
socket$inet(0x2, 0x80001, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IPVS_CMD_DEL_DEST(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000240)={0x0, <r2=>0x0})
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x7c15}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(0xffffffffffffffff, 0x4068aea3, &(0x7f0000000140)={0x7b})
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x40000004, 0x0, 0x0, 0x0, 0x4cb, 0x80000000], 0x10000})

[ 1908.609567][T10447] FAT-fs (loop4): Can't find a valid FAT filesystem
[ 1908.657209][   T26] audit: type=1800 audit(1580356153.022:386): pid=10458 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.3" name="bus" dev="sda1" ino=16684 res=0
03:49:13 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, 0x0)
openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x48186, 0x0)
ioctl$int_in(0xffffffffffffffff, 0x800000c004500a, &(0x7f0000000300))
socket$inet(0x2, 0x80001, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IPVS_CMD_DEL_DEST(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000240)={0x0, <r2=>0x0})
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0xa605}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(0xffffffffffffffff, 0x4068aea3, &(0x7f0000000140)={0x7b})
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x40000004, 0x0, 0x0, 0x0, 0x4cb, 0x80000000], 0x10000})

03:49:13 executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000007000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, &(0x7f0000000040))
ioctl$KVM_GET_REG_LIST(0xffffffffffffffff, 0xc008aeb0, 0x0)
dup(0xffffffffffffffff)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r3 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x48186, 0x0)
ioctl$int_in(r3, 0x0, &(0x7f0000000300))
socket$inet(0x2, 0x80001, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00')
sendmsg$IPVS_CMD_DEL_DEST(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x28, r5, 0x1, 0x0, 0x0, {}, [@IPVS_CMD_ATTR_SERVICE={0x14, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_PORT={0x6}, @IPVS_SVC_ATTR_PROTOCOL={0x6}]}]}, 0x28}}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000240)={0x0, <r6=>0x0})
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x40000000000000}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r6+30000000}, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(r2, 0x4068aea3, &(0x7f0000000140)={0x7b})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x100, 0x40000004, 0x0, 0x0, 0x0, 0x4cb, 0x80000000], 0x10000})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

03:49:13 executing program 3:
r0 = gettid()
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x0, &(0x7f0000000140), 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r1 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r1, 0x800)
lseek(r1, 0x0, 0x2)
r2 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r1, r2, 0x0, 0x8400fffffffa)
sendfile(r1, r2, 0x0, 0x280900)
timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x1c9c380}}, 0x0)
tkill(r0, 0x401104000000016)

03:49:13 executing program 2:
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{0x0}], 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r0 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r1 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r0, r1, 0x0, 0x8400fffffffa)
sendfile(r0, r1, 0x0, 0x280900)

03:49:13 executing program 4:
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x0, &(0x7f0000000140), 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r0 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r1 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r0, r1, 0x0, 0x8400fffffffa)
sendfile(r0, r1, 0x0, 0x280900)

[ 1909.094237][T10591] FAT-fs (loop3): bogus number of reserved sectors
[ 1909.104509][T10591] FAT-fs (loop3): Can't find a valid FAT filesystem
[ 1909.174932][   T26] audit: type=1800 audit(1580356153.542:387): pid=10591 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.3" name="bus" dev="sda1" ino=16684 res=0
[ 1909.240675][T10596] FAT-fs (loop4): bogus number of reserved sectors
[ 1909.269608][T10596] FAT-fs (loop4): Can't find a valid FAT filesystem
[ 1909.345126][T10604] FAT-fs (loop2): bogus number of reserved sectors
03:49:13 executing program 3:
r0 = gettid()
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{0x0}], 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r1 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r1, 0x800)
lseek(r1, 0x0, 0x2)
r2 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r1, r2, 0x0, 0x8400fffffffa)
sendfile(r1, r2, 0x0, 0x280900)
timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x1c9c380}}, 0x0)
tkill(r0, 0x401104000000016)

[ 1909.402030][T10604] FAT-fs (loop2): Can't find a valid FAT filesystem
03:49:13 executing program 4:
r0 = gettid()
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x0, &(0x7f0000000140), 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r1 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r1, 0x800)
lseek(r1, 0x0, 0x2)
r2 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r1, r2, 0x0, 0x8400fffffffa)
sendfile(r1, r2, 0x0, 0x280900)
timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x1c9c380}}, 0x0)
tkill(r0, 0x401104000000016)

03:49:13 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, 0x0)
openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x48186, 0x0)
ioctl$int_in(0xffffffffffffffff, 0x800000c004500a, &(0x7f0000000300))
socket$inet(0x2, 0x80001, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IPVS_CMD_DEL_DEST(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000240)={0x0, <r2=>0x0})
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x2000b}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(0xffffffffffffffff, 0x4068aea3, &(0x7f0000000140)={0x7b})
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x40000004, 0x0, 0x0, 0x0, 0x4cb, 0x80000000], 0x10000})

[ 1909.499219][   T26] audit: type=1800 audit(1580356153.862:388): pid=10604 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.2" name="bus" dev="sda1" ino=16641 res=0
03:49:13 executing program 1:
r0 = gettid()
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x0, 0x0, 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r1 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r1, 0x800)
lseek(r1, 0x0, 0x2)
r2 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r1, r2, 0x0, 0x8400fffffffa)
sendfile(r1, r2, 0x0, 0x280900)
timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x1c9c380}}, 0x0)
tkill(r0, 0x401104000000016)

[ 1909.553391][T10714] FAT-fs (loop3): bogus number of reserved sectors
[ 1909.573674][T10714] FAT-fs (loop3): Can't find a valid FAT filesystem
[ 1909.612659][T10721] FAT-fs (loop1): bogus number of reserved sectors
[ 1909.619374][T10721] FAT-fs (loop1): Can't find a valid FAT filesystem
[ 1909.633047][   T26] audit: type=1800 audit(1580356153.992:389): pid=10723 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.3" name="bus" dev="sda1" ino=16679 res=0
[ 1909.797560][   T26] audit: type=1800 audit(1580356154.092:390): pid=10727 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.1" name="bus" dev="sda1" ino=16632 res=0
03:49:14 executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000007000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, &(0x7f0000000040))
ioctl$KVM_GET_REG_LIST(0xffffffffffffffff, 0xc008aeb0, 0x0)
dup(0xffffffffffffffff)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r3 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x48186, 0x0)
ioctl$int_in(r3, 0x0, &(0x7f0000000300))
socket$inet(0x2, 0x80001, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00')
sendmsg$IPVS_CMD_DEL_DEST(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x28, r5, 0x1, 0x0, 0x0, {}, [@IPVS_CMD_ATTR_SERVICE={0x14, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_PORT={0x6}, @IPVS_SVC_ATTR_PROTOCOL={0x6}]}]}, 0x28}}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000240)={0x0, <r6=>0x0})
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x80000000000000}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r6+30000000}, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(r2, 0x4068aea3, &(0x7f0000000140)={0x7b})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x100, 0x40000004, 0x0, 0x0, 0x0, 0x4cb, 0x80000000], 0x10000})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

[ 1909.868629][T10732] FAT-fs (loop4): bogus number of reserved sectors
[ 1909.877551][T10732] FAT-fs (loop4): Can't find a valid FAT filesystem
03:49:14 executing program 4:
r0 = gettid()
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x0, &(0x7f0000000140), 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r1 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r1, 0x800)
lseek(r1, 0x0, 0x2)
r2 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r1, r2, 0x0, 0x8400fffffffa)
sendfile(r1, r2, 0x0, 0x280900)
timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x1c9c380}}, 0x0)
tkill(r0, 0x401104000000016)

03:49:14 executing program 1:
r0 = gettid()
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x0, 0x0, 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r1 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r1, 0x800)
lseek(r1, 0x0, 0x2)
r2 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r1, r2, 0x0, 0x8400fffffffa)
sendfile(r1, r2, 0x0, 0x280900)
timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x1c9c380}}, 0x0)
tkill(r0, 0x401104000000016)

[ 1910.296929][T10853] FAT-fs (loop4): bogus number of reserved sectors
03:49:14 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, 0x0)
openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x48186, 0x0)
ioctl$int_in(0xffffffffffffffff, 0x800000c004500a, &(0x7f0000000300))
socket$inet(0x2, 0x80001, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IPVS_CMD_DEL_DEST(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000240)={0x0, <r2=>0x0})
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x7d000}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(0xffffffffffffffff, 0x4068aea3, &(0x7f0000000140)={0x7b})
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x40000004, 0x0, 0x0, 0x0, 0x4cb, 0x80000000], 0x10000})

03:49:14 executing program 2:
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{0x0}], 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r0 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r1 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r0, r1, 0x0, 0x8400fffffffa)
sendfile(r0, r1, 0x0, 0x280900)

[ 1910.337582][T10853] FAT-fs (loop4): Can't find a valid FAT filesystem
03:49:14 executing program 3:
r0 = gettid()
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{0x0}], 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r1 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r1, 0x800)
lseek(r1, 0x0, 0x2)
r2 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r1, r2, 0x0, 0x8400fffffffa)
sendfile(r1, r2, 0x0, 0x280900)
timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x1c9c380}}, 0x0)
tkill(r0, 0x401104000000016)

03:49:14 executing program 4:
r0 = gettid()
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x0, &(0x7f0000000140), 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r1 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r1, 0x800)
lseek(r1, 0x0, 0x2)
r2 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r1, r2, 0x0, 0x8400fffffffa)
sendfile(r1, r2, 0x0, 0x280900)
timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x1c9c380}}, 0x0)
tkill(r0, 0x401104000000016)

[ 1910.565827][T10966] FAT-fs (loop1): bogus number of reserved sectors
[ 1910.576348][T10972] FAT-fs (loop2): bogus number of reserved sectors
[ 1910.586401][T10973] FAT-fs (loop3): bogus number of reserved sectors
[ 1910.593802][T10972] FAT-fs (loop2): Can't find a valid FAT filesystem
[ 1910.600463][T10966] FAT-fs (loop1): Can't find a valid FAT filesystem
[ 1910.607150][T10973] FAT-fs (loop3): Can't find a valid FAT filesystem
[ 1910.917330][T10991] FAT-fs (loop4): bogus number of reserved sectors
03:49:15 executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000007000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, &(0x7f0000000040))
ioctl$KVM_GET_REG_LIST(0xffffffffffffffff, 0xc008aeb0, 0x0)
dup(0xffffffffffffffff)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r3 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x48186, 0x0)
ioctl$int_in(r3, 0x0, &(0x7f0000000300))
socket$inet(0x2, 0x80001, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00')
sendmsg$IPVS_CMD_DEL_DEST(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x28, r5, 0x1, 0x0, 0x0, {}, [@IPVS_CMD_ATTR_SERVICE={0x14, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_PORT={0x6}, @IPVS_SVC_ATTR_PROTOCOL={0x6}]}]}, 0x28}}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000240)={0x0, <r6=>0x0})
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x803e0000000000}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r6+30000000}, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(r2, 0x4068aea3, &(0x7f0000000140)={0x7b})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x100, 0x40000004, 0x0, 0x0, 0x0, 0x4cb, 0x80000000], 0x10000})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

[ 1910.980047][T10991] FAT-fs (loop4): Can't find a valid FAT filesystem
03:49:15 executing program 1:
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{0x0}], 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r0 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r1 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r0, r1, 0x0, 0x8400fffffffa)
sendfile(r0, r1, 0x0, 0x280900)

03:49:15 executing program 3:
r0 = gettid()
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{0x0}], 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r1 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r1, 0x800)
lseek(r1, 0x0, 0x2)
r2 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r1, r2, 0x0, 0x8400fffffffa)
sendfile(r1, r2, 0x0, 0x280900)
timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x1c9c380}}, 0x0)
tkill(r0, 0x401104000000016)

[ 1911.246912][T11110] FAT-fs (loop1): bogus number of reserved sectors
[ 1911.260209][T11110] FAT-fs (loop1): Can't find a valid FAT filesystem
[ 1911.269454][T11112] FAT-fs (loop3): bogus number of reserved sectors
[ 1911.276279][T11112] FAT-fs (loop3): Can't find a valid FAT filesystem
03:49:15 executing program 4:
r0 = gettid()
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x0, 0x0, 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r1 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r1, 0x800)
lseek(r1, 0x0, 0x2)
r2 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r1, r2, 0x0, 0x8400fffffffa)
sendfile(r1, r2, 0x0, 0x280900)
timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x1c9c380}}, 0x0)
tkill(r0, 0x401104000000016)

03:49:15 executing program 2:
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{0x0}], 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r0 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r1 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r0, r1, 0x0, 0x8400fffffffa)
sendfile(r0, r1, 0x0, 0x280900)

[ 1911.581695][T11130] FAT-fs (loop4): bogus number of reserved sectors
[ 1911.595200][T11130] FAT-fs (loop4): Can't find a valid FAT filesystem
03:49:16 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, 0x0)
openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x48186, 0x0)
ioctl$int_in(0xffffffffffffffff, 0x800000c004500a, &(0x7f0000000300))
socket$inet(0x2, 0x80001, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IPVS_CMD_DEL_DEST(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000240)={0x0, <r2=>0x0})
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x100000}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(0xffffffffffffffff, 0x4068aea3, &(0x7f0000000140)={0x7b})
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x40000004, 0x0, 0x0, 0x0, 0x4cb, 0x80000000], 0x10000})

03:49:16 executing program 3:
r0 = gettid()
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)}], 0x0, 0x0)
chdir(0x0)
r1 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r1, 0x800)
lseek(r1, 0x0, 0x2)
r2 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r1, r2, 0x0, 0x8400fffffffa)
sendfile(r1, r2, 0x0, 0x280900)
timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x1c9c380}}, 0x0)
tkill(r0, 0x401104000000016)

[ 1911.642481][T11134] FAT-fs (loop2): bogus number of reserved sectors
[ 1911.654268][T11134] FAT-fs (loop2): Can't find a valid FAT filesystem
03:49:16 executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000007000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, &(0x7f0000000040))
ioctl$KVM_GET_REG_LIST(0xffffffffffffffff, 0xc008aeb0, 0x0)
dup(0xffffffffffffffff)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r3 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x48186, 0x0)
ioctl$int_in(r3, 0x0, &(0x7f0000000300))
socket$inet(0x2, 0x80001, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00')
sendmsg$IPVS_CMD_DEL_DEST(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x28, r5, 0x1, 0x0, 0x0, {}, [@IPVS_CMD_ATTR_SERVICE={0x14, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_PORT={0x6}, @IPVS_SVC_ATTR_PROTOCOL={0x6}]}]}, 0x28}}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000240)={0x0, <r6=>0x0})
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0xd0070000000000}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r6+30000000}, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(r2, 0x4068aea3, &(0x7f0000000140)={0x7b})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x100, 0x40000004, 0x0, 0x0, 0x0, 0x4cb, 0x80000000], 0x10000})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

[ 1911.911553][T11247] FAT-fs (loop3): bogus number of reserved sectors
[ 1911.949819][T11247] FAT-fs (loop3): Can't find a valid FAT filesystem
03:49:16 executing program 4:
r0 = gettid()
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x0, 0x0, 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r1 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r1, 0x800)
lseek(r1, 0x0, 0x2)
r2 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r1, r2, 0x0, 0x8400fffffffa)
sendfile(r1, r2, 0x0, 0x280900)
timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x1c9c380}}, 0x0)
tkill(r0, 0x401104000000016)

03:49:16 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, 0x0)
openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x48186, 0x0)
ioctl$int_in(0xffffffffffffffff, 0x800000c004500a, &(0x7f0000000300))
socket$inet(0x2, 0x80001, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IPVS_CMD_DEL_DEST(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000240)={0x0, <r2=>0x0})
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x3e8000}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(0xffffffffffffffff, 0x4068aea3, &(0x7f0000000140)={0x7b})
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x40000004, 0x0, 0x0, 0x0, 0x4cb, 0x80000000], 0x10000})

[ 1912.257536][T11268] FAT-fs (loop4): bogus number of reserved sectors
[ 1912.310217][T11268] FAT-fs (loop4): Can't find a valid FAT filesystem
03:49:16 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, 0x0)
openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x48186, 0x0)
ioctl$int_in(0xffffffffffffffff, 0x800000c004500a, &(0x7f0000000300))
socket$inet(0x2, 0x80001, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IPVS_CMD_DEL_DEST(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000240)={0x0, <r2=>0x0})
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x100000}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(0xffffffffffffffff, 0x4068aea3, &(0x7f0000000140)={0x7b})
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x40000004, 0x0, 0x0, 0x0, 0x4cb, 0x80000000], 0x10000})

03:49:16 executing program 3:
r0 = gettid()
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)}], 0x0, 0x0)
chdir(0x0)
r1 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r1, 0x800)
lseek(r1, 0x0, 0x2)
r2 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r1, r2, 0x0, 0x8400fffffffa)
sendfile(r1, r2, 0x0, 0x280900)
timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x1c9c380}}, 0x0)
tkill(r0, 0x401104000000016)

[ 1912.545029][T11380] FAT-fs (loop3): bogus number of reserved sectors
[ 1912.561648][T11380] FAT-fs (loop3): Can't find a valid FAT filesystem
03:49:17 executing program 2:
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)}], 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r0 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r1 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r0, r1, 0x0, 0x8400fffffffa)
sendfile(r0, r1, 0x0, 0x280900)

03:49:17 executing program 4:
r0 = gettid()
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x0, 0x0, 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r1 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r1, 0x800)
lseek(r1, 0x0, 0x2)
r2 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r1, r2, 0x0, 0x8400fffffffa)
sendfile(r1, r2, 0x0, 0x280900)
timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x1c9c380}}, 0x0)
tkill(r0, 0x401104000000016)

[ 1912.615642][   T26] kauditd_printk_skb: 7 callbacks suppressed
[ 1912.615660][   T26] audit: type=1800 audit(1580356156.982:398): pid=11380 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.3" name="bus" dev="sda1" ino=16719 res=0
03:49:17 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, 0x0)
openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x48186, 0x0)
ioctl$int_in(0xffffffffffffffff, 0x800000c004500a, &(0x7f0000000300))
socket$inet(0x2, 0x80001, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IPVS_CMD_DEL_DEST(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000240)={0x0, <r2=>0x0})
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x100000}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(0xffffffffffffffff, 0x4068aea3, &(0x7f0000000140)={0x7b})
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x40000004, 0x0, 0x0, 0x0, 0x4cb, 0x80000000], 0x10000})

[ 1912.781715][T11395] FAT-fs (loop2): bogus number of reserved sectors
[ 1912.792856][T11395] FAT-fs (loop2): Can't find a valid FAT filesystem
[ 1912.874609][   T26] audit: type=1800 audit(1580356157.242:399): pid=11404 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.2" name="bus" dev="sda1" ino=16711 res=0
[ 1912.944088][T11397] FAT-fs (loop4): bogus number of reserved sectors
[ 1912.996976][T11397] FAT-fs (loop4): Can't find a valid FAT filesystem
03:49:17 executing program 3:
r0 = gettid()
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)}], 0x0, 0x0)
chdir(0x0)
r1 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r1, 0x800)
lseek(r1, 0x0, 0x2)
r2 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r1, r2, 0x0, 0x8400fffffffa)
sendfile(r1, r2, 0x0, 0x280900)
timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x1c9c380}}, 0x0)
tkill(r0, 0x401104000000016)

03:49:17 executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000007000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, &(0x7f0000000040))
ioctl$KVM_GET_REG_LIST(0xffffffffffffffff, 0xc008aeb0, 0x0)
dup(0xffffffffffffffff)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r3 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x48186, 0x0)
ioctl$int_in(r3, 0x0, &(0x7f0000000300))
socket$inet(0x2, 0x80001, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00')
sendmsg$IPVS_CMD_DEL_DEST(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x28, r5, 0x1, 0x0, 0x0, {}, [@IPVS_CMD_ATTR_SERVICE={0x14, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_PORT={0x6}, @IPVS_SVC_ATTR_PROTOCOL={0x6}]}]}, 0x28}}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000240)={0x0, <r6=>0x0})
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x100000000000000}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r6+30000000}, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(r2, 0x4068aea3, &(0x7f0000000140)={0x7b})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x100, 0x40000004, 0x0, 0x0, 0x0, 0x4cb, 0x80000000], 0x10000})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

03:49:17 executing program 4:
r0 = gettid()
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{0x0}], 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r1 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r1, 0x800)
lseek(r1, 0x0, 0x2)
r2 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r1, r2, 0x0, 0x8400fffffffa)
sendfile(r1, r2, 0x0, 0x280900)
timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x1c9c380}}, 0x0)
tkill(r0, 0x401104000000016)

03:49:17 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, 0x0)
openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x48186, 0x0)
ioctl$int_in(0xffffffffffffffff, 0x800000c004500a, &(0x7f0000000300))
socket$inet(0x2, 0x80001, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IPVS_CMD_DEL_DEST(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000240)={0x0, <r2=>0x0})
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x400000}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(0xffffffffffffffff, 0x4068aea3, &(0x7f0000000140)={0x7b})
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x40000004, 0x0, 0x0, 0x0, 0x4cb, 0x80000000], 0x10000})

[ 1913.398765][T11524] FAT-fs (loop3): bogus number of reserved sectors
[ 1913.430073][T11524] FAT-fs (loop3): Can't find a valid FAT filesystem
[ 1913.502103][T11528] FAT-fs (loop4): bogus number of reserved sectors
[ 1913.533751][T11528] FAT-fs (loop4): Can't find a valid FAT filesystem
[ 1913.542980][   T26] audit: type=1800 audit(1580356157.902:400): pid=11524 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.3" name="bus" dev="sda1" ino=16557 res=0
03:49:17 executing program 2:
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)}], 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r0 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r1 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r0, r1, 0x0, 0x8400fffffffa)
sendfile(r0, r1, 0x0, 0x280900)

03:49:18 executing program 1:
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{0x0}], 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r0 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r1 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r0, r1, 0x0, 0x8400fffffffa)
sendfile(r0, r1, 0x0, 0x280900)

03:49:18 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, 0x0)
openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x48186, 0x0)
ioctl$int_in(0xffffffffffffffff, 0x800000c004500a, &(0x7f0000000300))
socket$inet(0x2, 0x80001, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IPVS_CMD_DEL_DEST(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000240)={0x0, <r2=>0x0})
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x800000}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(0xffffffffffffffff, 0x4068aea3, &(0x7f0000000140)={0x7b})
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x40000004, 0x0, 0x0, 0x0, 0x4cb, 0x80000000], 0x10000})

03:49:18 executing program 4:
r0 = gettid()
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{0x0}], 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r1 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r1, 0x800)
lseek(r1, 0x0, 0x2)
r2 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r1, r2, 0x0, 0x8400fffffffa)
sendfile(r1, r2, 0x0, 0x280900)
timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x1c9c380}}, 0x0)
tkill(r0, 0x401104000000016)

[ 1913.862106][T11645] FAT-fs (loop2): bogus number of reserved sectors
03:49:18 executing program 3:
r0 = gettid()
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)}], 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r1 = creat(0x0, 0x0)
ftruncate(r1, 0x800)
lseek(r1, 0x0, 0x2)
r2 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r1, r2, 0x0, 0x8400fffffffa)
sendfile(r1, r2, 0x0, 0x280900)
timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x1c9c380}}, 0x0)
tkill(r0, 0x401104000000016)

[ 1913.933353][T11645] FAT-fs (loop2): Can't find a valid FAT filesystem
[ 1913.975827][   T26] audit: type=1800 audit(1580356158.342:401): pid=11650 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.2" name="bus" dev="sda1" ino=17154 res=0
[ 1914.073978][T11658] FAT-fs (loop1): bogus number of reserved sectors
[ 1914.080525][T11658] FAT-fs (loop1): Can't find a valid FAT filesystem
[ 1914.097494][T11659] FAT-fs (loop4): bogus number of reserved sectors
03:49:18 executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000007000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, &(0x7f0000000040))
ioctl$KVM_GET_REG_LIST(0xffffffffffffffff, 0xc008aeb0, 0x0)
dup(0xffffffffffffffff)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r3 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x48186, 0x0)
ioctl$int_in(r3, 0x0, &(0x7f0000000300))
socket$inet(0x2, 0x80001, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00')
sendmsg$IPVS_CMD_DEL_DEST(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x28, r5, 0x1, 0x0, 0x0, {}, [@IPVS_CMD_ATTR_SERVICE={0x14, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_PORT={0x6}, @IPVS_SVC_ATTR_PROTOCOL={0x6}]}]}, 0x28}}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000240)={0x0, <r6=>0x0})
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x200000000000000}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r6+30000000}, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(r2, 0x4068aea3, &(0x7f0000000140)={0x7b})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x100, 0x40000004, 0x0, 0x0, 0x0, 0x4cb, 0x80000000], 0x10000})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

[ 1914.193263][T11659] FAT-fs (loop4): Can't find a valid FAT filesystem
[ 1914.233087][T11676] FAT-fs (loop3): bogus number of reserved sectors
03:49:18 executing program 4:
r0 = gettid()
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{0x0}], 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r1 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r1, 0x800)
lseek(r1, 0x0, 0x2)
r2 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r1, r2, 0x0, 0x8400fffffffa)
sendfile(r1, r2, 0x0, 0x280900)
timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x1c9c380}}, 0x0)
tkill(r0, 0x401104000000016)

[ 1914.260435][T11676] FAT-fs (loop3): Can't find a valid FAT filesystem
[ 1914.381903][   T26] audit: type=1800 audit(1580356158.742:402): pid=11765 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.1" name="bus" dev="sda1" ino=16672 res=0
03:49:18 executing program 3:
r0 = gettid()
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)}], 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r1 = creat(0x0, 0x0)
ftruncate(r1, 0x800)
lseek(r1, 0x0, 0x2)
r2 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r1, r2, 0x0, 0x8400fffffffa)
sendfile(r1, r2, 0x0, 0x280900)
timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x1c9c380}}, 0x0)
tkill(r0, 0x401104000000016)

03:49:19 executing program 2:
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)}], 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r0 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r1 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r0, r1, 0x0, 0x8400fffffffa)
sendfile(r0, r1, 0x0, 0x280900)

[ 1914.645057][T11792] FAT-fs (loop4): bogus number of reserved sectors
03:49:19 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, 0x0)
openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x48186, 0x0)
ioctl$int_in(0xffffffffffffffff, 0x800000c004500a, &(0x7f0000000300))
socket$inet(0x2, 0x80001, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IPVS_CMD_DEL_DEST(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000240)={0x0, <r2=>0x0})
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x803e00}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(0xffffffffffffffff, 0x4068aea3, &(0x7f0000000140)={0x7b})
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x40000004, 0x0, 0x0, 0x0, 0x4cb, 0x80000000], 0x10000})

[ 1914.730552][T11792] FAT-fs (loop4): Can't find a valid FAT filesystem
[ 1914.816178][T11801] FAT-fs (loop3): bogus number of reserved sectors
[ 1914.876329][T11801] FAT-fs (loop3): Can't find a valid FAT filesystem
[ 1914.913629][T11819] FAT-fs (loop2): bogus number of reserved sectors
03:49:19 executing program 1:
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{0x0}], 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r0 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r1 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r0, r1, 0x0, 0x8400fffffffa)
sendfile(r0, r1, 0x0, 0x280900)

[ 1914.925133][T11819] FAT-fs (loop2): Can't find a valid FAT filesystem
03:49:19 executing program 4:
r0 = gettid()
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x0, 0x0, 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r1 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r1, 0x800)
lseek(r1, 0x0, 0x2)
r2 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r1, r2, 0x0, 0x8400fffffffa)
sendfile(r1, r2, 0x0, 0x280900)
timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x1c9c380}}, 0x0)
tkill(r0, 0x401104000000016)

[ 1915.010463][   T26] audit: type=1800 audit(1580356159.372:403): pid=11819 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.2" name="bus" dev="sda1" ino=16632 res=0
[ 1915.067200][T11913] FAT-fs (loop1): bogus number of reserved sectors
[ 1915.081219][T11913] FAT-fs (loop1): Can't find a valid FAT filesystem
[ 1915.181933][T11917] FAT-fs (loop4): bogus number of reserved sectors
[ 1915.200469][T11917] FAT-fs (loop4): Can't find a valid FAT filesystem
03:49:19 executing program 3:
r0 = gettid()
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)}], 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r1 = creat(0x0, 0x0)
ftruncate(r1, 0x800)
lseek(r1, 0x0, 0x2)
r2 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r1, r2, 0x0, 0x8400fffffffa)
sendfile(r1, r2, 0x0, 0x280900)
timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x1c9c380}}, 0x0)
tkill(r0, 0x401104000000016)

[ 1915.222214][   T26] audit: type=1800 audit(1580356159.582:404): pid=11913 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.1" name="bus" dev="sda1" ino=16747 res=0
[ 1915.377184][   T26] audit: type=1800 audit(1580356159.702:405): pid=11917 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.4" name="bus" dev="sda1" ino=16523 res=0
03:49:19 executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000007000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, &(0x7f0000000040))
ioctl$KVM_GET_REG_LIST(0xffffffffffffffff, 0xc008aeb0, 0x0)
dup(0xffffffffffffffff)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r3 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x48186, 0x0)
ioctl$int_in(r3, 0x0, &(0x7f0000000300))
socket$inet(0x2, 0x80001, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00')
sendmsg$IPVS_CMD_DEL_DEST(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x28, r5, 0x1, 0x0, 0x0, {}, [@IPVS_CMD_ATTR_SERVICE={0x14, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_PORT={0x6}, @IPVS_SVC_ATTR_PROTOCOL={0x6}]}]}, 0x28}}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000240)={0x0, <r6=>0x0})
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x300000000000000}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r6+30000000}, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(r2, 0x4068aea3, &(0x7f0000000140)={0x7b})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x100, 0x40000004, 0x0, 0x0, 0x0, 0x4cb, 0x80000000], 0x10000})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

[ 1915.481196][T11957] FAT-fs (loop3): bogus number of reserved sectors
[ 1915.515138][T11957] FAT-fs (loop3): Can't find a valid FAT filesystem
03:49:19 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, 0x0)
openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x48186, 0x0)
ioctl$int_in(0xffffffffffffffff, 0x800000c004500a, &(0x7f0000000300))
socket$inet(0x2, 0x80001, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IPVS_CMD_DEL_DEST(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000240)={0x0, <r2=>0x0})
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0xd00700}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(0xffffffffffffffff, 0x4068aea3, &(0x7f0000000140)={0x7b})
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x40000004, 0x0, 0x0, 0x0, 0x4cb, 0x80000000], 0x10000})

03:49:20 executing program 4:
r0 = gettid()
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x0, 0x0, 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r1 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r1, 0x800)
lseek(r1, 0x0, 0x2)
r2 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r1, r2, 0x0, 0x8400fffffffa)
sendfile(r1, r2, 0x0, 0x280900)
timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x1c9c380}}, 0x0)
tkill(r0, 0x401104000000016)

03:49:20 executing program 3:
r0 = gettid()
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)}], 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r1 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(0xffffffffffffffff, 0x800)
lseek(r1, 0x0, 0x2)
r2 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r1, r2, 0x0, 0x8400fffffffa)
sendfile(r1, r2, 0x0, 0x280900)
timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x1c9c380}}, 0x0)
tkill(r0, 0x401104000000016)

03:49:20 executing program 2:
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174", 0xb}], 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r0 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r1 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r0, r1, 0x0, 0x8400fffffffa)
sendfile(r0, r1, 0x0, 0x280900)

03:49:20 executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000007000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, &(0x7f0000000040))
ioctl$KVM_GET_REG_LIST(0xffffffffffffffff, 0xc008aeb0, 0x0)
dup(0xffffffffffffffff)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r3 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x48186, 0x0)
ioctl$int_in(r3, 0x0, &(0x7f0000000300))
socket$inet(0x2, 0x80001, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00')
sendmsg$IPVS_CMD_DEL_DEST(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x28, r5, 0x1, 0x0, 0x0, {}, [@IPVS_CMD_ATTR_SERVICE={0x14, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_PORT={0x6}, @IPVS_SVC_ATTR_PROTOCOL={0x6}]}]}, 0x28}}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000240)={0x0, <r6=>0x0})
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x400000000000000}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r6+30000000}, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(r2, 0x4068aea3, &(0x7f0000000140)={0x7b})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x100, 0x40000004, 0x0, 0x0, 0x0, 0x4cb, 0x80000000], 0x10000})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

[ 1915.893328][T12058] FAT-fs (loop3): bogus number of reserved sectors
[ 1915.903642][T12058] FAT-fs (loop3): Can't find a valid FAT filesystem
[ 1915.905932][T12052] FAT-fs (loop4): bogus number of reserved sectors
[ 1915.966109][   T26] audit: type=1800 audit(1580356160.332:406): pid=12058 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.3" name="bus" dev="sda1" ino=16641 res=0
[ 1916.063363][T12052] FAT-fs (loop4): Can't find a valid FAT filesystem
03:49:20 executing program 3:
r0 = gettid()
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)}], 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r1 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(0xffffffffffffffff, 0x800)
lseek(r1, 0x0, 0x2)
r2 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r1, r2, 0x0, 0x8400fffffffa)
sendfile(r1, r2, 0x0, 0x280900)
timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x1c9c380}}, 0x0)
tkill(r0, 0x401104000000016)

03:49:20 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, 0x0)
openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x48186, 0x0)
ioctl$int_in(0xffffffffffffffff, 0x800000c004500a, &(0x7f0000000300))
socket$inet(0x2, 0x80001, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IPVS_CMD_DEL_DEST(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000240)={0x0, <r2=>0x0})
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x1000000}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(0xffffffffffffffff, 0x4068aea3, &(0x7f0000000140)={0x7b})
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x40000004, 0x0, 0x0, 0x0, 0x4cb, 0x80000000], 0x10000})

[ 1916.157947][T12171] FAT-fs (loop2): bogus number of reserved sectors
[ 1916.170344][T12171] FAT-fs (loop2): Can't find a valid FAT filesystem
[ 1916.251381][   T26] audit: type=1800 audit(1580356160.612:407): pid=12176 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.2" name="bus" dev="sda1" ino=16523 res=0
03:49:20 executing program 4:
r0 = gettid()
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x0, 0x0, 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r1 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r1, 0x800)
lseek(r1, 0x0, 0x2)
r2 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r1, r2, 0x0, 0x8400fffffffa)
sendfile(r1, r2, 0x0, 0x280900)
timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x1c9c380}}, 0x0)
tkill(r0, 0x401104000000016)

03:49:20 executing program 1:
r0 = gettid()
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', 0x0, 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)}], 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r1 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r1, 0x800)
lseek(r1, 0x0, 0x2)
r2 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r1, r2, 0x0, 0x8400fffffffa)
sendfile(r1, r2, 0x0, 0x280900)
timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x1c9c380}}, 0x0)
tkill(r0, 0x401104000000016)

[ 1916.391406][T12175] FAT-fs (loop3): bogus number of reserved sectors
[ 1916.469741][T12175] FAT-fs (loop3): Can't find a valid FAT filesystem
03:49:21 executing program 3:
r0 = gettid()
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)}], 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r1 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(0xffffffffffffffff, 0x800)
lseek(r1, 0x0, 0x2)
r2 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r1, r2, 0x0, 0x8400fffffffa)
sendfile(r1, r2, 0x0, 0x280900)
timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x1c9c380}}, 0x0)
tkill(r0, 0x401104000000016)

03:49:21 executing program 4:
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r0 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r1 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r0, r1, 0x0, 0x8400fffffffa)
sendfile(r0, r1, 0x0, 0x280900)

03:49:21 executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000007000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, &(0x7f0000000040))
ioctl$KVM_GET_REG_LIST(0xffffffffffffffff, 0xc008aeb0, 0x0)
dup(0xffffffffffffffff)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r3 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x48186, 0x0)
ioctl$int_in(r3, 0x0, &(0x7f0000000300))
socket$inet(0x2, 0x80001, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00')
sendmsg$IPVS_CMD_DEL_DEST(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x28, r5, 0x1, 0x0, 0x0, {}, [@IPVS_CMD_ATTR_SERVICE={0x14, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_PORT={0x6}, @IPVS_SVC_ATTR_PROTOCOL={0x6}]}]}, 0x28}}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000240)={0x0, <r6=>0x0})
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x500000000000000}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r6+30000000}, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(r2, 0x4068aea3, &(0x7f0000000140)={0x7b})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x100, 0x40000004, 0x0, 0x0, 0x0, 0x4cb, 0x80000000], 0x10000})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

03:49:21 executing program 2:
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174", 0xb}], 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r0 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r1 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r0, r1, 0x0, 0x8400fffffffa)
sendfile(r0, r1, 0x0, 0x280900)

[ 1916.948312][T12306] FAT-fs (loop3): bogus number of reserved sectors
[ 1916.958928][T12306] FAT-fs (loop3): Can't find a valid FAT filesystem
[ 1916.965664][T12307] FAT-fs (loop4): bogus number of reserved sectors
[ 1916.973198][T12307] FAT-fs (loop4): Can't find a valid FAT filesystem
03:49:21 executing program 3:
r0 = gettid()
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)}], 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r1 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r1, 0x0)
lseek(r1, 0x0, 0x2)
r2 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r1, r2, 0x0, 0x8400fffffffa)
sendfile(r1, r2, 0x0, 0x280900)
timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x1c9c380}}, 0x0)
tkill(r0, 0x401104000000016)

03:49:21 executing program 4:
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r0 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r1 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r0, r1, 0x0, 0x8400fffffffa)
sendfile(r0, r1, 0x0, 0x280900)

[ 1917.285450][T12424] FAT-fs (loop2): bogus number of reserved sectors
[ 1917.292048][T12424] FAT-fs (loop2): Can't find a valid FAT filesystem
[ 1917.369522][T12434] FAT-fs (loop3): bogus number of reserved sectors
[ 1917.377663][T12435] FAT-fs (loop4): bogus number of reserved sectors
[ 1917.395677][T12434] FAT-fs (loop3): Can't find a valid FAT filesystem
[ 1917.413281][T12435] FAT-fs (loop4): Can't find a valid FAT filesystem
03:49:21 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000007000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, &(0x7f0000000040))
ioctl$KVM_GET_REG_LIST(0xffffffffffffffff, 0xc008aeb0, 0x0)
dup(0xffffffffffffffff)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r3 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x48186, 0x0)
ioctl$int_in(r3, 0x0, &(0x7f0000000300))
socket$inet(0x2, 0x80001, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00')
sendmsg$IPVS_CMD_DEL_DEST(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x28, r5, 0x1, 0x0, 0x0, {}, [@IPVS_CMD_ATTR_SERVICE={0x14, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_PORT={0x6}, @IPVS_SVC_ATTR_PROTOCOL={0x6}]}]}, 0x28}}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000240)={0x0, <r6=>0x0})
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x7c150000}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r6+30000000}, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(r2, 0x4068aea3, &(0x7f0000000140)={0x7b})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x100, 0x40000004, 0x0, 0x0, 0x0, 0x4cb, 0x80000000], 0x10000})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

03:49:21 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, 0x0)
openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x48186, 0x0)
ioctl$int_in(0xffffffffffffffff, 0x800000c004500a, &(0x7f0000000300))
socket$inet(0x2, 0x80001, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IPVS_CMD_DEL_DEST(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000240)={0x0, <r2=>0x0})
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x2000000}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(0xffffffffffffffff, 0x4068aea3, &(0x7f0000000140)={0x7b})
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x40000004, 0x0, 0x0, 0x0, 0x4cb, 0x80000000], 0x10000})

03:49:21 executing program 4:
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r0 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r1 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r0, r1, 0x0, 0x8400fffffffa)
sendfile(r0, r1, 0x0, 0x280900)

03:49:22 executing program 3:
r0 = gettid()
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)}], 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r1 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r1, 0x0)
lseek(r1, 0x0, 0x2)
r2 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r1, r2, 0x0, 0x8400fffffffa)
sendfile(r1, r2, 0x0, 0x280900)
timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x1c9c380}}, 0x0)
tkill(r0, 0x401104000000016)

03:49:22 executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000007000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, &(0x7f0000000040))
ioctl$KVM_GET_REG_LIST(0xffffffffffffffff, 0xc008aeb0, 0x0)
dup(0xffffffffffffffff)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r3 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x48186, 0x0)
ioctl$int_in(r3, 0x0, &(0x7f0000000300))
socket$inet(0x2, 0x80001, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00')
sendmsg$IPVS_CMD_DEL_DEST(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x28, r5, 0x1, 0x0, 0x0, {}, [@IPVS_CMD_ATTR_SERVICE={0x14, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_PORT={0x6}, @IPVS_SVC_ATTR_PROTOCOL={0x6}]}]}, 0x28}}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000240)={0x0, <r6=>0x0})
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x600000000000000}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r6+30000000}, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(r2, 0x4068aea3, &(0x7f0000000140)={0x7b})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x100, 0x40000004, 0x0, 0x0, 0x0, 0x4cb, 0x80000000], 0x10000})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

[ 1917.854511][T12558] FAT-fs (loop4): bogus number of reserved sectors
[ 1917.883609][T12558] FAT-fs (loop4): Can't find a valid FAT filesystem
03:49:22 executing program 1:
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', 0x0, 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r0 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r1 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r0, r1, 0x0, 0x8400fffffffa)
sendfile(r0, r1, 0x0, 0x280900)

[ 1918.106187][T12661] FAT-fs (loop3): bogus number of reserved sectors
[ 1918.131921][T12661] FAT-fs (loop3): Can't find a valid FAT filesystem
[ 1918.151864][   T26] kauditd_printk_skb: 6 callbacks suppressed
[ 1918.151884][   T26] audit: type=1800 audit(1580356162.512:414): pid=12678 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.3" name="bus" dev="sda1" ino=17377 res=0
03:49:22 executing program 4:
sendmsg(0xffffffffffffffff, 0x0, 0x0)
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r0 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r1 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r0, r1, 0x0, 0x8400fffffffa)
sendfile(r0, r1, 0x0, 0x280900)
timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x1c9c380}}, 0x0)
tkill(0x0, 0x401104000000016)

03:49:22 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, 0x0)
openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x48186, 0x0)
ioctl$int_in(0xffffffffffffffff, 0x800000c004500a, &(0x7f0000000300))
socket$inet(0x2, 0x80001, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IPVS_CMD_DEL_DEST(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000240)={0x0, <r2=>0x0})
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x3000000}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(0xffffffffffffffff, 0x4068aea3, &(0x7f0000000140)={0x7b})
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x40000004, 0x0, 0x0, 0x0, 0x4cb, 0x80000000], 0x10000})

03:49:22 executing program 2:
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174", 0xb}], 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r0 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r1 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r0, r1, 0x0, 0x8400fffffffa)
sendfile(r0, r1, 0x0, 0x280900)

03:49:22 executing program 3:
r0 = gettid()
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)}], 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r1 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r1, 0x0)
lseek(r1, 0x0, 0x2)
r2 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r1, r2, 0x0, 0x8400fffffffa)
sendfile(r1, r2, 0x0, 0x280900)
timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x1c9c380}}, 0x0)
tkill(r0, 0x401104000000016)

[ 1918.314289][   T26] audit: type=1800 audit(1580356162.522:415): pid=12644 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.1" name="bus" dev="sda1" ino=17361 res=0
[ 1918.501287][T12696] FAT-fs (loop2): bogus number of reserved sectors
[ 1918.508256][T12696] FAT-fs (loop2): Can't find a valid FAT filesystem
[ 1918.602067][   T26] audit: type=1800 audit(1580356162.962:416): pid=12688 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.4" name="bus" dev="loop4" ino=271 res=0
[ 1918.643737][T12704] FAT-fs (loop3): bogus number of reserved sectors
03:49:23 executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000007000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, &(0x7f0000000040))
ioctl$KVM_GET_REG_LIST(0xffffffffffffffff, 0xc008aeb0, 0x0)
dup(0xffffffffffffffff)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r3 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x48186, 0x0)
ioctl$int_in(r3, 0x0, &(0x7f0000000300))
socket$inet(0x2, 0x80001, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00')
sendmsg$IPVS_CMD_DEL_DEST(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x28, r5, 0x1, 0x0, 0x0, {}, [@IPVS_CMD_ATTR_SERVICE={0x14, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_PORT={0x6}, @IPVS_SVC_ATTR_PROTOCOL={0x6}]}]}, 0x28}}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000240)={0x0, <r6=>0x0})
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x700000000000000}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r6+30000000}, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(r2, 0x4068aea3, &(0x7f0000000140)={0x7b})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x100, 0x40000004, 0x0, 0x0, 0x0, 0x4cb, 0x80000000], 0x10000})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

[ 1918.685780][   T26] audit: type=1800 audit(1580356163.002:417): pid=12696 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.2" name="bus" dev="sda1" ino=17329 res=0
[ 1918.767198][T12704] FAT-fs (loop3): Can't find a valid FAT filesystem
[ 1918.867419][   T26] audit: type=1800 audit(1580356163.232:418): pid=12769 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.3" name="bus" dev="sda1" ino=16547 res=0
03:49:23 executing program 4:
sendmsg(0xffffffffffffffff, 0x0, 0x0)
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r0 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r1 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r0, r1, 0x0, 0x8400fffffffa)
sendfile(r0, r1, 0x0, 0x280900)
timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x1c9c380}}, 0x0)
tkill(0x0, 0x401104000000016)

03:49:23 executing program 3:
r0 = gettid()
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)}], 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r1 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r1, 0x800)
lseek(0xffffffffffffffff, 0x0, 0x2)
r2 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r1, r2, 0x0, 0x8400fffffffa)
sendfile(r1, r2, 0x0, 0x280900)
timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x1c9c380}}, 0x0)
tkill(r0, 0x401104000000016)

[ 1919.131964][T12821] FAT-fs (loop3): bogus number of reserved sectors
[ 1919.145827][T12821] FAT-fs (loop3): Can't find a valid FAT filesystem
03:49:23 executing program 1:
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174", 0xb}], 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r0 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r1 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r0, r1, 0x0, 0x8400fffffffa)
sendfile(r0, r1, 0x0, 0x280900)

[ 1919.202895][   T26] audit: type=1800 audit(1580356163.562:419): pid=12824 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.3" name="bus" dev="sda1" ino=16697 res=0
03:49:23 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, 0x0)
openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x48186, 0x0)
ioctl$int_in(0xffffffffffffffff, 0x800000c004500a, &(0x7f0000000300))
socket$inet(0x2, 0x80001, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IPVS_CMD_DEL_DEST(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000240)={0x0, <r2=>0x0})
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x4000000}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(0xffffffffffffffff, 0x4068aea3, &(0x7f0000000140)={0x7b})
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x40000004, 0x0, 0x0, 0x0, 0x4cb, 0x80000000], 0x10000})

03:49:23 executing program 3:
r0 = gettid()
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)}], 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r1 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r1, 0x800)
lseek(0xffffffffffffffff, 0x0, 0x2)
r2 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r1, r2, 0x0, 0x8400fffffffa)
sendfile(r1, r2, 0x0, 0x280900)
timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x1c9c380}}, 0x0)
tkill(r0, 0x401104000000016)

[ 1919.383453][T12835] FAT-fs (loop1): bogus number of reserved sectors
[ 1919.398080][T12835] FAT-fs (loop1): Can't find a valid FAT filesystem
[ 1919.415097][   T26] audit: type=1800 audit(1580356163.782:420): pid=12830 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.4" name="bus" dev="loop4" ino=272 res=0
03:49:23 executing program 2:
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002", 0x11}], 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r0 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r1 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r0, r1, 0x0, 0x8400fffffffa)
sendfile(r0, r1, 0x0, 0x280900)

[ 1919.630425][   T26] audit: type=1800 audit(1580356163.992:421): pid=12835 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.1" name="bus" dev="sda1" ino=16636 res=0
03:49:24 executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000007000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, &(0x7f0000000040))
ioctl$KVM_GET_REG_LIST(0xffffffffffffffff, 0xc008aeb0, 0x0)
dup(0xffffffffffffffff)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r3 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x48186, 0x0)
ioctl$int_in(r3, 0x0, &(0x7f0000000300))
socket$inet(0x2, 0x80001, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00')
sendmsg$IPVS_CMD_DEL_DEST(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x28, r5, 0x1, 0x0, 0x0, {}, [@IPVS_CMD_ATTR_SERVICE={0x14, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_PORT={0x6}, @IPVS_SVC_ATTR_PROTOCOL={0x6}]}]}, 0x28}}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000240)={0x0, <r6=>0x0})
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x800000000000000}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r6+30000000}, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(r2, 0x4068aea3, &(0x7f0000000140)={0x7b})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x100, 0x40000004, 0x0, 0x0, 0x0, 0x4cb, 0x80000000], 0x10000})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

[ 1919.679529][T12953] FAT-fs (loop3): bogus number of reserved sectors
[ 1919.710041][T12849] FAT-fs (loop2): invalid media value (0x00)
[ 1919.713622][T12953] FAT-fs (loop3): Can't find a valid FAT filesystem
[ 1919.716903][T12849] FAT-fs (loop2): Can't find a valid FAT filesystem
03:49:24 executing program 4:
sendmsg(0xffffffffffffffff, 0x0, 0x0)
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r0 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r1 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r0, r1, 0x0, 0x8400fffffffa)
sendfile(r0, r1, 0x0, 0x280900)
timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x1c9c380}}, 0x0)
tkill(0x0, 0x401104000000016)

[ 1919.788094][   T26] audit: type=1800 audit(1580356164.032:422): pid=12955 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.2" name="bus" dev="sda1" ino=16579 res=0
[ 1919.824855][   T26] audit: type=1800 audit(1580356164.152:423): pid=12953 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.3" name="bus" dev="sda1" ino=16774 res=0
03:49:24 executing program 3:
r0 = gettid()
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)}], 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r1 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r1, 0x800)
lseek(0xffffffffffffffff, 0x0, 0x2)
r2 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r1, r2, 0x0, 0x8400fffffffa)
sendfile(r1, r2, 0x0, 0x280900)
timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x1c9c380}}, 0x0)
tkill(r0, 0x401104000000016)

03:49:24 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, 0x0)
openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x48186, 0x0)
ioctl$int_in(0xffffffffffffffff, 0x800000c004500a, &(0x7f0000000300))
socket$inet(0x2, 0x80001, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IPVS_CMD_DEL_DEST(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000240)={0x0, <r2=>0x0})
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x5000000}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(0xffffffffffffffff, 0x4068aea3, &(0x7f0000000140)={0x7b})
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x40000004, 0x0, 0x0, 0x0, 0x4cb, 0x80000000], 0x10000})

[ 1920.364269][T13080] FAT-fs (loop3): bogus number of reserved sectors
03:49:24 executing program 4:
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174", 0xb}], 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r0 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r1 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r0, r1, 0x0, 0x8400fffffffa)
sendfile(r0, r1, 0x0, 0x280900)

03:49:24 executing program 2:
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002", 0x11}], 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r0 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r1 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r0, r1, 0x0, 0x8400fffffffa)
sendfile(r0, r1, 0x0, 0x280900)

[ 1920.427008][T13080] FAT-fs (loop3): Can't find a valid FAT filesystem
03:49:24 executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000007000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, &(0x7f0000000040))
ioctl$KVM_GET_REG_LIST(0xffffffffffffffff, 0xc008aeb0, 0x0)
dup(0xffffffffffffffff)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r3 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x48186, 0x0)
ioctl$int_in(r3, 0x0, &(0x7f0000000300))
socket$inet(0x2, 0x80001, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00')
sendmsg$IPVS_CMD_DEL_DEST(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x28, r5, 0x1, 0x0, 0x0, {}, [@IPVS_CMD_ATTR_SERVICE={0x14, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_PORT={0x6}, @IPVS_SVC_ATTR_PROTOCOL={0x6}]}]}, 0x28}}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000240)={0x0, <r6=>0x0})
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x900000000000000}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r6+30000000}, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(r2, 0x4068aea3, &(0x7f0000000140)={0x7b})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x100, 0x40000004, 0x0, 0x0, 0x0, 0x4cb, 0x80000000], 0x10000})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

03:49:25 executing program 1:
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002", 0x11}], 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r0 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r1 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r0, r1, 0x0, 0x8400fffffffa)
sendfile(r0, r1, 0x0, 0x280900)

03:49:25 executing program 3:
r0 = gettid()
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)}], 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r1 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r1, 0x800)
lseek(r1, 0x0, 0x0)
r2 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r1, r2, 0x0, 0x8400fffffffa)
sendfile(r1, r2, 0x0, 0x280900)
timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x1c9c380}}, 0x0)
tkill(r0, 0x401104000000016)

[ 1920.713810][T13099] FAT-fs (loop2): invalid media value (0x00)
[ 1920.741578][T13102] FAT-fs (loop4): bogus number of reserved sectors
[ 1920.748293][T13102] FAT-fs (loop4): Can't find a valid FAT filesystem
[ 1920.777817][T13099] FAT-fs (loop2): Can't find a valid FAT filesystem
[ 1920.914778][T13105] FAT-fs (loop3): bogus number of reserved sectors
[ 1920.935728][T13105] FAT-fs (loop3): Can't find a valid FAT filesystem
[ 1921.056332][T13115] FAT-fs (loop1): invalid media value (0x00)
[ 1921.091916][T13115] FAT-fs (loop1): Can't find a valid FAT filesystem
03:49:25 executing program 4:
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174", 0xb}], 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r0 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r1 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r0, r1, 0x0, 0x8400fffffffa)
sendfile(r0, r1, 0x0, 0x280900)

03:49:25 executing program 3:
r0 = gettid()
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)}], 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r1 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r1, 0x800)
lseek(r1, 0x0, 0x0)
r2 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r1, r2, 0x0, 0x8400fffffffa)
sendfile(r1, r2, 0x0, 0x280900)
timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x1c9c380}}, 0x0)
tkill(r0, 0x401104000000016)

[ 1921.327846][T13235] FAT-fs (loop4): bogus number of reserved sectors
[ 1921.344318][T13235] FAT-fs (loop4): Can't find a valid FAT filesystem
03:49:25 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, 0x0)
openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x48186, 0x0)
ioctl$int_in(0xffffffffffffffff, 0x800000c004500a, &(0x7f0000000300))
socket$inet(0x2, 0x80001, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IPVS_CMD_DEL_DEST(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000240)={0x0, <r2=>0x0})
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x6000000}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(0xffffffffffffffff, 0x4068aea3, &(0x7f0000000140)={0x7b})
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x40000004, 0x0, 0x0, 0x0, 0x4cb, 0x80000000], 0x10000})

[ 1921.432996][T13238] FAT-fs (loop3): bogus number of reserved sectors
03:49:25 executing program 4:
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174", 0xb}], 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r0 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r1 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r0, r1, 0x0, 0x8400fffffffa)
sendfile(r0, r1, 0x0, 0x280900)

[ 1921.543242][T13238] FAT-fs (loop3): Can't find a valid FAT filesystem
03:49:26 executing program 3:
r0 = gettid()
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)}], 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r1 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r1, 0x800)
lseek(r1, 0x0, 0x0)
r2 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r1, r2, 0x0, 0x8400fffffffa)
sendfile(r1, r2, 0x0, 0x280900)
timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x1c9c380}}, 0x0)
tkill(r0, 0x401104000000016)

03:49:26 executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000007000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, &(0x7f0000000040))
ioctl$KVM_GET_REG_LIST(0xffffffffffffffff, 0xc008aeb0, 0x0)
dup(0xffffffffffffffff)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r3 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x48186, 0x0)
ioctl$int_in(r3, 0x0, &(0x7f0000000300))
socket$inet(0x2, 0x80001, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00')
sendmsg$IPVS_CMD_DEL_DEST(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x28, r5, 0x1, 0x0, 0x0, {}, [@IPVS_CMD_ATTR_SERVICE={0x14, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_PORT={0x6}, @IPVS_SVC_ATTR_PROTOCOL={0x6}]}]}, 0x28}}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000240)={0x0, <r6=>0x0})
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0xa00000000000000}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r6+30000000}, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(r2, 0x4068aea3, &(0x7f0000000140)={0x7b})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x100, 0x40000004, 0x0, 0x0, 0x0, 0x4cb, 0x80000000], 0x10000})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

03:49:26 executing program 2:
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002", 0x11}], 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r0 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r1 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r0, r1, 0x0, 0x8400fffffffa)
sendfile(r0, r1, 0x0, 0x280900)

[ 1921.753273][T13356] FAT-fs (loop4): bogus number of reserved sectors
[ 1921.836870][T13356] FAT-fs (loop4): Can't find a valid FAT filesystem
03:49:26 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, 0x0)
openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x48186, 0x0)
ioctl$int_in(0xffffffffffffffff, 0x800000c004500a, &(0x7f0000000300))
socket$inet(0x2, 0x80001, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IPVS_CMD_DEL_DEST(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000240)={0x0, <r2=>0x0})
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x7000000}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(0xffffffffffffffff, 0x4068aea3, &(0x7f0000000140)={0x7b})
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x40000004, 0x0, 0x0, 0x0, 0x4cb, 0x80000000], 0x10000})

03:49:26 executing program 1:
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002", 0x11}], 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r0 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r1 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r0, r1, 0x0, 0x8400fffffffa)
sendfile(r0, r1, 0x0, 0x280900)

[ 1921.921097][T13404] FAT-fs (loop3): bogus number of reserved sectors
[ 1921.947023][T13404] FAT-fs (loop3): Can't find a valid FAT filesystem
03:49:26 executing program 4:
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174", 0xb}], 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r0 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r1 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r0, r1, 0x0, 0x8400fffffffa)
sendfile(r0, r1, 0x0, 0x280900)

[ 1922.035944][T13470] FAT-fs (loop2): invalid media value (0x00)
[ 1922.043343][T13470] FAT-fs (loop2): Can't find a valid FAT filesystem
03:49:26 executing program 3:
r0 = gettid()
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)}], 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r1 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r1, 0x800)
lseek(r1, 0x0, 0x2)
r2 = open(0x0, 0x84002, 0x0)
sendfile(r1, r2, 0x0, 0x8400fffffffa)
sendfile(r1, r2, 0x0, 0x280900)
timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x1c9c380}}, 0x0)
tkill(r0, 0x401104000000016)

[ 1922.144720][T13483] FAT-fs (loop1): invalid media value (0x00)
[ 1922.153268][T13483] FAT-fs (loop1): Can't find a valid FAT filesystem
[ 1922.170252][T13487] FAT-fs (loop4): bogus number of reserved sectors
[ 1922.176971][T13487] FAT-fs (loop4): Can't find a valid FAT filesystem
03:49:26 executing program 2:
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270", 0x14}], 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r0 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r1 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r0, r1, 0x0, 0x8400fffffffa)
sendfile(r0, r1, 0x0, 0x280900)

[ 1922.462534][T13503] FAT-fs (loop3): bogus number of reserved sectors
03:49:26 executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000007000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, &(0x7f0000000040))
ioctl$KVM_GET_REG_LIST(0xffffffffffffffff, 0xc008aeb0, 0x0)
dup(0xffffffffffffffff)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r3 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x48186, 0x0)
ioctl$int_in(r3, 0x0, &(0x7f0000000300))
socket$inet(0x2, 0x80001, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00')
sendmsg$IPVS_CMD_DEL_DEST(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x28, r5, 0x1, 0x0, 0x0, {}, [@IPVS_CMD_ATTR_SERVICE={0x14, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_PORT={0x6}, @IPVS_SVC_ATTR_PROTOCOL={0x6}]}]}, 0x28}}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000240)={0x0, <r6=>0x0})
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0xb00000000000000}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r6+30000000}, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(r2, 0x4068aea3, &(0x7f0000000140)={0x7b})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x100, 0x40000004, 0x0, 0x0, 0x0, 0x4cb, 0x80000000], 0x10000})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

[ 1922.577374][T13503] FAT-fs (loop3): Can't find a valid FAT filesystem
03:49:27 executing program 4:
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174", 0xb}], 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r0 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r1 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r0, r1, 0x0, 0x8400fffffffa)
sendfile(r0, r1, 0x0, 0x280900)

03:49:27 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, 0x0)
openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x48186, 0x0)
ioctl$int_in(0xffffffffffffffff, 0x800000c004500a, &(0x7f0000000300))
socket$inet(0x2, 0x80001, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IPVS_CMD_DEL_DEST(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000240)={0x0, <r2=>0x0})
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x8000000}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(0xffffffffffffffff, 0x4068aea3, &(0x7f0000000140)={0x7b})
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x40000004, 0x0, 0x0, 0x0, 0x4cb, 0x80000000], 0x10000})

[ 1922.817892][T13617] FAT-fs (loop2): invalid media value (0x00)
03:49:27 executing program 3:
r0 = gettid()
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)}], 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r1 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r1, 0x800)
lseek(r1, 0x0, 0x2)
r2 = open(0x0, 0x84002, 0x0)
sendfile(r1, r2, 0x0, 0x8400fffffffa)
sendfile(r1, r2, 0x0, 0x280900)
timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x1c9c380}}, 0x0)
tkill(r0, 0x401104000000016)

[ 1922.923473][T13617] FAT-fs (loop2): Can't find a valid FAT filesystem
[ 1923.079593][T13636] FAT-fs (loop3): bogus number of reserved sectors
[ 1923.086578][T13636] FAT-fs (loop3): Can't find a valid FAT filesystem
[ 1923.108589][T13633] FAT-fs (loop4): bogus number of reserved sectors
03:49:27 executing program 3:
r0 = gettid()
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)}], 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r1 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r1, 0x800)
lseek(r1, 0x0, 0x2)
r2 = open(0x0, 0x84002, 0x0)
sendfile(r1, r2, 0x0, 0x8400fffffffa)
sendfile(r1, r2, 0x0, 0x280900)
timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x1c9c380}}, 0x0)
tkill(r0, 0x401104000000016)

[ 1923.158449][T13633] FAT-fs (loop4): Can't find a valid FAT filesystem
03:49:27 executing program 1:
sendmsg(0xffffffffffffffff, 0x0, 0x0)
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r0 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r1 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r0, r1, 0x0, 0x8400fffffffa)
sendfile(r0, r1, 0x0, 0x280900)
timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x1c9c380}}, 0x0)
tkill(0x0, 0x401104000000016)

[ 1923.328665][T13712] FAT-fs (loop3): bogus number of reserved sectors
03:49:27 executing program 4:
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174", 0xb}], 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r0 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r1 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r0, r1, 0x0, 0x8400fffffffa)
sendfile(r0, r1, 0x0, 0x280900)

[ 1923.389769][T13712] FAT-fs (loop3): Can't find a valid FAT filesystem
03:49:27 executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000007000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, &(0x7f0000000040))
ioctl$KVM_GET_REG_LIST(0xffffffffffffffff, 0xc008aeb0, 0x0)
dup(0xffffffffffffffff)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r3 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x48186, 0x0)
ioctl$int_in(r3, 0x0, &(0x7f0000000300))
socket$inet(0x2, 0x80001, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00')
sendmsg$IPVS_CMD_DEL_DEST(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x28, r5, 0x1, 0x0, 0x0, {}, [@IPVS_CMD_ATTR_SERVICE={0x14, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_PORT={0x6}, @IPVS_SVC_ATTR_PROTOCOL={0x6}]}]}, 0x28}}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000240)={0x0, <r6=>0x0})
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0xb00020000000000}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r6+30000000}, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(r2, 0x4068aea3, &(0x7f0000000140)={0x7b})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x100, 0x40000004, 0x0, 0x0, 0x0, 0x4cb, 0x80000000], 0x10000})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

03:49:28 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, 0x0)
openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x48186, 0x0)
ioctl$int_in(0xffffffffffffffff, 0x800000c004500a, &(0x7f0000000300))
socket$inet(0x2, 0x80001, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IPVS_CMD_DEL_DEST(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000240)={0x0, <r2=>0x0})
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x9000000}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(0xffffffffffffffff, 0x4068aea3, &(0x7f0000000140)={0x7b})
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x40000004, 0x0, 0x0, 0x0, 0x4cb, 0x80000000], 0x10000})

03:49:28 executing program 3:
r0 = gettid()
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)}], 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r1 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r1, 0x800)
lseek(r1, 0x0, 0x2)
r2 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x8400fffffffa)
sendfile(r1, r2, 0x0, 0x280900)
timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x1c9c380}}, 0x0)
tkill(r0, 0x401104000000016)

[ 1923.686674][T13759] FAT-fs (loop4): bogus number of reserved sectors
03:49:28 executing program 2:
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270", 0x14}], 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r0 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r1 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r0, r1, 0x0, 0x8400fffffffa)
sendfile(r0, r1, 0x0, 0x280900)

[ 1923.733835][   T26] kauditd_printk_skb: 12 callbacks suppressed
[ 1923.733865][   T26] audit: type=1800 audit(1580356168.102:436): pid=13769 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.1" name="bus" dev="sda1" ino=16636 res=0
[ 1923.854948][T13759] FAT-fs (loop4): Can't find a valid FAT filesystem
03:49:28 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, 0x0)
openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x48186, 0x0)
ioctl$int_in(0xffffffffffffffff, 0x800000c004500a, &(0x7f0000000300))
socket$inet(0x2, 0x80001, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IPVS_CMD_DEL_DEST(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000240)={0x0, <r2=>0x0})
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x8000000}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(0xffffffffffffffff, 0x4068aea3, &(0x7f0000000140)={0x7b})
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x40000004, 0x0, 0x0, 0x0, 0x4cb, 0x80000000], 0x10000})

[ 1924.093481][T13883] FAT-fs (loop3): bogus number of reserved sectors
[ 1924.099789][T13881] FAT-fs (loop2): invalid media value (0x00)
[ 1924.100091][T13883] FAT-fs (loop3): Can't find a valid FAT filesystem
[ 1924.113578][T13881] FAT-fs (loop2): Can't find a valid FAT filesystem
[ 1924.167390][   T26] audit: type=1800 audit(1580356168.532:437): pid=13893 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.2" name="bus" dev="sda1" ino=16522 res=0
03:49:28 executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000007000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, &(0x7f0000000040))
ioctl$KVM_GET_REG_LIST(0xffffffffffffffff, 0xc008aeb0, 0x0)
dup(0xffffffffffffffff)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r3 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x48186, 0x0)
ioctl$int_in(r3, 0x0, &(0x7f0000000300))
socket$inet(0x2, 0x80001, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00')
sendmsg$IPVS_CMD_DEL_DEST(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x28, r5, 0x1, 0x0, 0x0, {}, [@IPVS_CMD_ATTR_SERVICE={0x14, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_PORT={0x6}, @IPVS_SVC_ATTR_PROTOCOL={0x6}]}]}, 0x28}}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000240)={0x0, <r6=>0x0})
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0xd00000000000000}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r6+30000000}, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(r2, 0x4068aea3, &(0x7f0000000140)={0x7b})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x100, 0x40000004, 0x0, 0x0, 0x0, 0x4cb, 0x80000000], 0x10000})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

[ 1924.305126][   T26] audit: type=1804 audit(1580356168.672:438): pid=13900 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir731071256/syzkaller.n2STls/1700/file0/bus" dev="sda1" ino=16782 res=1
03:49:28 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, 0x0)
openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x48186, 0x0)
ioctl$int_in(0xffffffffffffffff, 0x800000c004500a, &(0x7f0000000300))
socket$inet(0x2, 0x80001, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IPVS_CMD_DEL_DEST(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000240)={0x0, <r2=>0x0})
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0xa000000}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(0xffffffffffffffff, 0x4068aea3, &(0x7f0000000140)={0x7b})
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x40000004, 0x0, 0x0, 0x0, 0x4cb, 0x80000000], 0x10000})

03:49:29 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, 0x0)
openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x48186, 0x0)
ioctl$int_in(0xffffffffffffffff, 0x800000c004500a, &(0x7f0000000300))
socket$inet(0x2, 0x80001, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IPVS_CMD_DEL_DEST(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000240)={0x0, <r2=>0x0})
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x8000000}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(0xffffffffffffffff, 0x4068aea3, &(0x7f0000000140)={0x7b})
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x40000004, 0x0, 0x0, 0x0, 0x4cb, 0x80000000], 0x10000})

03:49:29 executing program 3:
r0 = gettid()
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)}], 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r1 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r1, 0x800)
lseek(r1, 0x0, 0x2)
r2 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x8400fffffffa)
sendfile(r1, r2, 0x0, 0x280900)
timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x1c9c380}}, 0x0)
tkill(r0, 0x401104000000016)

03:49:29 executing program 1:
sendmsg(0xffffffffffffffff, 0x0, 0x0)
r0 = gettid()
chdir(&(0x7f0000000180)='./file0\x00')
r1 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r1, 0x800)
lseek(r1, 0x0, 0x2)
r2 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r1, r2, 0x0, 0x8400fffffffa)
sendfile(r1, r2, 0x0, 0x280900)
timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x1c9c380}}, 0x0)
tkill(r0, 0x401104000000016)

[ 1924.863736][T14023] FAT-fs (loop3): bogus number of reserved sectors
[ 1924.881395][T14023] FAT-fs (loop3): Can't find a valid FAT filesystem
03:49:29 executing program 2:
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270", 0x14}], 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r0 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r1 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r0, r1, 0x0, 0x8400fffffffa)
sendfile(r0, r1, 0x0, 0x280900)

[ 1924.924665][   T26] audit: type=1804 audit(1580356169.292:439): pid=14023 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir731071256/syzkaller.n2STls/1701/file0/bus" dev="sda1" ino=17393 res=1
03:49:29 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, 0x0)
openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x48186, 0x0)
ioctl$int_in(0xffffffffffffffff, 0x800000c004500a, &(0x7f0000000300))
socket$inet(0x2, 0x80001, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IPVS_CMD_DEL_DEST(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000240)={0x0, <r2=>0x0})
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0xb000000}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(0xffffffffffffffff, 0x4068aea3, &(0x7f0000000140)={0x7b})
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x40000004, 0x0, 0x0, 0x0, 0x4cb, 0x80000000], 0x10000})

03:49:29 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, 0x0)
openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x48186, 0x0)
ioctl$int_in(0xffffffffffffffff, 0x800000c004500a, &(0x7f0000000300))
socket$inet(0x2, 0x80001, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IPVS_CMD_DEL_DEST(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000240)={0x0, <r2=>0x0})
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x8000000}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(0xffffffffffffffff, 0x4068aea3, &(0x7f0000000140)={0x7b})
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x40000004, 0x0, 0x0, 0x0, 0x4cb, 0x80000000], 0x10000})

[ 1925.148971][   T26] audit: type=1800 audit(1580356169.512:440): pid=14137 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.1" name="bus" dev="sda1" ino=16784 res=0
[ 1925.208312][T14138] FAT-fs (loop2): invalid media value (0x00)
[ 1925.229809][T14138] FAT-fs (loop2): Can't find a valid FAT filesystem
03:49:29 executing program 3:
r0 = gettid()
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)}], 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r1 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r1, 0x800)
lseek(r1, 0x0, 0x2)
r2 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x8400fffffffa)
sendfile(r1, r2, 0x0, 0x280900)
timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x1c9c380}}, 0x0)
tkill(r0, 0x401104000000016)

[ 1925.289759][   T26] audit: type=1800 audit(1580356169.652:441): pid=14141 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.2" name="bus" dev="sda1" ino=16780 res=0
03:49:29 executing program 1:
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270", 0x14}], 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r0 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r1 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r0, r1, 0x0, 0x8400fffffffa)
sendfile(r0, r1, 0x0, 0x280900)

[ 1925.565756][T14264] FAT-fs (loop3): bogus number of reserved sectors
03:49:29 executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000007000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, &(0x7f0000000040))
ioctl$KVM_GET_REG_LIST(0xffffffffffffffff, 0xc008aeb0, 0x0)
dup(0xffffffffffffffff)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r3 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x48186, 0x0)
ioctl$int_in(r3, 0x0, &(0x7f0000000300))
socket$inet(0x2, 0x80001, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00')
sendmsg$IPVS_CMD_DEL_DEST(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x28, r5, 0x1, 0x0, 0x0, {}, [@IPVS_CMD_ATTR_SERVICE={0x14, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_PORT={0x6}, @IPVS_SVC_ATTR_PROTOCOL={0x6}]}]}, 0x28}}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000240)={0x0, <r6=>0x0})
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0xe00000000000000}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r6+30000000}, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(r2, 0x4068aea3, &(0x7f0000000140)={0x7b})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x100, 0x40000004, 0x0, 0x0, 0x0, 0x4cb, 0x80000000], 0x10000})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

03:49:30 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, 0x0)
openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x48186, 0x0)
ioctl$int_in(0xffffffffffffffff, 0x800000c004500a, &(0x7f0000000300))
socket$inet(0x2, 0x80001, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IPVS_CMD_DEL_DEST(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000240)={0x0, <r2=>0x0})
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0xb000200}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(0xffffffffffffffff, 0x4068aea3, &(0x7f0000000140)={0x7b})
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x40000004, 0x0, 0x0, 0x0, 0x4cb, 0x80000000], 0x10000})

03:49:30 executing program 4:
sendmsg(0xffffffffffffffff, 0x0, 0x0)
r0 = gettid()
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r1 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r1, 0x800)
lseek(r1, 0x0, 0x2)
r2 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r1, r2, 0x0, 0x8400fffffffa)
sendfile(r1, r2, 0x0, 0x280900)
timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x1c9c380}}, 0x0)
tkill(r0, 0x401104000000016)

[ 1925.654872][T14264] FAT-fs (loop3): Can't find a valid FAT filesystem
[ 1925.667711][   T26] audit: type=1804 audit(1580356170.032:442): pid=14268 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir731071256/syzkaller.n2STls/1702/file0/bus" dev="sda1" ino=16797 res=1
[ 1925.821731][T14273] FAT-fs (loop1): invalid media value (0x00)
[ 1925.843440][T14273] FAT-fs (loop1): Can't find a valid FAT filesystem
[ 1926.070774][   T26] audit: type=1800 audit(1580356170.432:443): pid=14285 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.1" name="bus" dev="sda1" ino=17426 res=0
03:49:30 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, 0x0)
openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x48186, 0x0)
ioctl$int_in(0xffffffffffffffff, 0x800000c004500a, &(0x7f0000000300))
socket$inet(0x2, 0x80001, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IPVS_CMD_DEL_DEST(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000240)={0x0, <r2=>0x0})
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0xd000000}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(0xffffffffffffffff, 0x4068aea3, &(0x7f0000000140)={0x7b})
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x40000004, 0x0, 0x0, 0x0, 0x4cb, 0x80000000], 0x10000})

03:49:30 executing program 2:
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270ff", 0x15}], 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r0 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r1 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r0, r1, 0x0, 0x8400fffffffa)
sendfile(r0, r1, 0x0, 0x280900)

03:49:30 executing program 4:
sendmsg(0xffffffffffffffff, 0x0, 0x0)
r0 = gettid()
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r1 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r1, 0x800)
lseek(r1, 0x0, 0x2)
r2 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r1, r2, 0x0, 0x8400fffffffa)
sendfile(r1, r2, 0x0, 0x280900)
timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x1c9c380}}, 0x0)
tkill(r0, 0x401104000000016)

03:49:30 executing program 3:
r0 = gettid()
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)}], 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r1 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r1, 0x800)
lseek(r1, 0x0, 0x2)
r2 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(0xffffffffffffffff, r2, 0x0, 0x8400fffffffa)
sendfile(r1, r2, 0x0, 0x280900)
timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x1c9c380}}, 0x0)
tkill(r0, 0x401104000000016)

03:49:30 executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000007000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, &(0x7f0000000040))
ioctl$KVM_GET_REG_LIST(0xffffffffffffffff, 0xc008aeb0, 0x0)
dup(0xffffffffffffffff)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r3 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x48186, 0x0)
ioctl$int_in(r3, 0x0, &(0x7f0000000300))
socket$inet(0x2, 0x80001, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00')
sendmsg$IPVS_CMD_DEL_DEST(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x28, r5, 0x1, 0x0, 0x0, {}, [@IPVS_CMD_ATTR_SERVICE={0x14, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_PORT={0x6}, @IPVS_SVC_ATTR_PROTOCOL={0x6}]}]}, 0x28}}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000240)={0x0, <r6=>0x0})
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0xf00000000000000}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r6+30000000}, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(r2, 0x4068aea3, &(0x7f0000000140)={0x7b})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x100, 0x40000004, 0x0, 0x0, 0x0, 0x4cb, 0x80000000], 0x10000})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

[ 1926.389852][T14407] FAT-fs (loop2): invalid media value (0x00)
[ 1926.396927][T14407] FAT-fs (loop2): Can't find a valid FAT filesystem
[ 1926.456124][   T26] audit: type=1800 audit(1580356170.822:444): pid=14412 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.2" name="bus" dev="sda1" ino=16782 res=0
[ 1926.615829][   T26] audit: type=1800 audit(1580356170.982:445): pid=14418 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.4" name="bus" dev="sda1" ino=16814 res=0
[ 1926.730098][T14486] FAT-fs (loop3): bogus number of reserved sectors
[ 1926.737312][T14486] FAT-fs (loop3): Can't find a valid FAT filesystem
03:49:31 executing program 4:
sendmsg(0xffffffffffffffff, 0x0, 0x0)
r0 = gettid()
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r1 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r1, 0x800)
lseek(r1, 0x0, 0x2)
r2 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r1, r2, 0x0, 0x8400fffffffa)
sendfile(r1, r2, 0x0, 0x280900)
timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x1c9c380}}, 0x0)
tkill(r0, 0x401104000000016)

03:49:31 executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000007000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, &(0x7f0000000040))
ioctl$KVM_GET_REG_LIST(0xffffffffffffffff, 0xc008aeb0, 0x0)
dup(0xffffffffffffffff)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r3 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x48186, 0x0)
ioctl$int_in(r3, 0x0, &(0x7f0000000300))
socket$inet(0x2, 0x80001, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00')
sendmsg$IPVS_CMD_DEL_DEST(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x28, r5, 0x1, 0x0, 0x0, {}, [@IPVS_CMD_ATTR_SERVICE={0x14, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_PORT={0x6}, @IPVS_SVC_ATTR_PROTOCOL={0x6}]}]}, 0x28}}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000240)={0x0, <r6=>0x0})
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1000000000000000}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r6+30000000}, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(r2, 0x4068aea3, &(0x7f0000000140)={0x7b})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x100, 0x40000004, 0x0, 0x0, 0x0, 0x4cb, 0x80000000], 0x10000})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

03:49:31 executing program 3:
r0 = gettid()
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)}], 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r1 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r1, 0x800)
lseek(r1, 0x0, 0x2)
r2 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(0xffffffffffffffff, r2, 0x0, 0x8400fffffffa)
sendfile(r1, r2, 0x0, 0x280900)
timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x1c9c380}}, 0x0)
tkill(r0, 0x401104000000016)

03:49:31 executing program 1:
r0 = gettid()
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)}], 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r1 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r1, 0x800)
lseek(r1, 0x0, 0x2)
r2 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(0xffffffffffffffff, r2, 0x0, 0x8400fffffffa)
sendfile(r1, r2, 0x0, 0x280900)
timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x1c9c380}}, 0x0)
tkill(r0, 0x401104000000016)

03:49:31 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, 0x0)
openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x48186, 0x0)
ioctl$int_in(0xffffffffffffffff, 0x800000c004500a, &(0x7f0000000300))
socket$inet(0x2, 0x80001, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IPVS_CMD_DEL_DEST(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000240)={0x0, <r2=>0x0})
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0xe000000}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(0xffffffffffffffff, 0x4068aea3, &(0x7f0000000140)={0x7b})
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x40000004, 0x0, 0x0, 0x0, 0x4cb, 0x80000000], 0x10000})

03:49:31 executing program 2:
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270ff", 0x15}], 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r0 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r1 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r0, r1, 0x0, 0x8400fffffffa)
sendfile(r0, r1, 0x0, 0x280900)

[ 1927.319351][T14556] FAT-fs (loop3): bogus number of reserved sectors
[ 1927.345371][T14559] FAT-fs (loop1): bogus number of reserved sectors
[ 1927.366252][T14559] FAT-fs (loop1): Can't find a valid FAT filesystem
[ 1927.376710][T14556] FAT-fs (loop3): Can't find a valid FAT filesystem
03:49:31 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, 0x0)
openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x48186, 0x0)
ioctl$int_in(0xffffffffffffffff, 0x800000c004500a, &(0x7f0000000300))
socket$inet(0x2, 0x80001, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IPVS_CMD_DEL_DEST(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000240)={0x0, <r2=>0x0})
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0xd000000}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(0xffffffffffffffff, 0x4068aea3, &(0x7f0000000140)={0x7b})
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x40000004, 0x0, 0x0, 0x0, 0x4cb, 0x80000000], 0x10000})

[ 1927.477410][T14590] FAT-fs (loop2): invalid media value (0x00)
[ 1927.486599][T14590] FAT-fs (loop2): Can't find a valid FAT filesystem
03:49:32 executing program 3:
r0 = gettid()
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)}], 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r1 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r1, 0x800)
lseek(r1, 0x0, 0x2)
r2 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(0xffffffffffffffff, r2, 0x0, 0x8400fffffffa)
sendfile(r1, r2, 0x0, 0x280900)
timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x1c9c380}}, 0x0)
tkill(r0, 0x401104000000016)

03:49:32 executing program 1:
r0 = gettid()
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)}], 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r1 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r1, 0x800)
lseek(r1, 0x0, 0x2)
r2 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(0xffffffffffffffff, r2, 0x0, 0x8400fffffffa)
sendfile(r1, r2, 0x0, 0x280900)
timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x1c9c380}}, 0x0)
tkill(r0, 0x401104000000016)

03:49:32 executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000007000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, &(0x7f0000000040))
ioctl$KVM_GET_REG_LIST(0xffffffffffffffff, 0xc008aeb0, 0x0)
dup(0xffffffffffffffff)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r3 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x48186, 0x0)
ioctl$int_in(r3, 0x0, &(0x7f0000000300))
socket$inet(0x2, 0x80001, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00')
sendmsg$IPVS_CMD_DEL_DEST(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x28, r5, 0x1, 0x0, 0x0, {}, [@IPVS_CMD_ATTR_SERVICE={0x14, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_PORT={0x6}, @IPVS_SVC_ATTR_PROTOCOL={0x6}]}]}, 0x28}}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000240)={0x0, <r6=>0x0})
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1100000000000000}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r6+30000000}, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(r2, 0x4068aea3, &(0x7f0000000140)={0x7b})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x100, 0x40000004, 0x0, 0x0, 0x0, 0x4cb, 0x80000000], 0x10000})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

03:49:32 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, 0x0)
openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x48186, 0x0)
ioctl$int_in(0xffffffffffffffff, 0x800000c004500a, &(0x7f0000000300))
socket$inet(0x2, 0x80001, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IPVS_CMD_DEL_DEST(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000240)={0x0, <r2=>0x0})
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0xd000000}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(0xffffffffffffffff, 0x4068aea3, &(0x7f0000000140)={0x7b})
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x40000004, 0x0, 0x0, 0x0, 0x4cb, 0x80000000], 0x10000})

[ 1927.925282][T14795] FAT-fs (loop1): bogus number of reserved sectors
[ 1927.931957][T14795] FAT-fs (loop1): Can't find a valid FAT filesystem
[ 1927.972655][T14791] FAT-fs (loop3): bogus number of reserved sectors
[ 1927.979467][T14791] FAT-fs (loop3): Can't find a valid FAT filesystem
03:49:32 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, 0x0)
openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x48186, 0x0)
ioctl$int_in(0xffffffffffffffff, 0x800000c004500a, &(0x7f0000000300))
socket$inet(0x2, 0x80001, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IPVS_CMD_DEL_DEST(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000240)={0x0, <r2=>0x0})
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0xf000000}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(0xffffffffffffffff, 0x4068aea3, &(0x7f0000000140)={0x7b})
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x40000004, 0x0, 0x0, 0x0, 0x4cb, 0x80000000], 0x10000})

03:49:32 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, 0x0)
openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x48186, 0x0)
ioctl$int_in(0xffffffffffffffff, 0x800000c004500a, &(0x7f0000000300))
socket$inet(0x2, 0x80001, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IPVS_CMD_DEL_DEST(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000240)={0x0, <r2=>0x0})
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0xd000000}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(0xffffffffffffffff, 0x4068aea3, &(0x7f0000000140)={0x7b})
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x40000004, 0x0, 0x0, 0x0, 0x4cb, 0x80000000], 0x10000})

03:49:32 executing program 2:
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270ff", 0x15}], 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r0 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r1 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r0, r1, 0x0, 0x8400fffffffa)
sendfile(r0, r1, 0x0, 0x280900)

03:49:32 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000007000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, &(0x7f0000000040))
ioctl$KVM_GET_REG_LIST(0xffffffffffffffff, 0xc008aeb0, 0x0)
dup(0xffffffffffffffff)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r3 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x48186, 0x0)
ioctl$int_in(r3, 0x0, &(0x7f0000000300))
socket$inet(0x2, 0x80001, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00')
sendmsg$IPVS_CMD_DEL_DEST(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x28, r5, 0x1, 0x0, 0x0, {}, [@IPVS_CMD_ATTR_SERVICE={0x14, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_PORT={0x6}, @IPVS_SVC_ATTR_PROTOCOL={0x6}]}]}, 0x28}}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000240)={0x0, <r6=>0x0})
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1000000000000000}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r6+30000000}, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(r2, 0x4068aea3, &(0x7f0000000140)={0x7b})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x100, 0x40000004, 0x0, 0x0, 0x0, 0x4cb, 0x80000000], 0x10000})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

[ 1928.621122][T14930] FAT-fs (loop2): invalid media value (0x00)
[ 1928.631881][T14930] FAT-fs (loop2): Can't find a valid FAT filesystem
03:49:33 executing program 1:
r0 = gettid()
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)}], 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r1 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r1, 0x800)
lseek(r1, 0x0, 0x2)
r2 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x8400fffffffa)
sendfile(r1, r2, 0x0, 0x280900)
timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x1c9c380}}, 0x0)
tkill(r0, 0x401104000000016)

03:49:33 executing program 3:
r0 = gettid()
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)}], 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r1 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r1, 0x800)
lseek(r1, 0x0, 0x2)
r2 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r1, 0xffffffffffffffff, 0x0, 0x8400fffffffa)
sendfile(r1, r2, 0x0, 0x280900)
timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x1c9c380}}, 0x0)
tkill(r0, 0x401104000000016)

[ 1928.858948][T15038] FAT-fs (loop1): bogus number of reserved sectors
[ 1928.906499][T15038] FAT-fs (loop1): Can't find a valid FAT filesystem
[ 1928.936082][   T26] kauditd_printk_skb: 8 callbacks suppressed
03:49:33 executing program 4:
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270", 0x14}], 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r0 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r1 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r0, r1, 0x0, 0x8400fffffffa)
sendfile(r0, r1, 0x0, 0x280900)

[ 1928.936103][   T26] audit: type=1804 audit(1580356173.302:454): pid=15043 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir276290455/syzkaller.MjCKAr/1856/file0/bus" dev="sda1" ino=16779 res=1
03:49:33 executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000007000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, &(0x7f0000000040))
ioctl$KVM_GET_REG_LIST(0xffffffffffffffff, 0xc008aeb0, 0x0)
dup(0xffffffffffffffff)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r3 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x48186, 0x0)
ioctl$int_in(r3, 0x0, &(0x7f0000000300))
socket$inet(0x2, 0x80001, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00')
sendmsg$IPVS_CMD_DEL_DEST(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x28, r5, 0x1, 0x0, 0x0, {}, [@IPVS_CMD_ATTR_SERVICE={0x14, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_PORT={0x6}, @IPVS_SVC_ATTR_PROTOCOL={0x6}]}]}, 0x28}}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000240)={0x0, <r6=>0x0})
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1200000000000000}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r6+30000000}, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(r2, 0x4068aea3, &(0x7f0000000140)={0x7b})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x100, 0x40000004, 0x0, 0x0, 0x0, 0x4cb, 0x80000000], 0x10000})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

[ 1929.144170][T15051] FAT-fs (loop4): invalid media value (0x00)
[ 1929.150245][T15051] FAT-fs (loop4): Can't find a valid FAT filesystem
[ 1929.170215][T15053] FAT-fs (loop3): bogus number of reserved sectors
[ 1929.223570][T15053] FAT-fs (loop3): Can't find a valid FAT filesystem
[ 1929.270166][   T26] audit: type=1800 audit(1580356173.632:455): pid=15130 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.3" name="bus" dev="sda1" ino=16809 res=0
03:49:33 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, 0x0)
openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x48186, 0x0)
ioctl$int_in(0xffffffffffffffff, 0x800000c004500a, &(0x7f0000000300))
socket$inet(0x2, 0x80001, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IPVS_CMD_DEL_DEST(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000240)={0x0, <r2=>0x0})
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x10000000}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(0xffffffffffffffff, 0x4068aea3, &(0x7f0000000140)={0x7b})
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x40000004, 0x0, 0x0, 0x0, 0x4cb, 0x80000000], 0x10000})

03:49:33 executing program 4:
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270", 0x14}], 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r0 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r1 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r0, r1, 0x0, 0x8400fffffffa)
sendfile(r0, r1, 0x0, 0x280900)

03:49:33 executing program 2:
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
chdir(0x0)
r0 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r1 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r0, r1, 0x0, 0x8400fffffffa)
sendfile(r0, r1, 0x0, 0x280900)

03:49:34 executing program 1:
sendmsg(0xffffffffffffffff, 0x0, 0x0)
r0 = gettid()
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r1 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r1, 0x800)
lseek(r1, 0x0, 0x2)
r2 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r1, r2, 0x0, 0x8400fffffffa)
sendfile(r1, r2, 0x0, 0x280900)
timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x1c9c380}}, 0x0)
tkill(r0, 0x401104000000016)

[ 1929.722714][T15180] FAT-fs (loop4): invalid media value (0x00)
[ 1929.742248][T15180] FAT-fs (loop4): Can't find a valid FAT filesystem
[ 1929.764098][   T26] audit: type=1800 audit(1580356174.132:456): pid=15181 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.2" name="bus" dev="sda1" ino=16757 res=0
03:49:34 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, 0x0)
openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x48186, 0x0)
ioctl$int_in(0xffffffffffffffff, 0x800000c004500a, &(0x7f0000000300))
socket$inet(0x2, 0x80001, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IPVS_CMD_DEL_DEST(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000240)={0x0, <r2=>0x0})
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x11000000}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(0xffffffffffffffff, 0x4068aea3, &(0x7f0000000140)={0x7b})
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x40000004, 0x0, 0x0, 0x0, 0x4cb, 0x80000000], 0x10000})

[ 1930.020808][   T26] audit: type=1800 audit(1580356174.382:457): pid=15298 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.1" name="bus" dev="sda1" ino=17697 res=0
03:49:34 executing program 3:
r0 = gettid()
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)}], 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r1 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r1, 0x800)
lseek(r1, 0x0, 0x2)
r2 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r1, 0xffffffffffffffff, 0x0, 0x8400fffffffa)
sendfile(r1, r2, 0x0, 0x280900)
timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x1c9c380}}, 0x0)
tkill(r0, 0x401104000000016)

03:49:34 executing program 4:
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270", 0x14}], 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r0 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r1 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r0, r1, 0x0, 0x8400fffffffa)
sendfile(r0, r1, 0x0, 0x280900)

03:49:34 executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000007000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, &(0x7f0000000040))
ioctl$KVM_GET_REG_LIST(0xffffffffffffffff, 0xc008aeb0, 0x0)
dup(0xffffffffffffffff)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r3 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x48186, 0x0)
ioctl$int_in(r3, 0x0, &(0x7f0000000300))
socket$inet(0x2, 0x80001, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00')
sendmsg$IPVS_CMD_DEL_DEST(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x28, r5, 0x1, 0x0, 0x0, {}, [@IPVS_CMD_ATTR_SERVICE={0x14, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_PORT={0x6}, @IPVS_SVC_ATTR_PROTOCOL={0x6}]}]}, 0x28}}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000240)={0x0, <r6=>0x0})
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1cb2141e50010000}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r6+30000000}, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(r2, 0x4068aea3, &(0x7f0000000140)={0x7b})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x100, 0x40000004, 0x0, 0x0, 0x0, 0x4cb, 0x80000000], 0x10000})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

[ 1930.275323][T15312] FAT-fs (loop3): bogus number of reserved sectors
03:49:34 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, 0x0)
openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x48186, 0x0)
ioctl$int_in(0xffffffffffffffff, 0x800000c004500a, &(0x7f0000000300))
socket$inet(0x2, 0x80001, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IPVS_CMD_DEL_DEST(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000240)={0x0, <r2=>0x0})
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x12000000}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(0xffffffffffffffff, 0x4068aea3, &(0x7f0000000140)={0x7b})
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x40000004, 0x0, 0x0, 0x0, 0x4cb, 0x80000000], 0x10000})

[ 1930.357854][T15312] FAT-fs (loop3): Can't find a valid FAT filesystem
03:49:34 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
setsockopt$inet_mreqsrc(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000040)={@dev, @initdev={0xac, 0x1e, 0x0, 0x0}, @multicast1}, 0xc)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
ioctl$KVM_REGISTER_COALESCED_MMIO(0xffffffffffffffff, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x11c000})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0xffffffffffffff40, 0x0, 0x0, 0x0)
ioctl$KVM_NMI(r2, 0xae9a)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000040))

[ 1930.446797][   T26] audit: type=1800 audit(1580356174.812:458): pid=15323 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.3" name="bus" dev="sda1" ino=16780 res=0
03:49:34 executing program 2:
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
chdir(0x0)
r0 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r1 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r0, r1, 0x0, 0x8400fffffffa)
sendfile(r0, r1, 0x0, 0x280900)

03:49:35 executing program 3:
r0 = gettid()
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)}], 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r1 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r1, 0x800)
lseek(r1, 0x0, 0x2)
r2 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r1, 0xffffffffffffffff, 0x0, 0x8400fffffffa)
sendfile(r1, r2, 0x0, 0x280900)
timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x1c9c380}}, 0x0)
tkill(r0, 0x401104000000016)

[ 1930.586333][T15330] FAT-fs (loop4): invalid media value (0x00)
[ 1930.611253][T15330] FAT-fs (loop4): Can't find a valid FAT filesystem
[ 1930.739308][T15441] FAT-fs (loop3): bogus number of reserved sectors
[ 1930.746163][T15441] FAT-fs (loop3): Can't find a valid FAT filesystem
[ 1930.817765][   T26] audit: type=1800 audit(1580356175.182:459): pid=15441 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.3" name="bus" dev="sda1" ino=16799 res=0
03:49:35 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
setsockopt$inet_mreqsrc(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000040)={@dev, @initdev={0xac, 0x1e, 0x0, 0x0}, @multicast1}, 0xc)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
ioctl$KVM_REGISTER_COALESCED_MMIO(0xffffffffffffffff, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x11c000})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0xffffffffffffff40, 0x0, 0x0, 0x0)
ioctl$KVM_NMI(r2, 0xae9a)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000040))

03:49:35 executing program 4:
sendmsg(0xffffffffffffffff, 0x0, 0x0)
r0 = gettid()
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r1 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r1, 0x800)
lseek(r1, 0x0, 0x2)
r2 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r1, r2, 0x0, 0x8400fffffffa)
sendfile(r1, r2, 0x0, 0x280900)
timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x1c9c380}}, 0x0)
tkill(r0, 0x401104000000016)

[ 1930.970448][   T26] audit: type=1800 audit(1580356175.202:460): pid=15445 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.2" name="bus" dev="sda1" ino=16826 res=0
03:49:35 executing program 3:
r0 = gettid()
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)}], 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r1 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r1, 0x800)
lseek(r1, 0x0, 0x2)
r2 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r1, r2, 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x280900)
timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x1c9c380}}, 0x0)
tkill(r0, 0x401104000000016)

03:49:35 executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000007000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, &(0x7f0000000040))
ioctl$KVM_GET_REG_LIST(0xffffffffffffffff, 0xc008aeb0, 0x0)
dup(0xffffffffffffffff)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r3 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x48186, 0x0)
ioctl$int_in(r3, 0x0, &(0x7f0000000300))
socket$inet(0x2, 0x80001, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00')
sendmsg$IPVS_CMD_DEL_DEST(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x28, r5, 0x1, 0x0, 0x0, {}, [@IPVS_CMD_ATTR_SERVICE={0x14, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_PORT={0x6}, @IPVS_SVC_ATTR_PROTOCOL={0x6}]}]}, 0x28}}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000240)={0x0, <r6=>0x0})
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1d00000000000000}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r6+30000000}, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(r2, 0x4068aea3, &(0x7f0000000140)={0x7b})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x100, 0x40000004, 0x0, 0x0, 0x0, 0x4cb, 0x80000000], 0x10000})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

[ 1931.261982][   T26] audit: type=1800 audit(1580356175.622:461): pid=15460 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.4" name="bus" dev="sda1" ino=16799 res=0
[ 1931.294137][T15477] FAT-fs (loop3): bogus number of reserved sectors
[ 1931.300867][T15477] FAT-fs (loop3): Can't find a valid FAT filesystem
[ 1931.393741][   T26] audit: type=1800 audit(1580356175.742:462): pid=15477 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.3" name="bus" dev="sda1" ino=17713 res=0
03:49:35 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
setsockopt$inet_mreqsrc(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000040)={@dev, @initdev={0xac, 0x1e, 0x0, 0x0}, @multicast1}, 0xc)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
ioctl$KVM_REGISTER_COALESCED_MMIO(0xffffffffffffffff, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x11c000})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0xffffffffffffff40, 0x0, 0x0, 0x0)
ioctl$KVM_NMI(r2, 0xae9a)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000040))

03:49:35 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, 0x0)
openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x48186, 0x0)
ioctl$int_in(0xffffffffffffffff, 0x800000c004500a, &(0x7f0000000300))
socket$inet(0x2, 0x80001, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IPVS_CMD_DEL_DEST(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000240)={0x0, <r2=>0x0})
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x1d000000}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(0xffffffffffffffff, 0x4068aea3, &(0x7f0000000140)={0x7b})
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x40000004, 0x0, 0x0, 0x0, 0x4cb, 0x80000000], 0x10000})

03:49:35 executing program 3:
r0 = gettid()
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)}], 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r1 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r1, 0x800)
lseek(r1, 0x0, 0x2)
r2 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r1, r2, 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x280900)
timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x1c9c380}}, 0x0)
tkill(r0, 0x401104000000016)

03:49:36 executing program 4:
sendmsg(0xffffffffffffffff, 0x0, 0x0)
r0 = gettid()
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r1 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r1, 0x800)
lseek(r1, 0x0, 0x2)
r2 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r1, r2, 0x0, 0x8400fffffffa)
sendfile(r1, r2, 0x0, 0x280900)
timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x1c9c380}}, 0x0)
tkill(r0, 0x401104000000016)

03:49:36 executing program 2:
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
chdir(0x0)
r0 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r1 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r0, r1, 0x0, 0x8400fffffffa)
sendfile(r0, r1, 0x0, 0x280900)

[ 1931.762184][T15597] FAT-fs (loop3): bogus number of reserved sectors
[ 1931.774224][T15597] FAT-fs (loop3): Can't find a valid FAT filesystem
03:49:36 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, 0x0)
openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x48186, 0x0)
ioctl$int_in(0xffffffffffffffff, 0x800000c004500a, &(0x7f0000000300))
socket$inet(0x2, 0x80001, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IPVS_CMD_DEL_DEST(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000240)={0x0, <r2=>0x0})
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x1f000000}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(0xffffffffffffffff, 0x4068aea3, &(0x7f0000000140)={0x7b})
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x40000004, 0x0, 0x0, 0x0, 0x4cb, 0x80000000], 0x10000})

[ 1931.856454][   T26] audit: type=1800 audit(1580356176.222:463): pid=15600 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.3" name="bus" dev="sda1" ino=16727 res=0
03:49:36 executing program 1:
r0 = gettid()
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)}], 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r1 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r1, 0x800)
lseek(r1, 0x0, 0x2)
r2 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r1, 0xffffffffffffffff, 0x0, 0x8400fffffffa)
sendfile(r1, r2, 0x0, 0x280900)
timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x1c9c380}}, 0x0)
tkill(r0, 0x401104000000016)

03:49:36 executing program 3:
r0 = gettid()
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)}], 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r1 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r1, 0x800)
lseek(r1, 0x0, 0x2)
r2 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r1, r2, 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x280900)
timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x1c9c380}}, 0x0)
tkill(r0, 0x401104000000016)

[ 1932.152828][T15627] FAT-fs (loop1): bogus number of reserved sectors
[ 1932.170015][T15627] FAT-fs (loop1): Can't find a valid FAT filesystem
03:49:36 executing program 4:
sendmsg(0xffffffffffffffff, 0x0, 0x0)
r0 = gettid()
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r1 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r1, 0x800)
lseek(r1, 0x0, 0x2)
r2 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r1, r2, 0x0, 0x8400fffffffa)
sendfile(r1, r2, 0x0, 0x280900)
timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x1c9c380}}, 0x0)
tkill(r0, 0x401104000000016)

03:49:36 executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000007000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, &(0x7f0000000040))
ioctl$KVM_GET_REG_LIST(0xffffffffffffffff, 0xc008aeb0, 0x0)
dup(0xffffffffffffffff)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r3 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x48186, 0x0)
ioctl$int_in(r3, 0x0, &(0x7f0000000300))
socket$inet(0x2, 0x80001, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00')
sendmsg$IPVS_CMD_DEL_DEST(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x28, r5, 0x1, 0x0, 0x0, {}, [@IPVS_CMD_ATTR_SERVICE={0x14, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_PORT={0x6}, @IPVS_SVC_ATTR_PROTOCOL={0x6}]}]}, 0x28}}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000240)={0x0, <r6=>0x0})
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1f00000000000000}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r6+30000000}, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(r2, 0x4068aea3, &(0x7f0000000140)={0x7b})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x100, 0x40000004, 0x0, 0x0, 0x0, 0x4cb, 0x80000000], 0x10000})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

[ 1932.297387][T15730] FAT-fs (loop3): bogus number of reserved sectors
[ 1932.304073][T15730] FAT-fs (loop3): Can't find a valid FAT filesystem
03:49:37 executing program 3:
r0 = gettid()
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)}], 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r1 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r1, 0x800)
lseek(r1, 0x0, 0x2)
r2 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r1, r2, 0x0, 0x8400fffffffa)
sendfile(0xffffffffffffffff, r2, 0x0, 0x280900)
timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x1c9c380}}, 0x0)
tkill(r0, 0x401104000000016)

03:49:37 executing program 1:
r0 = gettid()
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)}], 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r1 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r1, 0x800)
lseek(r1, 0x0, 0x2)
r2 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r1, r2, 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x280900)
timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x1c9c380}}, 0x0)
tkill(r0, 0x401104000000016)

[ 1932.695913][T15752] FAT-fs (loop3): bogus number of reserved sectors
[ 1932.706482][T15752] FAT-fs (loop3): Can't find a valid FAT filesystem
03:49:37 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, 0x0)
openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x48186, 0x0)
ioctl$int_in(0xffffffffffffffff, 0x800000c004500a, &(0x7f0000000300))
socket$inet(0x2, 0x80001, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IPVS_CMD_DEL_DEST(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000240)={0x0, <r2=>0x0})
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x20000000}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(0xffffffffffffffff, 0x4068aea3, &(0x7f0000000140)={0x7b})
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x40000004, 0x0, 0x0, 0x0, 0x4cb, 0x80000000], 0x10000})

03:49:37 executing program 3:
r0 = gettid()
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)}], 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r1 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r1, 0x800)
lseek(r1, 0x0, 0x2)
r2 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r1, r2, 0x0, 0x8400fffffffa)
sendfile(0xffffffffffffffff, r2, 0x0, 0x280900)
timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x1c9c380}}, 0x0)
tkill(r0, 0x401104000000016)

[ 1932.877444][T15852] FAT-fs (loop1): bogus number of reserved sectors
[ 1932.905990][T15852] FAT-fs (loop1): Can't find a valid FAT filesystem
03:49:37 executing program 4:
r0 = gettid()
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)}], 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r1 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r1, 0x800)
lseek(r1, 0x0, 0x2)
r2 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r1, r2, 0x0, 0x8400fffffffa)
sendfile(0xffffffffffffffff, r2, 0x0, 0x280900)
timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x1c9c380}}, 0x0)
tkill(r0, 0x401104000000016)

[ 1932.981323][T15867] FAT-fs (loop3): bogus number of reserved sectors
[ 1932.988204][T15867] FAT-fs (loop3): Can't find a valid FAT filesystem
03:49:37 executing program 2:
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r0 = creat(0x0, 0x0)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r1 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r0, r1, 0x0, 0x8400fffffffa)
sendfile(r0, r1, 0x0, 0x280900)

03:49:37 executing program 3:
r0 = gettid()
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)}], 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r1 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r1, 0x800)
lseek(r1, 0x0, 0x2)
r2 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r1, r2, 0x0, 0x8400fffffffa)
sendfile(0xffffffffffffffff, r2, 0x0, 0x280900)
timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x1c9c380}}, 0x0)
tkill(r0, 0x401104000000016)

03:49:37 executing program 1:
sendmsg(0xffffffffffffffff, 0x0, 0x0)
r0 = gettid()
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r1 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r1, 0x800)
lseek(r1, 0x0, 0x2)
r2 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r1, r2, 0x0, 0x8400fffffffa)
sendfile(r1, r2, 0x0, 0x280900)
timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x1c9c380}}, 0x0)
tkill(r0, 0x401104000000016)

[ 1933.360611][T15878] FAT-fs (loop4): bogus number of reserved sectors
[ 1933.391861][T15878] FAT-fs (loop4): Can't find a valid FAT filesystem
03:49:37 executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000007000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, &(0x7f0000000040))
ioctl$KVM_GET_REG_LIST(0xffffffffffffffff, 0xc008aeb0, 0x0)
dup(0xffffffffffffffff)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r3 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x48186, 0x0)
ioctl$int_in(r3, 0x0, &(0x7f0000000300))
socket$inet(0x2, 0x80001, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00')
sendmsg$IPVS_CMD_DEL_DEST(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x28, r5, 0x1, 0x0, 0x0, {}, [@IPVS_CMD_ATTR_SERVICE={0x14, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_PORT={0x6}, @IPVS_SVC_ATTR_PROTOCOL={0x6}]}]}, 0x28}}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000240)={0x0, <r6=>0x0})
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x2000000000000000}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r6+30000000}, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(r2, 0x4068aea3, &(0x7f0000000140)={0x7b})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x100, 0x40000004, 0x0, 0x0, 0x0, 0x4cb, 0x80000000], 0x10000})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

[ 1933.534544][T15946] FAT-fs (loop3): bogus number of reserved sectors
03:49:38 executing program 2:
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r0 = creat(0x0, 0x0)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r1 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r0, r1, 0x0, 0x8400fffffffa)
sendfile(r0, r1, 0x0, 0x280900)

03:49:38 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, 0x0)
openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x48186, 0x0)
ioctl$int_in(0xffffffffffffffff, 0x800000c004500a, &(0x7f0000000300))
socket$inet(0x2, 0x80001, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IPVS_CMD_DEL_DEST(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000240)={0x0, <r2=>0x0})
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x40000000}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(0xffffffffffffffff, 0x4068aea3, &(0x7f0000000140)={0x7b})
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x40000004, 0x0, 0x0, 0x0, 0x4cb, 0x80000000], 0x10000})

[ 1933.612118][T15946] FAT-fs (loop3): Can't find a valid FAT filesystem
03:49:38 executing program 4:
r0 = gettid()
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)}], 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r1 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r1, 0x800)
lseek(r1, 0x0, 0x2)
r2 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r1, r2, 0x0, 0x8400fffffffa)
sendfile(0xffffffffffffffff, r2, 0x0, 0x280900)
timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x1c9c380}}, 0x0)
tkill(r0, 0x401104000000016)

[ 1933.886306][T16017] FAT-fs (loop4): bogus number of reserved sectors
[ 1933.900828][T16017] FAT-fs (loop4): Can't find a valid FAT filesystem
03:49:38 executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000007000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, &(0x7f0000000040))
ioctl$KVM_GET_REG_LIST(0xffffffffffffffff, 0xc008aeb0, 0x0)
dup(0xffffffffffffffff)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r3 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x48186, 0x0)
ioctl$int_in(r3, 0x0, &(0x7f0000000300))
socket$inet(0x2, 0x80001, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00')
sendmsg$IPVS_CMD_DEL_DEST(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x28, r5, 0x1, 0x0, 0x0, {}, [@IPVS_CMD_ATTR_SERVICE={0x14, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_PORT={0x6}, @IPVS_SVC_ATTR_PROTOCOL={0x6}]}]}, 0x28}}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000240)={0x0, <r6=>0x0})
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x4000000000000000}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r6+30000000}, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(r2, 0x4068aea3, &(0x7f0000000140)={0x7b})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x100, 0x40000004, 0x0, 0x0, 0x0, 0x4cb, 0x80000000], 0x10000})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

[ 1933.969890][   T26] kauditd_printk_skb: 9 callbacks suppressed
[ 1933.969911][   T26] audit: type=1800 audit(1580356178.332:473): pid=16017 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.4" name="bus" dev="sda1" ino=16813 res=0
03:49:38 executing program 3:
r0 = gettid()
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)}], 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r1 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r1, 0x800)
lseek(r1, 0x0, 0x2)
r2 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r1, r2, 0x0, 0x8400fffffffa)
sendfile(r1, 0xffffffffffffffff, 0x0, 0x280900)
timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x1c9c380}}, 0x0)
tkill(r0, 0x401104000000016)

03:49:38 executing program 4:
r0 = gettid()
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)}], 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r1 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r1, 0x800)
lseek(r1, 0x0, 0x2)
r2 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r1, r2, 0x0, 0x8400fffffffa)
sendfile(0xffffffffffffffff, r2, 0x0, 0x280900)
timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x1c9c380}}, 0x0)
tkill(r0, 0x401104000000016)

03:49:38 executing program 2:
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r0 = creat(0x0, 0x0)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r1 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r0, r1, 0x0, 0x8400fffffffa)
sendfile(r0, r1, 0x0, 0x280900)

03:49:38 executing program 1:
sendmsg(0xffffffffffffffff, 0x0, 0x0)
r0 = gettid()
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r1 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
lseek(r1, 0x0, 0x2)
r2 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r1, r2, 0x0, 0x8400fffffffa)
sendfile(r1, r2, 0x0, 0x280900)
timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x1c9c380}}, 0x0)
tkill(r0, 0x401104000000016)

[ 1934.388454][   T26] audit: type=1800 audit(1580356178.752:474): pid=16144 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.3" name="bus" dev="sda1" ino=16723 res=0
03:49:38 executing program 4:
sendmsg(0xffffffffffffffff, 0x0, 0x0)
r0 = gettid()
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r1 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r1, 0x800)
r2 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r1, r2, 0x0, 0x8400fffffffa)
sendfile(r1, r2, 0x0, 0x280900)
timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x1c9c380}}, 0x0)
tkill(r0, 0x401104000000016)

03:49:38 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, 0x0)
openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x48186, 0x0)
ioctl$int_in(0xffffffffffffffff, 0x800000c004500a, &(0x7f0000000300))
socket$inet(0x2, 0x80001, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IPVS_CMD_DEL_DEST(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000240)={0x0, <r2=>0x0})
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x401f0000}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(0xffffffffffffffff, 0x4068aea3, &(0x7f0000000140)={0x7b})
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x40000004, 0x0, 0x0, 0x0, 0x4cb, 0x80000000], 0x10000})

[ 1934.517847][T16138] FAT-fs (loop3): bogus number of reserved sectors
03:49:39 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000007000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, &(0x7f0000000040))
ioctl$KVM_GET_REG_LIST(0xffffffffffffffff, 0xc008aeb0, 0x0)
dup(0xffffffffffffffff)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r3 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x48186, 0x0)
ioctl$int_in(r3, 0x0, &(0x7f0000000300))
socket$inet(0x2, 0x80001, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00')
sendmsg$IPVS_CMD_DEL_DEST(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x28, r5, 0x1, 0x0, 0x0, {}, [@IPVS_CMD_ATTR_SERVICE={0x14, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_PORT={0x6}, @IPVS_SVC_ATTR_PROTOCOL={0x6}]}]}, 0x28}}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000240)={0x0, <r6=>0x0})
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0xffffff7f}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r6+30000000}, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(r2, 0x4068aea3, &(0x7f0000000140)={0x7b})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x100, 0x40000004, 0x0, 0x0, 0x0, 0x4cb, 0x80000000], 0x10000})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

[ 1934.599149][   T26] audit: type=1800 audit(1580356178.962:475): pid=16257 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.4" name="bus" dev="loop4" ino=274 res=0
[ 1934.605995][T16138] FAT-fs (loop3): Can't find a valid FAT filesystem
[ 1934.749309][   T26] audit: type=1800 audit(1580356179.112:476): pid=16268 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.1" name="bus" dev="sda1" ino=16610 res=0
03:49:39 executing program 2:
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r0 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(0xffffffffffffffff, 0x800)
lseek(r0, 0x0, 0x2)
r1 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r0, r1, 0x0, 0x8400fffffffa)
sendfile(r0, r1, 0x0, 0x280900)

03:49:39 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, 0x0)
openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x48186, 0x0)
ioctl$int_in(0xffffffffffffffff, 0x800000c004500a, &(0x7f0000000300))
socket$inet(0x2, 0x80001, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IPVS_CMD_DEL_DEST(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000240)={0x0, <r2=>0x0})
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x4d010000}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(0xffffffffffffffff, 0x4068aea3, &(0x7f0000000140)={0x7b})
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x40000004, 0x0, 0x0, 0x0, 0x4cb, 0x80000000], 0x10000})

03:49:39 executing program 1:
sendmsg(0xffffffffffffffff, 0x0, 0x0)
r0 = gettid()
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r1 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r1, 0x800)
lseek(r1, 0x0, 0x2)
r2 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r1, r2, 0x0, 0x280900)
timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x1c9c380}}, 0x0)
tkill(r0, 0x401104000000016)

03:49:39 executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000007000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, &(0x7f0000000040))
ioctl$KVM_GET_REG_LIST(0xffffffffffffffff, 0xc008aeb0, 0x0)
dup(0xffffffffffffffff)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r3 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x48186, 0x0)
ioctl$int_in(r3, 0x0, &(0x7f0000000300))
socket$inet(0x2, 0x80001, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00')
sendmsg$IPVS_CMD_DEL_DEST(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x28, r5, 0x1, 0x0, 0x0, {}, [@IPVS_CMD_ATTR_SERVICE={0x14, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_PORT={0x6}, @IPVS_SVC_ATTR_PROTOCOL={0x6}]}]}, 0x28}}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000240)={0x0, <r6=>0x0})
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x401f000000000000}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r6+30000000}, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(r2, 0x4068aea3, &(0x7f0000000140)={0x7b})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x100, 0x40000004, 0x0, 0x0, 0x0, 0x4cb, 0x80000000], 0x10000})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

03:49:39 executing program 3:
r0 = gettid()
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)}], 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r1 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r1, 0x800)
lseek(r1, 0x0, 0x2)
r2 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r1, r2, 0x0, 0x8400fffffffa)
sendfile(r1, 0xffffffffffffffff, 0x0, 0x280900)
timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x1c9c380}}, 0x0)
tkill(r0, 0x401104000000016)

[ 1935.238205][T16396] FAT-fs (loop3): bogus number of reserved sectors
[ 1935.244898][T16396] FAT-fs (loop3): Can't find a valid FAT filesystem
[ 1935.308766][   T26] audit: type=1800 audit(1580356179.672:477): pid=16396 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.3" name="bus" dev="sda1" ino=16764 res=0
03:49:39 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000007000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, &(0x7f0000000040))
ioctl$KVM_GET_REG_LIST(0xffffffffffffffff, 0xc008aeb0, 0x0)
dup(0xffffffffffffffff)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r3 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x48186, 0x0)
ioctl$int_in(r3, 0x0, &(0x7f0000000300))
socket$inet(0x2, 0x80001, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00')
sendmsg$IPVS_CMD_DEL_DEST(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x28, r5, 0x1, 0x0, 0x0, {}, [@IPVS_CMD_ATTR_SERVICE={0x14, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_PORT={0x6}, @IPVS_SVC_ATTR_PROTOCOL={0x6}]}]}, 0x28}}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000240)={0x0, <r6=>0x0})
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0xffffff7f}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r6+30000000}, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(r2, 0x4068aea3, &(0x7f0000000140)={0x7b})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x100, 0x40000004, 0x0, 0x0, 0x0, 0x4cb, 0x80000000], 0x10000})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

[ 1935.380293][   T26] audit: type=1800 audit(1580356179.672:478): pid=16399 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.2" name="bus" dev="sda1" ino=16658 res=0
03:49:39 executing program 3:
r0 = gettid()
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)}], 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r1 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r1, 0x800)
lseek(r1, 0x0, 0x2)
r2 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r1, r2, 0x0, 0x8400fffffffa)
sendfile(r1, 0xffffffffffffffff, 0x0, 0x280900)
timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x1c9c380}}, 0x0)
tkill(r0, 0x401104000000016)

03:49:40 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, 0x0)
openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x48186, 0x0)
ioctl$int_in(0xffffffffffffffff, 0x800000c004500a, &(0x7f0000000300))
socket$inet(0x2, 0x80001, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IPVS_CMD_DEL_DEST(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000240)={0x0, <r2=>0x0})
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x64000000}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(0xffffffffffffffff, 0x4068aea3, &(0x7f0000000140)={0x7b})
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x40000004, 0x0, 0x0, 0x0, 0x4cb, 0x80000000], 0x10000})

03:49:40 executing program 2:
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r0 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(0xffffffffffffffff, 0x800)
lseek(r0, 0x0, 0x2)
r1 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r0, r1, 0x0, 0x8400fffffffa)
sendfile(r0, r1, 0x0, 0x280900)

[ 1935.578865][   T26] audit: type=1800 audit(1580356179.912:479): pid=16394 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.1" name="bus" dev="loop1" ino=275 res=0
03:49:40 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000007000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, &(0x7f0000000040))
ioctl$KVM_GET_REG_LIST(0xffffffffffffffff, 0xc008aeb0, 0x0)
dup(0xffffffffffffffff)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r3 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x48186, 0x0)
ioctl$int_in(r3, 0x0, &(0x7f0000000300))
socket$inet(0x2, 0x80001, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00')
sendmsg$IPVS_CMD_DEL_DEST(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x28, r5, 0x1, 0x0, 0x0, {}, [@IPVS_CMD_ATTR_SERVICE={0x14, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_PORT={0x6}, @IPVS_SVC_ATTR_PROTOCOL={0x6}]}]}, 0x28}}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000240)={0x0, <r6=>0x0})
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0xffffff7f}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r6+30000000}, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(r2, 0x4068aea3, &(0x7f0000000140)={0x7b})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x100, 0x40000004, 0x0, 0x0, 0x0, 0x4cb, 0x80000000], 0x10000})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

03:49:40 executing program 1:
sendmsg(0xffffffffffffffff, 0x0, 0x0)
r0 = gettid()
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r1 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r1, 0x800)
lseek(r1, 0x0, 0x2)
r2 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r1, r2, 0x0, 0x280900)
timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x1c9c380}}, 0x0)
tkill(r0, 0x401104000000016)

[ 1935.869480][T16524] FAT-fs (loop3): bogus number of reserved sectors
[ 1935.927780][   T26] audit: type=1800 audit(1580356180.292:480): pid=16538 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.2" name="bus" dev="sda1" ino=16727 res=0
[ 1935.933298][T16524] FAT-fs (loop3): Can't find a valid FAT filesystem
[ 1935.967440][   T26] audit: type=1800 audit(1580356180.332:481): pid=16532 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.3" name="bus" dev="sda1" ino=16830 res=0
03:49:40 executing program 4:
sendmsg(0xffffffffffffffff, 0x0, 0x0)
r0 = gettid()
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r1 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r1, 0x800)
lseek(r1, 0x0, 0x2)
r2 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r1, r2, 0x0, 0x280900)
timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x1c9c380}}, 0x0)
tkill(r0, 0x401104000000016)

03:49:40 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, 0x0)
openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x48186, 0x0)
ioctl$int_in(0xffffffffffffffff, 0x800000c004500a, &(0x7f0000000300))
socket$inet(0x2, 0x80001, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IPVS_CMD_DEL_DEST(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000240)={0x0, <r2=>0x0})
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x7c150000}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(0xffffffffffffffff, 0x4068aea3, &(0x7f0000000140)={0x7b})
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x40000004, 0x0, 0x0, 0x0, 0x4cb, 0x80000000], 0x10000})

03:49:40 executing program 3:
r0 = gettid()
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)}], 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r1 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r1, 0x800)
lseek(r1, 0x0, 0x2)
r2 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r1, r2, 0x0, 0x8400fffffffa)
sendfile(r1, r2, 0x0, 0x0)
timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x1c9c380}}, 0x0)
tkill(r0, 0x401104000000016)

03:49:40 executing program 2:
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r0 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(0xffffffffffffffff, 0x800)
lseek(r0, 0x0, 0x2)
r1 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r0, r1, 0x0, 0x8400fffffffa)
sendfile(r0, r1, 0x0, 0x280900)

[ 1936.392007][   T26] audit: type=1800 audit(1580356180.752:482): pid=16655 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.4" name="bus" dev="loop4" ino=277 res=0
[ 1936.421139][T16667] FAT-fs (loop3): bogus number of reserved sectors
03:49:40 executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000007000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, &(0x7f0000000040))
ioctl$KVM_GET_REG_LIST(0xffffffffffffffff, 0xc008aeb0, 0x0)
dup(0xffffffffffffffff)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r3 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x48186, 0x0)
ioctl$int_in(r3, 0x0, &(0x7f0000000300))
socket$inet(0x2, 0x80001, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00')
sendmsg$IPVS_CMD_DEL_DEST(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x28, r5, 0x1, 0x0, 0x0, {}, [@IPVS_CMD_ATTR_SERVICE={0x14, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_PORT={0x6}, @IPVS_SVC_ATTR_PROTOCOL={0x6}]}]}, 0x28}}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000240)={0x0, <r6=>0x0})
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x4d01000000000000}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r6+30000000}, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(r2, 0x4068aea3, &(0x7f0000000140)={0x7b})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x100, 0x40000004, 0x0, 0x0, 0x0, 0x4cb, 0x80000000], 0x10000})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

[ 1936.463310][T16667] FAT-fs (loop3): Can't find a valid FAT filesystem
03:49:41 executing program 4:
sendmsg(0xffffffffffffffff, 0x0, 0x0)
r0 = gettid()
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r1 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r1, 0x800)
lseek(r1, 0x0, 0x2)
r2 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r1, r2, 0x0, 0x280900)
timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x1c9c380}}, 0x0)
tkill(r0, 0x401104000000016)

03:49:41 executing program 2:
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r0 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r0, 0x0)
lseek(r0, 0x0, 0x2)
r1 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r0, r1, 0x0, 0x8400fffffffa)
sendfile(r0, r1, 0x0, 0x280900)

03:49:41 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, 0x0)
openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x48186, 0x0)
ioctl$int_in(0xffffffffffffffff, 0x800000c004500a, &(0x7f0000000300))
socket$inet(0x2, 0x80001, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IPVS_CMD_DEL_DEST(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000240)={0x0, <r2=>0x0})
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1d}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(0xffffffffffffffff, 0x4068aea3, &(0x7f0000000140)={0x7b})
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x40000004, 0x0, 0x0, 0x0, 0x4cb, 0x80000000], 0x10000})

03:49:41 executing program 3:
r0 = gettid()
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)}], 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r1 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r1, 0x800)
lseek(r1, 0x0, 0x2)
r2 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r1, r2, 0x0, 0x8400fffffffa)
sendfile(r1, r2, 0x0, 0x0)
timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x1c9c380}}, 0x0)
tkill(r0, 0x401104000000016)

[ 1936.945709][T16796] FAT-fs (loop3): bogus number of reserved sectors
[ 1936.962109][T16796] FAT-fs (loop3): Can't find a valid FAT filesystem
03:49:41 executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000007000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, &(0x7f0000000040))
ioctl$KVM_GET_REG_LIST(0xffffffffffffffff, 0xc008aeb0, 0x0)
dup(0xffffffffffffffff)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r3 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x48186, 0x0)
ioctl$int_in(r3, 0x0, &(0x7f0000000300))
socket$inet(0x2, 0x80001, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00')
sendmsg$IPVS_CMD_DEL_DEST(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x28, r5, 0x1, 0x0, 0x0, {}, [@IPVS_CMD_ATTR_SERVICE={0x14, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_PORT={0x6}, @IPVS_SVC_ATTR_PROTOCOL={0x6}]}]}, 0x28}}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000240)={0x0, <r6=>0x0})
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x6400000000000000}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r6+30000000}, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(r2, 0x4068aea3, &(0x7f0000000140)={0x7b})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x100, 0x40000004, 0x0, 0x0, 0x0, 0x4cb, 0x80000000], 0x10000})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

03:49:41 executing program 4:
sendmsg(0xffffffffffffffff, 0x0, 0x0)
r0 = gettid()
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r1 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r1, 0x800)
lseek(r1, 0x0, 0x2)
r2 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r1, r2, 0x0, 0x280900)
timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x1c9c380}}, 0x0)
tkill(r0, 0x401104000000016)

03:49:41 executing program 3:
r0 = gettid()
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)}], 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r1 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r1, 0x800)
lseek(r1, 0x0, 0x2)
r2 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r1, r2, 0x0, 0x8400fffffffa)
sendfile(r1, r2, 0x0, 0x0)
timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x1c9c380}}, 0x0)
tkill(r0, 0x401104000000016)

03:49:41 executing program 2:
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r0 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r0, 0x0)
lseek(r0, 0x0, 0x2)
r1 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r0, r1, 0x0, 0x8400fffffffa)
sendfile(r0, r1, 0x0, 0x280900)

03:49:41 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, 0x0)
openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x48186, 0x0)
ioctl$int_in(0xffffffffffffffff, 0x800000c004500a, &(0x7f0000000300))
socket$inet(0x2, 0x80001, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IPVS_CMD_DEL_DEST(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000240)={0x0, <r2=>0x0})
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x9a020000}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(0xffffffffffffffff, 0x4068aea3, &(0x7f0000000140)={0x7b})
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x40000004, 0x0, 0x0, 0x0, 0x4cb, 0x80000000], 0x10000})

[ 1937.426759][T16926] FAT-fs (loop3): bogus number of reserved sectors
[ 1937.434683][T16926] FAT-fs (loop3): Can't find a valid FAT filesystem
03:49:41 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, 0x0)
openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x48186, 0x0)
ioctl$int_in(0xffffffffffffffff, 0x800000c004500a, &(0x7f0000000300))
socket$inet(0x2, 0x80001, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IPVS_CMD_DEL_DEST(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000240)={0x0, <r2=>0x0})
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x11}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(0xffffffffffffffff, 0x4068aea3, &(0x7f0000000140)={0x7b})
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x40000004, 0x0, 0x0, 0x0, 0x4cb, 0x80000000], 0x10000})

03:49:42 executing program 4:
prlimit64(0x0, 0xd, 0x0, 0x0)
getsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f0000000180), 0x0)
sched_setattr(0x0, 0x0, 0x0)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x40000000, &(0x7f0000004080))
ioctl$sock_inet6_SIOCSIFADDR(r0, 0x89a1, &(0x7f00000000c0)={@local={0xfe, 0x80, [0x600, 0x3ef, 0x0, 0x3f00000000000000, 0x100000000000000, 0x0, 0x1103, 0x0, 0x0, 0x0, 0x0, 0x6]}, 0x6})
open(0x0, 0x80000, 0x100)
ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, 0x0)
ioctl$sock_inet6_SIOCADDRT(r0, 0x89a0, &(0x7f00000005c0)={@local={0xfe, 0x80, [0x0, 0xfeff0000]}, @ipv4={[], [], @rand_addr=0xf9f}, @rand_addr="3bebd1e361008546541c1e095a2a1ebc", 0x100, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x42})
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x8031, 0xffffffffffffffff, 0x0)
accept$inet6(0xffffffffffffffff, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={[], [], @dev}}, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$VIDIOC_S_PRIORITY(0xffffffffffffffff, 0x40045644, 0x2)
dup(r1)
r2 = shmget(0x3, 0x3000, 0x78000200, &(0x7f0000ffd000/0x3000)=nil)
shmctl$IPC_RMID(r2, 0x0)
shmctl$SHM_LOCK(r2, 0xb)

03:49:42 executing program 3:
r0 = gettid()
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)}], 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r1 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r1, 0x800)
lseek(r1, 0x0, 0x2)
r2 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r1, r2, 0x0, 0x8400fffffffa)
sendfile(r1, r2, 0x0, 0x280900)
timer_create(0x0, 0x0, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x1c9c380}}, 0x0)
tkill(r0, 0x401104000000016)

03:49:42 executing program 2:
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r0 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r0, 0x0)
lseek(r0, 0x0, 0x2)
r1 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r0, r1, 0x0, 0x8400fffffffa)
sendfile(r0, r1, 0x0, 0x280900)

03:49:42 executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000007000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, &(0x7f0000000040))
ioctl$KVM_GET_REG_LIST(0xffffffffffffffff, 0xc008aeb0, 0x0)
dup(0xffffffffffffffff)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r3 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x48186, 0x0)
ioctl$int_in(r3, 0x0, &(0x7f0000000300))
socket$inet(0x2, 0x80001, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00')
sendmsg$IPVS_CMD_DEL_DEST(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x28, r5, 0x1, 0x0, 0x0, {}, [@IPVS_CMD_ATTR_SERVICE={0x14, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_PORT={0x6}, @IPVS_SVC_ATTR_PROTOCOL={0x6}]}]}, 0x28}}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000240)={0x0, <r6=>0x0})
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x7c15000000000000}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r6+30000000}, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(r2, 0x4068aea3, &(0x7f0000000140)={0x7b})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x100, 0x40000004, 0x0, 0x0, 0x0, 0x4cb, 0x80000000], 0x10000})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

[ 1937.943429][T17058] FAT-fs (loop3): bogus number of reserved sectors
[ 1937.950081][T17058] FAT-fs (loop3): Can't find a valid FAT filesystem
03:49:42 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000007000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, &(0x7f0000000040))
ioctl$KVM_GET_REG_LIST(0xffffffffffffffff, 0xc008aeb0, 0x0)
dup(0xffffffffffffffff)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r3 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x48186, 0x0)
ioctl$int_in(r3, 0x0, &(0x7f0000000300))
socket$inet(0x2, 0x80001, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00')
sendmsg$IPVS_CMD_DEL_DEST(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x28, r5, 0x1, 0x0, 0x0, {}, [@IPVS_CMD_ATTR_SERVICE={0x14, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_PORT={0x6}, @IPVS_SVC_ATTR_PROTOCOL={0x6}]}]}, 0x28}}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000240)={0x0, <r6=>0x0})
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x6400000000000000}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r6+30000000}, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(r2, 0x4068aea3, &(0x7f0000000140)={0x7b})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x100, 0x40000004, 0x0, 0x0, 0x0, 0x4cb, 0x80000000], 0x10000})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

03:49:42 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, 0x0)
openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x48186, 0x0)
ioctl$int_in(0xffffffffffffffff, 0x800000c004500a, &(0x7f0000000300))
socket$inet(0x2, 0x80001, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IPVS_CMD_DEL_DEST(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000240)={0x0, <r2=>0x0})
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0xa6050000}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(0xffffffffffffffff, 0x4068aea3, &(0x7f0000000140)={0x7b})
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x40000004, 0x0, 0x0, 0x0, 0x4cb, 0x80000000], 0x10000})

03:49:42 executing program 2:
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r0 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r0, 0x800)
lseek(0xffffffffffffffff, 0x0, 0x2)
r1 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r0, r1, 0x0, 0x8400fffffffa)
sendfile(r0, r1, 0x0, 0x280900)

03:49:42 executing program 3:
r0 = gettid()
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)}], 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r1 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r1, 0x800)
lseek(r1, 0x0, 0x2)
r2 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r1, r2, 0x0, 0x8400fffffffa)
sendfile(r1, r2, 0x0, 0x280900)
timer_create(0x0, 0x0, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x1c9c380}}, 0x0)
tkill(r0, 0x401104000000016)

03:49:42 executing program 4:
prlimit64(0x0, 0xd, 0x0, 0x0)
getsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f0000000180), 0x0)
sched_setattr(0x0, 0x0, 0x0)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x40000000, &(0x7f0000004080))
ioctl$sock_inet6_SIOCSIFADDR(r0, 0x89a1, &(0x7f00000000c0)={@local={0xfe, 0x80, [0x600, 0x3ef, 0x0, 0x3f00000000000000, 0x100000000000000, 0x0, 0x1103, 0x0, 0x0, 0x0, 0x0, 0x6]}, 0x6})
open(0x0, 0x80000, 0x100)
ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, 0x0)
ioctl$sock_inet6_SIOCADDRT(r0, 0x89a0, &(0x7f00000005c0)={@local={0xfe, 0x80, [0x0, 0xfeff0000]}, @ipv4={[], [], @rand_addr=0xf9f}, @rand_addr="3bebd1e361008546541c1e095a2a1ebc", 0x100, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x42})
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x8031, 0xffffffffffffffff, 0x0)
accept$inet6(0xffffffffffffffff, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={[], [], @dev}}, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$VIDIOC_S_PRIORITY(0xffffffffffffffff, 0x40045644, 0x2)
dup(r1)
r2 = shmget(0x3, 0x3000, 0x78000200, &(0x7f0000ffd000/0x3000)=nil)
shmctl$IPC_RMID(r2, 0x0)
shmctl$SHM_LOCK(r2, 0xb)

03:49:43 executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000007000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, &(0x7f0000000040))
ioctl$KVM_GET_REG_LIST(0xffffffffffffffff, 0xc008aeb0, 0x0)
dup(0xffffffffffffffff)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r3 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x48186, 0x0)
ioctl$int_in(r3, 0x0, &(0x7f0000000300))
socket$inet(0x2, 0x80001, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00')
sendmsg$IPVS_CMD_DEL_DEST(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x28, r5, 0x1, 0x0, 0x0, {}, [@IPVS_CMD_ATTR_SERVICE={0x14, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_PORT={0x6}, @IPVS_SVC_ATTR_PROTOCOL={0x6}]}]}, 0x28}}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000240)={0x0, <r6=>0x0})
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x9a02000000000000}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r6+30000000}, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(r2, 0x4068aea3, &(0x7f0000000140)={0x7b})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x100, 0x40000004, 0x0, 0x0, 0x0, 0x4cb, 0x80000000], 0x10000})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

[ 1938.732641][T17199] FAT-fs (loop3): bogus number of reserved sectors
[ 1938.745336][T17199] FAT-fs (loop3): Can't find a valid FAT filesystem
03:49:43 executing program 1:
r0 = gettid()
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)}], 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r1 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r1, 0x800)
lseek(r1, 0x0, 0x2)
r2 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r1, r2, 0x0, 0x8400fffffffa)
sendfile(r1, r2, 0x0, 0x0)
timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x1c9c380}}, 0x0)
tkill(r0, 0x401104000000016)

03:49:43 executing program 2:
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r0 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r0, 0x800)
lseek(0xffffffffffffffff, 0x0, 0x2)
r1 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r0, r1, 0x0, 0x8400fffffffa)
sendfile(r0, r1, 0x0, 0x280900)

[ 1938.944508][T17223] FAT-fs (loop1): bogus number of reserved sectors
[ 1938.969805][T17223] FAT-fs (loop1): Can't find a valid FAT filesystem
03:49:43 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, 0x0)
openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x48186, 0x0)
ioctl$int_in(0xffffffffffffffff, 0x800000c004500a, &(0x7f0000000300))
socket$inet(0x2, 0x80001, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IPVS_CMD_DEL_DEST(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000240)={0x0, <r2=>0x0})
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0xfeffffff}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(0xffffffffffffffff, 0x4068aea3, &(0x7f0000000140)={0x7b})
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x40000004, 0x0, 0x0, 0x0, 0x4cb, 0x80000000], 0x10000})

[ 1939.131169][   T26] kauditd_printk_skb: 11 callbacks suppressed
[ 1939.131190][   T26] audit: type=1800 audit(1580356183.492:494): pid=17223 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.1" name="bus" dev="sda1" ino=16503 res=0
03:49:43 executing program 2:
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r0 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r0, 0x800)
lseek(0xffffffffffffffff, 0x0, 0x2)
r1 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r0, r1, 0x0, 0x8400fffffffa)
sendfile(r0, r1, 0x0, 0x280900)

[ 1939.319119][   T26] audit: type=1800 audit(1580356183.632:495): pid=17325 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.2" name="bus" dev="loop2" ino=281 res=0
03:49:43 executing program 2:
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r0 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x0)
r1 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r0, r1, 0x0, 0x8400fffffffa)
sendfile(r0, r1, 0x0, 0x280900)

[ 1939.506725][   T26] audit: type=1800 audit(1580356183.872:496): pid=17342 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.2" name="bus" dev="loop2" ino=282 res=0
03:49:43 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, 0x0)
openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x48186, 0x0)
ioctl$int_in(0xffffffffffffffff, 0x800000c004500a, &(0x7f0000000300))
socket$inet(0x2, 0x80001, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IPVS_CMD_DEL_DEST(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000240)={0x0, <r2=>0x0})
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0xa6050000}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(0xffffffffffffffff, 0x4068aea3, &(0x7f0000000140)={0x7b})
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x40000004, 0x0, 0x0, 0x0, 0x4cb, 0x80000000], 0x10000})

03:49:43 executing program 4:
prlimit64(0x0, 0xd, 0x0, 0x0)
getsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f0000000180), 0x0)
sched_setattr(0x0, 0x0, 0x0)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x40000000, &(0x7f0000004080))
ioctl$sock_inet6_SIOCSIFADDR(r0, 0x89a1, &(0x7f00000000c0)={@local={0xfe, 0x80, [0x600, 0x3ef, 0x0, 0x3f00000000000000, 0x100000000000000, 0x0, 0x1103, 0x0, 0x0, 0x0, 0x0, 0x6]}, 0x6})
open(0x0, 0x80000, 0x100)
ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, 0x0)
ioctl$sock_inet6_SIOCADDRT(r0, 0x89a0, &(0x7f00000005c0)={@local={0xfe, 0x80, [0x0, 0xfeff0000]}, @ipv4={[], [], @rand_addr=0xf9f}, @rand_addr="3bebd1e361008546541c1e095a2a1ebc", 0x100, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x42})
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x8031, 0xffffffffffffffff, 0x0)
accept$inet6(0xffffffffffffffff, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={[], [], @dev}}, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$VIDIOC_S_PRIORITY(0xffffffffffffffff, 0x40045644, 0x2)
dup(r1)
r2 = shmget(0x3, 0x3000, 0x78000200, &(0x7f0000ffd000/0x3000)=nil)
shmctl$IPC_RMID(r2, 0x0)
shmctl$SHM_LOCK(r2, 0xb)

03:49:43 executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000007000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, &(0x7f0000000040))
ioctl$KVM_GET_REG_LIST(0xffffffffffffffff, 0xc008aeb0, 0x0)
dup(0xffffffffffffffff)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r3 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x48186, 0x0)
ioctl$int_in(r3, 0x0, &(0x7f0000000300))
socket$inet(0x2, 0x80001, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00')
sendmsg$IPVS_CMD_DEL_DEST(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x28, r5, 0x1, 0x0, 0x0, {}, [@IPVS_CMD_ATTR_SERVICE={0x14, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_PORT={0x6}, @IPVS_SVC_ATTR_PROTOCOL={0x6}]}]}, 0x28}}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000240)={0x0, <r6=>0x0})
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0xa305000000000000}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r6+30000000}, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(r2, 0x4068aea3, &(0x7f0000000140)={0x7b})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x100, 0x40000004, 0x0, 0x0, 0x0, 0x4cb, 0x80000000], 0x10000})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

[ 1939.749081][   T26] audit: type=1800 audit(1580356184.112:497): pid=17350 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.2" name="bus" dev="loop2" ino=283 res=0
03:49:44 executing program 2:
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r0 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x0)
r1 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r0, r1, 0x0, 0x8400fffffffa)
sendfile(r0, r1, 0x0, 0x280900)

[ 1940.063871][   T26] audit: type=1800 audit(1580356184.432:498): pid=17464 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.2" name="bus" dev="loop2" ino=284 res=0
03:49:46 executing program 3:
r0 = gettid()
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)}], 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r1 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r1, 0x800)
lseek(r1, 0x0, 0x2)
r2 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r1, r2, 0x0, 0x8400fffffffa)
sendfile(r1, r2, 0x0, 0x280900)
timer_create(0x0, 0x0, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x1c9c380}}, 0x0)
tkill(r0, 0x401104000000016)

03:49:46 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000007000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, &(0x7f0000000040))
ioctl$KVM_GET_REG_LIST(0xffffffffffffffff, 0xc008aeb0, 0x0)
dup(0xffffffffffffffff)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r3 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x48186, 0x0)
ioctl$int_in(r3, 0x0, &(0x7f0000000300))
socket$inet(0x2, 0x80001, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00')
sendmsg$IPVS_CMD_DEL_DEST(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x28, r5, 0x1, 0x0, 0x0, {}, [@IPVS_CMD_ATTR_SERVICE={0x14, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_PORT={0x6}, @IPVS_SVC_ATTR_PROTOCOL={0x6}]}]}, 0x28}}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000240)={0x0, <r6=>0x0})
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x9a02000000000000}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r6+30000000}, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(r2, 0x4068aea3, &(0x7f0000000140)={0x7b})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x100, 0x40000004, 0x0, 0x0, 0x0, 0x4cb, 0x80000000], 0x10000})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

03:49:46 executing program 2:
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r0 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x0)
r1 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r0, r1, 0x0, 0x8400fffffffa)
sendfile(r0, r1, 0x0, 0x280900)

03:49:46 executing program 1:
prlimit64(0x0, 0xd, 0x0, 0x0)
getsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f0000000180), 0x0)
sched_setattr(0x0, 0x0, 0x0)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x40000000, &(0x7f0000004080))
ioctl$sock_inet6_SIOCSIFADDR(r0, 0x89a1, &(0x7f00000000c0)={@local={0xfe, 0x80, [0x600, 0x3ef, 0x0, 0x3f00000000000000, 0x100000000000000, 0x0, 0x1103, 0x0, 0x0, 0x0, 0x0, 0x6]}, 0x6})
open(0x0, 0x80000, 0x100)
ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, 0x0)
ioctl$sock_inet6_SIOCADDRT(r0, 0x89a0, &(0x7f00000005c0)={@local={0xfe, 0x80, [0x0, 0xfeff0000]}, @ipv4={[], [], @rand_addr=0xf9f}, @rand_addr="3bebd1e361008546541c1e095a2a1ebc", 0x100, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x42})
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x8031, 0xffffffffffffffff, 0x0)
accept$inet6(0xffffffffffffffff, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={[], [], @dev}}, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$VIDIOC_S_PRIORITY(0xffffffffffffffff, 0x40045644, 0x2)
dup(r1)
r2 = shmget(0x3, 0x3000, 0x78000200, &(0x7f0000ffd000/0x3000)=nil)
shmctl$IPC_RMID(r2, 0x0)
shmctl$SHM_LOCK(r2, 0xb)

03:49:46 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, 0x0)
openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x48186, 0x0)
ioctl$int_in(0xffffffffffffffff, 0x800000c004500a, &(0x7f0000000300))
socket$inet(0x2, 0x80001, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IPVS_CMD_DEL_DEST(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000240)={0x0, <r2=>0x0})
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0xffffff7f}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(0xffffffffffffffff, 0x4068aea3, &(0x7f0000000140)={0x7b})
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x40000004, 0x0, 0x0, 0x0, 0x4cb, 0x80000000], 0x10000})

03:49:46 executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000007000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, &(0x7f0000000040))
ioctl$KVM_GET_REG_LIST(0xffffffffffffffff, 0xc008aeb0, 0x0)
dup(0xffffffffffffffff)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r3 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x48186, 0x0)
ioctl$int_in(r3, 0x0, &(0x7f0000000300))
socket$inet(0x2, 0x80001, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00')
sendmsg$IPVS_CMD_DEL_DEST(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x28, r5, 0x1, 0x0, 0x0, {}, [@IPVS_CMD_ATTR_SERVICE={0x14, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_PORT={0x6}, @IPVS_SVC_ATTR_PROTOCOL={0x6}]}]}, 0x28}}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000240)={0x0, <r6=>0x0})
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0xfefdffff00000000}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r6+30000000}, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(r2, 0x4068aea3, &(0x7f0000000140)={0x7b})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x100, 0x40000004, 0x0, 0x0, 0x0, 0x4cb, 0x80000000], 0x10000})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

[ 1941.862432][   T26] audit: type=1800 audit(1580356186.222:499): pid=17484 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.2" name="bus" dev="loop2" ino=285 res=0
03:49:46 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, 0x0)
openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x48186, 0x0)
ioctl$int_in(0xffffffffffffffff, 0x800000c004500a, &(0x7f0000000300))
socket$inet(0x2, 0x80001, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IPVS_CMD_DEL_DEST(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000240)={0x0, <r2=>0x0})
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0xfeffffff}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(0xffffffffffffffff, 0x4068aea3, &(0x7f0000000140)={0x7b})
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x40000004, 0x0, 0x0, 0x0, 0x4cb, 0x80000000], 0x10000})

03:49:46 executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000007000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, &(0x7f0000000040))
ioctl$KVM_GET_REG_LIST(0xffffffffffffffff, 0xc008aeb0, 0x0)
dup(0xffffffffffffffff)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r3 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x48186, 0x0)
ioctl$int_in(r3, 0x0, &(0x7f0000000300))
socket$inet(0x2, 0x80001, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00')
sendmsg$IPVS_CMD_DEL_DEST(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x28, r5, 0x1, 0x0, 0x0, {}, [@IPVS_CMD_ATTR_SERVICE={0x14, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_PORT={0x6}, @IPVS_SVC_ATTR_PROTOCOL={0x6}]}]}, 0x28}}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000240)={0x0, <r6=>0x0})
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0xfeffffff00000000}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r6+30000000}, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(r2, 0x4068aea3, &(0x7f0000000140)={0x7b})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x100, 0x40000004, 0x0, 0x0, 0x0, 0x4cb, 0x80000000], 0x10000})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

03:49:46 executing program 2:
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r0 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r1 = open(0x0, 0x84002, 0x0)
sendfile(r0, r1, 0x0, 0x8400fffffffa)
sendfile(r0, r1, 0x0, 0x280900)

03:49:46 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, 0x0)
openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x48186, 0x0)
ioctl$int_in(0xffffffffffffffff, 0x800000c004500a, &(0x7f0000000300))
socket$inet(0x2, 0x80001, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IPVS_CMD_DEL_DEST(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000240)={0x0, <r2=>0x0})
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0xfffffffe}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(0xffffffffffffffff, 0x4068aea3, &(0x7f0000000140)={0x7b})
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x40000004, 0x0, 0x0, 0x0, 0x4cb, 0x80000000], 0x10000})

[ 1942.037263][T17506] FAT-fs (loop3): bogus number of reserved sectors
[ 1942.072873][T17506] FAT-fs (loop3): Can't find a valid FAT filesystem
[ 1942.134918][   T26] audit: type=1800 audit(1580356186.502:500): pid=17506 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.3" name="bus" dev="sda1" ino=16547 res=0
03:49:46 executing program 3:
r0 = gettid()
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)}], 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r1 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r1, 0x800)
lseek(r1, 0x0, 0x2)
r2 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r1, r2, 0x0, 0x8400fffffffa)
sendfile(r1, r2, 0x0, 0x280900)
timer_create(0x0, &(0x7f0000000000)={0x0, 0x0, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x1c9c380}}, 0x0)
tkill(r0, 0x401104000000016)

03:49:46 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000007000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, &(0x7f0000000040))
ioctl$KVM_GET_REG_LIST(0xffffffffffffffff, 0xc008aeb0, 0x0)
dup(0xffffffffffffffff)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r3 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x48186, 0x0)
ioctl$int_in(r3, 0x0, &(0x7f0000000300))
socket$inet(0x2, 0x80001, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00')
sendmsg$IPVS_CMD_DEL_DEST(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x28, r5, 0x1, 0x0, 0x0, {}, [@IPVS_CMD_ATTR_SERVICE={0x14, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_PORT={0x6}, @IPVS_SVC_ATTR_PROTOCOL={0x6}]}]}, 0x28}}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000240)={0x0, <r6=>0x0})
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x9a02000000000000}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r6+30000000}, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(r2, 0x4068aea3, &(0x7f0000000140)={0x7b})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x100, 0x40000004, 0x0, 0x0, 0x0, 0x4cb, 0x80000000], 0x10000})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

03:49:46 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, 0x0)
openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x48186, 0x0)
ioctl$int_in(0xffffffffffffffff, 0x800000c004500a, &(0x7f0000000300))
socket$inet(0x2, 0x80001, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IPVS_CMD_DEL_DEST(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000240)={0x0, <r2=>0x0})
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0xfeffffff}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(0xffffffffffffffff, 0x4068aea3, &(0x7f0000000140)={0x7b})
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x40000004, 0x0, 0x0, 0x0, 0x4cb, 0x80000000], 0x10000})

03:49:46 executing program 2:
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r0 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r1 = open(0x0, 0x84002, 0x0)
sendfile(r0, r1, 0x0, 0x8400fffffffa)
sendfile(r0, r1, 0x0, 0x280900)

[ 1942.664561][T17647] FAT-fs (loop3): bogus number of reserved sectors
03:49:47 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, 0x0)
openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x48186, 0x0)
ioctl$int_in(0xffffffffffffffff, 0x800000c004500a, &(0x7f0000000300))
socket$inet(0x2, 0x80001, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IPVS_CMD_DEL_DEST(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000240)={0x0, <r2=>0x0})
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0xfeffffff}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(0xffffffffffffffff, 0x4068aea3, &(0x7f0000000140)={0x7b})
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x40000004, 0x0, 0x0, 0x0, 0x4cb, 0x80000000], 0x10000})

[ 1942.706323][T17647] FAT-fs (loop3): Can't find a valid FAT filesystem
[ 1942.733486][   T26] audit: type=1800 audit(1580356187.102:501): pid=17653 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.3" name="bus" dev="sda1" ino=17249 res=0
03:49:47 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, 0x0)
openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x48186, 0x0)
ioctl$int_in(0xffffffffffffffff, 0x800000c004500a, &(0x7f0000000300))
socket$inet(0x2, 0x80001, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IPVS_CMD_DEL_DEST(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000240)={0x0, <r2=>0x0})
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0xffffff7f}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(0xffffffffffffffff, 0x4068aea3, &(0x7f0000000140)={0x7b})
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x40000004, 0x0, 0x0, 0x0, 0x4cb, 0x80000000], 0x10000})

03:49:47 executing program 2:
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r0 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r1 = open(0x0, 0x84002, 0x0)
sendfile(r0, r1, 0x0, 0x8400fffffffa)
sendfile(r0, r1, 0x0, 0x280900)

03:49:47 executing program 2:
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r0 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r1 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0)
sendfile(r0, r1, 0x0, 0x8400fffffffa)
sendfile(r0, r1, 0x0, 0x280900)

03:49:47 executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000007000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, &(0x7f0000000040))
ioctl$KVM_GET_REG_LIST(0xffffffffffffffff, 0xc008aeb0, 0x0)
dup(0xffffffffffffffff)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r3 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x48186, 0x0)
ioctl$int_in(r3, 0x0, &(0x7f0000000300))
socket$inet(0x2, 0x80001, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00')
sendmsg$IPVS_CMD_DEL_DEST(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x28, r5, 0x1, 0x0, 0x0, {}, [@IPVS_CMD_ATTR_SERVICE={0x14, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_PORT={0x6}, @IPVS_SVC_ATTR_PROTOCOL={0x6}]}]}, 0x28}}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000240)={0x0, <r6=>0x0})
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0xffffff7f00000000}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r6+30000000}, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(r2, 0x4068aea3, &(0x7f0000000140)={0x7b})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x100, 0x40000004, 0x0, 0x0, 0x0, 0x4cb, 0x80000000], 0x10000})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

03:49:47 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, 0x0)
openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x48186, 0x0)
ioctl$int_in(0xffffffffffffffff, 0x800000c004500a, &(0x7f0000000300))
socket$inet(0x2, 0x80001, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IPVS_CMD_DEL_DEST(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000240)={0x0, <r2=>0x0})
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x10000000000}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(0xffffffffffffffff, 0x4068aea3, &(0x7f0000000140)={0x7b})
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x40000004, 0x0, 0x0, 0x0, 0x4cb, 0x80000000], 0x10000})

03:49:47 executing program 1:
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r0 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r1 = open(0x0, 0x84002, 0x0)
sendfile(r0, r1, 0x0, 0x8400fffffffa)
sendfile(r0, r1, 0x0, 0x280900)

[ 1943.268392][   T26] audit: type=1804 audit(1580356187.632:502): pid=17676 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir491121220/syzkaller.I6Dy3N/815/file0/bus" dev="loop2" ino=288 res=1
03:49:47 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, 0x0)
openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x48186, 0x0)
ioctl$int_in(0xffffffffffffffff, 0x800000c004500a, &(0x7f0000000300))
socket$inet(0x2, 0x80001, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IPVS_CMD_DEL_DEST(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000240)={0x0, <r2=>0x0})
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0xf}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(0xffffffffffffffff, 0x4068aea3, &(0x7f0000000140)={0x7b})
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x40000004, 0x0, 0x0, 0x0, 0x4cb, 0x80000000], 0x10000})

03:49:49 executing program 3:
r0 = gettid()
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)}], 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r1 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r1, 0x800)
lseek(r1, 0x0, 0x2)
r2 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r1, r2, 0x0, 0x8400fffffffa)
sendfile(r1, r2, 0x0, 0x280900)
timer_create(0x0, &(0x7f0000000000)={0x0, 0x0, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x1c9c380}}, 0x0)
tkill(r0, 0x401104000000016)

03:49:49 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, 0x0)
openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x48186, 0x0)
ioctl$int_in(0xffffffffffffffff, 0x800000c004500a, &(0x7f0000000300))
socket$inet(0x2, 0x80001, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IPVS_CMD_DEL_DEST(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000240)={0x0, <r2=>0x0})
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0xffffff7f}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(0xffffffffffffffff, 0x4068aea3, &(0x7f0000000140)={0x7b})
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x40000004, 0x0, 0x0, 0x0, 0x4cb, 0x80000000], 0x10000})

03:49:49 executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000007000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, &(0x7f0000000040))
ioctl$KVM_GET_REG_LIST(0xffffffffffffffff, 0xc008aeb0, 0x0)
dup(0xffffffffffffffff)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r3 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x48186, 0x0)
ioctl$int_in(r3, 0x0, &(0x7f0000000300))
socket$inet(0x2, 0x80001, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00')
sendmsg$IPVS_CMD_DEL_DEST(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x28, r5, 0x1, 0x0, 0x0, {}, [@IPVS_CMD_ATTR_SERVICE={0x14, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_PORT={0x6}, @IPVS_SVC_ATTR_PROTOCOL={0x6}]}]}, 0x28}}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000240)={0x0, <r6=>0x0})
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0xffffffff00000000}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r6+30000000}, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(r2, 0x4068aea3, &(0x7f0000000140)={0x7b})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x100, 0x40000004, 0x0, 0x0, 0x0, 0x4cb, 0x80000000], 0x10000})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

03:49:49 executing program 1:
sendmsg(0xffffffffffffffff, 0x0, 0x0)
gettid()
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r0 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r1 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r0, r1, 0x0, 0x8400fffffffa)
sendfile(r0, r1, 0x0, 0x280900)
timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x1c9c380}}, 0x0)

03:49:49 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, 0x0)
openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x48186, 0x0)
ioctl$int_in(0xffffffffffffffff, 0x800000c004500a, &(0x7f0000000300))
socket$inet(0x2, 0x80001, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IPVS_CMD_DEL_DEST(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000240)={0x0, <r2=>0x0})
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x150b0d264ea}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(0xffffffffffffffff, 0x4068aea3, &(0x7f0000000140)={0x7b})
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x40000004, 0x0, 0x0, 0x0, 0x4cb, 0x80000000], 0x10000})

03:49:49 executing program 2:
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r0 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r1 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0)
sendfile(r0, r1, 0x0, 0x8400fffffffa)
sendfile(r0, r1, 0x0, 0x280900)

[ 1945.741489][T17822] FAT-fs (loop3): bogus number of reserved sectors
[ 1945.785685][   T26] audit: type=1800 audit(1580356190.152:503): pid=17933 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.3" name="bus" dev="sda1" ino=17348 res=0
03:49:50 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, 0x0)
openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x48186, 0x0)
ioctl$int_in(0xffffffffffffffff, 0x800000c004500a, &(0x7f0000000300))
socket$inet(0x2, 0x80001, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IPVS_CMD_DEL_DEST(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000240)={0x0, <r2=>0x0})
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0xffffff7f}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(0xffffffffffffffff, 0x4068aea3, &(0x7f0000000140)={0x7b})
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x40000004, 0x0, 0x0, 0x0, 0x4cb, 0x80000000], 0x10000})

[ 1945.831152][T17822] FAT-fs (loop3): Can't find a valid FAT filesystem
03:49:50 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, 0x0)
openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x48186, 0x0)
ioctl$int_in(0xffffffffffffffff, 0x800000c004500a, &(0x7f0000000300))
socket$inet(0x2, 0x80001, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IPVS_CMD_DEL_DEST(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000240)={0x0, <r2=>0x0})
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x1000000000000}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(0xffffffffffffffff, 0x4068aea3, &(0x7f0000000140)={0x7b})
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x40000004, 0x0, 0x0, 0x0, 0x4cb, 0x80000000], 0x10000})

03:49:50 executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000007000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, &(0x7f0000000040))
ioctl$KVM_GET_REG_LIST(0xffffffffffffffff, 0xc008aeb0, 0x0)
dup(0xffffffffffffffff)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r3 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x48186, 0x0)
ioctl$int_in(r3, 0x0, &(0x7f0000000300))
socket$inet(0x2, 0x80001, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00')
sendmsg$IPVS_CMD_DEL_DEST(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x28, r5, 0x1, 0x0, 0x0, {}, [@IPVS_CMD_ATTR_SERVICE={0x14, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_PORT={0x6}, @IPVS_SVC_ATTR_PROTOCOL={0x6}]}]}, 0x28}}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000240)={0x0, <r6=>0x0})
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r6+30000000}, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(r2, 0x4068aea3, &(0x7f0000000140)={0x7b})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x100, 0x40000004, 0x0, 0x0, 0x0, 0x4cb, 0x80000000], 0x10000})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

03:49:50 executing program 2:
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r0 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r1 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0)
sendfile(r0, r1, 0x0, 0x8400fffffffa)
sendfile(r0, r1, 0x0, 0x280900)

[ 1946.125301][   T26] audit: type=1800 audit(1580356190.492:504): pid=17823 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.1" name="bus" dev="sda1" ino=17377 res=0
03:49:50 executing program 4:
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r0 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r1 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0)
sendfile(r0, r1, 0x0, 0x8400fffffffa)
sendfile(r0, r1, 0x0, 0x280900)

03:49:50 executing program 1:
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r0 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r1 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0)
sendfile(r0, r1, 0x0, 0x8400fffffffa)
sendfile(r0, r1, 0x0, 0x280900)

[ 1946.402888][   T26] audit: type=1804 audit(1580356190.762:505): pid=18074 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir276290455/syzkaller.MjCKAr/1879/file0/bus" dev="loop1" ino=291 res=1
[ 1946.452531][   T26] audit: type=1804 audit(1580356190.782:506): pid=18071 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir491121220/syzkaller.I6Dy3N/817/file0/bus" dev="loop2" ino=290 res=1
[ 1946.628183][   T26] audit: type=1804 audit(1580356190.902:507): pid=18066 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir263677860/syzkaller.omwGn3/2319/file0/bus" dev="loop4" ino=292 res=1
03:49:53 executing program 3:
r0 = gettid()
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)}], 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r1 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r1, 0x800)
lseek(r1, 0x0, 0x2)
r2 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r1, r2, 0x0, 0x8400fffffffa)
sendfile(r1, r2, 0x0, 0x280900)
timer_create(0x0, &(0x7f0000000000)={0x0, 0x0, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x1c9c380}}, 0x0)
tkill(r0, 0x401104000000016)

03:49:53 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, 0x0)
openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x48186, 0x0)
ioctl$int_in(0xffffffffffffffff, 0x800000c004500a, &(0x7f0000000300))
socket$inet(0x2, 0x80001, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IPVS_CMD_DEL_DEST(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000240)={0x0, <r2=>0x0})
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x10000000000000}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(0xffffffffffffffff, 0x4068aea3, &(0x7f0000000140)={0x7b})
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x40000004, 0x0, 0x0, 0x0, 0x4cb, 0x80000000], 0x10000})

03:49:53 executing program 4:
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r0 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r1 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0)
sendfile(r0, r1, 0x0, 0x8400fffffffa)
sendfile(r0, r1, 0x0, 0x280900)

03:49:53 executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000007000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, &(0x7f0000000040))
ioctl$KVM_GET_REG_LIST(0xffffffffffffffff, 0xc008aeb0, 0x0)
dup(0xffffffffffffffff)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r3 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x48186, 0x0)
ioctl$int_in(r3, 0x0, &(0x7f0000000300))
socket$inet(0x2, 0x80001, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00')
sendmsg$IPVS_CMD_DEL_DEST(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x28, r5, 0x1, 0x0, 0x0, {}, [@IPVS_CMD_ATTR_SERVICE={0x14, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_PORT={0x6}, @IPVS_SVC_ATTR_PROTOCOL={0x6}]}]}, 0x28}}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000240)={0x0, <r6=>0x0})
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r6+30000000}, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(r2, 0x4068aea3, &(0x7f0000000140)={0x7b})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x100, 0x40000004, 0x0, 0x0, 0x0, 0x4cb, 0x80000000], 0x10000})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

03:49:53 executing program 2:
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r0 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r1 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(0xffffffffffffffff, r1, 0x0, 0x8400fffffffa)
sendfile(r0, r1, 0x0, 0x280900)

03:49:53 executing program 1:
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r0 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r1 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0)
sendfile(r0, r1, 0x0, 0x8400fffffffa)
sendfile(r0, r1, 0x0, 0x280900)

03:49:53 executing program 4:
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r0 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r1 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0)
sendfile(r0, r1, 0x0, 0x8400fffffffa)
sendfile(r0, r1, 0x0, 0x280900)

[ 1948.981806][   T26] audit: type=1800 audit(1580356193.342:508): pid=18319 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.2" name="bus" dev="sda1" ino=17441 res=0
[ 1949.128576][   T26] audit: type=1804 audit(1580356193.462:509): pid=18205 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir276290455/syzkaller.MjCKAr/1880/file0/bus" dev="sda1" ino=17457 res=1
[ 1949.134750][T18323] FAT-fs (loop3): bogus number of reserved sectors
03:49:53 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, 0x0)
openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x48186, 0x0)
ioctl$int_in(0xffffffffffffffff, 0x800000c004500a, &(0x7f0000000300))
socket$inet(0x2, 0x80001, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IPVS_CMD_DEL_DEST(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000240)={0x0, <r2=>0x0})
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x40000000000000}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(0xffffffffffffffff, 0x4068aea3, &(0x7f0000000140)={0x7b})
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x40000004, 0x0, 0x0, 0x0, 0x4cb, 0x80000000], 0x10000})

[ 1949.306642][T18323] FAT-fs (loop3): Can't find a valid FAT filesystem
[ 1949.342018][   T26] audit: type=1800 audit(1580356193.702:510): pid=18437 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.3" name="bus" dev="sda1" ino=17537 res=0
03:49:53 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, 0x0)
openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x48186, 0x0)
ioctl$int_in(0xffffffffffffffff, 0x800000c004500a, &(0x7f0000000300))
socket$inet(0x2, 0x80001, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IPVS_CMD_DEL_DEST(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000240)={0x0, <r2=>0x0})
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x1000000000000}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(0xffffffffffffffff, 0x4068aea3, &(0x7f0000000140)={0x7b})
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x40000004, 0x0, 0x0, 0x0, 0x4cb, 0x80000000], 0x10000})

03:49:53 executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000007000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, &(0x7f0000000040))
ioctl$KVM_GET_REG_LIST(0xffffffffffffffff, 0xc008aeb0, 0x0)
dup(0xffffffffffffffff)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r3 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x48186, 0x0)
ioctl$int_in(r3, 0x0, &(0x7f0000000300))
socket$inet(0x2, 0x80001, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00')
sendmsg$IPVS_CMD_DEL_DEST(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x28, r5, 0x1, 0x0, 0x0, {}, [@IPVS_CMD_ATTR_SERVICE={0x14, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_PORT={0x6}, @IPVS_SVC_ATTR_PROTOCOL={0x6}]}]}, 0x28}}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000240)={0x0, <r6=>0x0})
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r6+30000000}, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(r2, 0x4068aea3, &(0x7f0000000140)={0x7b})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x100, 0x40000004, 0x0, 0x0, 0x0, 0x4cb, 0x80000000], 0x10000})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

03:49:54 executing program 2:
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r0 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r1 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(0xffffffffffffffff, r1, 0x0, 0x8400fffffffa)
sendfile(r0, r1, 0x0, 0x280900)

03:49:54 executing program 1:
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
r0 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r0, 0x800)
lseek(r0, 0x0, 0x2)
r1 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0)
sendfile(r0, r1, 0x0, 0x8400fffffffa)
sendfile(r0, r1, 0x0, 0x280900)

[ 1949.978746][   T26] audit: type=1800 audit(1580356194.342:511): pid=18536 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.2" name="bus" dev="loop2" ino=293 res=0
[ 1950.225064][   T26] audit: type=1804 audit(1580356194.592:512): pid=18577 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir276290455/syzkaller.MjCKAr/1881/file0/bus" dev="sda1" ino=16523 res=1
[ 1950.348366][T18577] ==================================================================
[ 1950.356580][T18577] BUG: KCSAN: data-race in ondemand_readahead / ondemand_readahead
[ 1950.364461][T18577] 
[ 1950.366794][T18577] read to 0xffff88811f4ae7a0 of 4 bytes by task 18571 on cpu 0:
[ 1950.374424][T18577]  ondemand_readahead+0x10d/0x710
[ 1950.379446][T18577]  page_cache_sync_readahead+0x1ad/0x1e0
[ 1950.385079][T18577]  generic_file_read_iter+0xeb6/0x1440
[ 1950.390543][T18577]  ext4_file_read_iter+0x10c/0x380
[ 1950.395656][T18577]  generic_file_splice_read+0x35c/0x500
[ 1950.401233][T18577]  do_splice_to+0xf2/0x130
[ 1950.405655][T18577]  splice_direct_to_actor+0x1b6/0x540
[ 1950.411040][T18577]  do_splice_direct+0x161/0x1e0
[ 1950.415893][T18577]  do_sendfile+0x384/0x7f0
[ 1950.420333][T18577]  __x64_sys_sendfile64+0x12a/0x140
[ 1950.425537][T18577]  do_syscall_64+0xcc/0x3a0
[ 1950.430202][T18577]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[ 1950.436081][T18577] 
[ 1950.438420][T18577] write to 0xffff88811f4ae7a0 of 4 bytes by task 18577 on cpu 1:
[ 1950.446144][T18577]  ondemand_readahead+0x3fd/0x710
[ 1950.451188][T18577]  page_cache_sync_readahead+0x1ad/0x1e0
[ 1950.456828][T18577]  generic_file_read_iter+0xeb6/0x1440
[ 1950.462298][T18577]  ext4_file_read_iter+0x10c/0x380
[ 1950.467408][T18577]  generic_file_splice_read+0x35c/0x500
[ 1950.472939][T18577]  do_splice_to+0xf2/0x130
[ 1950.477345][T18577]  splice_direct_to_actor+0x1b6/0x540
[ 1950.482707][T18577]  do_splice_direct+0x161/0x1e0
[ 1950.487538][T18577]  do_sendfile+0x384/0x7f0
[ 1950.491939][T18577]  __x64_sys_sendfile64+0x12a/0x140
[ 1950.497121][T18577]  do_syscall_64+0xcc/0x3a0
[ 1950.501613][T18577]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[ 1950.507501][T18577] 
[ 1950.509812][T18577] Reported by Kernel Concurrency Sanitizer on:
[ 1950.515972][T18577] CPU: 1 PID: 18577 Comm: syz-executor.1 Not tainted 5.5.0-rc1-syzkaller #0
[ 1950.524646][T18577] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1950.534684][T18577] ==================================================================
[ 1950.542770][T18577] Kernel panic - not syncing: panic_on_warn set ...
[ 1950.549338][T18577] CPU: 1 PID: 18577 Comm: syz-executor.1 Not tainted 5.5.0-rc1-syzkaller #0
[ 1950.557981][T18577] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1950.568110][T18577] Call Trace:
[ 1950.571383][T18577]  dump_stack+0x11d/0x181
[ 1950.575712][T18577]  panic+0x210/0x640
[ 1950.579599][T18577]  ? vprintk_func+0x8d/0x140
[ 1950.584170][T18577]  kcsan_report.cold+0xc/0xd
[ 1950.588757][T18577]  kcsan_setup_watchpoint+0x3fe/0x460
[ 1950.594126][T18577]  __tsan_unaligned_write4+0xc7/0x110
[ 1950.599489][T18577]  ondemand_readahead+0x3fd/0x710
[ 1950.604516][T18577]  page_cache_sync_readahead+0x1ad/0x1e0
[ 1950.610137][T18577]  generic_file_read_iter+0xeb6/0x1440
[ 1950.615596][T18577]  ext4_file_read_iter+0x10c/0x380
[ 1950.620755][T18577]  generic_file_splice_read+0x35c/0x500
[ 1950.626290][T18577]  do_splice_to+0xf2/0x130
[ 1950.630692][T18577]  ? add_to_pipe+0x1c0/0x1c0
[ 1950.635277][T18577]  ? add_to_pipe+0x1c0/0x1c0
[ 1950.639911][T18577]  splice_direct_to_actor+0x1b6/0x540
[ 1950.645268][T18577]  ? generic_pipe_buf_nosteal+0x20/0x20
[ 1950.650801][T18577]  do_splice_direct+0x161/0x1e0
[ 1950.655653][T18577]  do_sendfile+0x384/0x7f0
[ 1950.660072][T18577]  __x64_sys_sendfile64+0x12a/0x140
[ 1950.665255][T18577]  do_syscall_64+0xcc/0x3a0
[ 1950.669751][T18577]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[ 1950.675638][T18577] RIP: 0033:0x45b349
[ 1950.679576][T18577] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[ 1950.699181][T18577] RSP: 002b:00007ff799cecc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
[ 1950.707585][T18577] RAX: ffffffffffffffda RBX: 00007ff799ced6d4 RCX: 000000000045b349
[ 1950.715543][T18577] RDX: 0000000000000000 RSI: 0000000000000006 RDI: 0000000000000005
[ 1950.723504][T18577] RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000
[ 1950.731474][T18577] R10: 00008400fffffffa R11: 0000000000000246 R12: 00000000ffffffff
[ 1950.739428][T18577] R13: 00000000000008c9 R14: 00000000004ca1ed R15: 000000000075bfd4
[ 1950.748036][T18577] Kernel Offset: disabled
[ 1950.752365][T18577] Rebooting in 86400 seconds..