10:28:19 executing program 3: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) socket(0x0, 0x0, 0x0) close(0xffffffffffffffff) r4 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x5, r4, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0x0, 0x0, 0xa0000}]) 10:28:19 executing program 0: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) socket(0x0, 0x0, 0x0) close(0xffffffffffffffff) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0) r4 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000300)={0x5, 0x70, 0x81, 0x1, 0x3f, 0x1, 0x0, 0x101, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x40, 0xe21bf5a1ec0ebacf, @perf_bp={&(0x7f0000000140), 0x4}, 0x122, 0x3, 0x7fffffff, 0x0, 0x8, 0x5, 0x5}, 0x0, 0x5, r4, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0x11000}]) 10:28:19 executing program 2: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) r4 = socket(0x0, 0x0, 0x0) close(r4) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000300)={0x5, 0x70, 0x81, 0x1, 0x3f, 0x1, 0x0, 0x101, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x40, 0xe21bf5a1ec0ebacf, @perf_bp={&(0x7f0000000140), 0x4}, 0x122, 0x3, 0x7fffffff, 0x0, 0x8, 0x5, 0x5}, 0x0, 0x0, 0xffffffffffffffff, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0x6000}]) [ 2043.870277][ T26] kauditd_printk_skb: 18 callbacks suppressed [ 2043.870300][ T26] audit: type=1804 audit(1578997700.692:3404): pid=13348 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir084764212/syzkaller.RzbT3U/1088/file0/file0" dev="sda1" ino=17137 res=1 [ 2044.116423][ T26] audit: type=1800 audit(1578997700.812:3405): pid=13348 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed comm="syz-executor.1" name="file0" dev="sda1" ino=17137 res=0 10:28:21 executing program 0: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) socket(0x0, 0x0, 0x0) close(0xffffffffffffffff) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0) r4 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000300)={0x5, 0x70, 0x81, 0x1, 0x3f, 0x1, 0x0, 0x101, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x40, 0xe21bf5a1ec0ebacf, @perf_bp={&(0x7f0000000140), 0x4}, 0x122, 0x3, 0x7fffffff, 0x0, 0x8, 0x5, 0x5}, 0x0, 0x5, r4, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0x12000}]) [ 2044.262584][ T26] audit: type=1804 audit(1578997700.812:3406): pid=13349 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.1" name="/root/syzkaller-testdir084764212/syzkaller.RzbT3U/1088/file0/file0" dev="sda1" ino=17137 res=1 [ 2044.502108][ T26] audit: type=1804 audit(1578997701.322:3407): pid=13339 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.3" name="/root/syzkaller-testdir432377370/syzkaller.fCXC0t/1203/file0" dev="sda1" ino=17457 res=1 [ 2044.736986][ T26] audit: type=1804 audit(1578997701.372:3408): pid=13329 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir267585837/syzkaller.3H91Gd/1117/file0/file0" dev="sda1" ino=17473 res=1 10:28:21 executing program 1: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) openat$vga_arbiter(0xffffffffffffff9c, 0x0, 0x800, 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, &(0x7f0000000380)={&(0x7f0000000280)='./file0/file0\x00'}, 0x10) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) creat(&(0x7f00000003c0)='./bus\x00', 0x0) io_setup(0x4, &(0x7f0000000180)=0x0) close(0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0x2000}]) [ 2044.927469][ T26] audit: type=1800 audit(1578997701.372:3409): pid=13329 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed comm="syz-executor.2" name="file0" dev="sda1" ino=17473 res=0 10:28:21 executing program 3: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) socket(0x0, 0x0, 0x0) close(0xffffffffffffffff) r4 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x5, r4, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0x0, 0x0, 0xc0000}]) [ 2044.980959][ T26] audit: type=1804 audit(1578997701.372:3410): pid=13366 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir267585837/syzkaller.3H91Gd/1117/file0/file0" dev="sda1" ino=17473 res=1 10:28:21 executing program 5: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) openat$vga_arbiter(0xffffffffffffff9c, 0x0, 0x800, 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, &(0x7f0000000380)={&(0x7f0000000280)='./file0/file0\x00'}, 0x10) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) creat(&(0x7f00000003c0)='./bus\x00', 0x0) io_setup(0x4, &(0x7f0000000180)=0x0) close(0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0x220, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7}]) 10:28:21 executing program 2: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) r4 = socket(0x0, 0x0, 0x0) close(r4) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000300)={0x5, 0x70, 0x81, 0x1, 0x3f, 0x1, 0x0, 0x101, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x40, 0xe21bf5a1ec0ebacf, @perf_bp={&(0x7f0000000140), 0x4}, 0x122, 0x3, 0x7fffffff, 0x0, 0x8, 0x5, 0x5}, 0x0, 0x0, 0xffffffffffffffff, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0x7000}]) 10:28:22 executing program 4: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) openat$vga_arbiter(0xffffffffffffff9c, 0x0, 0x800, 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, &(0x7f0000000380)={&(0x7f0000000280)='./file0/file0\x00'}, 0x10) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) creat(&(0x7f00000003c0)='./bus\x00', 0x0) io_setup(0x4, &(0x7f0000000180)=0x0) close(0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0x1f00}]) [ 2045.868324][T13398] FAT-fs (loop3): error, fat_free_clusters: deleting FAT entry beyond EOF [ 2045.879933][T13398] FAT-fs (loop3): Filesystem has been set read-only [ 2045.888885][ T26] audit: type=1804 audit(1578997702.712:3411): pid=13393 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir432377370/syzkaller.fCXC0t/1204/file0/file0" dev="loop3" ino=6305 res=1 10:28:22 executing program 0: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) socket(0x0, 0x0, 0x0) close(0xffffffffffffffff) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0) r4 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000300)={0x5, 0x70, 0x81, 0x1, 0x3f, 0x1, 0x0, 0x101, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x40, 0xe21bf5a1ec0ebacf, @perf_bp={&(0x7f0000000140), 0x4}, 0x122, 0x3, 0x7fffffff, 0x0, 0x8, 0x5, 0x5}, 0x0, 0x5, r4, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0x13000}]) 10:28:22 executing program 3: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) socket(0x0, 0x0, 0x0) close(0xffffffffffffffff) r4 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x5, r4, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0x0, 0x0, 0xe0000}]) [ 2046.299911][T13435] FAT-fs (loop1): error, fat_free_clusters: deleting FAT entry beyond EOF [ 2046.567604][T13435] FAT-fs (loop1): Filesystem has been set read-only [ 2046.703088][ T26] audit: type=1804 audit(1578997703.532:3412): pid=13431 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir084764212/syzkaller.RzbT3U/1089/file0/file0" dev="loop1" ino=6306 res=1 10:28:23 executing program 2: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) r4 = socket(0x0, 0x0, 0x0) close(r4) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000300)={0x5, 0x70, 0x81, 0x1, 0x3f, 0x1, 0x0, 0x101, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x40, 0xe21bf5a1ec0ebacf, @perf_bp={&(0x7f0000000140), 0x4}, 0x122, 0x3, 0x7fffffff, 0x0, 0x8, 0x5, 0x5}, 0x0, 0x0, 0xffffffffffffffff, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0x8008}]) 10:28:23 executing program 1: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) openat$vga_arbiter(0xffffffffffffff9c, 0x0, 0x800, 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, &(0x7f0000000380)={&(0x7f0000000280)='./file0/file0\x00'}, 0x10) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) creat(&(0x7f00000003c0)='./bus\x00', 0x0) io_setup(0x4, &(0x7f0000000180)=0x0) close(0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0x2100}]) [ 2047.256993][ T26] audit: type=1804 audit(1578997704.082:3413): pid=13455 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir015439455/syzkaller.0lPw5D/1137/file0/file0" dev="loop0" ino=6309 res=1 [ 2047.463282][T13474] FAT-fs (loop0): error, fat_free_clusters: deleting FAT entry beyond EOF [ 2047.471888][T13474] FAT-fs (loop0): Filesystem has been set read-only [ 2047.687311][T13470] FAT-fs (loop3): error, fat_free_clusters: deleting FAT entry beyond EOF 10:28:24 executing program 0: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) socket(0x0, 0x0, 0x0) close(0xffffffffffffffff) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0) r4 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000300)={0x5, 0x70, 0x81, 0x1, 0x3f, 0x1, 0x0, 0x101, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x40, 0xe21bf5a1ec0ebacf, @perf_bp={&(0x7f0000000140), 0x4}, 0x122, 0x3, 0x7fffffff, 0x0, 0x8, 0x5, 0x5}, 0x0, 0x5, r4, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0x14000}]) [ 2047.751724][T13470] FAT-fs (loop3): Filesystem has been set read-only [ 2047.777360][T13489] FAT-fs (loop2): error, fat_free_clusters: deleting FAT entry beyond EOF [ 2047.823423][T13489] FAT-fs (loop2): Filesystem has been set read-only 10:28:24 executing program 5: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) openat$vga_arbiter(0xffffffffffffff9c, 0x0, 0x800, 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, &(0x7f0000000380)={&(0x7f0000000280)='./file0/file0\x00'}, 0x10) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) creat(&(0x7f00000003c0)='./bus\x00', 0x0) io_setup(0x4, &(0x7f0000000180)=0x0) close(0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0x220, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7}]) 10:28:24 executing program 3: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) socket(0x0, 0x0, 0x0) close(0xffffffffffffffff) r4 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x5, r4, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0x0, 0x0, 0x100000}]) 10:28:24 executing program 4: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) socket(0x0, 0x0, 0x0) close(0xffffffffffffffff) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0) r4 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000300)={0x5, 0x70, 0x81, 0x1, 0x3f, 0x1, 0x0, 0x101, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x40, 0xe21bf5a1ec0ebacf, @perf_bp={&(0x7f0000000140), 0x4}, 0x122, 0x3, 0x7fffffff, 0x0, 0x8, 0x5, 0x5}, 0x0, 0x5, r4, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0x12000}]) 10:28:24 executing program 2: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) r4 = socket(0x0, 0x0, 0x0) close(r4) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000300)={0x5, 0x70, 0x81, 0x1, 0x3f, 0x1, 0x0, 0x101, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x40, 0xe21bf5a1ec0ebacf, @perf_bp={&(0x7f0000000140), 0x4}, 0x122, 0x3, 0x7fffffff, 0x0, 0x8, 0x5, 0x5}, 0x0, 0x0, 0xffffffffffffffff, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0x9000}]) 10:28:25 executing program 0: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) socket(0x0, 0x0, 0x0) close(0xffffffffffffffff) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0) r4 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000300)={0x5, 0x70, 0x81, 0x1, 0x3f, 0x1, 0x0, 0x101, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x40, 0xe21bf5a1ec0ebacf, @perf_bp={&(0x7f0000000140), 0x4}, 0x122, 0x3, 0x7fffffff, 0x0, 0x8, 0x5, 0x5}, 0x0, 0x5, r4, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0x15000}]) 10:28:26 executing program 1: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) openat$vga_arbiter(0xffffffffffffff9c, 0x0, 0x800, 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, &(0x7f0000000380)={&(0x7f0000000280)='./file0/file0\x00'}, 0x10) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) creat(&(0x7f00000003c0)='./bus\x00', 0x0) io_setup(0x4, &(0x7f0000000180)=0x0) close(0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0x2200}]) [ 2049.115903][ T26] kauditd_printk_skb: 7 callbacks suppressed [ 2049.115927][ T26] audit: type=1804 audit(1578997705.942:3421): pid=13529 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.3" name="/root/syzkaller-testdir432377370/syzkaller.fCXC0t/1206/file0/file0" dev="sda1" ino=17571 res=1 [ 2049.537531][T13560] FAT-fs (loop4): error, fat_get_cluster: invalid cluster chain (i_pos 970769) 10:28:26 executing program 3: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) socket(0x0, 0x0, 0x0) close(0xffffffffffffffff) r4 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x5, r4, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0x0, 0x0, 0x1fffff}]) [ 2049.702298][T13560] FAT-fs (loop4): Filesystem has been set read-only [ 2049.725158][ T26] audit: type=1804 audit(1578997706.552:3422): pid=13565 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir015439455/syzkaller.0lPw5D/1139/file0/file0" dev="loop0" ino=6321 res=1 [ 2049.769712][ T26] audit: type=1800 audit(1578997706.582:3423): pid=13565 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed comm="syz-executor.0" name="file0" dev="loop0" ino=6321 res=0 [ 2049.799674][ T26] audit: type=1804 audit(1578997706.582:3424): pid=13570 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir015439455/syzkaller.0lPw5D/1139/file0/file0" dev="loop0" ino=6321 res=1 10:28:26 executing program 2: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) r4 = socket(0x0, 0x0, 0x0) close(r4) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000300)={0x5, 0x70, 0x81, 0x1, 0x3f, 0x1, 0x0, 0x101, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x40, 0xe21bf5a1ec0ebacf, @perf_bp={&(0x7f0000000140), 0x4}, 0x122, 0x3, 0x7fffffff, 0x0, 0x8, 0x5, 0x5}, 0x0, 0x0, 0xffffffffffffffff, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0xa000}]) [ 2049.859841][T13570] FAT-fs (loop0): error, fat_free_clusters: deleting FAT entry beyond EOF 10:28:26 executing program 4: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) socket(0x0, 0x0, 0x0) close(0xffffffffffffffff) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0) r4 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000300)={0x5, 0x70, 0x81, 0x1, 0x3f, 0x1, 0x0, 0x101, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x40, 0xe21bf5a1ec0ebacf, @perf_bp={&(0x7f0000000140), 0x4}, 0x122, 0x3, 0x7fffffff, 0x0, 0x8, 0x5, 0x5}, 0x0, 0x5, r4, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0x11000}]) [ 2049.918534][T13570] FAT-fs (loop0): Filesystem has been set read-only 10:28:26 executing program 5: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) creat(&(0x7f0000000100)='./file0\x00', 0x0) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000200)='/dev/vga_arbiter\x00', 0x800, 0x0) write$cgroup_type(0xffffffffffffffff, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, &(0x7f0000000380)={&(0x7f0000000280)='./file0/file0\x00'}, 0x10) r1 = creat(&(0x7f0000000000)='./bus\x00', 0x0) r2 = creat(&(0x7f00000003c0)='./bus\x00', 0x0) fallocate(r2, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) close(0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r1, &(0x7f0000000000), 0x377140be6b5ef4c7}]) 10:28:27 executing program 0: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) socket(0x0, 0x0, 0x0) close(0xffffffffffffffff) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0) r4 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000300)={0x5, 0x70, 0x81, 0x1, 0x3f, 0x1, 0x0, 0x101, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x40, 0xe21bf5a1ec0ebacf, @perf_bp={&(0x7f0000000140), 0x4}, 0x122, 0x3, 0x7fffffff, 0x0, 0x8, 0x5, 0x5}, 0x0, 0x5, r4, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0x16000}]) [ 2050.240430][ T26] audit: type=1804 audit(1578997707.062:3425): pid=13597 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.1" name="/root/syzkaller-testdir084764212/syzkaller.RzbT3U/1091/file0/file0" dev="loop1" ino=6325 res=1 [ 2050.323851][ T26] audit: type=1800 audit(1578997707.152:3426): pid=13591 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed comm="syz-executor.1" name="file0" dev="loop1" ino=6325 res=0 [ 2050.349406][T13597] FAT-fs (loop1): error, fat_free_clusters: deleting FAT entry beyond EOF [ 2050.362715][T13597] FAT-fs (loop1): Filesystem has been set read-only 10:28:27 executing program 1: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) openat$vga_arbiter(0xffffffffffffff9c, 0x0, 0x800, 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, &(0x7f0000000380)={&(0x7f0000000280)='./file0/file0\x00'}, 0x10) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) creat(&(0x7f00000003c0)='./bus\x00', 0x0) io_setup(0x4, &(0x7f0000000180)=0x0) close(0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0x2300}]) [ 2050.815868][ T26] audit: type=1804 audit(1578997707.642:3427): pid=13630 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir015439455/syzkaller.0lPw5D/1140/file0/file0" dev="loop0" ino=6329 res=1 [ 2050.889553][ T26] audit: type=1804 audit(1578997707.702:3428): pid=13601 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir432377370/syzkaller.fCXC0t/1207/file0/file0" dev="sda1" ino=17278 res=1 [ 2050.960555][ T26] audit: type=1800 audit(1578997707.702:3429): pid=13601 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed comm="syz-executor.3" name="file0" dev="sda1" ino=17278 res=0 10:28:27 executing program 0: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) socket(0x0, 0x0, 0x0) close(0xffffffffffffffff) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0) r4 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000300)={0x5, 0x70, 0x81, 0x1, 0x3f, 0x1, 0x0, 0x101, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x40, 0xe21bf5a1ec0ebacf, @perf_bp={&(0x7f0000000140), 0x4}, 0x122, 0x3, 0x7fffffff, 0x0, 0x8, 0x5, 0x5}, 0x0, 0x5, r4, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0x17000}]) [ 2051.152220][ T26] audit: type=1804 audit(1578997707.702:3430): pid=13607 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.3" name="/root/syzkaller-testdir432377370/syzkaller.fCXC0t/1207/file0/file0" dev="sda1" ino=17278 res=1 [ 2051.290013][T13631] FAT-fs (loop2): error, fat_free_clusters: deleting FAT entry beyond EOF [ 2051.298792][T13631] FAT-fs (loop2): Filesystem has been set read-only 10:28:28 executing program 3: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) socket(0x0, 0x0, 0x0) close(0xffffffffffffffff) r4 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x5, r4, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0x0, 0x0, 0x1000000}]) 10:28:28 executing program 4: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) r4 = socket(0x0, 0x0, 0x0) close(r4) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000300)={0x5, 0x70, 0x81, 0x1, 0x3f, 0x1, 0x0, 0x101, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x40, 0xe21bf5a1ec0ebacf, @perf_bp={&(0x7f0000000140), 0x4}, 0x122, 0x3, 0x7fffffff, 0x0, 0x8, 0x5, 0x5}, 0x0, 0x0, 0xffffffffffffffff, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x9000000fffffffc, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7}]) 10:28:28 executing program 2: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) r4 = socket(0x0, 0x0, 0x0) close(r4) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000300)={0x5, 0x70, 0x81, 0x1, 0x3f, 0x1, 0x0, 0x101, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x40, 0xe21bf5a1ec0ebacf, @perf_bp={&(0x7f0000000140), 0x4}, 0x122, 0x3, 0x7fffffff, 0x0, 0x8, 0x5, 0x5}, 0x0, 0x0, 0xffffffffffffffff, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0xb000}]) 10:28:28 executing program 5: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) socket(0x0, 0x0, 0x0) close(0xffffffffffffffff) r4 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x5, r4, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0x60000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7}]) [ 2052.414829][T13714] FAT-fs (loop3): error, fat_free_clusters: deleting FAT entry beyond EOF [ 2052.618489][T13714] FAT-fs (loop3): Filesystem has been set read-only 10:28:29 executing program 1: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) openat$vga_arbiter(0xffffffffffffff9c, 0x0, 0x800, 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, &(0x7f0000000380)={&(0x7f0000000280)='./file0/file0\x00'}, 0x10) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) creat(&(0x7f00000003c0)='./bus\x00', 0x0) io_setup(0x4, &(0x7f0000000180)=0x0) close(0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0x2400}]) 10:28:29 executing program 0: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) socket(0x0, 0x0, 0x0) close(0xffffffffffffffff) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0) r4 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000300)={0x5, 0x70, 0x81, 0x1, 0x3f, 0x1, 0x0, 0x101, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x40, 0xe21bf5a1ec0ebacf, @perf_bp={&(0x7f0000000140), 0x4}, 0x122, 0x3, 0x7fffffff, 0x0, 0x8, 0x5, 0x5}, 0x0, 0x5, r4, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0x18000}]) 10:28:29 executing program 3: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) socket(0x0, 0x0, 0x0) close(0xffffffffffffffff) r4 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x5, r4, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0x0, 0x0, 0x2000000}]) [ 2053.054378][T13705] FAT-fs (loop2): error, fat_get_cluster: invalid cluster chain (i_pos 970774) [ 2053.162912][T13705] FAT-fs (loop2): Filesystem has been set read-only [ 2053.169788][T13705] FAT-fs (loop2): error, fat_get_cluster: invalid cluster chain (i_pos 970774) 10:28:30 executing program 2: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) r4 = socket(0x0, 0x0, 0x0) close(r4) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000300)={0x5, 0x70, 0x81, 0x1, 0x3f, 0x1, 0x0, 0x101, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x40, 0xe21bf5a1ec0ebacf, @perf_bp={&(0x7f0000000140), 0x4}, 0x122, 0x3, 0x7fffffff, 0x0, 0x8, 0x5, 0x5}, 0x0, 0x0, 0xffffffffffffffff, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0xc000}]) 10:28:30 executing program 4: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) r4 = socket(0x0, 0x0, 0x0) close(r4) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000300)={0x5, 0x70, 0x81, 0x1, 0x3f, 0x1, 0x0, 0x101, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x40, 0xe21bf5a1ec0ebacf, @perf_bp={&(0x7f0000000140), 0x4}, 0x122, 0x3, 0x7fffffff, 0x0, 0x8, 0x5, 0x5}, 0x0, 0x0, 0xffffffffffffffff, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x9000000fffffffc, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7}]) [ 2054.152095][ T26] kauditd_printk_skb: 15 callbacks suppressed [ 2054.152118][ T26] audit: type=1804 audit(1578997710.972:3446): pid=13783 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir267585837/syzkaller.3H91Gd/1123/file0/file0" dev="loop2" ino=6339 res=1 [ 2054.259914][ T26] audit: type=1804 audit(1578997711.082:3447): pid=13773 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir432377370/syzkaller.fCXC0t/1209/file0/file0" dev="sda1" ino=17319 res=1 [ 2054.309081][T13790] FAT-fs (loop1): error, fat_free_clusters: deleting FAT entry beyond EOF [ 2054.315709][ T26] audit: type=1800 audit(1578997711.082:3448): pid=13773 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed comm="syz-executor.3" name="file0" dev="sda1" ino=17319 res=0 10:28:31 executing program 5: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) socket(0x0, 0x0, 0x0) close(0xffffffffffffffff) r4 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x5, r4, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0x60000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7}]) [ 2054.339879][ T26] audit: type=1804 audit(1578997711.082:3449): pid=13775 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.3" name="/root/syzkaller-testdir432377370/syzkaller.fCXC0t/1209/file0/file0" dev="sda1" ino=17319 res=1 [ 2054.371629][T13790] FAT-fs (loop1): Filesystem has been set read-only [ 2054.379804][ T26] audit: type=1804 audit(1578997711.202:3450): pid=13797 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir084764212/syzkaller.RzbT3U/1093/file0/file0" dev="loop1" ino=6337 res=1 10:28:31 executing program 2: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) r4 = socket(0x0, 0x0, 0x0) close(r4) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000300)={0x5, 0x70, 0x81, 0x1, 0x3f, 0x1, 0x0, 0x101, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x40, 0xe21bf5a1ec0ebacf, @perf_bp={&(0x7f0000000140), 0x4}, 0x122, 0x3, 0x7fffffff, 0x0, 0x8, 0x5, 0x5}, 0x0, 0x0, 0xffffffffffffffff, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0xd000}]) 10:28:31 executing program 0: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) socket(0x0, 0x0, 0x0) close(0xffffffffffffffff) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0) r4 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000300)={0x5, 0x70, 0x81, 0x1, 0x3f, 0x1, 0x0, 0x101, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x40, 0xe21bf5a1ec0ebacf, @perf_bp={&(0x7f0000000140), 0x4}, 0x122, 0x3, 0x7fffffff, 0x0, 0x8, 0x5, 0x5}, 0x0, 0x5, r4, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0x19000}]) 10:28:31 executing program 1: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) openat$vga_arbiter(0xffffffffffffff9c, 0x0, 0x800, 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, &(0x7f0000000380)={&(0x7f0000000280)='./file0/file0\x00'}, 0x10) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) creat(&(0x7f00000003c0)='./bus\x00', 0x0) io_setup(0x4, &(0x7f0000000180)=0x0) close(0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0x2500}]) 10:28:31 executing program 3: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) socket(0x0, 0x0, 0x0) close(0xffffffffffffffff) r4 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x5, r4, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0x0, 0x0, 0x3000000}]) 10:28:31 executing program 4: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) r4 = socket(0x0, 0x0, 0x0) close(r4) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000300)={0x5, 0x70, 0x81, 0x1, 0x3f, 0x1, 0x0, 0x101, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x40, 0xe21bf5a1ec0ebacf, @perf_bp={&(0x7f0000000140), 0x4}, 0x122, 0x3, 0x7fffffff, 0x0, 0x8, 0x5, 0x5}, 0x0, 0x0, 0xffffffffffffffff, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0xc000}]) [ 2055.096069][ T26] audit: type=1804 audit(1578997711.922:3451): pid=13839 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.1" name="/root/syzkaller-testdir084764212/syzkaller.RzbT3U/1094/file0/file0" dev="loop1" ino=6343 res=1 [ 2055.209826][T13839] FAT-fs (loop1): error, fat_free_clusters: deleting FAT entry beyond EOF [ 2055.262927][T13839] FAT-fs (loop1): Filesystem has been set read-only [ 2055.629199][ T26] audit: type=1804 audit(1578997712.442:3452): pid=13831 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir267585837/syzkaller.3H91Gd/1124/file0/file0" dev="sda1" ino=17319 res=1 10:28:32 executing program 1: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) openat$vga_arbiter(0xffffffffffffff9c, 0x0, 0x800, 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, &(0x7f0000000380)={&(0x7f0000000280)='./file0/file0\x00'}, 0x10) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) creat(&(0x7f00000003c0)='./bus\x00', 0x0) io_setup(0x4, &(0x7f0000000180)=0x0) close(0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0x2600}]) [ 2055.805744][ T26] audit: type=1804 audit(1578997712.552:3453): pid=13822 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir015439455/syzkaller.0lPw5D/1143/file0/file0" dev="sda1" ino=17278 res=1 10:28:32 executing program 2: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) r4 = socket(0x0, 0x0, 0x0) close(r4) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000300)={0x5, 0x70, 0x81, 0x1, 0x3f, 0x1, 0x0, 0x101, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x40, 0xe21bf5a1ec0ebacf, @perf_bp={&(0x7f0000000140), 0x4}, 0x122, 0x3, 0x7fffffff, 0x0, 0x8, 0x5, 0x5}, 0x0, 0x0, 0xffffffffffffffff, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0xe000}]) 10:28:32 executing program 5: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) socket(0x0, 0x0, 0x0) close(0xffffffffffffffff) r4 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x5, r4, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0x60000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7}]) [ 2055.999220][ T26] audit: type=1800 audit(1578997712.552:3454): pid=13822 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed comm="syz-executor.0" name="file0" dev="sda1" ino=17278 res=0 10:28:32 executing program 0: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) socket(0x0, 0x0, 0x0) close(0xffffffffffffffff) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0) r4 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000300)={0x5, 0x70, 0x81, 0x1, 0x3f, 0x1, 0x0, 0x101, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x40, 0xe21bf5a1ec0ebacf, @perf_bp={&(0x7f0000000140), 0x4}, 0x122, 0x3, 0x7fffffff, 0x0, 0x8, 0x5, 0x5}, 0x0, 0x5, r4, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0x1a000}]) [ 2056.275771][ T26] audit: type=1804 audit(1578997712.552:3455): pid=13828 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir015439455/syzkaller.0lPw5D/1143/file0/file0" dev="sda1" ino=17278 res=1 10:28:33 executing program 3: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) socket(0x0, 0x0, 0x0) close(0xffffffffffffffff) r4 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x5, r4, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0x0, 0x0, 0x4000000}]) 10:28:33 executing program 4: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) r4 = socket(0x0, 0x0, 0x0) close(r4) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000300)={0x5, 0x70, 0x81, 0x1, 0x3f, 0x1, 0x0, 0x101, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x40, 0xe21bf5a1ec0ebacf, @perf_bp={&(0x7f0000000140), 0x4}, 0x122, 0x3, 0x7fffffff, 0x0, 0x8, 0x5, 0x5}, 0x0, 0x0, 0xffffffffffffffff, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0xc000}]) [ 2057.302150][T13946] FAT-fs (loop0): error, fat_free_clusters: deleting FAT entry beyond EOF [ 2057.312138][T13907] FAT-fs (loop1): error, fat_free_clusters: deleting FAT entry beyond EOF [ 2057.312244][T13946] FAT-fs (loop0): Filesystem has been set read-only [ 2057.483698][T13907] FAT-fs (loop1): Filesystem has been set read-only 10:28:34 executing program 0: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) socket(0x0, 0x0, 0x0) close(0xffffffffffffffff) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0) r4 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000300)={0x5, 0x70, 0x81, 0x1, 0x3f, 0x1, 0x0, 0x101, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x40, 0xe21bf5a1ec0ebacf, @perf_bp={&(0x7f0000000140), 0x4}, 0x122, 0x3, 0x7fffffff, 0x0, 0x8, 0x5, 0x5}, 0x0, 0x5, r4, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0x1b000}]) 10:28:34 executing program 1: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) openat$vga_arbiter(0xffffffffffffff9c, 0x0, 0x800, 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, &(0x7f0000000380)={&(0x7f0000000280)='./file0/file0\x00'}, 0x10) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) creat(&(0x7f00000003c0)='./bus\x00', 0x0) io_setup(0x4, &(0x7f0000000180)=0x0) close(0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0x2700}]) 10:28:34 executing program 2: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) r4 = socket(0x0, 0x0, 0x0) close(r4) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000300)={0x5, 0x70, 0x81, 0x1, 0x3f, 0x1, 0x0, 0x101, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x40, 0xe21bf5a1ec0ebacf, @perf_bp={&(0x7f0000000140), 0x4}, 0x122, 0x3, 0x7fffffff, 0x0, 0x8, 0x5, 0x5}, 0x0, 0x0, 0xffffffffffffffff, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0xf000}]) 10:28:34 executing program 5: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) r4 = socket(0x0, 0x0, 0x0) close(r4) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000300)={0x5, 0x70, 0x81, 0x1, 0x3f, 0x1, 0x0, 0x101, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x40, 0xe21bf5a1ec0ebacf, @perf_bp={&(0x7f0000000140), 0x4}, 0x122, 0x3, 0x7fffffff, 0x0, 0x8, 0x5, 0x5}, 0x0, 0x0, 0xffffffffffffffff, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0xe000}]) 10:28:35 executing program 3: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) socket(0x0, 0x0, 0x0) close(0xffffffffffffffff) r4 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x5, r4, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0x0, 0x0, 0x5000000}]) [ 2058.984992][T14036] FAT-fs (loop1): error, fat_free_clusters: deleting FAT entry beyond EOF 10:28:35 executing program 2: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) r4 = socket(0x0, 0x0, 0x0) close(r4) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000300)={0x5, 0x70, 0x81, 0x1, 0x3f, 0x1, 0x0, 0x101, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x40, 0xe21bf5a1ec0ebacf, @perf_bp={&(0x7f0000000140), 0x4}, 0x122, 0x3, 0x7fffffff, 0x0, 0x8, 0x5, 0x5}, 0x0, 0x0, 0xffffffffffffffff, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0xf0ff}]) [ 2059.032560][T14036] FAT-fs (loop1): Filesystem has been set read-only 10:28:36 executing program 0: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) socket(0x0, 0x0, 0x0) close(0xffffffffffffffff) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0) r4 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000300)={0x5, 0x70, 0x81, 0x1, 0x3f, 0x1, 0x0, 0x101, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x40, 0xe21bf5a1ec0ebacf, @perf_bp={&(0x7f0000000140), 0x4}, 0x122, 0x3, 0x7fffffff, 0x0, 0x8, 0x5, 0x5}, 0x0, 0x5, r4, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0x1c000}]) 10:28:36 executing program 1: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) openat$vga_arbiter(0xffffffffffffff9c, 0x0, 0x800, 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, &(0x7f0000000380)={&(0x7f0000000280)='./file0/file0\x00'}, 0x10) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) creat(&(0x7f00000003c0)='./bus\x00', 0x0) io_setup(0x4, &(0x7f0000000180)=0x0) close(0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0x2800}]) [ 2059.265567][ T26] kauditd_printk_skb: 16 callbacks suppressed [ 2059.265595][ T26] audit: type=1804 audit(1578997716.092:3472): pid=14013 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir432377370/syzkaller.fCXC0t/1212/file0/file0" dev="loop3" ino=6359 res=1 10:28:36 executing program 4: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) r4 = socket(0x0, 0x0, 0x0) close(r4) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000300)={0x5, 0x70, 0x81, 0x1, 0x3f, 0x1, 0x0, 0x101, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x40, 0xe21bf5a1ec0ebacf, @perf_bp={&(0x7f0000000140), 0x4}, 0x122, 0x3, 0x7fffffff, 0x0, 0x8, 0x5, 0x5}, 0x0, 0x0, 0xffffffffffffffff, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0xc000}]) [ 2059.371349][ T26] audit: type=1800 audit(1578997716.192:3473): pid=14013 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed comm="syz-executor.3" name="file0" dev="loop3" ino=6359 res=0 [ 2059.377465][T14018] FAT-fs (loop3): error, fat_free_clusters: deleting FAT entry beyond EOF [ 2059.451259][T14018] FAT-fs (loop3): Filesystem has been set read-only 10:28:36 executing program 5: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) socket(0x0, 0x0, 0x0) close(0xffffffffffffffff) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0) r4 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000300)={0x5, 0x70, 0x81, 0x1, 0x3f, 0x1, 0x0, 0x101, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x40, 0xe21bf5a1ec0ebacf, @perf_bp={&(0x7f0000000140), 0x4}, 0x122, 0x3, 0x7fffffff, 0x0, 0x8, 0x5, 0x5}, 0x0, 0x5, r4, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0x1b000}]) 10:28:36 executing program 3: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) socket(0x0, 0x0, 0x0) close(0xffffffffffffffff) r4 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x5, r4, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0x0, 0x0, 0x6000000}]) [ 2060.380643][ T26] audit: type=1804 audit(1578997717.202:3474): pid=14060 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir267585837/syzkaller.3H91Gd/1127/file0" dev="sda1" ino=16739 res=1 [ 2060.707271][ T26] audit: type=1804 audit(1578997717.492:3475): pid=14078 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir015439455/syzkaller.0lPw5D/1146/file0/file0" dev="sda1" ino=16515 res=1 [ 2060.841952][ T26] audit: type=1800 audit(1578997717.492:3476): pid=14078 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed comm="syz-executor.0" name="file0" dev="sda1" ino=16515 res=0 [ 2060.960542][ T26] audit: type=1804 audit(1578997717.492:3477): pid=14081 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir015439455/syzkaller.0lPw5D/1146/file0/file0" dev="sda1" ino=16515 res=1 10:28:37 executing program 0: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) socket(0x0, 0x0, 0x0) close(0xffffffffffffffff) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0) r4 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000300)={0x5, 0x70, 0x81, 0x1, 0x3f, 0x1, 0x0, 0x101, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x40, 0xe21bf5a1ec0ebacf, @perf_bp={&(0x7f0000000140), 0x4}, 0x122, 0x3, 0x7fffffff, 0x0, 0x8, 0x5, 0x5}, 0x0, 0x5, r4, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0x1d000}]) 10:28:37 executing program 2: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) r4 = socket(0x0, 0x0, 0x0) close(r4) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000300)={0x5, 0x70, 0x81, 0x1, 0x3f, 0x1, 0x0, 0x101, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x40, 0xe21bf5a1ec0ebacf, @perf_bp={&(0x7f0000000140), 0x4}, 0x122, 0x3, 0x7fffffff, 0x0, 0x8, 0x5, 0x5}, 0x0, 0x0, 0xffffffffffffffff, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0xff0f}]) [ 2061.049273][ T26] audit: type=1804 audit(1578997717.782:3478): pid=14113 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir084764212/syzkaller.RzbT3U/1097/file0" dev="sda1" ino=16529 res=1 10:28:38 executing program 1: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) openat$vga_arbiter(0xffffffffffffff9c, 0x0, 0x800, 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, &(0x7f0000000380)={&(0x7f0000000280)='./file0/file0\x00'}, 0x10) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) creat(&(0x7f00000003c0)='./bus\x00', 0x0) io_setup(0x4, &(0x7f0000000180)=0x0) close(0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0x2900}]) 10:28:38 executing program 3: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) socket(0x0, 0x0, 0x0) close(0xffffffffffffffff) r4 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x5, r4, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0x0, 0x0, 0x7000000}]) 10:28:38 executing program 5: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) socket(0x0, 0x0, 0x0) close(0xffffffffffffffff) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0) r4 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000300)={0x5, 0x70, 0x81, 0x1, 0x3f, 0x1, 0x0, 0x101, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x40, 0xe21bf5a1ec0ebacf, @perf_bp={&(0x7f0000000140), 0x4}, 0x122, 0x3, 0x7fffffff, 0x0, 0x8, 0x5, 0x5}, 0x0, 0x5, r4, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0x19000}]) 10:28:38 executing program 4: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) r4 = socket(0x0, 0x0, 0x0) close(r4) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000300)={0x5, 0x70, 0x81, 0x1, 0x3f, 0x1, 0x0, 0x101, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x40, 0xe21bf5a1ec0ebacf, @perf_bp={&(0x7f0000000140), 0x4}, 0x122, 0x3, 0x7fffffff, 0x0, 0x8, 0x5, 0x5}, 0x0, 0x0, 0xffffffffffffffff, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0xc000}]) [ 2062.274715][ T26] audit: type=1804 audit(1578997719.102:3479): pid=14130 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir267585837/syzkaller.3H91Gd/1128/file0/file0" dev="sda1" ino=16657 res=1 [ 2062.504993][ T26] audit: type=1804 audit(1578997719.142:3480): pid=14149 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir015439455/syzkaller.0lPw5D/1147/file0" dev="sda1" ino=16850 res=1 [ 2062.653836][ T26] audit: type=1800 audit(1578997719.142:3481): pid=14149 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed comm="syz-executor.0" name="file0" dev="sda1" ino=16850 res=0 10:28:39 executing program 3: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) socket(0x0, 0x0, 0x0) close(0xffffffffffffffff) r4 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x5, r4, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0x0, 0x0, 0x8000000}]) 10:28:39 executing program 4: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) socket(0x0, 0x0, 0x0) close(0xffffffffffffffff) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0) r4 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000300)={0x5, 0x70, 0x81, 0x1, 0x3f, 0x1, 0x0, 0x101, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x40, 0xe21bf5a1ec0ebacf, @perf_bp={&(0x7f0000000140), 0x4}, 0x122, 0x3, 0x7fffffff, 0x0, 0x8, 0x5, 0x5}, 0x0, 0x5, r4, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0x100003, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7}]) 10:28:39 executing program 2: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) r4 = socket(0x0, 0x0, 0x0) close(r4) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000300)={0x5, 0x70, 0x81, 0x1, 0x3f, 0x1, 0x0, 0x101, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x40, 0xe21bf5a1ec0ebacf, @perf_bp={&(0x7f0000000140), 0x4}, 0x122, 0x3, 0x7fffffff, 0x0, 0x8, 0x5, 0x5}, 0x0, 0x0, 0xffffffffffffffff, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0xfff0}]) 10:28:39 executing program 0: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) socket(0x0, 0x0, 0x0) close(0xffffffffffffffff) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0) r4 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000300)={0x5, 0x70, 0x81, 0x1, 0x3f, 0x1, 0x0, 0x101, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x40, 0xe21bf5a1ec0ebacf, @perf_bp={&(0x7f0000000140), 0x4}, 0x122, 0x3, 0x7fffffff, 0x0, 0x8, 0x5, 0x5}, 0x0, 0x5, r4, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0x1e000}]) 10:28:39 executing program 1: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) openat$vga_arbiter(0xffffffffffffff9c, 0x0, 0x800, 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, &(0x7f0000000380)={&(0x7f0000000280)='./file0/file0\x00'}, 0x10) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) creat(&(0x7f00000003c0)='./bus\x00', 0x0) io_setup(0x4, &(0x7f0000000180)=0x0) close(0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0x2a00}]) 10:28:40 executing program 5: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000200)='/dev/vga_arbiter\x00', 0x0, 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, &(0x7f0000000380)={&(0x7f0000000280)='./file0/file0\x00'}, 0x10) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) r3 = creat(&(0x7f00000003c0)='./bus\x00', 0x0) fallocate(r3, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) close(0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) io_submit(r4, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7}]) [ 2063.364033][T14217] FAT-fs (loop3): error, fat_free_clusters: deleting FAT entry beyond EOF [ 2063.420829][T14217] FAT-fs (loop3): Filesystem has been set read-only 10:28:40 executing program 3: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) socket(0x0, 0x0, 0x0) close(0xffffffffffffffff) r4 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x5, r4, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0x0, 0x0, 0x8800000}]) [ 2064.309490][ T26] kauditd_printk_skb: 11 callbacks suppressed [ 2064.309510][ T26] audit: type=1804 audit(1578997721.132:3493): pid=14277 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir015439455/syzkaller.0lPw5D/1148/file0" dev="sda1" ino=16523 res=1 [ 2064.457596][T14283] FAT-fs (loop2): error, fat_free_clusters: deleting FAT entry beyond EOF [ 2064.519685][T14283] FAT-fs (loop2): Filesystem has been set read-only [ 2064.545362][ T26] audit: type=1804 audit(1578997721.152:3494): pid=14249 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir267585837/syzkaller.3H91Gd/1129/file0/file0" dev="loop2" ino=6369 res=1 10:28:41 executing program 0: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) socket(0x0, 0x0, 0x0) close(0xffffffffffffffff) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0) r4 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000300)={0x5, 0x70, 0x81, 0x1, 0x3f, 0x1, 0x0, 0x101, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x40, 0xe21bf5a1ec0ebacf, @perf_bp={&(0x7f0000000140), 0x4}, 0x122, 0x3, 0x7fffffff, 0x0, 0x8, 0x5, 0x5}, 0x0, 0x5, r4, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0x1f000}]) [ 2064.758666][ T26] audit: type=1800 audit(1578997721.152:3495): pid=14249 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed comm="syz-executor.2" name="file0" dev="loop2" ino=6369 res=0 10:28:41 executing program 2: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) r4 = socket(0x0, 0x0, 0x0) close(r4) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000300)={0x5, 0x70, 0x81, 0x1, 0x3f, 0x1, 0x0, 0x101, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x40, 0xe21bf5a1ec0ebacf, @perf_bp={&(0x7f0000000140), 0x4}, 0x122, 0x3, 0x7fffffff, 0x0, 0x8, 0x5, 0x5}, 0x0, 0x0, 0xffffffffffffffff, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0x11000}]) [ 2064.834974][ T26] audit: type=1804 audit(1578997721.152:3496): pid=14283 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir267585837/syzkaller.3H91Gd/1129/file0/file0" dev="loop2" ino=6369 res=1 [ 2064.911199][ T26] audit: type=1804 audit(1578997721.342:3497): pid=14259 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.1" name="/root/syzkaller-testdir084764212/syzkaller.RzbT3U/1099/file0/file0" dev="sda1" ino=17057 res=1 10:28:41 executing program 4: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) socket(0x0, 0x0, 0x0) close(0xffffffffffffffff) r4 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x5, r4, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0x20000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7}]) 10:28:41 executing program 3: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) socket(0x0, 0x0, 0x0) close(0xffffffffffffffff) r4 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x5, r4, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0x0, 0x0, 0x9000000}]) [ 2065.008575][ T26] audit: type=1804 audit(1578997721.632:3498): pid=14297 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir432377370/syzkaller.fCXC0t/1216/file0/file0" dev="loop3" ino=6372 res=1 10:28:41 executing program 1: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) openat$vga_arbiter(0xffffffffffffff9c, 0x0, 0x800, 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, &(0x7f0000000380)={&(0x7f0000000280)='./file0/file0\x00'}, 0x10) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) creat(&(0x7f00000003c0)='./bus\x00', 0x0) io_setup(0x4, &(0x7f0000000180)=0x0) close(0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0x2b00}]) 10:28:42 executing program 5: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000200)='/dev/vga_arbiter\x00', 0x0, 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, &(0x7f0000000380)={&(0x7f0000000280)='./file0/file0\x00'}, 0x10) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) r3 = creat(&(0x7f00000003c0)='./bus\x00', 0x0) fallocate(r3, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) close(0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) io_submit(r4, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7}]) [ 2066.123831][ T26] audit: type=1804 audit(1578997722.942:3499): pid=14325 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir267585837/syzkaller.3H91Gd/1130/file0/file0" dev="loop2" ino=6375 res=1 [ 2066.307445][ T26] audit: type=1800 audit(1578997722.942:3500): pid=14325 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed comm="syz-executor.2" name="file0" dev="loop2" ino=6375 res=0 10:28:43 executing program 0: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) socket(0x0, 0x0, 0x0) close(0xffffffffffffffff) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0) r4 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000300)={0x5, 0x70, 0x81, 0x1, 0x3f, 0x1, 0x0, 0x101, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x40, 0xe21bf5a1ec0ebacf, @perf_bp={&(0x7f0000000140), 0x4}, 0x122, 0x3, 0x7fffffff, 0x0, 0x8, 0x5, 0x5}, 0x0, 0x5, r4, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0x20000}]) [ 2066.443076][ T26] audit: type=1804 audit(1578997722.942:3501): pid=14360 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir267585837/syzkaller.3H91Gd/1130/file0/file0" dev="loop2" ino=6375 res=1 [ 2066.520591][ T26] audit: type=1804 audit(1578997723.082:3502): pid=14353 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir015439455/syzkaller.0lPw5D/1149/file0/file0" dev="sda1" ino=16610 res=1 10:28:43 executing program 2: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) r4 = socket(0x0, 0x0, 0x0) close(r4) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000300)={0x5, 0x70, 0x81, 0x1, 0x3f, 0x1, 0x0, 0x101, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x40, 0xe21bf5a1ec0ebacf, @perf_bp={&(0x7f0000000140), 0x4}, 0x122, 0x3, 0x7fffffff, 0x0, 0x8, 0x5, 0x5}, 0x0, 0x0, 0xffffffffffffffff, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0x12000}]) 10:28:43 executing program 4: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) openat$vga_arbiter(0xffffffffffffff9c, 0x0, 0x800, 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, &(0x7f0000000380)={&(0x7f0000000280)='./file0/file0\x00'}, 0x10) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) creat(&(0x7f00000003c0)='./bus\x00', 0x0) io_setup(0x4, &(0x7f0000000180)=0x0) close(0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0x2a00}]) [ 2066.612601][T14377] FAT-fs (loop1): error, fat_free_clusters: deleting FAT entry beyond EOF [ 2066.666772][T14377] FAT-fs (loop1): Filesystem has been set read-only 10:28:43 executing program 1: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) openat$vga_arbiter(0xffffffffffffff9c, 0x0, 0x800, 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, &(0x7f0000000380)={&(0x7f0000000280)='./file0/file0\x00'}, 0x10) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) creat(&(0x7f00000003c0)='./bus\x00', 0x0) io_setup(0x4, &(0x7f0000000180)=0x0) close(0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0x2c00}]) 10:28:43 executing program 3: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) socket(0x0, 0x0, 0x0) close(0xffffffffffffffff) r4 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x5, r4, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0x0, 0x0, 0xa000000}]) 10:28:44 executing program 5: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000200)='/dev/vga_arbiter\x00', 0x0, 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, &(0x7f0000000380)={&(0x7f0000000280)='./file0/file0\x00'}, 0x10) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) r3 = creat(&(0x7f00000003c0)='./bus\x00', 0x0) fallocate(r3, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) close(0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) io_submit(r4, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7}]) 10:28:45 executing program 2: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) r4 = socket(0x0, 0x0, 0x0) close(r4) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000300)={0x5, 0x70, 0x81, 0x1, 0x3f, 0x1, 0x0, 0x101, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x40, 0xe21bf5a1ec0ebacf, @perf_bp={&(0x7f0000000140), 0x4}, 0x122, 0x3, 0x7fffffff, 0x0, 0x8, 0x5, 0x5}, 0x0, 0x0, 0xffffffffffffffff, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0x13000}]) 10:28:45 executing program 4: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) r4 = socket(0x0, 0x0, 0x0) close(r4) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000300)={0x5, 0x70, 0x81, 0x1, 0x3f, 0x1, 0x0, 0x101, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x40, 0xe21bf5a1ec0ebacf, @perf_bp={&(0x7f0000000140), 0x4}, 0x122, 0x3, 0x7fffffff, 0x0, 0x8, 0x5, 0x5}, 0x0, 0x0, 0xffffffffffffffff, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0x12000}]) 10:28:45 executing program 1: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) openat$vga_arbiter(0xffffffffffffff9c, 0x0, 0x800, 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, &(0x7f0000000380)={&(0x7f0000000280)='./file0/file0\x00'}, 0x10) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) creat(&(0x7f00000003c0)='./bus\x00', 0x0) io_setup(0x4, &(0x7f0000000180)=0x0) close(0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0x2d00}]) 10:28:45 executing program 5: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) openat$vga_arbiter(0xffffffffffffff9c, 0x0, 0x800, 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, &(0x7f0000000380)={&(0x7f0000000280)='./file0/file0\x00'}, 0x10) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) creat(&(0x7f00000003c0)='./bus\x00', 0x0) io_setup(0x4, &(0x7f0000000180)=0x0) close(0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x90000000000fffe, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7}]) 10:28:45 executing program 0: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) socket(0x0, 0x0, 0x0) close(0xffffffffffffffff) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0) r4 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000300)={0x5, 0x70, 0x81, 0x1, 0x3f, 0x1, 0x0, 0x101, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x40, 0xe21bf5a1ec0ebacf, @perf_bp={&(0x7f0000000140), 0x4}, 0x122, 0x3, 0x7fffffff, 0x0, 0x8, 0x5, 0x5}, 0x0, 0x5, r4, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0x21000}]) 10:28:45 executing program 3: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) socket(0x0, 0x0, 0x0) close(0xffffffffffffffff) r4 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x5, r4, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0x0, 0x0, 0xb000000}]) [ 2069.263470][T14500] FAT-fs (loop2): error, invalid access to FAT (entry 0x00000a12) [ 2069.308543][T14500] FAT-fs (loop2): Filesystem has been set read-only 10:28:46 executing program 2: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) r4 = socket(0x0, 0x0, 0x0) close(r4) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000300)={0x5, 0x70, 0x81, 0x1, 0x3f, 0x1, 0x0, 0x101, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x40, 0xe21bf5a1ec0ebacf, @perf_bp={&(0x7f0000000140), 0x4}, 0x122, 0x3, 0x7fffffff, 0x0, 0x8, 0x5, 0x5}, 0x0, 0x0, 0xffffffffffffffff, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0x14000}]) [ 2069.760436][ T26] kauditd_printk_skb: 8 callbacks suppressed [ 2069.760532][ T26] audit: type=1804 audit(1578997726.582:3511): pid=14528 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.1" name="/root/syzkaller-testdir084764212/syzkaller.RzbT3U/1102/file0" dev="sda1" ino=16488 res=1 10:28:47 executing program 3: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) socket(0x0, 0x0, 0x0) close(0xffffffffffffffff) r4 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x5, r4, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0x0, 0x0, 0xc000000}]) 10:28:47 executing program 4: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) r4 = socket(0x0, 0x0, 0x0) close(r4) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000300)={0x5, 0x70, 0x81, 0x1, 0x3f, 0x1, 0x0, 0x101, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x40, 0xe21bf5a1ec0ebacf, @perf_bp={&(0x7f0000000140), 0x4}, 0x122, 0x3, 0x7fffffff, 0x0, 0x8, 0x5, 0x5}, 0x0, 0x0, 0xffffffffffffffff, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0x12000}]) 10:28:47 executing program 0: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) socket(0x0, 0x0, 0x0) close(0xffffffffffffffff) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0) r4 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000300)={0x5, 0x70, 0x81, 0x1, 0x3f, 0x1, 0x0, 0x101, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x40, 0xe21bf5a1ec0ebacf, @perf_bp={&(0x7f0000000140), 0x4}, 0x122, 0x3, 0x7fffffff, 0x0, 0x8, 0x5, 0x5}, 0x0, 0x5, r4, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0x22000}]) 10:28:47 executing program 1: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) openat$vga_arbiter(0xffffffffffffff9c, 0x0, 0x800, 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, &(0x7f0000000380)={&(0x7f0000000280)='./file0/file0\x00'}, 0x10) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) creat(&(0x7f00000003c0)='./bus\x00', 0x0) io_setup(0x4, &(0x7f0000000180)=0x0) close(0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0x2e00}]) 10:28:47 executing program 5: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) openat$vga_arbiter(0xffffffffffffff9c, 0x0, 0x800, 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, &(0x7f0000000380)={&(0x7f0000000280)='./file0/file0\x00'}, 0x10) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) creat(&(0x7f00000003c0)='./bus\x00', 0x0) io_setup(0x4, &(0x7f0000000180)=0x0) close(0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x90000000000fffe, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7}]) [ 2071.187484][ T26] audit: type=1804 audit(1578997728.012:3512): pid=14543 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir267585837/syzkaller.3H91Gd/1133/file0/file0" dev="sda1" ino=16609 res=1 [ 2071.309336][ T26] audit: type=1804 audit(1578997728.132:3513): pid=14595 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir267585837/syzkaller.3H91Gd/1133/file0/file0" dev="sda1" ino=16609 res=1 [ 2071.526522][ T26] audit: type=1804 audit(1578997728.352:3514): pid=14571 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir432377370/syzkaller.fCXC0t/1220/file0/file0" dev="loop3" ino=6387 res=1 [ 2071.618622][ T26] audit: type=1804 audit(1578997728.382:3515): pid=14610 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.3" name="/root/syzkaller-testdir432377370/syzkaller.fCXC0t/1220/file0/file0" dev="loop3" ino=6387 res=1 [ 2071.728777][T14610] FAT-fs (loop3): error, fat_free_clusters: deleting FAT entry beyond EOF [ 2071.791670][ T26] audit: type=1804 audit(1578997728.612:3516): pid=14582 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir015439455/syzkaller.0lPw5D/1152/file0/file0" dev="sda1" ino=17354 res=1 [ 2071.844061][T14610] FAT-fs (loop3): Filesystem has been set read-only 10:28:48 executing program 2: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) r4 = socket(0x0, 0x0, 0x0) close(r4) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000300)={0x5, 0x70, 0x81, 0x1, 0x3f, 0x1, 0x0, 0x101, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x40, 0xe21bf5a1ec0ebacf, @perf_bp={&(0x7f0000000140), 0x4}, 0x122, 0x3, 0x7fffffff, 0x0, 0x8, 0x5, 0x5}, 0x0, 0x0, 0xffffffffffffffff, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0x15000}]) 10:28:48 executing program 3: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) socket(0x0, 0x0, 0x0) close(0xffffffffffffffff) r4 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x5, r4, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0x0, 0x0, 0xd000000}]) [ 2071.923813][ T26] audit: type=1804 audit(1578997728.692:3517): pid=14577 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir084764212/syzkaller.RzbT3U/1103/file0/file0" dev="sda1" ino=17025 res=1 10:28:48 executing program 1: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) openat$vga_arbiter(0xffffffffffffff9c, 0x0, 0x800, 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, &(0x7f0000000380)={&(0x7f0000000280)='./file0/file0\x00'}, 0x10) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) creat(&(0x7f00000003c0)='./bus\x00', 0x0) io_setup(0x4, &(0x7f0000000180)=0x0) close(0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0x2f00}]) 10:28:48 executing program 0: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) socket(0x0, 0x0, 0x0) close(0xffffffffffffffff) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0) r4 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000300)={0x5, 0x70, 0x81, 0x1, 0x3f, 0x1, 0x0, 0x101, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x40, 0xe21bf5a1ec0ebacf, @perf_bp={&(0x7f0000000140), 0x4}, 0x122, 0x3, 0x7fffffff, 0x0, 0x8, 0x5, 0x5}, 0x0, 0x5, r4, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0x23000}]) 10:28:48 executing program 5: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) openat$vga_arbiter(0xffffffffffffff9c, 0x0, 0x800, 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, &(0x7f0000000380)={&(0x7f0000000280)='./file0/file0\x00'}, 0x10) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) creat(&(0x7f00000003c0)='./bus\x00', 0x0) io_setup(0x4, &(0x7f0000000180)=0x0) close(0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x90000000000fffe, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7}]) 10:28:49 executing program 4: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) r4 = socket(0x0, 0x0, 0x0) close(r4) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000300)={0x5, 0x70, 0x81, 0x1, 0x3f, 0x1, 0x0, 0x101, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x40, 0xe21bf5a1ec0ebacf, @perf_bp={&(0x7f0000000140), 0x4}, 0x122, 0x3, 0x7fffffff, 0x0, 0x8, 0x5, 0x5}, 0x0, 0x0, 0xffffffffffffffff, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0x14000}]) 10:28:49 executing program 4: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) socket(0x0, 0x0, 0x0) close(0xffffffffffffffff) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0) r4 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000300)={0x5, 0x70, 0x81, 0x1, 0x3f, 0x1, 0x0, 0x101, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x40, 0xe21bf5a1ec0ebacf, @perf_bp={&(0x7f0000000140), 0x4}, 0x122, 0x3, 0x7fffffff, 0x0, 0x8, 0x5, 0x5}, 0x0, 0x5, r4, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0x20000}]) [ 2073.136097][ T26] audit: type=1804 audit(1578997729.962:3518): pid=14667 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir015439455/syzkaller.0lPw5D/1153/file0/file0" dev="sda1" ino=17682 res=1 10:28:50 executing program 5: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) r4 = socket(0x0, 0x0, 0x0) close(r4) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000300)={0x5, 0x70, 0x81, 0x1, 0x3f, 0x1, 0x0, 0x101, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x40, 0xe21bf5a1ec0ebacf, @perf_bp={&(0x7f0000000140), 0x4}, 0x122, 0x3, 0x7fffffff, 0x0, 0x8, 0x5, 0x5}, 0x0, 0x0, 0xffffffffffffffff, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x90000000000fffc, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7}]) [ 2073.330759][ T26] audit: type=1804 audit(1578997730.152:3519): pid=14658 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir084764212/syzkaller.RzbT3U/1104/file0/file0" dev="loop1" ino=6393 res=1 10:28:50 executing program 0: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) socket(0x0, 0x0, 0x0) close(0xffffffffffffffff) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0) r4 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000300)={0x5, 0x70, 0x81, 0x1, 0x3f, 0x1, 0x0, 0x101, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x40, 0xe21bf5a1ec0ebacf, @perf_bp={&(0x7f0000000140), 0x4}, 0x122, 0x3, 0x7fffffff, 0x0, 0x8, 0x5, 0x5}, 0x0, 0x5, r4, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0x24000}]) [ 2073.524773][T14690] FAT-fs (loop1): error, fat_free_clusters: deleting FAT entry beyond EOF [ 2073.533576][ T26] audit: type=1804 audit(1578997730.192:3520): pid=14633 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir432377370/syzkaller.fCXC0t/1221/file0/file0" dev="sda1" ino=17355 res=1 [ 2073.586268][T14690] FAT-fs (loop1): Filesystem has been set read-only 10:28:50 executing program 1: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) openat$vga_arbiter(0xffffffffffffff9c, 0x0, 0x800, 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, &(0x7f0000000380)={&(0x7f0000000280)='./file0/file0\x00'}, 0x10) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) creat(&(0x7f00000003c0)='./bus\x00', 0x0) io_setup(0x4, &(0x7f0000000180)=0x0) close(0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0x3000}]) 10:28:50 executing program 2: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) r4 = socket(0x0, 0x0, 0x0) close(r4) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000300)={0x5, 0x70, 0x81, 0x1, 0x3f, 0x1, 0x0, 0x101, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x40, 0xe21bf5a1ec0ebacf, @perf_bp={&(0x7f0000000140), 0x4}, 0x122, 0x3, 0x7fffffff, 0x0, 0x8, 0x5, 0x5}, 0x0, 0x0, 0xffffffffffffffff, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0x16000}]) 10:28:50 executing program 3: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) socket(0x0, 0x0, 0x0) close(0xffffffffffffffff) r4 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x5, r4, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0x0, 0x0, 0xe000000}]) [ 2074.554942][T14744] FAT-fs (loop0): error, fat_free_clusters: deleting FAT entry beyond EOF [ 2074.610130][T14744] FAT-fs (loop0): Filesystem has been set read-only 10:28:51 executing program 0: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) socket(0x0, 0x0, 0x0) close(0xffffffffffffffff) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0) r4 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000300)={0x5, 0x70, 0x81, 0x1, 0x3f, 0x1, 0x0, 0x101, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x40, 0xe21bf5a1ec0ebacf, @perf_bp={&(0x7f0000000140), 0x4}, 0x122, 0x3, 0x7fffffff, 0x0, 0x8, 0x5, 0x5}, 0x0, 0x5, r4, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0x25000}]) 10:28:51 executing program 1: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) openat$vga_arbiter(0xffffffffffffff9c, 0x0, 0x800, 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, &(0x7f0000000380)={&(0x7f0000000280)='./file0/file0\x00'}, 0x10) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) creat(&(0x7f00000003c0)='./bus\x00', 0x0) io_setup(0x4, &(0x7f0000000180)=0x0) close(0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0x3100}]) [ 2075.187837][ T26] kauditd_printk_skb: 8 callbacks suppressed [ 2075.187863][ T26] audit: type=1804 audit(1578997732.012:3529): pid=14740 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir267585837/syzkaller.3H91Gd/1135/file0/file0" dev="sda1" ino=17042 res=1 [ 2075.219740][ T26] audit: type=1800 audit(1578997732.012:3530): pid=14740 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed comm="syz-executor.2" name="file0" dev="sda1" ino=17042 res=0 [ 2075.240485][ T26] audit: type=1804 audit(1578997732.012:3531): pid=14759 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir267585837/syzkaller.3H91Gd/1135/file0/file0" dev="sda1" ino=17042 res=1 10:28:52 executing program 4: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) openat$vga_arbiter(0xffffffffffffff9c, 0x0, 0x800, 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, &(0x7f0000000380)={&(0x7f0000000280)='./file0/file0\x00'}, 0x10) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) creat(&(0x7f00000003c0)='./bus\x00', 0x0) io_setup(0x4, &(0x7f0000000180)=0x0) close(0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0x3000}]) [ 2075.298502][ T26] audit: type=1804 audit(1578997732.122:3532): pid=14758 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.3" name="/root/syzkaller-testdir432377370/syzkaller.fCXC0t/1222/file0/file0" dev="loop3" ino=6404 res=1 [ 2075.441797][T14758] FAT-fs (loop3): error, fat_free_clusters: deleting FAT entry beyond EOF [ 2075.480780][T14758] FAT-fs (loop3): Filesystem has been set read-only 10:28:52 executing program 5: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) socket(0x0, 0x0, 0x0) close(0xffffffffffffffff) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0) r4 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000300)={0x5, 0x70, 0x81, 0x1, 0x3f, 0x1, 0x0, 0x101, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x40, 0xe21bf5a1ec0ebacf, @perf_bp={&(0x7f0000000140), 0x4}, 0x122, 0x3, 0x7fffffff, 0x0, 0x8, 0x5, 0x5}, 0x0, 0x5, r4, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0x24000}]) 10:28:52 executing program 3: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) socket(0x0, 0x0, 0x0) close(0xffffffffffffffff) r4 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x5, r4, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0x0, 0x0, 0xf000000}]) 10:28:52 executing program 2: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) r4 = socket(0x0, 0x0, 0x0) close(r4) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000300)={0x5, 0x70, 0x81, 0x1, 0x3f, 0x1, 0x0, 0x101, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x40, 0xe21bf5a1ec0ebacf, @perf_bp={&(0x7f0000000140), 0x4}, 0x122, 0x3, 0x7fffffff, 0x0, 0x8, 0x5, 0x5}, 0x0, 0x0, 0xffffffffffffffff, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0x17000}]) [ 2075.985453][ T26] audit: type=1804 audit(1578997732.812:3533): pid=14785 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir015439455/syzkaller.0lPw5D/1155/file0/file0" dev="sda1" ino=17302 res=1 [ 2076.611120][ T26] audit: type=1804 audit(1578997733.432:3534): pid=14830 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir267585837/syzkaller.3H91Gd/1136/file0/file0" dev="loop2" ino=6409 res=1 10:28:53 executing program 2: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) r4 = socket(0x0, 0x0, 0x0) close(r4) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000300)={0x5, 0x70, 0x81, 0x1, 0x3f, 0x1, 0x0, 0x101, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x40, 0xe21bf5a1ec0ebacf, @perf_bp={&(0x7f0000000140), 0x4}, 0x122, 0x3, 0x7fffffff, 0x0, 0x8, 0x5, 0x5}, 0x0, 0x0, 0xffffffffffffffff, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0x18000}]) 10:28:53 executing program 0: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) socket(0x0, 0x0, 0x0) close(0xffffffffffffffff) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0) r4 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000300)={0x5, 0x70, 0x81, 0x1, 0x3f, 0x1, 0x0, 0x101, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x40, 0xe21bf5a1ec0ebacf, @perf_bp={&(0x7f0000000140), 0x4}, 0x122, 0x3, 0x7fffffff, 0x0, 0x8, 0x5, 0x5}, 0x0, 0x5, r4, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0x26000}]) [ 2076.880276][ T26] audit: type=1804 audit(1578997733.672:3535): pid=14804 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir084764212/syzkaller.RzbT3U/1106/file0" dev="sda1" ino=16524 res=1 10:28:53 executing program 1: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) openat$vga_arbiter(0xffffffffffffff9c, 0x0, 0x800, 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, &(0x7f0000000380)={&(0x7f0000000280)='./file0/file0\x00'}, 0x10) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) creat(&(0x7f00000003c0)='./bus\x00', 0x0) io_setup(0x4, &(0x7f0000000180)=0x0) close(0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0x3200}]) 10:28:54 executing program 4: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) openat$vga_arbiter(0xffffffffffffff9c, 0x0, 0x800, 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, &(0x7f0000000380)={&(0x7f0000000280)='./file0/file0\x00'}, 0x10) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) creat(&(0x7f00000003c0)='./bus\x00', 0x0) io_setup(0x4, &(0x7f0000000180)=0x0) close(0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0x3100}]) 10:28:54 executing program 5: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) socket(0x0, 0x0, 0x0) close(0xffffffffffffffff) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0) r4 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000300)={0x5, 0x70, 0x81, 0x1, 0x3f, 0x1, 0x0, 0x101, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x40, 0xe21bf5a1ec0ebacf, @perf_bp={&(0x7f0000000140), 0x4}, 0x122, 0x3, 0x7fffffff, 0x0, 0x8, 0x5, 0x5}, 0x0, 0x5, r4, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0x24000}]) [ 2077.730349][ T26] audit: type=1804 audit(1578997734.552:3536): pid=14889 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.1" name="/root/syzkaller-testdir084764212/syzkaller.RzbT3U/1107/file0/file0" dev="loop1" ino=6413 res=1 10:28:54 executing program 3: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) socket(0x0, 0x0, 0x0) close(0xffffffffffffffff) r4 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x5, r4, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0x0, 0x0, 0xfffffff}]) [ 2077.951688][ T26] audit: type=1804 audit(1578997734.772:3537): pid=14862 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir267585837/syzkaller.3H91Gd/1137/file0/file0" dev="loop2" ino=6411 res=1 10:28:54 executing program 1: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) openat$vga_arbiter(0xffffffffffffff9c, 0x0, 0x800, 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, &(0x7f0000000380)={&(0x7f0000000280)='./file0/file0\x00'}, 0x10) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) creat(&(0x7f00000003c0)='./bus\x00', 0x0) io_setup(0x4, &(0x7f0000000180)=0x0) close(0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0x3300}]) 10:28:55 executing program 0: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) socket(0x0, 0x0, 0x0) close(0xffffffffffffffff) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0) r4 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000300)={0x5, 0x70, 0x81, 0x1, 0x3f, 0x1, 0x0, 0x101, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x40, 0xe21bf5a1ec0ebacf, @perf_bp={&(0x7f0000000140), 0x4}, 0x122, 0x3, 0x7fffffff, 0x0, 0x8, 0x5, 0x5}, 0x0, 0x5, r4, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0x27000}]) 10:28:55 executing program 2: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) r4 = socket(0x0, 0x0, 0x0) close(r4) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000300)={0x5, 0x70, 0x81, 0x1, 0x3f, 0x1, 0x0, 0x101, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x40, 0xe21bf5a1ec0ebacf, @perf_bp={&(0x7f0000000140), 0x4}, 0x122, 0x3, 0x7fffffff, 0x0, 0x8, 0x5, 0x5}, 0x0, 0x0, 0xffffffffffffffff, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0x19000}]) [ 2078.882410][T14943] FAT-fs (loop0): error, fat_get_cluster: invalid cluster chain (i_pos 970769) [ 2078.916116][T14943] FAT-fs (loop0): Filesystem has been set read-only [ 2079.044525][ T26] audit: type=1804 audit(1578997735.872:3538): pid=14924 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir432377370/syzkaller.fCXC0t/1224/file0/file0" dev="loop3" ino=6415 res=1 10:28:56 executing program 4: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) openat$vga_arbiter(0xffffffffffffff9c, 0x0, 0x800, 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, &(0x7f0000000380)={&(0x7f0000000280)='./file0/file0\x00'}, 0x10) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) creat(&(0x7f00000003c0)='./bus\x00', 0x0) io_setup(0x4, &(0x7f0000000180)=0x0) close(0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0x3100}]) 10:28:56 executing program 0: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) socket(0x0, 0x0, 0x0) close(0xffffffffffffffff) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0) r4 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000300)={0x5, 0x70, 0x81, 0x1, 0x3f, 0x1, 0x0, 0x101, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x40, 0xe21bf5a1ec0ebacf, @perf_bp={&(0x7f0000000140), 0x4}, 0x122, 0x3, 0x7fffffff, 0x0, 0x8, 0x5, 0x5}, 0x0, 0x5, r4, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0x28000}]) 10:28:56 executing program 5: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) socket(0x0, 0x0, 0x0) close(0xffffffffffffffff) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0) r4 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000300)={0x5, 0x70, 0x81, 0x1, 0x3f, 0x1, 0x0, 0x101, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x40, 0xe21bf5a1ec0ebacf, @perf_bp={&(0x7f0000000140), 0x4}, 0x122, 0x3, 0x7fffffff, 0x0, 0x8, 0x5, 0x5}, 0x0, 0x5, r4, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0x24000}]) 10:28:56 executing program 3: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) socket(0x0, 0x0, 0x0) close(0xffffffffffffffff) r4 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x5, r4, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0x0, 0x0, 0x10000000}]) 10:28:56 executing program 1: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) openat$vga_arbiter(0xffffffffffffff9c, 0x0, 0x800, 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, &(0x7f0000000380)={&(0x7f0000000280)='./file0/file0\x00'}, 0x10) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) creat(&(0x7f00000003c0)='./bus\x00', 0x0) io_setup(0x4, &(0x7f0000000180)=0x0) close(0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0x3400}]) 10:28:57 executing program 2: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) r4 = socket(0x0, 0x0, 0x0) close(r4) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000300)={0x5, 0x70, 0x81, 0x1, 0x3f, 0x1, 0x0, 0x101, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x40, 0xe21bf5a1ec0ebacf, @perf_bp={&(0x7f0000000140), 0x4}, 0x122, 0x3, 0x7fffffff, 0x0, 0x8, 0x5, 0x5}, 0x0, 0x0, 0xffffffffffffffff, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0x1a000}]) [ 2080.488723][ T26] kauditd_printk_skb: 5 callbacks suppressed [ 2080.488745][ T26] audit: type=1804 audit(1578997737.312:3544): pid=15003 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir015439455/syzkaller.0lPw5D/1158/file0" dev="sda1" ino=17041 res=1 [ 2080.682623][ T26] audit: type=1800 audit(1578997737.362:3545): pid=15003 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed comm="syz-executor.0" name="file0" dev="sda1" ino=17041 res=0 [ 2080.788253][T15043] FAT-fs (loop1): error, fat_free_clusters: deleting FAT entry beyond EOF [ 2080.813077][T15043] FAT-fs (loop1): Filesystem has been set read-only [ 2080.824832][ T26] audit: type=1804 audit(1578997737.362:3546): pid=15029 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir015439455/syzkaller.0lPw5D/1158/file0" dev="sda1" ino=17041 res=1 [ 2080.858831][ T26] audit: type=1804 audit(1578997737.652:3547): pid=15053 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.3" name="/root/syzkaller-testdir432377370/syzkaller.fCXC0t/1225/file0/file0" dev="sda1" ino=17363 res=1 10:28:57 executing program 0: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) socket(0x0, 0x0, 0x0) close(0xffffffffffffffff) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0) r4 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000300)={0x5, 0x70, 0x81, 0x1, 0x3f, 0x1, 0x0, 0x101, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x40, 0xe21bf5a1ec0ebacf, @perf_bp={&(0x7f0000000140), 0x4}, 0x122, 0x3, 0x7fffffff, 0x0, 0x8, 0x5, 0x5}, 0x0, 0x5, r4, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0x29000}]) 10:28:57 executing program 4: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) openat$vga_arbiter(0xffffffffffffff9c, 0x0, 0x800, 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, &(0x7f0000000380)={&(0x7f0000000280)='./file0/file0\x00'}, 0x10) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) creat(&(0x7f00000003c0)='./bus\x00', 0x0) io_setup(0x4, &(0x7f0000000180)=0x0) close(0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0x3100}]) [ 2081.086063][ T26] audit: type=1804 audit(1578997737.712:3548): pid=15042 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir084764212/syzkaller.RzbT3U/1109/file0/file0" dev="loop1" ino=6419 res=1 10:28:58 executing program 1: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) openat$vga_arbiter(0xffffffffffffff9c, 0x0, 0x800, 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, &(0x7f0000000380)={&(0x7f0000000280)='./file0/file0\x00'}, 0x10) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) creat(&(0x7f00000003c0)='./bus\x00', 0x0) io_setup(0x4, &(0x7f0000000180)=0x0) close(0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0x3500}]) 10:28:58 executing program 5: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) socket(0x0, 0x0, 0x0) close(0xffffffffffffffff) r4 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x5, r4, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0x0, 0x0, 0xfffffff}]) [ 2081.387170][ T26] audit: type=1804 audit(1578997738.202:3549): pid=15068 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir015439455/syzkaller.0lPw5D/1159/file0/file0" dev="loop0" ino=6423 res=1 [ 2081.455485][T15075] FAT-fs (loop0): error, fat_get_cluster: invalid cluster chain (i_pos 970800) [ 2081.464601][T15075] FAT-fs (loop0): Filesystem has been set read-only [ 2081.471815][T15075] FAT-fs (loop0): error, fat_get_cluster: invalid cluster chain (i_pos 970800) 10:28:58 executing program 3: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) socket(0x0, 0x0, 0x0) close(0xffffffffffffffff) r4 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x5, r4, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0x0, 0x0, 0x11000000}]) [ 2081.739071][ T26] audit: type=1804 audit(1578997738.412:3550): pid=15050 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir267585837/syzkaller.3H91Gd/1139/file0" dev="sda1" ino=16515 res=1 10:28:58 executing program 0: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) socket(0x0, 0x0, 0x0) close(0xffffffffffffffff) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0) r4 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000300)={0x5, 0x70, 0x81, 0x1, 0x3f, 0x1, 0x0, 0x101, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x40, 0xe21bf5a1ec0ebacf, @perf_bp={&(0x7f0000000140), 0x4}, 0x122, 0x3, 0x7fffffff, 0x0, 0x8, 0x5, 0x5}, 0x0, 0x5, r4, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0x2a000}]) [ 2082.151777][ T26] audit: type=1804 audit(1578997738.472:3551): pid=15055 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir267585837/syzkaller.3H91Gd/1139/file0" dev="sda1" ino=16515 res=1 [ 2082.197662][ T26] audit: type=1804 audit(1578997738.822:3552): pid=15080 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir084764212/syzkaller.RzbT3U/1110/file0/file0" dev="loop1" ino=6425 res=1 [ 2082.280492][T15083] FAT-fs (loop1): error, fat_free_clusters: deleting FAT entry beyond EOF 10:28:59 executing program 2: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) r4 = socket(0x0, 0x0, 0x0) close(r4) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000300)={0x5, 0x70, 0x81, 0x1, 0x3f, 0x1, 0x0, 0x101, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x40, 0xe21bf5a1ec0ebacf, @perf_bp={&(0x7f0000000140), 0x4}, 0x122, 0x3, 0x7fffffff, 0x0, 0x8, 0x5, 0x5}, 0x0, 0x0, 0xffffffffffffffff, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0x1b000}]) [ 2082.357408][T15083] FAT-fs (loop1): Filesystem has been set read-only [ 2082.475812][ T26] audit: type=1804 audit(1578997738.842:3553): pid=15083 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.1" name="/root/syzkaller-testdir084764212/syzkaller.RzbT3U/1110/file0/file0" dev="loop1" ino=6425 res=1 10:28:59 executing program 1: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) openat$vga_arbiter(0xffffffffffffff9c, 0x0, 0x800, 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, &(0x7f0000000380)={&(0x7f0000000280)='./file0/file0\x00'}, 0x10) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) creat(&(0x7f00000003c0)='./bus\x00', 0x0) io_setup(0x4, &(0x7f0000000180)=0x0) close(0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0x3600}]) [ 2083.049955][T15117] FAT-fs (loop3): error, fat_free_clusters: deleting FAT entry beyond EOF [ 2083.058876][T15117] FAT-fs (loop3): Filesystem has been set read-only 10:29:00 executing program 3: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) socket(0x0, 0x0, 0x0) close(0xffffffffffffffff) r4 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x5, r4, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0x0, 0x0, 0x12000000}]) [ 2083.205349][T15112] FAT-fs (loop0): error, fat_free_clusters: deleting FAT entry beyond EOF [ 2083.221576][T15112] FAT-fs (loop0): Filesystem has been set read-only 10:29:00 executing program 5: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) socket(0x0, 0x0, 0x0) close(0xffffffffffffffff) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0) r4 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000300)={0x5, 0x70, 0x81, 0x1, 0x3f, 0x1, 0x0, 0x101, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x40, 0xe21bf5a1ec0ebacf, @perf_bp={&(0x7f0000000140), 0x4}, 0x122, 0x3, 0x7fffffff, 0x0, 0x8, 0x5, 0x5}, 0x0, 0x5, r4, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0x29000}]) 10:29:00 executing program 0: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) socket(0x0, 0x0, 0x0) close(0xffffffffffffffff) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0) r4 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000300)={0x5, 0x70, 0x81, 0x1, 0x3f, 0x1, 0x0, 0x101, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x40, 0xe21bf5a1ec0ebacf, @perf_bp={&(0x7f0000000140), 0x4}, 0x122, 0x3, 0x7fffffff, 0x0, 0x8, 0x5, 0x5}, 0x0, 0x5, r4, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0x2b000}]) 10:29:00 executing program 4: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) socket(0x0, 0x0, 0x0) close(0xffffffffffffffff) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0) r4 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000300)={0x5, 0x70, 0x81, 0x1, 0x3f, 0x1, 0x0, 0x101, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x40, 0xe21bf5a1ec0ebacf, @perf_bp={&(0x7f0000000140), 0x4}, 0x122, 0x3, 0x7fffffff, 0x0, 0x8, 0x5, 0x5}, 0x0, 0x5, r4, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0x29000}]) [ 2083.779088][T15183] FAT-fs (loop1): error, fat_get_cluster: invalid cluster chain (i_pos 970799) [ 2083.788941][T15183] FAT-fs (loop1): Filesystem has been set read-only [ 2083.895305][T15183] FAT-fs (loop1): error, fat_get_cluster: invalid cluster chain (i_pos 970799) [ 2083.997047][T15166] FAT-fs (loop3): error, fat_free_clusters: deleting FAT entry beyond EOF [ 2084.032964][T15166] FAT-fs (loop3): Filesystem has been set read-only 10:29:00 executing program 2: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) r4 = socket(0x0, 0x0, 0x0) close(r4) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000300)={0x5, 0x70, 0x81, 0x1, 0x3f, 0x1, 0x0, 0x101, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x40, 0xe21bf5a1ec0ebacf, @perf_bp={&(0x7f0000000140), 0x4}, 0x122, 0x3, 0x7fffffff, 0x0, 0x8, 0x5, 0x5}, 0x0, 0x0, 0xffffffffffffffff, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0x1c000}]) 10:29:01 executing program 1: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) openat$vga_arbiter(0xffffffffffffff9c, 0x0, 0x800, 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, &(0x7f0000000380)={&(0x7f0000000280)='./file0/file0\x00'}, 0x10) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) creat(&(0x7f00000003c0)='./bus\x00', 0x0) io_setup(0x4, &(0x7f0000000180)=0x0) close(0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0x4000}]) 10:29:01 executing program 3: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) socket(0x0, 0x0, 0x0) close(0xffffffffffffffff) r4 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x5, r4, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0x0, 0x0, 0x13000000}]) 10:29:01 executing program 5: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) socket(0x0, 0x0, 0x0) close(0xffffffffffffffff) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0) r4 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000300)={0x5, 0x70, 0x81, 0x1, 0x3f, 0x1, 0x0, 0x101, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x40, 0xe21bf5a1ec0ebacf, @perf_bp={&(0x7f0000000140), 0x4}, 0x122, 0x3, 0x7fffffff, 0x0, 0x8, 0x5, 0x5}, 0x0, 0x5, r4, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0x29000}]) 10:29:02 executing program 0: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) socket(0x0, 0x0, 0x0) close(0xffffffffffffffff) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0) r4 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000300)={0x5, 0x70, 0x81, 0x1, 0x3f, 0x1, 0x0, 0x101, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x40, 0xe21bf5a1ec0ebacf, @perf_bp={&(0x7f0000000140), 0x4}, 0x122, 0x3, 0x7fffffff, 0x0, 0x8, 0x5, 0x5}, 0x0, 0x5, r4, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0x2c000}]) 10:29:02 executing program 2: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) r4 = socket(0x0, 0x0, 0x0) close(r4) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000300)={0x5, 0x70, 0x81, 0x1, 0x3f, 0x1, 0x0, 0x101, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x40, 0xe21bf5a1ec0ebacf, @perf_bp={&(0x7f0000000140), 0x4}, 0x122, 0x3, 0x7fffffff, 0x0, 0x8, 0x5, 0x5}, 0x0, 0x0, 0xffffffffffffffff, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0x1d000}]) [ 2085.550811][ T26] kauditd_printk_skb: 12 callbacks suppressed [ 2085.550832][ T26] audit: type=1804 audit(1578997742.372:3566): pid=15242 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir432377370/syzkaller.fCXC0t/1228/file0/file0" dev="sda1" ino=17536 res=1 [ 2085.679549][ T26] audit: type=1804 audit(1578997742.372:3568): pid=15257 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.3" name="/root/syzkaller-testdir432377370/syzkaller.fCXC0t/1228/file0/file0" dev="sda1" ino=17536 res=1 10:29:02 executing program 4: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) r4 = socket(0x0, 0x0, 0x0) close(r4) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000300)={0x5, 0x70, 0x81, 0x1, 0x3f, 0x1, 0x0, 0x101, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x40, 0xe21bf5a1ec0ebacf, @perf_bp={&(0x7f0000000140), 0x4}, 0x122, 0x3, 0x7fffffff, 0x0, 0x8, 0x5, 0x5}, 0x0, 0x0, 0xffffffffffffffff, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0x1c000}]) 10:29:02 executing program 3: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) socket(0x0, 0x0, 0x0) close(0xffffffffffffffff) r4 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x5, r4, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0x0, 0x0, 0x18000000}]) 10:29:02 executing program 1: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) openat$vga_arbiter(0xffffffffffffff9c, 0x0, 0x800, 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, &(0x7f0000000380)={&(0x7f0000000280)='./file0/file0\x00'}, 0x10) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) creat(&(0x7f00000003c0)='./bus\x00', 0x0) io_setup(0x4, &(0x7f0000000180)=0x0) close(0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0x5000}]) [ 2086.008243][ T26] audit: type=1800 audit(1578997742.372:3567): pid=15242 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed comm="syz-executor.3" name="file0" dev="sda1" ino=17536 res=0 [ 2086.104511][ T26] audit: type=1804 audit(1578997742.632:3569): pid=15223 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir084764212/syzkaller.RzbT3U/1112/file0/file0" dev="sda1" ino=17359 res=1 [ 2086.292614][T15279] FAT-fs (loop2): error, invalid access to FAT (entry 0x00000500) [ 2086.352934][T15279] FAT-fs (loop2): Filesystem has been set read-only [ 2086.360556][ T26] audit: type=1804 audit(1578997743.182:3570): pid=15275 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir267585837/syzkaller.3H91Gd/1142/file0/file0" dev="loop2" ino=6443 res=1 [ 2086.498263][ T26] audit: type=1804 audit(1578997743.312:3571): pid=15281 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir015439455/syzkaller.0lPw5D/1162/file0/file0" dev="sda1" ino=17297 res=1 10:29:03 executing program 2: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) r4 = socket(0x0, 0x0, 0x0) close(r4) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000300)={0x5, 0x70, 0x81, 0x1, 0x3f, 0x1, 0x0, 0x101, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x40, 0xe21bf5a1ec0ebacf, @perf_bp={&(0x7f0000000140), 0x4}, 0x122, 0x3, 0x7fffffff, 0x0, 0x8, 0x5, 0x5}, 0x0, 0x0, 0xffffffffffffffff, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0x1e000}]) [ 2086.699793][ T26] audit: type=1800 audit(1578997743.312:3572): pid=15281 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed comm="syz-executor.0" name="file0" dev="sda1" ino=17297 res=0 [ 2086.734225][ T26] audit: type=1804 audit(1578997743.312:3573): pid=15302 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir015439455/syzkaller.0lPw5D/1162/file0/file0" dev="sda1" ino=17297 res=1 10:29:03 executing program 5: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) socket(0x0, 0x0, 0x0) close(0xffffffffffffffff) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0) r4 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000300)={0x5, 0x70, 0x81, 0x1, 0x3f, 0x1, 0x0, 0x101, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x40, 0xe21bf5a1ec0ebacf, @perf_bp={&(0x7f0000000140), 0x4}, 0x122, 0x3, 0x7fffffff, 0x0, 0x8, 0x5, 0x5}, 0x0, 0x5, r4, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0x29000}]) 10:29:04 executing program 0: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) socket(0x0, 0x0, 0x0) close(0xffffffffffffffff) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0) r4 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000300)={0x5, 0x70, 0x81, 0x1, 0x3f, 0x1, 0x0, 0x101, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x40, 0xe21bf5a1ec0ebacf, @perf_bp={&(0x7f0000000140), 0x4}, 0x122, 0x3, 0x7fffffff, 0x0, 0x8, 0x5, 0x5}, 0x0, 0x5, r4, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0x2d000}]) [ 2087.327325][ T26] audit: type=1804 audit(1578997744.152:3574): pid=15335 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir267585837/syzkaller.3H91Gd/1143/file0/file0" dev="loop2" ino=6449 res=1 [ 2087.579722][ T26] audit: type=1804 audit(1578997744.402:3575): pid=15321 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir084764212/syzkaller.RzbT3U/1113/file0/file0" dev="loop1" ino=6447 res=1 10:29:04 executing program 4: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) socket(0x0, 0x0, 0x0) close(0xffffffffffffffff) r4 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x5, r4, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0x0, 0x0, 0x12000000}]) [ 2087.660153][T15335] FAT-fs (loop2): error, fat_free_clusters: deleting FAT entry beyond EOF [ 2087.755338][T15335] FAT-fs (loop2): Filesystem has been set read-only 10:29:04 executing program 2: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) r4 = socket(0x0, 0x0, 0x0) close(r4) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000300)={0x5, 0x70, 0x81, 0x1, 0x3f, 0x1, 0x0, 0x101, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x40, 0xe21bf5a1ec0ebacf, @perf_bp={&(0x7f0000000140), 0x4}, 0x122, 0x3, 0x7fffffff, 0x0, 0x8, 0x5, 0x5}, 0x0, 0x0, 0xffffffffffffffff, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0x1f000}]) 10:29:04 executing program 3: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) socket(0x0, 0x0, 0x0) close(0xffffffffffffffff) r4 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x5, r4, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0x0, 0x0, 0x1c000000}]) 10:29:04 executing program 1: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) openat$vga_arbiter(0xffffffffffffff9c, 0x0, 0x800, 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, &(0x7f0000000380)={&(0x7f0000000280)='./file0/file0\x00'}, 0x10) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) creat(&(0x7f00000003c0)='./bus\x00', 0x0) io_setup(0x4, &(0x7f0000000180)=0x0) close(0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0x6000}]) [ 2088.623780][T15386] FAT-fs (loop0): error, fat_free_clusters: deleting FAT entry beyond EOF 10:29:05 executing program 5: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) socket(0x0, 0x0, 0x0) close(0xffffffffffffffff) r4 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x5, r4, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0x0, 0x0, 0x18000000}]) [ 2088.694717][T15386] FAT-fs (loop0): Filesystem has been set read-only 10:29:05 executing program 0: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) socket(0x0, 0x0, 0x0) close(0xffffffffffffffff) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0) r4 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000300)={0x5, 0x70, 0x81, 0x1, 0x3f, 0x1, 0x0, 0x101, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x40, 0xe21bf5a1ec0ebacf, @perf_bp={&(0x7f0000000140), 0x4}, 0x122, 0x3, 0x7fffffff, 0x0, 0x8, 0x5, 0x5}, 0x0, 0x5, r4, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0x2e000}]) [ 2088.990395][T15406] FAT-fs (loop1): error, fat_free_clusters: deleting FAT entry beyond EOF [ 2089.024482][T15406] FAT-fs (loop1): Filesystem has been set read-only 10:29:06 executing program 1: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) openat$vga_arbiter(0xffffffffffffff9c, 0x0, 0x800, 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, &(0x7f0000000380)={&(0x7f0000000280)='./file0/file0\x00'}, 0x10) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) creat(&(0x7f00000003c0)='./bus\x00', 0x0) io_setup(0x4, &(0x7f0000000180)=0x0) close(0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0x7000}]) 10:29:06 executing program 4: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) socket(0x0, 0x0, 0x0) close(0xffffffffffffffff) r4 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x5, r4, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0x0, 0x0, 0x12000000}]) [ 2089.400678][T15411] FAT-fs (loop3): error, fat_free_clusters: deleting FAT entry beyond EOF [ 2089.466521][T15411] FAT-fs (loop3): Filesystem has been set read-only 10:29:06 executing program 3: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) socket(0x0, 0x0, 0x0) close(0xffffffffffffffff) r4 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x5, r4, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0x0, 0x0, 0x1f000000}]) 10:29:07 executing program 2: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) r4 = socket(0x0, 0x0, 0x0) close(r4) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000300)={0x5, 0x70, 0x81, 0x1, 0x3f, 0x1, 0x0, 0x101, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x40, 0xe21bf5a1ec0ebacf, @perf_bp={&(0x7f0000000140), 0x4}, 0x122, 0x3, 0x7fffffff, 0x0, 0x8, 0x5, 0x5}, 0x0, 0x0, 0xffffffffffffffff, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0x20000}]) 10:29:07 executing program 0: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) socket(0x0, 0x0, 0x0) close(0xffffffffffffffff) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0) r4 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000300)={0x5, 0x70, 0x81, 0x1, 0x3f, 0x1, 0x0, 0x101, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x40, 0xe21bf5a1ec0ebacf, @perf_bp={&(0x7f0000000140), 0x4}, 0x122, 0x3, 0x7fffffff, 0x0, 0x8, 0x5, 0x5}, 0x0, 0x5, r4, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0x2f000}]) 10:29:07 executing program 1: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) openat$vga_arbiter(0xffffffffffffff9c, 0x0, 0x800, 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, &(0x7f0000000380)={&(0x7f0000000280)='./file0/file0\x00'}, 0x10) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) creat(&(0x7f00000003c0)='./bus\x00', 0x0) io_setup(0x4, &(0x7f0000000180)=0x0) close(0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0x8008}]) 10:29:07 executing program 5: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) socket(0x0, 0x0, 0x0) close(0xffffffffffffffff) r4 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x5, r4, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0x0, 0x0, 0x1c000000}]) [ 2091.056959][T15498] FAT-fs (loop2): error, fat_get_cluster: invalid cluster chain (i_pos 970769) [ 2091.118927][T15498] FAT-fs (loop2): Filesystem has been set read-only [ 2091.195296][ T26] kauditd_printk_skb: 13 callbacks suppressed [ 2091.195315][ T26] audit: type=1800 audit(1578997748.022:3589): pid=15498 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed comm="syz-executor.2" name="file0" dev="loop2" ino=6465 res=0 10:29:08 executing program 4: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) socket(0x0, 0x0, 0x0) close(0xffffffffffffffff) r4 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x5, r4, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0x0, 0x0, 0x12000000}]) [ 2091.302918][ T26] audit: type=1804 audit(1578997748.122:3590): pid=15508 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir432377370/syzkaller.fCXC0t/1231/file0/file0" dev="sda1" ino=16520 res=1 10:29:08 executing program 2: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) r4 = socket(0x0, 0x0, 0x0) close(r4) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000300)={0x5, 0x70, 0x81, 0x1, 0x3f, 0x1, 0x0, 0x101, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x40, 0xe21bf5a1ec0ebacf, @perf_bp={&(0x7f0000000140), 0x4}, 0x122, 0x3, 0x7fffffff, 0x0, 0x8, 0x5, 0x5}, 0x0, 0x0, 0xffffffffffffffff, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0x21000}]) [ 2091.541026][ T8136] FAT-fs (loop2): error, fat_get_cluster: invalid cluster chain (i_pos 970769) 10:29:08 executing program 3: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) socket(0x0, 0x0, 0x0) close(0xffffffffffffffff) r4 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x5, r4, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0x0, 0x0, 0x20000000}]) [ 2092.074287][ T26] audit: type=1804 audit(1578997748.902:3591): pid=15522 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir015439455/syzkaller.0lPw5D/1165/file0/file0" dev="loop0" ino=6467 res=1 [ 2092.311878][T15563] FAT-fs (loop0): error, fat_free_clusters: deleting FAT entry beyond EOF [ 2092.342510][ T26] audit: type=1804 audit(1578997749.022:3592): pid=15563 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir015439455/syzkaller.0lPw5D/1165/file0/file0" dev="loop0" ino=6467 res=1 [ 2092.451484][T15563] FAT-fs (loop0): Filesystem has been set read-only [ 2092.470779][ T26] audit: type=1804 audit(1578997749.152:3593): pid=15535 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir084764212/syzkaller.RzbT3U/1116/file0" dev="sda1" ino=16562 res=1 [ 2092.600926][ T26] audit: type=1804 audit(1578997749.232:3594): pid=15580 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.1" name="/root/syzkaller-testdir084764212/syzkaller.RzbT3U/1116/file0" dev="sda1" ino=16562 res=1 10:29:09 executing program 0: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) socket(0x0, 0x0, 0x0) close(0xffffffffffffffff) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0) r4 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000300)={0x5, 0x70, 0x81, 0x1, 0x3f, 0x1, 0x0, 0x101, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x40, 0xe21bf5a1ec0ebacf, @perf_bp={&(0x7f0000000140), 0x4}, 0x122, 0x3, 0x7fffffff, 0x0, 0x8, 0x5, 0x5}, 0x0, 0x5, r4, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0x30000}]) 10:29:09 executing program 5: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) socket(0x0, 0x0, 0x0) close(0xffffffffffffffff) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0) r4 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000300)={0x5, 0x70, 0x81, 0x1, 0x3f, 0x1, 0x0, 0x101, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x40, 0xe21bf5a1ec0ebacf, @perf_bp={&(0x7f0000000140), 0x4}, 0x122, 0x3, 0x7fffffff, 0x0, 0x8, 0x5, 0x5}, 0x0, 0x5, r4, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0x2d000}]) [ 2092.708917][ T26] audit: type=1800 audit(1578997749.242:3595): pid=15535 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed comm="syz-executor.1" name="file0" dev="sda1" ino=16562 res=0 10:29:09 executing program 4: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) r4 = socket(0x0, 0x0, 0x0) close(r4) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000300)={0x5, 0x70, 0x81, 0x1, 0x3f, 0x1, 0x0, 0x101, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x40, 0xe21bf5a1ec0ebacf, @perf_bp={&(0x7f0000000140), 0x4}, 0x122, 0x3, 0x7fffffff, 0x0, 0x8, 0x5, 0x5}, 0x0, 0x0, 0xffffffffffffffff, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0x1e000}]) [ 2092.810670][ T26] audit: type=1804 audit(1578997749.472:3596): pid=15548 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir267585837/syzkaller.3H91Gd/1146/file0/file0" dev="sda1" ino=16520 res=1 10:29:09 executing program 1: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) openat$vga_arbiter(0xffffffffffffff9c, 0x0, 0x800, 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, &(0x7f0000000380)={&(0x7f0000000280)='./file0/file0\x00'}, 0x10) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) creat(&(0x7f00000003c0)='./bus\x00', 0x0) io_setup(0x4, &(0x7f0000000180)=0x0) close(0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0x9000}]) [ 2092.922944][ T26] audit: type=1800 audit(1578997749.472:3597): pid=15548 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed comm="syz-executor.2" name="file0" dev="sda1" ino=16520 res=0 10:29:09 executing program 2: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) r4 = socket(0x0, 0x0, 0x0) close(r4) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000300)={0x5, 0x70, 0x81, 0x1, 0x3f, 0x1, 0x0, 0x101, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x40, 0xe21bf5a1ec0ebacf, @perf_bp={&(0x7f0000000140), 0x4}, 0x122, 0x3, 0x7fffffff, 0x0, 0x8, 0x5, 0x5}, 0x0, 0x0, 0xffffffffffffffff, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0x22000}]) [ 2092.981035][ T26] audit: type=1804 audit(1578997749.482:3598): pid=15589 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir267585837/syzkaller.3H91Gd/1146/file0/file0" dev="sda1" ino=16520 res=1 10:29:09 executing program 3: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) socket(0x0, 0x0, 0x0) close(0xffffffffffffffff) r4 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x5, r4, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0x0, 0x0, 0x3f000000}]) [ 2094.145611][T15626] FAT-fs (loop0): error, fat_free_clusters: deleting FAT entry beyond EOF [ 2094.223716][T15626] FAT-fs (loop0): Filesystem has been set read-only 10:29:11 executing program 0: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) socket(0x0, 0x0, 0x0) close(0xffffffffffffffff) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0) r4 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000300)={0x5, 0x70, 0x81, 0x1, 0x3f, 0x1, 0x0, 0x101, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x40, 0xe21bf5a1ec0ebacf, @perf_bp={&(0x7f0000000140), 0x4}, 0x122, 0x3, 0x7fffffff, 0x0, 0x8, 0x5, 0x5}, 0x0, 0x5, r4, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0x31000}]) 10:29:11 executing program 2: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) r4 = socket(0x0, 0x0, 0x0) close(r4) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000300)={0x5, 0x70, 0x81, 0x1, 0x3f, 0x1, 0x0, 0x101, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x40, 0xe21bf5a1ec0ebacf, @perf_bp={&(0x7f0000000140), 0x4}, 0x122, 0x3, 0x7fffffff, 0x0, 0x8, 0x5, 0x5}, 0x0, 0x0, 0xffffffffffffffff, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0x23000}]) 10:29:11 executing program 5: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) r4 = socket(0x0, 0x0, 0x0) close(r4) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000300)={0x5, 0x70, 0x81, 0x1, 0x3f, 0x1, 0x0, 0x101, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x40, 0xe21bf5a1ec0ebacf, @perf_bp={&(0x7f0000000140), 0x4}, 0x122, 0x3, 0x7fffffff, 0x0, 0x8, 0x5, 0x5}, 0x0, 0x0, 0xffffffffffffffff, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0x22000}]) 10:29:11 executing program 4: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) socket(0x0, 0x0, 0x0) close(0xffffffffffffffff) r4 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x5, r4, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0x0, 0x0, 0x20000000}]) 10:29:11 executing program 3: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) socket(0x0, 0x0, 0x0) close(0xffffffffffffffff) r4 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x5, r4, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0x0, 0x0, 0x40000000}]) 10:29:12 executing program 1: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) openat$vga_arbiter(0xffffffffffffff9c, 0x0, 0x800, 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, &(0x7f0000000380)={&(0x7f0000000280)='./file0/file0\x00'}, 0x10) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) creat(&(0x7f00000003c0)='./bus\x00', 0x0) io_setup(0x4, &(0x7f0000000180)=0x0) close(0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0xa000}]) [ 2095.211741][T15696] FAT-fs (loop0): error, fat_free_clusters: deleting FAT entry beyond EOF [ 2095.253735][T15696] FAT-fs (loop0): Filesystem has been set read-only 10:29:12 executing program 0: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) socket(0x0, 0x0, 0x0) close(0xffffffffffffffff) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0) r4 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000300)={0x5, 0x70, 0x81, 0x1, 0x3f, 0x1, 0x0, 0x101, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x40, 0xe21bf5a1ec0ebacf, @perf_bp={&(0x7f0000000140), 0x4}, 0x122, 0x3, 0x7fffffff, 0x0, 0x8, 0x5, 0x5}, 0x0, 0x5, r4, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0x32000}]) [ 2096.389282][ T26] kauditd_printk_skb: 10 callbacks suppressed [ 2096.389303][ T26] audit: type=1804 audit(1578997753.212:3609): pid=15761 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir084764212/syzkaller.RzbT3U/1118/file0/file0" dev="loop1" ino=6479 res=1 [ 2096.464665][T15763] FAT-fs (loop1): error, fat_free_clusters: deleting FAT entry beyond EOF [ 2096.475668][T15763] FAT-fs (loop1): Filesystem has been set read-only [ 2096.577528][ T26] audit: type=1800 audit(1578997753.212:3610): pid=15761 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed comm="syz-executor.1" name="file0" dev="loop1" ino=6479 res=0 10:29:13 executing program 4: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) r4 = socket(0x0, 0x0, 0x0) close(r4) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000300)={0x5, 0x70, 0x81, 0x1, 0x3f, 0x1, 0x0, 0x101, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x40, 0xe21bf5a1ec0ebacf, @perf_bp={&(0x7f0000000140), 0x4}, 0x122, 0x3, 0x7fffffff, 0x0, 0x8, 0x5, 0x5}, 0x0, 0x0, 0xffffffffffffffff, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0x21000}]) 10:29:13 executing program 1: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) openat$vga_arbiter(0xffffffffffffff9c, 0x0, 0x800, 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, &(0x7f0000000380)={&(0x7f0000000280)='./file0/file0\x00'}, 0x10) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) creat(&(0x7f00000003c0)='./bus\x00', 0x0) io_setup(0x4, &(0x7f0000000180)=0x0) close(0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0xb000}]) 10:29:13 executing program 2: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) r4 = socket(0x0, 0x0, 0x0) close(r4) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000300)={0x5, 0x70, 0x81, 0x1, 0x3f, 0x1, 0x0, 0x101, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x40, 0xe21bf5a1ec0ebacf, @perf_bp={&(0x7f0000000140), 0x4}, 0x122, 0x3, 0x7fffffff, 0x0, 0x8, 0x5, 0x5}, 0x0, 0x0, 0xffffffffffffffff, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0x24000}]) 10:29:13 executing program 5: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) openat$vga_arbiter(0xffffffffffffff9c, 0x0, 0x800, 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, &(0x7f0000000380)={&(0x7f0000000280)='./file0/file0\x00'}, 0x10) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) creat(&(0x7f00000003c0)='./bus\x00', 0x0) io_setup(0x4, &(0x7f0000000180)=0x0) close(0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0xa000}]) [ 2096.793739][ T26] audit: type=1804 audit(1578997753.212:3611): pid=15763 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.1" name="/root/syzkaller-testdir084764212/syzkaller.RzbT3U/1118/file0/file0" dev="loop1" ino=6479 res=1 10:29:13 executing program 3: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) socket(0x0, 0x0, 0x0) close(0xffffffffffffffff) r4 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x5, r4, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0x0, 0x0, 0xf60f0000}]) [ 2096.932494][ T26] audit: type=1804 audit(1578997753.272:3612): pid=15756 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir432377370/syzkaller.fCXC0t/1234/file0/file0" dev="sda1" ino=17233 res=1 [ 2096.971423][ T26] audit: type=1800 audit(1578997753.272:3613): pid=15756 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed comm="syz-executor.3" name="file0" dev="sda1" ino=17233 res=0 [ 2097.006527][ T26] audit: type=1804 audit(1578997753.272:3614): pid=15766 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.3" name="/root/syzkaller-testdir432377370/syzkaller.fCXC0t/1234/file0/file0" dev="sda1" ino=17233 res=1 [ 2097.224066][ T26] audit: type=1804 audit(1578997754.052:3615): pid=15790 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir015439455/syzkaller.0lPw5D/1168/file0/file0" dev="loop0" ino=6481 res=1 [ 2097.341650][ T26] audit: type=1800 audit(1578997754.082:3616): pid=15790 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed comm="syz-executor.0" name="file0" dev="loop0" ino=6481 res=0 10:29:14 executing program 0: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) socket(0x0, 0x0, 0x0) close(0xffffffffffffffff) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0) r4 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000300)={0x5, 0x70, 0x81, 0x1, 0x3f, 0x1, 0x0, 0x101, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x40, 0xe21bf5a1ec0ebacf, @perf_bp={&(0x7f0000000140), 0x4}, 0x122, 0x3, 0x7fffffff, 0x0, 0x8, 0x5, 0x5}, 0x0, 0x5, r4, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0x33000}]) [ 2097.703406][ T26] audit: type=1804 audit(1578997754.532:3617): pid=15788 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir267585837/syzkaller.3H91Gd/1149/file0/file0" dev="loop2" ino=6483 res=1 [ 2097.929218][ T26] audit: type=1804 audit(1578997754.702:3618): pid=15781 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir084764212/syzkaller.RzbT3U/1119/file0/file0" dev="sda1" ino=16529 res=1 10:29:14 executing program 2: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) r4 = socket(0x0, 0x0, 0x0) close(r4) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000300)={0x5, 0x70, 0x81, 0x1, 0x3f, 0x1, 0x0, 0x101, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x40, 0xe21bf5a1ec0ebacf, @perf_bp={&(0x7f0000000140), 0x4}, 0x122, 0x3, 0x7fffffff, 0x0, 0x8, 0x5, 0x5}, 0x0, 0x0, 0xffffffffffffffff, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0x25000}]) 10:29:15 executing program 1: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) openat$vga_arbiter(0xffffffffffffff9c, 0x0, 0x800, 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, &(0x7f0000000380)={&(0x7f0000000280)='./file0/file0\x00'}, 0x10) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) creat(&(0x7f00000003c0)='./bus\x00', 0x0) io_setup(0x4, &(0x7f0000000180)=0x0) close(0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0xc000}]) 10:29:15 executing program 5: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) r4 = socket(0x0, 0x0, 0x0) close(r4) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000300)={0x5, 0x70, 0x81, 0x1, 0x3f, 0x1, 0x0, 0x101, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x40, 0xe21bf5a1ec0ebacf, @perf_bp={&(0x7f0000000140), 0x4}, 0x122, 0x3, 0x7fffffff, 0x0, 0x8, 0x5, 0x5}, 0x0, 0x0, 0xffffffffffffffff, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0x24000}]) 10:29:15 executing program 4: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) r4 = socket(0x0, 0x0, 0x0) close(r4) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000300)={0x5, 0x70, 0x81, 0x1, 0x3f, 0x1, 0x0, 0x101, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x40, 0xe21bf5a1ec0ebacf, @perf_bp={&(0x7f0000000140), 0x4}, 0x122, 0x3, 0x7fffffff, 0x0, 0x8, 0x5, 0x5}, 0x0, 0x0, 0xffffffffffffffff, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0x1e000}]) 10:29:15 executing program 0: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) socket(0x0, 0x0, 0x0) close(0xffffffffffffffff) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0) r4 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000300)={0x5, 0x70, 0x81, 0x1, 0x3f, 0x1, 0x0, 0x101, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x40, 0xe21bf5a1ec0ebacf, @perf_bp={&(0x7f0000000140), 0x4}, 0x122, 0x3, 0x7fffffff, 0x0, 0x8, 0x5, 0x5}, 0x0, 0x5, r4, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0x100000}]) [ 2099.138971][T15868] FAT-fs (loop3): error, fat_free_clusters: deleting FAT entry beyond EOF [ 2099.268372][T15868] FAT-fs (loop3): Filesystem has been set read-only 10:29:16 executing program 4: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) socket(0x0, 0x0, 0x0) close(0xffffffffffffffff) r4 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x5, r4, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0x0, 0x0, 0xe000000}]) [ 2099.430998][T15860] FAT-fs (loop2): error, fat_free_clusters: deleting FAT entry beyond EOF [ 2099.502917][T15860] FAT-fs (loop2): Filesystem has been set read-only [ 2099.532590][T15863] FAT-fs (loop1): error, fat_free_clusters: deleting FAT entry beyond EOF 10:29:16 executing program 3: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) socket(0x0, 0x0, 0x0) close(0xffffffffffffffff) r4 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x5, r4, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0x0, 0x0, 0xf9010000}]) [ 2099.611077][T15863] FAT-fs (loop1): Filesystem has been set read-only 10:29:16 executing program 2: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) r4 = socket(0x0, 0x0, 0x0) close(r4) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000300)={0x5, 0x70, 0x81, 0x1, 0x3f, 0x1, 0x0, 0x101, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x40, 0xe21bf5a1ec0ebacf, @perf_bp={&(0x7f0000000140), 0x4}, 0x122, 0x3, 0x7fffffff, 0x0, 0x8, 0x5, 0x5}, 0x0, 0x0, 0xffffffffffffffff, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0x26000}]) [ 2099.853106][T15884] FAT-fs (loop0): bogus number of reserved sectors [ 2099.859825][T15884] FAT-fs (loop0): Can't find a valid FAT filesystem 10:29:16 executing program 5: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) socket(0x0, 0x0, 0x0) close(0xffffffffffffffff) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0) r4 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000300)={0x5, 0x70, 0x81, 0x1, 0x3f, 0x1, 0x0, 0x101, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x40, 0xe21bf5a1ec0ebacf, @perf_bp={&(0x7f0000000140), 0x4}, 0x122, 0x3, 0x7fffffff, 0x0, 0x8, 0x5, 0x5}, 0x0, 0x5, r4, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0x120, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7}]) 10:29:16 executing program 1: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) openat$vga_arbiter(0xffffffffffffff9c, 0x0, 0x800, 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, &(0x7f0000000380)={&(0x7f0000000280)='./file0/file0\x00'}, 0x10) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) creat(&(0x7f00000003c0)='./bus\x00', 0x0) io_setup(0x4, &(0x7f0000000180)=0x0) close(0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0xd000}]) 10:29:17 executing program 0: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) socket(0x0, 0x0, 0x0) close(0xffffffffffffffff) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0) r4 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000300)={0x5, 0x70, 0x81, 0x1, 0x3f, 0x1, 0x0, 0x101, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x40, 0xe21bf5a1ec0ebacf, @perf_bp={&(0x7f0000000140), 0x4}, 0x122, 0x3, 0x7fffffff, 0x0, 0x8, 0x5, 0x5}, 0x0, 0x5, r4, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0x100100}]) [ 2101.267011][T15938] FAT-fs (loop2): error, fat_free_clusters: deleting FAT entry beyond EOF [ 2101.313135][T15938] FAT-fs (loop2): Filesystem has been set read-only 10:29:18 executing program 1: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) openat$vga_arbiter(0xffffffffffffff9c, 0x0, 0x800, 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, &(0x7f0000000380)={&(0x7f0000000280)='./file0/file0\x00'}, 0x10) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) creat(&(0x7f00000003c0)='./bus\x00', 0x0) io_setup(0x4, &(0x7f0000000180)=0x0) close(0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0xe000}]) 10:29:18 executing program 2: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) r4 = socket(0x0, 0x0, 0x0) close(r4) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000300)={0x5, 0x70, 0x81, 0x1, 0x3f, 0x1, 0x0, 0x101, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x40, 0xe21bf5a1ec0ebacf, @perf_bp={&(0x7f0000000140), 0x4}, 0x122, 0x3, 0x7fffffff, 0x0, 0x8, 0x5, 0x5}, 0x0, 0x0, 0xffffffffffffffff, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0x27000}]) 10:29:18 executing program 4: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) openat$vga_arbiter(0xffffffffffffff9c, 0x0, 0x800, 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, &(0x7f0000000380)={&(0x7f0000000280)='./file0/file0\x00'}, 0x10) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) creat(&(0x7f00000003c0)='./bus\x00', 0x0) io_setup(0x4, &(0x7f0000000180)=0x0) close(0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0xd000}]) 10:29:18 executing program 3: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) socket(0x0, 0x0, 0x0) close(0xffffffffffffffff) r4 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x5, r4, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0x0, 0x0, 0xff0f0000}]) [ 2101.859032][ T26] kauditd_printk_skb: 17 callbacks suppressed [ 2101.859054][ T26] audit: type=1804 audit(1578997758.682:3636): pid=15982 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir015439455/syzkaller.0lPw5D/1171/file0/file0" dev="loop0" ino=6501 res=1 10:29:18 executing program 5: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) r4 = socket(0x0, 0x0, 0x0) close(r4) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000300)={0x5, 0x70, 0x81, 0x1, 0x3f, 0x1, 0x0, 0x101, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x40, 0xe21bf5a1ec0ebacf, @perf_bp={&(0x7f0000000140), 0x4}, 0x122, 0x3, 0x7fffffff, 0x0, 0x8, 0x5, 0x5}, 0x0, 0x0, 0xffffffffffffffff, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x9000000000000fe, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7}]) [ 2102.112946][ T26] audit: type=1804 audit(1578997758.932:3637): pid=15998 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir084764212/syzkaller.RzbT3U/1122/file0/file0" dev="loop1" ino=6503 res=1 [ 2102.116825][T15982] FAT-fs (loop0): error, fat_free_clusters: deleting FAT entry beyond EOF [ 2102.190773][T16025] FAT-fs (loop1): error, fat_free_clusters: deleting FAT entry beyond EOF [ 2102.199976][ T26] audit: type=1804 audit(1578997759.012:3638): pid=16002 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.1" name="/root/syzkaller-testdir084764212/syzkaller.RzbT3U/1122/file0/file0" dev="loop1" ino=6503 res=1 [ 2102.225769][T15982] FAT-fs (loop0): Filesystem has been set read-only [ 2102.265992][T16025] FAT-fs (loop1): Filesystem has been set read-only 10:29:19 executing program 0: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) socket(0x0, 0x0, 0x0) close(0xffffffffffffffff) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0) r4 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000300)={0x5, 0x70, 0x81, 0x1, 0x3f, 0x1, 0x0, 0x101, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x40, 0xe21bf5a1ec0ebacf, @perf_bp={&(0x7f0000000140), 0x4}, 0x122, 0x3, 0x7fffffff, 0x0, 0x8, 0x5, 0x5}, 0x0, 0x5, r4, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0x100200}]) [ 2102.317735][T16037] FAT-fs (loop4): error, invalid access to FAT (entry 0x00000e80) [ 2102.335888][T16037] FAT-fs (loop4): Filesystem has been set read-only [ 2102.344468][ T26] audit: type=1800 audit(1578997759.172:3639): pid=15998 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed comm="syz-executor.1" name="file0" dev="loop1" ino=6503 res=0 [ 2102.619427][ T26] audit: type=1804 audit(1578997759.442:3640): pid=16008 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir267585837/syzkaller.3H91Gd/1152/file0/file0" dev="sda1" ino=17233 res=1 10:29:19 executing program 1: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) openat$vga_arbiter(0xffffffffffffff9c, 0x0, 0x800, 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, &(0x7f0000000380)={&(0x7f0000000280)='./file0/file0\x00'}, 0x10) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) creat(&(0x7f00000003c0)='./bus\x00', 0x0) io_setup(0x4, &(0x7f0000000180)=0x0) close(0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0xf000}]) [ 2102.936652][ T26] audit: type=1804 audit(1578997759.762:3641): pid=16034 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.3" name="/root/syzkaller-testdir432377370/syzkaller.fCXC0t/1237/file0/file0" dev="loop3" ino=6505 res=1 10:29:19 executing program 2: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) r4 = socket(0x0, 0x0, 0x0) close(r4) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000300)={0x5, 0x70, 0x81, 0x1, 0x3f, 0x1, 0x0, 0x101, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x40, 0xe21bf5a1ec0ebacf, @perf_bp={&(0x7f0000000140), 0x4}, 0x122, 0x3, 0x7fffffff, 0x0, 0x8, 0x5, 0x5}, 0x0, 0x0, 0xffffffffffffffff, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0x28000}]) [ 2103.120127][T16034] FAT-fs (loop3): error, fat_free_clusters: deleting FAT entry beyond EOF [ 2103.199112][T16034] FAT-fs (loop3): Filesystem has been set read-only 10:29:20 executing program 3: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) socket(0x0, 0x0, 0x0) close(0xffffffffffffffff) r4 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x5, r4, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0x0, 0x0, 0xffff1f00}]) [ 2103.501572][ T26] audit: type=1804 audit(1578997760.322:3642): pid=16048 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir015439455/syzkaller.0lPw5D/1172/file0/file0" dev="loop0" ino=6509 res=1 10:29:20 executing program 4: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) socket(0x0, 0x0, 0x0) close(0xffffffffffffffff) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0) r4 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000300)={0x5, 0x70, 0x81, 0x1, 0x3f, 0x1, 0x0, 0x101, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x40, 0xe21bf5a1ec0ebacf, @perf_bp={&(0x7f0000000140), 0x4}, 0x122, 0x3, 0x7fffffff, 0x0, 0x8, 0x5, 0x5}, 0x0, 0x5, r4, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0x100100}]) [ 2103.753700][T16055] FAT-fs (loop0): error, fat_free_clusters: deleting FAT entry beyond EOF [ 2103.795829][ T26] audit: type=1804 audit(1578997760.362:3643): pid=16055 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir015439455/syzkaller.0lPw5D/1172/file0/file0" dev="loop0" ino=6509 res=1 10:29:20 executing program 5: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) r4 = socket(0x0, 0x0, 0x0) close(r4) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000300)={0x5, 0x70, 0x81, 0x1, 0x3f, 0x1, 0x0, 0x101, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x40, 0xe21bf5a1ec0ebacf, @perf_bp={&(0x7f0000000140), 0x4}, 0x122, 0x3, 0x7fffffff, 0x0, 0x8, 0x5, 0x5}, 0x0, 0x0, 0xffffffffffffffff, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x9000000000000fd, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7}]) [ 2103.934688][T16055] FAT-fs (loop0): Filesystem has been set read-only [ 2104.118437][ T26] audit: type=1804 audit(1578997760.942:3644): pid=16110 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir084764212/syzkaller.RzbT3U/1123/file0/file0" dev="loop1" ino=6512 res=1 [ 2104.254915][T16095] FAT-fs (loop3): error, fat_free_clusters: deleting FAT entry beyond EOF [ 2104.263523][T16095] FAT-fs (loop3): Filesystem has been set read-only [ 2104.270319][ T26] audit: type=1804 audit(1578997761.092:3645): pid=16088 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir432377370/syzkaller.fCXC0t/1238/file0/file0" dev="loop3" ino=6515 res=1 [ 2104.372204][T16080] FAT-fs (loop1): error, fat_free_clusters: deleting FAT entry beyond EOF 10:29:21 executing program 3: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) socket(0x0, 0x0, 0x0) close(0xffffffffffffffff) r4 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x5, r4, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0x0, 0x0, 0xffffff0f}]) 10:29:21 executing program 0: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) socket(0x0, 0x0, 0x0) close(0xffffffffffffffff) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0) r4 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000300)={0x5, 0x70, 0x81, 0x1, 0x3f, 0x1, 0x0, 0x101, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x40, 0xe21bf5a1ec0ebacf, @perf_bp={&(0x7f0000000140), 0x4}, 0x122, 0x3, 0x7fffffff, 0x0, 0x8, 0x5, 0x5}, 0x0, 0x5, r4, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0x100300}]) 10:29:21 executing program 4: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) socket(0x0, 0x0, 0x0) close(0xffffffffffffffff) r4 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x5, r4, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0x0, 0x0, 0xffff1f00}]) [ 2104.447290][T16080] FAT-fs (loop1): Filesystem has been set read-only 10:29:21 executing program 1: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) openat$vga_arbiter(0xffffffffffffff9c, 0x0, 0x800, 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, &(0x7f0000000380)={&(0x7f0000000280)='./file0/file0\x00'}, 0x10) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) creat(&(0x7f00000003c0)='./bus\x00', 0x0) io_setup(0x4, &(0x7f0000000180)=0x0) close(0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0xf0ff}]) 10:29:21 executing program 2: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) r4 = socket(0x0, 0x0, 0x0) close(r4) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000300)={0x5, 0x70, 0x81, 0x1, 0x3f, 0x1, 0x0, 0x101, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x40, 0xe21bf5a1ec0ebacf, @perf_bp={&(0x7f0000000140), 0x4}, 0x122, 0x3, 0x7fffffff, 0x0, 0x8, 0x5, 0x5}, 0x0, 0x0, 0xffffffffffffffff, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0x29000}]) 10:29:22 executing program 3: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x251}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) socket(0x0, 0x0, 0x0) close(0xffffffffffffffff) r4 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x5, r4, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7}]) 10:29:22 executing program 0: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) socket(0x0, 0x0, 0x0) close(0xffffffffffffffff) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0) r4 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000300)={0x5, 0x70, 0x81, 0x1, 0x3f, 0x1, 0x0, 0x101, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x40, 0xe21bf5a1ec0ebacf, @perf_bp={&(0x7f0000000140), 0x4}, 0x122, 0x3, 0x7fffffff, 0x0, 0x8, 0x5, 0x5}, 0x0, 0x5, r4, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0x200000}]) [ 2106.009843][T16201] FAT-fs (loop1): error, fat_free_clusters: deleting FAT entry beyond EOF [ 2106.024594][T16201] FAT-fs (loop1): Filesystem has been set read-only 10:29:22 executing program 4: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) socket(0x0, 0x0, 0x0) close(0xffffffffffffffff) r4 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x5, r4, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0x0, 0x0, 0xffff1f00}]) 10:29:23 executing program 1: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) openat$vga_arbiter(0xffffffffffffff9c, 0x0, 0x800, 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, &(0x7f0000000380)={&(0x7f0000000280)='./file0/file0\x00'}, 0x10) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) creat(&(0x7f00000003c0)='./bus\x00', 0x0) io_setup(0x4, &(0x7f0000000180)=0x0) close(0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0xff0f}]) 10:29:23 executing program 5: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) socket(0x0, 0x0, 0x0) close(0xffffffffffffffff) r4 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x5, r4, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0x0, 0x0, 0xffffff0f}]) 10:29:23 executing program 2: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) r4 = socket(0x0, 0x0, 0x0) close(r4) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000300)={0x5, 0x70, 0x81, 0x1, 0x3f, 0x1, 0x0, 0x101, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x40, 0xe21bf5a1ec0ebacf, @perf_bp={&(0x7f0000000140), 0x4}, 0x122, 0x3, 0x7fffffff, 0x0, 0x8, 0x5, 0x5}, 0x0, 0x0, 0xffffffffffffffff, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0x2a000}]) [ 2107.320642][ T26] kauditd_printk_skb: 10 callbacks suppressed [ 2107.320663][ T26] audit: type=1804 audit(1578997764.142:3656): pid=16230 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir015439455/syzkaller.0lPw5D/1174/file0/file0" dev="sda1" ino=17297 res=1 10:29:24 executing program 4: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) r4 = socket(0x0, 0x0, 0x0) close(r4) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000300)={0x5, 0x70, 0x81, 0x1, 0x3f, 0x1, 0x0, 0x101, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x40, 0xe21bf5a1ec0ebacf, @perf_bp={&(0x7f0000000140), 0x4}, 0x122, 0x3, 0x7fffffff, 0x0, 0x8, 0x5, 0x5}, 0x0, 0x0, 0xffffffffffffffff, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x9000000000000fd, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7}]) [ 2107.528392][ T26] audit: type=1804 audit(1578997764.342:3657): pid=16214 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir432377370/syzkaller.fCXC0t/1240/file0" dev="sda1" ino=16515 res=1 10:29:24 executing program 0: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) socket(0x0, 0x0, 0x0) close(0xffffffffffffffff) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0) r4 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000300)={0x5, 0x70, 0x81, 0x1, 0x3f, 0x1, 0x0, 0x101, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x40, 0xe21bf5a1ec0ebacf, @perf_bp={&(0x7f0000000140), 0x4}, 0x122, 0x3, 0x7fffffff, 0x0, 0x8, 0x5, 0x5}, 0x0, 0x5, r4, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0x200100}]) 10:29:24 executing program 3: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) socket(0x0, 0x0, 0x0) r4 = openat$ipvs(0xffffffffffffff9c, 0x0, 0x2, 0x0) ioctl$FS_IOC_FIEMAP(r4, 0xc020660b, &(0x7f0000000280)=ANY=[@ANYBLOB="09000000000000020000001900400003000000000000000000000000000000000000000000000000000000000225000000000000000096c96f0aa0db0000000000007200000000008001ee00000000000000000000000000000000000000000000000000000000000000010100000000000000000000000000006f6a0000000000000000f8847deae0460d0e28eb8b32b5c9b24894229bdd5d"]) ioctl$VIDIOC_QUERYSTD(r4, 0x8008563f, &(0x7f0000000040)) close(0xffffffffffffffff) r5 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x5, r5, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7}]) [ 2107.787489][ T26] audit: type=1804 audit(1578997764.612:3658): pid=16244 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir084764212/syzkaller.RzbT3U/1125/file0/file0" dev="sda1" ino=17567 res=1 10:29:24 executing program 2: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) r4 = socket(0x0, 0x0, 0x0) close(r4) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000300)={0x5, 0x70, 0x81, 0x1, 0x3f, 0x1, 0x0, 0x101, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x40, 0xe21bf5a1ec0ebacf, @perf_bp={&(0x7f0000000140), 0x4}, 0x122, 0x3, 0x7fffffff, 0x0, 0x8, 0x5, 0x5}, 0x0, 0x0, 0xffffffffffffffff, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0x2b000}]) 10:29:24 executing program 1: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) openat$vga_arbiter(0xffffffffffffff9c, 0x0, 0x800, 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, &(0x7f0000000380)={&(0x7f0000000280)='./file0/file0\x00'}, 0x10) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) creat(&(0x7f00000003c0)='./bus\x00', 0x0) io_setup(0x4, &(0x7f0000000180)=0x0) close(0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0xfff0}]) 10:29:25 executing program 5: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) openat$vga_arbiter(0xffffffffffffff9c, 0x0, 0x800, 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, &(0x7f0000000380)={&(0x7f0000000280)='./file0/file0\x00'}, 0x10) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) creat(&(0x7f00000003c0)='./bus\x00', 0x0) io_setup(0x4, &(0x7f0000000180)=0x0) close(0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x9000000000000fd, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7}]) [ 2108.309470][ T26] audit: type=1804 audit(1578997765.132:3659): pid=16299 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir432377370/syzkaller.fCXC0t/1241/file0/file0" dev="loop3" ino=6529 res=1 [ 2108.450048][T16322] FAT-fs (loop3): error, fat_get_cluster: invalid cluster chain (i_pos 970794) [ 2108.462368][T16322] FAT-fs (loop3): Filesystem has been set read-only [ 2108.485691][ T26] audit: type=1804 audit(1578997765.132:3660): pid=16306 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.3" name="/root/syzkaller-testdir432377370/syzkaller.fCXC0t/1241/file0/file0" dev="loop3" ino=6529 res=1 [ 2108.495845][T16322] FAT-fs (loop3): error, fat_get_cluster: invalid cluster chain (i_pos 970794) 10:29:25 executing program 3: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) ioctl$KVM_GET_REGS(r1, 0x8090ae81, &(0x7f0000000300)) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) socket(0x0, 0x0, 0x0) close(0xffffffffffffffff) r4 = openat$full(0xffffffffffffff9c, &(0x7f0000000140)='/dev/full\x00', 0x579000, 0x0) ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) ioctl$VIDIOC_S_EXT_CTRLS(r4, 0xc0205648, &(0x7f0000000140)={0xa20000, 0xed88, 0x2, r0, 0x0, &(0x7f0000000080)={0x980914, 0x25fa4be, [], @string=&(0x7f0000000040)=0x8}}) ioctl$SIOCAX25GETINFOOLD(r5, 0x89e9, &(0x7f0000000200)) r6 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x5, r6, 0x0) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7}]) [ 2108.929712][ T26] audit: type=1804 audit(1578997765.752:3661): pid=16302 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir015439455/syzkaller.0lPw5D/1175/file0/file0" dev="sda1" ino=17315 res=1 [ 2108.964309][ T8138] FAT-fs (loop3): error, fat_get_cluster: invalid cluster chain (i_pos 970794) 10:29:26 executing program 0: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) socket(0x0, 0x0, 0x0) close(0xffffffffffffffff) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0) r4 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000300)={0x5, 0x70, 0x81, 0x1, 0x3f, 0x1, 0x0, 0x101, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x40, 0xe21bf5a1ec0ebacf, @perf_bp={&(0x7f0000000140), 0x4}, 0x122, 0x3, 0x7fffffff, 0x0, 0x8, 0x5, 0x5}, 0x0, 0x5, r4, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0x200200}]) [ 2109.400981][ T26] audit: type=1804 audit(1578997766.222:3662): pid=16327 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir267585837/syzkaller.3H91Gd/1156/file0/file0" dev="sda1" ino=17490 res=1 10:29:26 executing program 4: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) r4 = socket(0x0, 0x0, 0x0) close(r4) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000300)={0x5, 0x70, 0x81, 0x1, 0x3f, 0x1, 0x0, 0x101, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x40, 0xe21bf5a1ec0ebacf, @perf_bp={&(0x7f0000000140), 0x4}, 0x122, 0x3, 0x7fffffff, 0x0, 0x8, 0x5, 0x5}, 0x0, 0x0, 0xffffffffffffffff, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x9000000000000fd, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7}]) 10:29:26 executing program 1: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) openat$vga_arbiter(0xffffffffffffff9c, 0x0, 0x800, 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, &(0x7f0000000380)={&(0x7f0000000280)='./file0/file0\x00'}, 0x10) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) creat(&(0x7f00000003c0)='./bus\x00', 0x0) io_setup(0x4, &(0x7f0000000180)=0x0) close(0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0x11000}]) 10:29:26 executing program 5: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(0xffffffffffffffff) r0 = creat(&(0x7f0000000100)='./file0\x00', 0x0) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000200)='/dev/vga_arbiter\x00', 0x800, 0x0) write$cgroup_type(r0, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, &(0x7f0000000380)={&(0x7f0000000280)='./file0/file0\x00'}, 0x10) r1 = creat(&(0x7f0000000000)='./bus\x00', 0x0) r2 = creat(&(0x7f00000003c0)='./bus\x00', 0x0) fallocate(r2, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) close(0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r1, &(0x7f0000000000), 0x377140be6b5ef4c7}]) [ 2109.987703][ T26] audit: type=1804 audit(1578997766.812:3663): pid=16356 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.3" name="/root/syzkaller-testdir432377370/syzkaller.fCXC0t/1242/file0/file0" dev="sda1" ino=16609 res=1 10:29:26 executing program 2: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) r4 = socket(0x0, 0x0, 0x0) close(r4) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000300)={0x5, 0x70, 0x81, 0x1, 0x3f, 0x1, 0x0, 0x101, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x40, 0xe21bf5a1ec0ebacf, @perf_bp={&(0x7f0000000140), 0x4}, 0x122, 0x3, 0x7fffffff, 0x0, 0x8, 0x5, 0x5}, 0x0, 0x0, 0xffffffffffffffff, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0x2c000}]) 10:29:27 executing program 3: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) prctl$PR_SET_FPEXC(0xc, 0x100000) socket(0x0, 0x0, 0x0) close(0xffffffffffffffff) r4 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x5, r4, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7}]) r5 = openat$full(0xffffffffffffff9c, &(0x7f0000000140)='/dev/full\x00', 0x579000, 0x0) ioctl$ION_IOC_HEAP_QUERY(r0, 0xc0184908, &(0x7f0000000200)={0x34, 0x0, &(0x7f0000000080)}) ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) ioctl$DRM_IOCTL_AGP_ENABLE(r5, 0x40086432, &(0x7f0000000040)=0x101) 10:29:27 executing program 0: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) socket(0x0, 0x0, 0x0) close(0xffffffffffffffff) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0) r4 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000300)={0x5, 0x70, 0x81, 0x1, 0x3f, 0x1, 0x0, 0x101, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x40, 0xe21bf5a1ec0ebacf, @perf_bp={&(0x7f0000000140), 0x4}, 0x122, 0x3, 0x7fffffff, 0x0, 0x8, 0x5, 0x5}, 0x0, 0x5, r4, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0x200300}]) 10:29:27 executing program 4: syz_mount_image$vfat(0x0, &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) socket(0x0, 0x0, 0x0) close(0xffffffffffffffff) r4 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x5, r4, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7}]) [ 2111.343255][ T26] audit: type=1804 audit(1578997768.172:3664): pid=16436 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir084764212/syzkaller.RzbT3U/1127/file0/file0" dev="loop1" ino=6537 res=1 [ 2111.486795][ T26] audit: type=1804 audit(1578997768.312:3665): pid=16424 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir267585837/syzkaller.3H91Gd/1157/file0/file0" dev="sda1" ino=16593 res=1 10:29:28 executing program 1: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) openat$vga_arbiter(0xffffffffffffff9c, 0x0, 0x800, 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, &(0x7f0000000380)={&(0x7f0000000280)='./file0/file0\x00'}, 0x10) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) creat(&(0x7f00000003c0)='./bus\x00', 0x0) io_setup(0x4, &(0x7f0000000180)=0x0) close(0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0x12000}]) 10:29:28 executing program 2: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) r4 = socket(0x0, 0x0, 0x0) close(r4) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000300)={0x5, 0x70, 0x81, 0x1, 0x3f, 0x1, 0x0, 0x101, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x40, 0xe21bf5a1ec0ebacf, @perf_bp={&(0x7f0000000140), 0x4}, 0x122, 0x3, 0x7fffffff, 0x0, 0x8, 0x5, 0x5}, 0x0, 0x0, 0xffffffffffffffff, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0x2d000}]) 10:29:28 executing program 5: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) socket(0x0, 0x0, 0x0) close(0xffffffffffffffff) r4 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x5, r4, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000013, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7}]) [ 2112.343032][ T26] kauditd_printk_skb: 5 callbacks suppressed [ 2112.343093][ T26] audit: type=1804 audit(1578997769.162:3671): pid=16464 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir015439455/syzkaller.0lPw5D/1177/file0/file0" dev="sda1" ino=16484 res=1 10:29:29 executing program 3: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) r1 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000040)='/dev/bsg\x00', 0x448100, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r2, 0x6, 0x210000000013, &(0x7f0000000040)=0x100000001, 0x4) connect$inet(r2, &(0x7f0000000180)={0x2, 0x0, @local}, 0x10) setsockopt$inet_opts(r2, 0x0, 0x2, 0x0, 0x0) recvmsg(r2, &(0x7f0000000140)={&(0x7f0000000300)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @random}, 0x80, &(0x7f0000000a80)=[{&(0x7f0000000080)=""/20, 0x14}, {&(0x7f0000000380)=""/194, 0xc2}, {&(0x7f0000000480)=""/187, 0xbb}, {&(0x7f0000000580)=""/238, 0xee}, {&(0x7f0000000680)=""/199, 0xc7}, {&(0x7f0000000780)=""/220, 0xdc}, {&(0x7f0000000880)=""/194, 0xc2}, {&(0x7f0000000a00)=""/89, 0x59}], 0x8}, 0x40) connect$can_j1939(r1, &(0x7f0000000200)={0x1d, r3, 0x1, {0x2, 0xff, 0x1}, 0xfe}, 0x18) fchdir(r0) r4 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r4, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r5 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) socket(0x0, 0x0, 0x0) close(0xffffffffffffffff) r7 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x83, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x5, 0x0, 0x0, 0x0, 0x4000000}, 0x0, 0xfffffffffffffffc, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x5, r7, 0x2) io_submit(r6, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r5, &(0x7f0000000000), 0x377140be6b5ef4c7}]) 10:29:29 executing program 0: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) socket(0x0, 0x0, 0x0) close(0xffffffffffffffff) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0) r4 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000300)={0x5, 0x70, 0x81, 0x1, 0x3f, 0x1, 0x0, 0x101, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x40, 0xe21bf5a1ec0ebacf, @perf_bp={&(0x7f0000000140), 0x4}, 0x122, 0x3, 0x7fffffff, 0x0, 0x8, 0x5, 0x5}, 0x0, 0x5, r4, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0x300000}]) [ 2113.051951][ T26] audit: type=1804 audit(1578997769.872:3672): pid=16502 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir267585837/syzkaller.3H91Gd/1158/file0/file0" dev="loop2" ino=6539 res=1 [ 2113.166074][T16502] FAT-fs (loop2): error, invalid access to FAT (entry 0x00000001) [ 2113.184554][T16502] FAT-fs (loop2): Filesystem has been set read-only [ 2113.233532][ T26] audit: type=1804 audit(1578997770.062:3673): pid=16517 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir084764212/syzkaller.RzbT3U/1128/file0" dev="sda1" ino=16593 res=1 10:29:30 executing program 2: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) r4 = socket(0x0, 0x0, 0x0) close(r4) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000300)={0x5, 0x70, 0x81, 0x1, 0x3f, 0x1, 0x0, 0x101, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x40, 0xe21bf5a1ec0ebacf, @perf_bp={&(0x7f0000000140), 0x4}, 0x122, 0x3, 0x7fffffff, 0x0, 0x8, 0x5, 0x5}, 0x0, 0x0, 0xffffffffffffffff, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0x2e000}]) 10:29:30 executing program 4: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) socket(0x0, 0x0, 0x0) close(0xffffffffffffffff) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0) r4 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000300)={0x5, 0x70, 0x81, 0x1, 0x3f, 0x1, 0x0, 0x101, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x40, 0xe21bf5a1ec0ebacf, @perf_bp={&(0x7f0000000140), 0x4}, 0x122, 0x3, 0x7fffffff, 0x0, 0x8, 0x5, 0x5}, 0x0, 0x5, r4, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0x200300}]) [ 2113.445475][ T26] audit: type=1804 audit(1578997770.062:3675): pid=16522 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.1" name="/root/syzkaller-testdir084764212/syzkaller.RzbT3U/1128/file0" dev="sda1" ino=16593 res=1 [ 2113.572939][ T26] audit: type=1800 audit(1578997770.062:3674): pid=16517 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed comm="syz-executor.1" name="file0" dev="sda1" ino=16593 res=0 10:29:30 executing program 1: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) openat$vga_arbiter(0xffffffffffffff9c, 0x0, 0x800, 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, &(0x7f0000000380)={&(0x7f0000000280)='./file0/file0\x00'}, 0x10) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) creat(&(0x7f00000003c0)='./bus\x00', 0x0) io_setup(0x4, &(0x7f0000000180)=0x0) close(0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0x13000}]) [ 2114.109963][ T26] audit: type=1804 audit(1578997770.932:3676): pid=16530 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir432377370/syzkaller.fCXC0t/1244/file0/file0" dev="loop3" ino=6542 res=1 [ 2114.297518][T16535] FAT-fs (loop0): error, invalid access to FAT (entry 0x00000001) 10:29:31 executing program 3: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x14) sendmsg$NFNL_MSG_ACCT_GET(r0, &(0x7f0000000200)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x420000}, 0xc, &(0x7f0000000140)={&(0x7f0000000080)={0x2c, 0x1, 0x7, 0x8dce7835d9e656d7, 0x70bd25, 0x25dfdbfd, {0x3, 0x0, 0x8}, [@NFACCT_FILTER={0xc, 0x7, 0x0, 0x1, [@NFACCT_FILTER_VALUE={0x8, 0x2, 0x1, 0x0, 0x3f}]}, @NFACCT_PKTS={0xc, 0x2, 0x1, 0x0, 0x100}]}, 0x2c}, 0x1, 0x0, 0x0, 0x48083}, 0x8008) r1 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r1) r2 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r2, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r3 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) socket(0x0, 0x0, 0x0) close(0xffffffffffffffff) r5 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x5, r5, 0x2) pipe(&(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) r8 = openat$ipvs(0xffffffffffffff9c, 0x0, 0x2, 0x0) ioctl$FS_IOC_FIEMAP(r8, 0xc020660b, &(0x7f0000000280)=ANY=[@ANYBLOB="09000000000000020000001900400003000000000000000000000000000000000000000000000000000000000225000000000000000096c96f0aa0db0000000000007200000000008001ee00000000000000000000000000000000000000000000000000000000000000010100000000000000000000000000006f6a0000000000000000f8847deae0460d0e28eb8b32b5c9b24894229bdd5d"]) r9 = openat$ipvs(0xffffffffffffff9c, 0x0, 0x2, 0x0) ioctl$FS_IOC_FIEMAP(r9, 0xc020660b, &(0x7f0000000280)=ANY=[@ANYBLOB="09000000000000020000001900400003000000000000000000000000000000000000000000000000000000000225000000000000000096c96f0aa0db0000000000007200000000008001ee00000000000000000000000000000000000000000000000000000000000000010100000000000000000000000000006f6a0000000000000000f8847deae0460d0e28eb8b32b5c9b24894229bdd5d"]) io_submit(r4, 0x3, &(0x7f0000000480)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r3, &(0x7f0000000000), 0x0, 0x0, 0x0, 0x0, r9}, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x5, 0xffff, 0xffffffffffffffff, &(0x7f0000000a00)="3f89238d526453548406b057e4b8d8378b4cf3a69428d0af6d94343c55603bc4335f186468148f429cbbee8f43e9b6fc8e6f8bcfe57d22615d25d322091fc7785c1039ad951b7853aa4960e0e2f5e4bb1a99d6c83ecdf0bed44dc62399464b0ff11099b6c57ac749b09acca7612c8f8a4e904f7aaa0e885bd8c57e26f5f47ec136c89a1ddfc92b49ba8bbc04e465921c100c6114acc8d159252f65e5f7c50c37f0001c9675925fc361d09f2206e236a389922a8643bd61d485b21f0e07c961f03635029ee6f2cf516955207fb980a76bc28ae8786b5ee6c0cb37f9746e1640257b24708fc88107d7ca3909589d3ce96868939437fa3a41077a465c6e379891ad83bb8556e0b91885bb646daca6090a6e857577039f5c538f00e5e465a1affc31545877d5a5481b4bb1f8e84baa45bfde0ccf956fc411a814eeaa0a285ca859049e7b1c4b43fa66ee299e72da66f43929a3df1375ccfb982498c5f49a88f3ea22f7b62059753124db2fb8a70cf376e7d743b553eb9238f37a761ca24a7a898341f87b40fcb421f36db4f745553d69f48fe595dce409a2add7051dcfaaece02ceac6eda2cbd725762ad9bdf316103ba2a7b9bafa0f518a4453cbae80fddbca4fdab917984f0befc8fc75aef0d782d632d70b8afeb3436dcb63ba3389aff80eca045111297536672f2ee7011b640fe9603cdeabbcfa5930abc935dac3b12982f720cb2db740b1d306be4757c2d707c3240fe0edaade9c86d9c97e621927324cef28a2957f557949aeb80c9bc62a84c0f56b9d1d2aa90be6d515c7c2ced07b2c1b200fa2538308c7028f9e7ee2be3ed799c4472e42d3e21fc0c7bc1e79d740768378b3c66c65d9204f1c2a481dd953612b766feb5cb58246e1916f63f5fd6c2f3a1b365b19bbff217a8f3665abe633318511b1834a267ad682509287194f7404e150a01f4271ff82f5572065feb1a0d09b46839cb5e098c8e34b78a0e08c5d5b4b93b75370c08a19d3f5ee9755e2296b549e6b0892425e934aa0c1f3d5e5cb0098699fa6a8de7d6eb785ef77386e148b2bdb11b225d53d08c0545e4ce7132a1b21513dfb41328cb9f30c99d4fdca945f2681b2f6b4fafe13a88c716666caa068b35a45e38b91d16cd7421f9ee1d2a8d9b8b1b28a0eebb3600979f005103441c5e5708f0dadf22b12bd9f4ed01b6c0d649484b4a4da4ebd4acf7cd6fbec1a57cf851d7fcd84228dfba57c2b29ca1fe14ae408ed2aca0cc22daf50020fadbe8850927fcfe6c001fe9e91928a58af9f432c0d47eacccbddcda8366839408d088f8d36238dcdce8e20e0c4abef05628044ad2d842fb3940f6d97a68d1c140086a48af393fca4f62b12bca312031facd40345328f480b3e03f87d944a1190e1d06badac4c1aab0546645101fe980749124fbf907eff7c8ab2802b45bca2be21244e4175f1c9b37dfdfbb43299115163f74fccc3db0b370b93bcd10cbebb1ad1d894e43adf984b46bfe9c60f1d3a613de9a1d340bfe54496cfff9cd09275a84edae173dd09c2dbff4552e38ef07b0c6a1f1ea101c41b4c070622d6dbf27a128245ef058560b16be48b21c40816d499d2f4dd7bde650a2aab21a866c423de4550fc6cd073869e6d7f435570e6bbebc939317e7dbb2f9df990cce8d3b3595558292acb5e4d1dea3e4fd4a5cf38d5e71cffccdf28527e52d0a1b1aee1a881c968dca2f6c726e04b9c196e30bdb4d1d539ed54e8cf01627e59597872f44e1375f81d19043e6069ea62c73e25720dcbb0bd771502f0bf5dd064d27f1ce6a19486b256be17310f319e41ed893575826622a070c1f5ea88f88e7f9416c5deffaa3af2dec0539b607b2f7bf895ad90c6fa5511fdfb43e882a5e82a8da4533466d1110f4708e93a3cdf668e22143eb621bf09ae1763650c4feebce7b13d4d1337ec3d621f943b3ff23ec05d7e93bf16e375c777dc17a4158638566565e29eca507a7d3b63735d91d5234896bb7c8e7fa9e3c2c017f9d525812511ad5833a45eead6c1fcfd7af664ee4b3d4aecbbdea573022971c4368f60e302c1c48c0d1e754b0ed1d336569b6446d24bd6f22fac535dd4aa9488beeddbd0140b16a8db9be00db7e083f876a47a4ed0493f5b57160486d86c2598604612864a36b64094e65cdb460b3ec507a339144d2b9ef3f260e1929099e8329a6c45b53fe533515b21db039f7b2327144ce87d849c84aaa6d368f103cae7c7e106852aa8866d7ef01342dbd78b37e168a9f0359c51ed71f1f55432ffd85a2297c77ab93b5bf040a23f8473c47e2ad365a4dafe18a13ae4acf180ad493ea05a6f61fe1afe76cbf13b65cbd49e90984f71fbdff51e839c254fa8aee78adcba2404479d50bb67df65bb195e111f8c119af86cb32e430111f2ab16324f65e22b1b1b1cf8280a9744500f92ba98ed14acb6b43b14c0956da64faed1278c1fa7a4c713d279c950fcf7f89b9671773b19fb91f58f60616e818a59fd4c819bf98019b576f460aaebcad90b432bca5ddc31954f64bf942f7089858ae5631f31c2630b0aa530f5b7661dcd50a1d308625bf9758b2862922601dbfea18218d6add9d969770fe44d4bfcdef6fd1d9b217c67fce801cc1f66ef150b4daca363200d8b95034de459684d0501236c8ed897e8b9b12f183ac8d7ab577d497a7518c2ea9665eeebc8502dd38c973650aa8bf12be73c1c61ad0ac17949796e619fcb2bc62ab08d9493597d84dd49114178830f7ff99a23c30d3e847db64989f3a3723a1e1acda4740005bba2eb2bb34e40bf4d1f8cc802c0565b0f37e86716d8102575305f64f1c35bc9c14c17fbd388ee7821a2095b0b1724a5a79d12e6b874861b3f5539fc30f5661a1086731bdabefe5c36585df57e94acdbe2abe735b695eae99ecc864df5ccdfc4a396f1341592a95baf2d02959a61a50a76c7033d10fcfdf431dd0df08234780332a6311783da3d62268d8d5cd1e01c8a331e943b394d132122f9e88c944947dea6b125cb4be293ff3e6719ca5a0af01d6eb679a4f415cc6f6a2881a1e3ca847f7e17908acfa59c511b6165b98c0337b1cdb1701142dc23127cf4f6ce04fd6733356a00b7f85f74e1a603516291f53d838f1ad5caba0236ccb60e5853bdba8b87f7c0d9a7892c3327e5ff9c45a10a19db04d44325105f3fc06c975d2d22712255750dadb359513ddbfa14c0f8b462bf3abee0d0b42022319c60ac7ec47f105ec2f56305f14c738de42c5ee24b9729611a495487840d86d431ac9b3a891199b0a403ed432b86c527a5818be13303a907f38538039784c463d1e7cfd5a65dae331fd3c6c3fb35ac936e6c6cf6088177c3d965a028bc718126befe1f0da71148d47c351fe96e477c78de7efe2a7ddcf809dc0d163aab563146b23101cb24d5003ae5d5d5d446f595e9d5d2c622f72c0c2d17a57ff28e2b51bd72fef43acf319ce785fdc98f660e5f78458ee4f0dfcfd01dcd224a754e649cc295ef329854af764fa6d0951bf93749dbceb46fc0886cf78363334f3e2222ff44f5127c648b30695a46af906b7976baeb31ec53d3798ecf7ce4cfbe871c15f81c68a224c44d8c47bc3cbe9b2ae1f598a6411c5947a2888c4fe33facac8ee5f0e5c802472c86bf972f1dbc347f3ad24e45225038633c4a68f4c0dbec555a0496ea9dd5e1f0d3f65e73c9409d34d720723c8573f12ae1be8253dbbce6ad7c6fbbc7d2c4a66927fee891d45fd8bc037a6fde5c175b158b3bbe23b7281c559f04316516aa054c204abbbdac72ff4a503eff8cf5e0349765867b0ab0add912e443f28a1ab2dfb7a42ba5105fbed697766969b4e3ff8c510caf4d261aa49205c9b422809a3e7770852817afc37f4816c030f79c01fd08fdf35e9f93be5d4a39100f04b846f73510a352f176017ac3d90dc7be505f577836f08e681b27f81fa2ad569acd6825e222d877f503b24ecf767f7b89dac36bf3865643caca4b579466e5e42c655c5074ac045c131447a3185336bb1817cbc79f8ccd90d97233f100598f9a120eb1baae6586ae6cbd6acd89a0aeab4172e5b295d9a435b69831aa115154fa520f9c31f1b5a9f11d44483fc1d7faeffda0f330a6f100515f02da28e75dca894fa18af851e42625ec6227a46b48db652cd6e7a28c3850ca52af43e57697cf14a2d073c5b6dbf513ba9ade7771d44890d660f687a9e8381cef7f7600e69209f78f28b2030d33635484c95b398d014c452c00fe9869f54c7e32f3bcdabaf36cf176aace03c82dd2f39985699331912fa5f8d98b0c192d3db07f081c816c52055f85304f549247678d76ed19f18886b10ccedf5c4c16c2f2a895c326fcc41eda1c3e1fc9f6034736cc92709be1728d9d2ebffa19cc10fd19fce0764796e13b7635ff0e2a472c2bbd37ea1f22c45d7ad04a8643fb058e28f4562b508c2955a5b5a7c8aa140977e266ebf2f257cdd5f246eda0932bf579933d36400084f5eb50bcead5c6a33b5d2cb097807dbf0fa7222f18ce72f1c35b8e2f8e1aac3e13f9c54c7250caacc8925f2fae3d1bf0e0194db74251274464ef979a77669657c425ed440358a9259cf0d0e620adc3df4fbce90d79d5ec3f0d18996f21773bf1788e2c057eab43ab03e48a3f083bde66bc250a316b7d6c8a029a2db34dfe493243a516d42130138c6bc3bd58e3c1dfc6f218e2bb6e136930dba59ef6b5b49191abf6513ad38d691ed3bc9bea0a5759426e13854ed2b83f1cd2f3f7a6d56051cde51a829ca1e705f14fdcb44f0a73e1f00b70ef0334865f66a27e1cb92552121841660ad16a17ee68de28669fea59dd9f5c9fd5213f828c160790ce2630b63e4aeb33bad67252fde4a0a27df0514b87a49d49210cd502a08d42c82abd8a0ab46fbf6937bd4127802ca029e23d9b4c857ac7b3a8718ee4357c41a23795e5476fc601316e470951ee59361a9988b7bcafd5199c1fdd42a34bdacb8ef121462388ebc6ac87725d1a5fe490f23fbe5c849ee05dc16a91315493e6373c345491b77ec4dc53f41fd33cf13141de8f416ee8dcc1a417eda7ab82279b3553fcd9476237dfad8521da4b96c56c3d0e08f27b7e0fcb1fac439767d48c0188c809191dfd1433fc627f76c57c8642e5ffc6ea3f5bcae4ff764928957b72120b7d1a65cf138f625d5d754e8865d5b4f8eae5aa30136b03a0c81717a049733a7fa01b0f35ad7fda647a7af15f5e4b82194fc69bb9a1511fbc79d1e9966d6cc9f49dbb7ad1c8931d85d8bf570ce42ce8ba6e8561a7a92c78cc39398143852286bbc81d3868ecd9aecf6d68503a38f93ef424082287d89f3d9bf3775be89d7de4d2ca58cfc9b841a4c16a5809b208478737f83e88a2c4e29792e9dc9f41cf0c233f1f21ced908c2b2da230ddce2fb005b79966be392ada75fdd2a0b3671fb815621d87807a8043fa1e6915cf1ff54a7c48c053a1d870b41869c97929ab037d6d385d67e2a6ab670885a4bb2c143ab7f90e612071155fc63d1580793ebf4310789dd13b313e9898e0d8a154b6b59a907ddd6c9d5fe26afda827a4019e462f295b05996e09a5ec1a517faf202eba5096847f71b8b25678ef0eeede9c94caa9f7b1e7611f69cfc0a6f373a3f1572d09c5ebca6a9edc6eeb2b99e8e74dbf3dd6b4acf67d727abb4b9c26edfd60aa39931ee00af21670792468c364ea48ea8d2c64e01cfc24a39d9c5228b7156caeaaee5811e8650bba91b505cdeeee2762e0c5396894f61b5c8935633a201caa61ec7c2fcac4c225dbd1a5e838a6583949bc1177842feb02c512b0273a9904c72", 0x1000, 0x100, 0x0, 0x1, r7}, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x7, 0xbe5b, r6, &(0x7f0000000340)="ae0997ce49c4dde315d692b6cc1b6799c9d4c040244d276728e66348686c5422fbc54a322578bcf7ed81443d31d3a21d605d8f87079c1b647b285ed3bf62895b196e8cc4c33d896abf310bf0100135a8237cc2ed506c608fc931e1601e3cfb36f7c6ee6eae8468abee43af6a39c00ebdd97d1416fc03c36459b21f42b94c8157bf20bd6236f7eeabed0d6c6da0ca319db51120f0b0c896ee071e496850955d03da2ae4df04423f60571baf76bb42ca8c71ae6ee2b6ad3a8212393c50f7d5c35c72c0cfffdc3a4ce9a3e949b774695ac5aaf40c53f8ced3cfd4ba", 0xda, 0x1ff, 0x0, 0x7, r8}]) 10:29:31 executing program 5: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) r4 = socket(0x0, 0x0, 0x0) close(r4) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000300)={0x5, 0x70, 0x81, 0x1, 0x3f, 0x1, 0x0, 0x101, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x40, 0xe21bf5a1ec0ebacf, @perf_bp={&(0x7f0000000140), 0x4}, 0x122, 0x3, 0x7fffffff, 0x0, 0x8, 0x5, 0x5}, 0x0, 0x0, 0xffffffffffffffff, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x90000000000000e, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7}]) [ 2114.411063][T16535] FAT-fs (loop0): Filesystem has been set read-only [ 2114.447008][ T26] audit: type=1804 audit(1578997771.272:3677): pid=16524 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir015439455/syzkaller.0lPw5D/1178/file0/file0" dev="loop0" ino=6541 res=1 [ 2114.664100][ T26] audit: type=1804 audit(1578997771.492:3678): pid=16556 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir084764212/syzkaller.RzbT3U/1129/file0/file0" dev="loop1" ino=6545 res=1 [ 2114.692120][T16554] FAT-fs (loop2): error, invalid access to FAT (entry 0x00000001) [ 2114.700112][T16554] FAT-fs (loop2): Filesystem has been set read-only 10:29:31 executing program 0: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) socket(0x0, 0x0, 0x0) close(0xffffffffffffffff) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0) r4 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000300)={0x5, 0x70, 0x81, 0x1, 0x3f, 0x1, 0x0, 0x101, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x40, 0xe21bf5a1ec0ebacf, @perf_bp={&(0x7f0000000140), 0x4}, 0x122, 0x3, 0x7fffffff, 0x0, 0x8, 0x5, 0x5}, 0x0, 0x5, r4, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0x300100}]) [ 2114.741322][T16584] FAT-fs (loop1): error, fat_free_clusters: deleting FAT entry beyond EOF [ 2114.753021][T16584] FAT-fs (loop1): Filesystem has been set read-only [ 2114.836574][ T26] audit: type=1800 audit(1578997771.542:3679): pid=16556 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed comm="syz-executor.1" name="file0" dev="loop1" ino=6545 res=0 [ 2114.857212][ T26] audit: type=1804 audit(1578997771.542:3680): pid=16584 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.1" name="/root/syzkaller-testdir084764212/syzkaller.RzbT3U/1129/file0/file0" dev="loop1" ino=6545 res=1 10:29:31 executing program 1: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) openat$vga_arbiter(0xffffffffffffff9c, 0x0, 0x800, 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, &(0x7f0000000380)={&(0x7f0000000280)='./file0/file0\x00'}, 0x10) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) creat(&(0x7f00000003c0)='./bus\x00', 0x0) io_setup(0x4, &(0x7f0000000180)=0x0) close(0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0x14000}]) 10:29:31 executing program 2: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) r4 = socket(0x0, 0x0, 0x0) close(r4) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000300)={0x5, 0x70, 0x81, 0x1, 0x3f, 0x1, 0x0, 0x101, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x40, 0xe21bf5a1ec0ebacf, @perf_bp={&(0x7f0000000140), 0x4}, 0x122, 0x3, 0x7fffffff, 0x0, 0x8, 0x5, 0x5}, 0x0, 0x0, 0xffffffffffffffff, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0x2f000}]) [ 2115.199241][ T8136] FAT-fs (loop2): error, invalid access to FAT (entry 0x00000001) 10:29:32 executing program 4: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) socket(0x0, 0x0, 0x0) close(0xffffffffffffffff) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0) r4 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000300)={0x5, 0x70, 0x81, 0x1, 0x3f, 0x1, 0x0, 0x101, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x40, 0xe21bf5a1ec0ebacf, @perf_bp={&(0x7f0000000140), 0x4}, 0x122, 0x3, 0x7fffffff, 0x0, 0x8, 0x5, 0x5}, 0x0, 0x5, r4, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x90000000000000e, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7}]) 10:29:32 executing program 3: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r2, 0x6, 0x210000000013, &(0x7f0000000040)=0x100000001, 0x4) connect$inet(r2, &(0x7f0000000180)={0x2, 0x0, @local}, 0x10) setsockopt$inet_opts(r2, 0x0, 0x2, 0x0, 0x0) fstat(r2, &(0x7f0000000040)) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r3 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) socket(0x0, 0x0, 0x0) close(0xffffffffffffffff) r5 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x5, r5, 0x2) io_submit(r4, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r3, &(0x7f0000000000), 0x377140be6b5ef4c7}]) 10:29:33 executing program 0: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) socket(0x0, 0x0, 0x0) close(0xffffffffffffffff) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0) r4 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000300)={0x5, 0x70, 0x81, 0x1, 0x3f, 0x1, 0x0, 0x101, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x40, 0xe21bf5a1ec0ebacf, @perf_bp={&(0x7f0000000140), 0x4}, 0x122, 0x3, 0x7fffffff, 0x0, 0x8, 0x5, 0x5}, 0x0, 0x5, r4, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0x300200}]) 10:29:33 executing program 5: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) r4 = socket(0x0, 0x0, 0x0) close(r4) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000300)={0x5, 0x70, 0x81, 0x1, 0x3f, 0x1, 0x0, 0x101, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x40, 0xe21bf5a1ec0ebacf, @perf_bp={&(0x7f0000000140), 0x4}, 0x122, 0x3, 0x7fffffff, 0x0, 0x8, 0x5, 0x5}, 0x0, 0x0, 0xffffffffffffffff, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x90000000000000d, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7}]) 10:29:33 executing program 1: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) openat$vga_arbiter(0xffffffffffffff9c, 0x0, 0x800, 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, &(0x7f0000000380)={&(0x7f0000000280)='./file0/file0\x00'}, 0x10) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) creat(&(0x7f00000003c0)='./bus\x00', 0x0) io_setup(0x4, &(0x7f0000000180)=0x0) close(0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0x15000}]) 10:29:33 executing program 3: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) r4 = memfd_create(&(0x7f000003e000)='\'', 0x0) r5 = dup2(0xffffffffffffffff, r4) getsockopt$inet_sctp6_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, &(0x7f0000000440)=@assoc_value={0x0}, 0x0) getsockopt$inet_sctp_SCTP_PEER_AUTH_CHUNKS(r5, 0x84, 0x1a, &(0x7f0000000400)={r6, 0x3c, "83bcf0be4e89004b1933552a8bb2f5ff9620a973e28ff580d461da853b8dc998daa1e4e570291e422e402533815ee0acc7913ee2ce73651368ea4aaf"}, &(0x7f0000000080)=0x44) getsockopt$inet_sctp6_SCTP_STATUS(r0, 0x84, 0xe, &(0x7f0000000300)={r6, 0x1, 0x8, 0x0, 0x0, 0x1, 0x0, 0x1, {0x0, @in={{0x2, 0x4e23, @broadcast}}, 0x9, 0xff, 0x1, 0x1ff, 0x2}}, &(0x7f0000000080)=0xb0) syz_open_procfs(0x0, 0x0) socket(0x0, 0x0, 0x0) close(0xffffffffffffffff) r7 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x5, r7, 0x2) ioctl$IMDELTIMER(0xffffffffffffffff, 0x80044941, &(0x7f0000000040)=0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7}]) 10:29:34 executing program 2: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) r4 = socket(0x0, 0x0, 0x0) close(r4) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000300)={0x5, 0x70, 0x81, 0x1, 0x3f, 0x1, 0x0, 0x101, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x40, 0xe21bf5a1ec0ebacf, @perf_bp={&(0x7f0000000140), 0x4}, 0x122, 0x3, 0x7fffffff, 0x0, 0x8, 0x5, 0x5}, 0x0, 0x0, 0xffffffffffffffff, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0x30000}]) 10:29:34 executing program 4: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) socket(0x0, 0x0, 0x0) close(0xffffffffffffffff) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0) r4 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000300)={0x5, 0x70, 0x81, 0x1, 0x3f, 0x1, 0x0, 0x101, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x40, 0xe21bf5a1ec0ebacf, @perf_bp={&(0x7f0000000140), 0x4}, 0x122, 0x3, 0x7fffffff, 0x0, 0x8, 0x5, 0x5}, 0x0, 0x5, r4, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x90000000000000d, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7}]) [ 2117.576688][ T26] kauditd_printk_skb: 8 callbacks suppressed [ 2117.576715][ T26] audit: type=1804 audit(1578997774.402:3689): pid=16696 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir015439455/syzkaller.0lPw5D/1180/file0/file0" dev="loop0" ino=6555 res=1 10:29:34 executing program 5: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270ff", 0x15}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000200)='/dev/vga_arbiter\x00', 0x800, 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, &(0x7f0000000380)={&(0x7f0000000280)='./file0/file0\x00'}, 0x10) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) r3 = creat(&(0x7f00000003c0)='./bus\x00', 0x0) fallocate(r3, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) close(0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) io_submit(r4, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7}]) [ 2117.705921][T16719] FAT-fs (loop0): error, fat_free_clusters: deleting FAT entry beyond EOF [ 2117.734435][ T26] audit: type=1800 audit(1578997774.402:3690): pid=16696 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed comm="syz-executor.0" name="file0" dev="loop0" ino=6555 res=0 [ 2117.772971][T16719] FAT-fs (loop0): Filesystem has been set read-only [ 2117.892366][ T26] audit: type=1804 audit(1578997774.402:3691): pid=16719 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir015439455/syzkaller.0lPw5D/1180/file0/file0" dev="loop0" ino=6555 res=1 10:29:34 executing program 0: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) socket(0x0, 0x0, 0x0) close(0xffffffffffffffff) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0) r4 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000300)={0x5, 0x70, 0x81, 0x1, 0x3f, 0x1, 0x0, 0x101, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x40, 0xe21bf5a1ec0ebacf, @perf_bp={&(0x7f0000000140), 0x4}, 0x122, 0x3, 0x7fffffff, 0x0, 0x8, 0x5, 0x5}, 0x0, 0x5, r4, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0x300300}]) 10:29:34 executing program 1: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) openat$vga_arbiter(0xffffffffffffff9c, 0x0, 0x800, 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, &(0x7f0000000380)={&(0x7f0000000280)='./file0/file0\x00'}, 0x10) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) creat(&(0x7f00000003c0)='./bus\x00', 0x0) io_setup(0x4, &(0x7f0000000180)=0x0) close(0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0x16000}]) [ 2118.301863][T16751] FAT-fs (loop5): invalid media value (0x00) [ 2118.353356][T16751] FAT-fs (loop5): Can't find a valid FAT filesystem [ 2118.366741][ T26] audit: type=1804 audit(1578997775.192:3692): pid=16718 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir432377370/syzkaller.fCXC0t/1247/file0/file0" dev="loop3" ino=6560 res=1 [ 2118.405045][T16750] FAT-fs (loop3): error, fat_free_clusters: deleting FAT entry beyond EOF [ 2118.519170][ T26] audit: type=1800 audit(1578997775.192:3693): pid=16718 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed comm="syz-executor.3" name="file0" dev="loop3" ino=6560 res=0 [ 2118.526601][T16750] FAT-fs (loop3): Filesystem has been set read-only [ 2118.540069][ T26] audit: type=1804 audit(1578997775.192:3694): pid=16750 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.3" name="/root/syzkaller-testdir432377370/syzkaller.fCXC0t/1247/file0/file0" dev="loop3" ino=6560 res=1 [ 2118.647863][ T26] audit: type=1804 audit(1578997775.472:3695): pid=16737 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir267585837/syzkaller.3H91Gd/1161/file0/file0" dev="loop2" ino=6563 res=1 10:29:35 executing program 3: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) socket(0x0, 0x0, 0x0) close(0xffffffffffffffff) r4 = syz_init_net_socket$x25(0x9, 0x5, 0x0) connect(r4, &(0x7f0000000040)=@pptp={0x18, 0x2, {0x0, @dev={0xac, 0x14, 0x14, 0x13}}}, 0x80) r5 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x5, r5, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7}]) [ 2118.762263][T16737] FAT-fs (loop2): error, fat_free_clusters: deleting FAT entry beyond EOF [ 2118.785895][T16737] FAT-fs (loop2): Filesystem has been set read-only 10:29:35 executing program 4: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) r4 = memfd_create(&(0x7f000003e000)='\'', 0x0) r5 = dup2(0xffffffffffffffff, r4) getsockopt$inet_sctp6_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, &(0x7f0000000440)=@assoc_value={0x0}, 0x0) getsockopt$inet_sctp_SCTP_PEER_AUTH_CHUNKS(r5, 0x84, 0x1a, &(0x7f0000000400)={r6, 0x3c, "83bcf0be4e89004b1933552a8bb2f5ff9620a973e28ff580d461da853b8dc998daa1e4e570291e422e402533815ee0acc7913ee2ce73651368ea4aaf"}, &(0x7f0000000080)=0x44) getsockopt$inet_sctp6_SCTP_STATUS(r0, 0x84, 0xe, &(0x7f0000000300)={r6, 0x1, 0x8, 0x0, 0x0, 0x1, 0x0, 0x1, {0x0, @in={{0x2, 0x4e23, @broadcast}}, 0x9, 0xff, 0x1, 0x1ff, 0x2}}, &(0x7f0000000080)=0xb0) syz_open_procfs(0x0, 0x0) socket(0x0, 0x0, 0x0) close(0xffffffffffffffff) r7 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x5, r7, 0x2) ioctl$IMDELTIMER(0xffffffffffffffff, 0x80044941, &(0x7f0000000040)=0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7}]) [ 2118.948779][ T26] audit: type=1804 audit(1578997775.772:3696): pid=16764 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir015439455/syzkaller.0lPw5D/1181/file0/file0" dev="loop0" ino=6566 res=1 10:29:35 executing program 2: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) r4 = socket(0x0, 0x0, 0x0) close(r4) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000300)={0x5, 0x70, 0x81, 0x1, 0x3f, 0x1, 0x0, 0x101, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x40, 0xe21bf5a1ec0ebacf, @perf_bp={&(0x7f0000000140), 0x4}, 0x122, 0x3, 0x7fffffff, 0x0, 0x8, 0x5, 0x5}, 0x0, 0x0, 0xffffffffffffffff, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0x31000}]) 10:29:36 executing program 0: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) socket(0x0, 0x0, 0x0) close(0xffffffffffffffff) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0) r4 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000300)={0x5, 0x70, 0x81, 0x1, 0x3f, 0x1, 0x0, 0x101, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x40, 0xe21bf5a1ec0ebacf, @perf_bp={&(0x7f0000000140), 0x4}, 0x122, 0x3, 0x7fffffff, 0x0, 0x8, 0x5, 0x5}, 0x0, 0x5, r4, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0x400000}]) [ 2119.187768][ T26] audit: type=1804 audit(1578997775.832:3697): pid=16772 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.1" name="/root/syzkaller-testdir084764212/syzkaller.RzbT3U/1132/file0/file0" dev="sda1" ino=17382 res=1 10:29:36 executing program 1: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) openat$vga_arbiter(0xffffffffffffff9c, 0x0, 0x800, 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, &(0x7f0000000380)={&(0x7f0000000280)='./file0/file0\x00'}, 0x10) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) creat(&(0x7f00000003c0)='./bus\x00', 0x0) io_setup(0x4, &(0x7f0000000180)=0x0) close(0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0x17000}]) 10:29:36 executing program 5: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) socket(0x0, 0x0, 0x0) close(0xffffffffffffffff) r4 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x5, r4, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x90000000000000d, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7}]) [ 2119.493842][ T26] audit: type=1804 audit(1578997776.322:3698): pid=16801 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.3" name="/root/syzkaller-testdir432377370/syzkaller.fCXC0t/1248/file0/file0" dev="loop3" ino=6569 res=1 10:29:36 executing program 3: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) write$P9_RRENAMEAT(r1, &(0x7f0000000040)={0x7, 0x4b, 0x1}, 0x7) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) socket(0x0, 0x0, 0x0) close(0xffffffffffffffff) r3 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = gettid() tkill(r4, 0x16) prctl$PR_SET_PTRACER(0x59616d61, r4) chroot(&(0x7f0000000200)='./file0\x00') perf_event_open(0x0, 0x0, 0x3, r3, 0x2) r5 = socket$can_bcm(0x1d, 0x2, 0x2) r6 = socket$nl_generic(0x10, 0x3, 0x10) r7 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000040)='IPVS\x00') sendmsg$IPVS_CMD_NEW_SERVICE(r6, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000080)={0x28, r7, 0x1, 0x0, 0x0, {}, [@IPVS_CMD_ATTR_SERVICE={0x14, 0x1, [@IPVS_SVC_ATTR_FWMARK={0x8, 0x5, 0x2}, @IPVS_SVC_ATTR_AF={0x8, 0x1, 0x2}]}]}, 0x28}}, 0x0) r8 = eventfd2(0xff, 0x80000) io_submit(r2, 0x2, &(0x7f0000000140)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r5}, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x2, 0x7, r6, &(0x7f0000000300)="cbb9313e3a650c9343b635d4e37d656a8f801014eb39c08d8f2256f5073bf448c919806187d890ac0221cd9ffeb90135b961b026ceef4e619d4af2fffa60129ea36b9f5d91d79f90d96df96f43c33aa3fc8af18c239efe2ee73ec89c5a39c90d48d6e14f1a7357a5", 0x68, 0x3, 0x0, 0x0, r8}]) [ 2120.543745][T16847] FAT-fs (loop0): error, fat_free_clusters: deleting FAT entry beyond EOF [ 2120.563530][T16847] FAT-fs (loop0): Filesystem has been set read-only 10:29:37 executing program 4: r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) socket(0x0, 0x0, 0x0) close(0xffffffffffffffff) r4 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x5, r4, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7}]) 10:29:37 executing program 0: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) socket(0x0, 0x0, 0x0) close(0xffffffffffffffff) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0) r4 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000300)={0x5, 0x70, 0x81, 0x1, 0x3f, 0x1, 0x0, 0x101, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x40, 0xe21bf5a1ec0ebacf, @perf_bp={&(0x7f0000000140), 0x4}, 0x122, 0x3, 0x7fffffff, 0x0, 0x8, 0x5, 0x5}, 0x0, 0x5, r4, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0x400100}]) [ 2120.755128][T16826] FAT-fs (loop2): error, fat_free_clusters: deleting FAT entry beyond EOF [ 2120.802949][T16826] FAT-fs (loop2): Filesystem has been set read-only 10:29:37 executing program 2: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) r4 = socket(0x0, 0x0, 0x0) close(r4) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000300)={0x5, 0x70, 0x81, 0x1, 0x3f, 0x1, 0x0, 0x101, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x40, 0xe21bf5a1ec0ebacf, @perf_bp={&(0x7f0000000140), 0x4}, 0x122, 0x3, 0x7fffffff, 0x0, 0x8, 0x5, 0x5}, 0x0, 0x0, 0xffffffffffffffff, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0x32000}]) 10:29:37 executing program 1: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) openat$vga_arbiter(0xffffffffffffff9c, 0x0, 0x800, 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, &(0x7f0000000380)={&(0x7f0000000280)='./file0/file0\x00'}, 0x10) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) creat(&(0x7f00000003c0)='./bus\x00', 0x0) io_setup(0x4, &(0x7f0000000180)=0x0) close(0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0x18000}]) 10:29:37 executing program 5: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) socket(0x0, 0x0, 0x0) close(0xffffffffffffffff) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0) r4 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000300)={0x5, 0x70, 0x81, 0x1, 0x3f, 0x1, 0x0, 0x101, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x40, 0xe21bf5a1ec0ebacf, @perf_bp={&(0x7f0000000140), 0x4}, 0x122, 0x3, 0x7fffffff, 0x0, 0x8, 0x5, 0x5}, 0x0, 0x5, r4, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0x400000}]) [ 2122.272552][T16934] FAT-fs (loop1): error, fat_free_clusters: deleting FAT entry beyond EOF [ 2122.305565][T16934] FAT-fs (loop1): Filesystem has been set read-only [ 2122.309115][T16912] FAT-fs (loop2): error, fat_free_clusters: deleting FAT entry beyond EOF 10:29:39 executing program 4: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) socket(0x0, 0x0, 0x0) close(0xffffffffffffffff) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0) r4 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000300)={0x5, 0x70, 0x81, 0x1, 0x3f, 0x1, 0x0, 0x101, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x40, 0xe21bf5a1ec0ebacf, @perf_bp={&(0x7f0000000140), 0x4}, 0x122, 0x3, 0x7fffffff, 0x0, 0x8, 0x5, 0x5}, 0x0, 0x5, r4, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0x400000}]) [ 2122.374510][T16912] FAT-fs (loop2): Filesystem has been set read-only 10:29:39 executing program 2: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) r4 = socket(0x0, 0x0, 0x0) close(r4) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000300)={0x5, 0x70, 0x81, 0x1, 0x3f, 0x1, 0x0, 0x101, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x40, 0xe21bf5a1ec0ebacf, @perf_bp={&(0x7f0000000140), 0x4}, 0x122, 0x3, 0x7fffffff, 0x0, 0x8, 0x5, 0x5}, 0x0, 0x0, 0xffffffffffffffff, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0x100000}]) 10:29:39 executing program 1: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) openat$vga_arbiter(0xffffffffffffff9c, 0x0, 0x800, 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, &(0x7f0000000380)={&(0x7f0000000280)='./file0/file0\x00'}, 0x10) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) creat(&(0x7f00000003c0)='./bus\x00', 0x0) io_setup(0x4, &(0x7f0000000180)=0x0) close(0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0x19000}]) 10:29:39 executing program 0: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) socket(0x0, 0x0, 0x0) close(0xffffffffffffffff) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0) r4 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000300)={0x5, 0x70, 0x81, 0x1, 0x3f, 0x1, 0x0, 0x101, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x40, 0xe21bf5a1ec0ebacf, @perf_bp={&(0x7f0000000140), 0x4}, 0x122, 0x3, 0x7fffffff, 0x0, 0x8, 0x5, 0x5}, 0x0, 0x5, r4, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0x400200}]) 10:29:39 executing program 5: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) socket(0x0, 0x0, 0x0) close(0xffffffffffffffff) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0) r4 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000300)={0x5, 0x70, 0x81, 0x1, 0x3f, 0x1, 0x0, 0x101, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x40, 0xe21bf5a1ec0ebacf, @perf_bp={&(0x7f0000000140), 0x4}, 0x122, 0x3, 0x7fffffff, 0x0, 0x8, 0x5, 0x5}, 0x0, 0x5, r4, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0x400000}]) 10:29:40 executing program 3: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) lseek(r1, 0x0, 0x0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) socket(0x0, 0x0, 0x0) close(0xffffffffffffffff) r4 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x5, r4, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7}]) [ 2123.743799][ T26] kauditd_printk_skb: 11 callbacks suppressed [ 2123.743821][ T26] audit: type=1804 audit(1578997780.572:3710): pid=16969 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir267585837/syzkaller.3H91Gd/1164/file0" dev="sda1" ino=16625 res=1 [ 2123.898949][ T26] audit: type=1800 audit(1578997780.602:3711): pid=16969 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed comm="syz-executor.2" name="file0" dev="sda1" ino=16625 res=0 [ 2123.955397][T17007] FAT-fs (loop1): error, fat_free_clusters: deleting FAT entry beyond EOF [ 2124.017226][T17007] FAT-fs (loop1): Filesystem has been set read-only [ 2124.048846][ T26] audit: type=1804 audit(1578997780.602:3712): pid=16973 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir267585837/syzkaller.3H91Gd/1164/file0" dev="sda1" ino=16625 res=1 10:29:41 executing program 4: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) socket(0x0, 0x0, 0x0) close(0xffffffffffffffff) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0) r4 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000300)={0x5, 0x70, 0x81, 0x1, 0x3f, 0x1, 0x0, 0x101, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x40, 0xe21bf5a1ec0ebacf, @perf_bp={&(0x7f0000000140), 0x4}, 0x122, 0x3, 0x7fffffff, 0x0, 0x8, 0x5, 0x5}, 0x0, 0x5, r4, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0x400100}]) 10:29:41 executing program 0: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) socket(0x0, 0x0, 0x0) close(0xffffffffffffffff) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0) r4 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000300)={0x5, 0x70, 0x81, 0x1, 0x3f, 0x1, 0x0, 0x101, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x40, 0xe21bf5a1ec0ebacf, @perf_bp={&(0x7f0000000140), 0x4}, 0x122, 0x3, 0x7fffffff, 0x0, 0x8, 0x5, 0x5}, 0x0, 0x5, r4, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0x500000}]) [ 2124.189214][ T26] audit: type=1804 audit(1578997780.662:3713): pid=16984 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir084764212/syzkaller.RzbT3U/1135/file0/file0" dev="loop1" ino=6579 res=1 [ 2124.219328][ T26] audit: type=1800 audit(1578997780.662:3714): pid=16984 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed comm="syz-executor.1" name="file0" dev="loop1" ino=6579 res=0 [ 2124.259203][ T26] audit: type=1804 audit(1578997780.662:3715): pid=17007 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.1" name="/root/syzkaller-testdir084764212/syzkaller.RzbT3U/1135/file0/file0" dev="loop1" ino=6579 res=1 10:29:41 executing program 2: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) r4 = socket(0x0, 0x0, 0x0) close(r4) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000300)={0x5, 0x70, 0x81, 0x1, 0x3f, 0x1, 0x0, 0x101, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x40, 0xe21bf5a1ec0ebacf, @perf_bp={&(0x7f0000000140), 0x4}, 0x122, 0x3, 0x7fffffff, 0x0, 0x8, 0x5, 0x5}, 0x0, 0x0, 0xffffffffffffffff, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0x100100}]) 10:29:41 executing program 1: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) openat$vga_arbiter(0xffffffffffffff9c, 0x0, 0x800, 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, &(0x7f0000000380)={&(0x7f0000000280)='./file0/file0\x00'}, 0x10) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) creat(&(0x7f00000003c0)='./bus\x00', 0x0) io_setup(0x4, &(0x7f0000000180)=0x0) close(0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0x1a000}]) 10:29:41 executing program 5: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) socket(0x0, 0x0, 0x0) close(0xffffffffffffffff) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0) r4 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000300)={0x5, 0x70, 0x81, 0x1, 0x3f, 0x1, 0x0, 0x101, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x40, 0xe21bf5a1ec0ebacf, @perf_bp={&(0x7f0000000140), 0x4}, 0x122, 0x3, 0x7fffffff, 0x0, 0x8, 0x5, 0x5}, 0x0, 0x5, r4, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0x400000}]) [ 2124.407703][ T26] audit: type=1804 audit(1578997780.722:3716): pid=16974 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir015439455/syzkaller.0lPw5D/1184/file0/file0" dev="sda1" ino=16485 res=1 [ 2124.993914][ T26] audit: type=1804 audit(1578997781.822:3717): pid=17019 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.3" name="/root/syzkaller-testdir432377370/syzkaller.fCXC0t/1250/file0/file0" dev="loop3" ino=6583 res=1 [ 2125.099470][T17019] FAT-fs (loop3): error, fat_free_clusters: deleting FAT entry beyond EOF [ 2125.142648][T17019] FAT-fs (loop3): Filesystem has been set read-only [ 2125.159561][T17051] FAT-fs (loop5): error, fat_get_cluster: invalid cluster chain (i_pos 970769) [ 2125.262743][T17051] FAT-fs (loop5): Filesystem has been set read-only 10:29:42 executing program 3: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x5040, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r2, 0x6, 0x210000000013, &(0x7f0000000040)=0x100000001, 0x4) connect$inet(r2, &(0x7f0000000180)={0x2, 0x0, @local}, 0x10) setsockopt$inet_opts(r2, 0x0, 0x2, 0x0, 0x0) getsockopt$inet_mreq(r2, 0x0, 0x20, &(0x7f0000000140)={@dev, @empty}, &(0x7f0000000200)=0x8) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r3 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) r5 = gettid() r6 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fcntl$setstatus(r6, 0x4, 0x42000) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x1, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x8, 0x5}, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xfffffffffffffffd, r6, 0x0) lseek(r6, 0x6, 0x1) tkill(r5, 0x16) syz_open_procfs(r5, 0x0) socket(0x0, 0x0, 0x0) close(0xffffffffffffffff) r7 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x5, r7, 0x2) io_submit(r4, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r3, &(0x7f0000000000), 0x377140be6b5ef4c7}]) [ 2125.616349][ T26] audit: type=1804 audit(1578997782.442:3718): pid=17027 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir015439455/syzkaller.0lPw5D/1185/file0/file0" dev="sda1" ino=16689 res=1 10:29:42 executing program 5: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) socket(0x0, 0x0, 0x0) close(0xffffffffffffffff) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0) r4 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000300)={0x5, 0x70, 0x81, 0x1, 0x3f, 0x1, 0x0, 0x101, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x40, 0xe21bf5a1ec0ebacf, @perf_bp={&(0x7f0000000140), 0x4}, 0x122, 0x3, 0x7fffffff, 0x0, 0x8, 0x5, 0x5}, 0x0, 0x5, r4, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0x400100}]) [ 2125.718103][ T26] audit: type=1800 audit(1578997782.442:3719): pid=17027 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed comm="syz-executor.0" name="file0" dev="sda1" ino=16689 res=0 10:29:42 executing program 4: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) openat$vga_arbiter(0xffffffffffffff9c, 0x0, 0x800, 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, &(0x7f0000000380)={&(0x7f0000000280)='./file0/file0\x00'}, 0x10) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) creat(&(0x7f00000003c0)='./bus\x00', 0x0) io_setup(0x4, &(0x7f0000000180)=0x0) close(0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0x18000}]) 10:29:42 executing program 2: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) r4 = socket(0x0, 0x0, 0x0) close(r4) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000300)={0x5, 0x70, 0x81, 0x1, 0x3f, 0x1, 0x0, 0x101, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x40, 0xe21bf5a1ec0ebacf, @perf_bp={&(0x7f0000000140), 0x4}, 0x122, 0x3, 0x7fffffff, 0x0, 0x8, 0x5, 0x5}, 0x0, 0x0, 0xffffffffffffffff, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0x100200}]) 10:29:42 executing program 0: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) socket(0x0, 0x0, 0x0) close(0xffffffffffffffff) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0) r4 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000300)={0x5, 0x70, 0x81, 0x1, 0x3f, 0x1, 0x0, 0x101, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x40, 0xe21bf5a1ec0ebacf, @perf_bp={&(0x7f0000000140), 0x4}, 0x122, 0x3, 0x7fffffff, 0x0, 0x8, 0x5, 0x5}, 0x0, 0x5, r4, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0x500100}]) 10:29:42 executing program 1: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) openat$vga_arbiter(0xffffffffffffff9c, 0x0, 0x800, 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, &(0x7f0000000380)={&(0x7f0000000280)='./file0/file0\x00'}, 0x10) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) creat(&(0x7f00000003c0)='./bus\x00', 0x0) io_setup(0x4, &(0x7f0000000180)=0x0) close(0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0x1b000}]) 10:29:43 executing program 5: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) socket(0x0, 0x0, 0x0) close(0xffffffffffffffff) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0) r4 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000300)={0x5, 0x70, 0x81, 0x1, 0x3f, 0x1, 0x0, 0x101, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x40, 0xe21bf5a1ec0ebacf, @perf_bp={&(0x7f0000000140), 0x4}, 0x122, 0x3, 0x7fffffff, 0x0, 0x8, 0x5, 0x5}, 0x0, 0x5, r4, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x90000000000000b, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7}]) 10:29:44 executing program 4: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) r4 = socket(0x0, 0x0, 0x0) close(r4) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000300)={0x5, 0x70, 0x81, 0x1, 0x3f, 0x1, 0x0, 0x101, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x40, 0xe21bf5a1ec0ebacf, @perf_bp={&(0x7f0000000140), 0x4}, 0x122, 0x3, 0x7fffffff, 0x0, 0x8, 0x5, 0x5}, 0x0, 0x0, 0xffffffffffffffff, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000008, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7}]) [ 2127.580735][T17154] FAT-fs (loop1): error, fat_free_clusters: deleting FAT entry beyond EOF [ 2127.596847][T17146] FAT-fs (loop0): error, invalid access to FAT (entry 0x00000f92) [ 2127.597537][T17154] FAT-fs (loop1): Filesystem has been set read-only [ 2127.616898][T17146] FAT-fs (loop0): Filesystem has been set read-only 10:29:44 executing program 5: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) r0 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r0, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r1 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) socket(0x0, 0x0, 0x0) close(0xffffffffffffffff) r3 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x5, r3, 0x2) io_submit(r2, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r1, &(0x7f0000000000), 0x377140be6b5ef4c7}]) 10:29:44 executing program 2: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) r4 = socket(0x0, 0x0, 0x0) close(r4) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000300)={0x5, 0x70, 0x81, 0x1, 0x3f, 0x1, 0x0, 0x101, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x40, 0xe21bf5a1ec0ebacf, @perf_bp={&(0x7f0000000140), 0x4}, 0x122, 0x3, 0x7fffffff, 0x0, 0x8, 0x5, 0x5}, 0x0, 0x0, 0xffffffffffffffff, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0x100300}]) 10:29:44 executing program 1: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) openat$vga_arbiter(0xffffffffffffff9c, 0x0, 0x800, 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, &(0x7f0000000380)={&(0x7f0000000280)='./file0/file0\x00'}, 0x10) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) creat(&(0x7f00000003c0)='./bus\x00', 0x0) io_setup(0x4, &(0x7f0000000180)=0x0) close(0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0x1c000}]) 10:29:44 executing program 0: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) socket(0x0, 0x0, 0x0) close(0xffffffffffffffff) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0) r4 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000300)={0x5, 0x70, 0x81, 0x1, 0x3f, 0x1, 0x0, 0x101, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x40, 0xe21bf5a1ec0ebacf, @perf_bp={&(0x7f0000000140), 0x4}, 0x122, 0x3, 0x7fffffff, 0x0, 0x8, 0x5, 0x5}, 0x0, 0x5, r4, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0x500200}]) 10:29:45 executing program 3: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = openat$dlm_control(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dlm-control\x00', 0x242201, 0x0) ioctl$sock_x25_SIOCADDRT(r1, 0x890b, &(0x7f0000000300)={@remote={[], 0x3}, 0x1, 'vlan1\x00'}) r2 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r2, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r3 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) socket(0x0, 0x0, 0x0) close(0xffffffffffffffff) r5 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x5, r5, 0x2) io_submit(r4, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r3, &(0x7f0000000000), 0x377140be6b5ef4c7}]) [ 2129.132415][ T26] kauditd_printk_skb: 14 callbacks suppressed [ 2129.132448][ T26] audit: type=1804 audit(1578997785.952:3734): pid=17192 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir267585837/syzkaller.3H91Gd/1167/file0" dev="sda1" ino=16769 res=1 [ 2129.274945][ T26] audit: type=1800 audit(1578997785.992:3735): pid=17192 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed comm="syz-executor.2" name="file0" dev="sda1" ino=16769 res=0 10:29:46 executing program 4: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) socket(0x0, 0x0, 0x0) close(0xffffffffffffffff) r4 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x5, r4, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000009, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7}]) [ 2129.402037][T17214] FAT-fs (loop0): error, fat_free_clusters: deleting FAT entry beyond EOF [ 2129.436874][ T26] audit: type=1804 audit(1578997785.992:3736): pid=17200 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir267585837/syzkaller.3H91Gd/1167/file0" dev="sda1" ino=16769 res=1 [ 2129.461577][ T26] audit: type=1804 audit(1578997786.002:3737): pid=17211 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir084764212/syzkaller.RzbT3U/1138/file0/file0" dev="loop1" ino=6598 res=1 [ 2129.471430][T17214] FAT-fs (loop0): Filesystem has been set read-only 10:29:46 executing program 1: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) openat$vga_arbiter(0xffffffffffffff9c, 0x0, 0x800, 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, &(0x7f0000000380)={&(0x7f0000000280)='./file0/file0\x00'}, 0x10) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) creat(&(0x7f00000003c0)='./bus\x00', 0x0) io_setup(0x4, &(0x7f0000000180)=0x0) close(0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0x1d000}]) [ 2129.499456][ T26] audit: type=1800 audit(1578997786.002:3738): pid=17211 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed comm="syz-executor.1" name="file0" dev="loop1" ino=6598 res=0 [ 2129.527219][ T26] audit: type=1804 audit(1578997786.002:3739): pid=17215 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.1" name="/root/syzkaller-testdir084764212/syzkaller.RzbT3U/1138/file0/file0" dev="loop1" ino=6598 res=1 [ 2129.591194][ T26] audit: type=1804 audit(1578997786.072:3740): pid=17209 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir015439455/syzkaller.0lPw5D/1187/file0/file0" dev="loop0" ino=6597 res=1 [ 2129.642924][ T26] audit: type=1800 audit(1578997786.072:3741): pid=17209 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed comm="syz-executor.0" name="file0" dev="loop0" ino=6597 res=0 10:29:46 executing program 5: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01", 0x11}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000200)='/dev/vga_arbiter\x00', 0x800, 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, &(0x7f0000000380)={&(0x7f0000000280)='./file0/file0\x00'}, 0x10) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) r3 = creat(&(0x7f00000003c0)='./bus\x00', 0x0) fallocate(r3, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) close(0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) io_submit(r4, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7}]) 10:29:46 executing program 2: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) r4 = socket(0x0, 0x0, 0x0) close(r4) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000300)={0x5, 0x70, 0x81, 0x1, 0x3f, 0x1, 0x0, 0x101, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x40, 0xe21bf5a1ec0ebacf, @perf_bp={&(0x7f0000000140), 0x4}, 0x122, 0x3, 0x7fffffff, 0x0, 0x8, 0x5, 0x5}, 0x0, 0x0, 0xffffffffffffffff, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0x200000}]) [ 2129.735030][ T26] audit: type=1804 audit(1578997786.082:3742): pid=17214 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir015439455/syzkaller.0lPw5D/1187/file0/file0" dev="loop0" ino=6597 res=1 10:29:46 executing program 0: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) socket(0x0, 0x0, 0x0) close(0xffffffffffffffff) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0) r4 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000300)={0x5, 0x70, 0x81, 0x1, 0x3f, 0x1, 0x0, 0x101, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x40, 0xe21bf5a1ec0ebacf, @perf_bp={&(0x7f0000000140), 0x4}, 0x122, 0x3, 0x7fffffff, 0x0, 0x8, 0x5, 0x5}, 0x0, 0x5, r4, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0x600000}]) [ 2129.984921][T17263] FAT-fs (loop5): invalid media value (0x00) [ 2130.023471][T17263] FAT-fs (loop5): Can't find a valid FAT filesystem [ 2130.082510][T17246] FAT-fs (loop3): error, fat_free_clusters: deleting FAT entry beyond EOF [ 2130.091333][T17246] FAT-fs (loop3): Filesystem has been set read-only [ 2130.098598][ T26] audit: type=1804 audit(1578997786.922:3743): pid=17244 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir432377370/syzkaller.fCXC0t/1252/file0/file0" dev="loop3" ino=6601 res=1 10:29:47 executing program 3: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000040)='/dev/qat_adf_ctl\x00', 0x800, 0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) socket(0x0, 0x0, 0x0) close(0xffffffffffffffff) r4 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x5, r4, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7}]) 10:29:47 executing program 1: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) openat$vga_arbiter(0xffffffffffffff9c, 0x0, 0x800, 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, &(0x7f0000000380)={&(0x7f0000000280)='./file0/file0\x00'}, 0x10) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) creat(&(0x7f00000003c0)='./bus\x00', 0x0) io_setup(0x4, &(0x7f0000000180)=0x0) close(0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0x1e000}]) 10:29:48 executing program 2: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) r4 = socket(0x0, 0x0, 0x0) close(r4) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000300)={0x5, 0x70, 0x81, 0x1, 0x3f, 0x1, 0x0, 0x101, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x40, 0xe21bf5a1ec0ebacf, @perf_bp={&(0x7f0000000140), 0x4}, 0x122, 0x3, 0x7fffffff, 0x0, 0x8, 0x5, 0x5}, 0x0, 0x0, 0xffffffffffffffff, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0x200100}]) 10:29:48 executing program 0: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) socket(0x0, 0x0, 0x0) close(0xffffffffffffffff) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0) r4 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000300)={0x5, 0x70, 0x81, 0x1, 0x3f, 0x1, 0x0, 0x101, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x40, 0xe21bf5a1ec0ebacf, @perf_bp={&(0x7f0000000140), 0x4}, 0x122, 0x3, 0x7fffffff, 0x0, 0x8, 0x5, 0x5}, 0x0, 0x5, r4, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0x600100}]) 10:29:48 executing program 4: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) r4 = socket(0x0, 0x0, 0x0) close(r4) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000300)={0x5, 0x70, 0x81, 0x1, 0x3f, 0x1, 0x0, 0x101, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x40, 0xe21bf5a1ec0ebacf, @perf_bp={&(0x7f0000000140), 0x4}, 0x122, 0x3, 0x7fffffff, 0x0, 0x8, 0x5, 0x5}, 0x0, 0x0, 0xffffffffffffffff, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000006, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7}]) 10:29:48 executing program 3: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) socket(0x0, 0x0, 0x0) close(0xffffffffffffffff) perf_event_open(0x0, 0x0, 0x5, 0xffffffffffffffff, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7}]) 10:29:48 executing program 5: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) r4 = socket(0x0, 0x0, 0x0) close(r4) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000300)={0x5, 0x70, 0x81, 0x1, 0x3f, 0x1, 0x0, 0x101, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x40, 0xe21bf5a1ec0ebacf, @perf_bp={&(0x7f0000000140), 0x4}, 0x122, 0x3, 0x7fffffff, 0x0, 0x8, 0x5, 0x5}, 0x0, 0x0, 0xffffffffffffffff, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000005, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7}]) 10:29:49 executing program 1: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) openat$vga_arbiter(0xffffffffffffff9c, 0x0, 0x800, 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, &(0x7f0000000380)={&(0x7f0000000280)='./file0/file0\x00'}, 0x10) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) creat(&(0x7f00000003c0)='./bus\x00', 0x0) io_setup(0x4, &(0x7f0000000180)=0x0) close(0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0x1f000}]) [ 2132.710084][T17386] FAT-fs (loop2): error, fat_free_clusters: deleting FAT entry beyond EOF [ 2132.735219][T17386] FAT-fs (loop2): Filesystem has been set read-only 10:29:49 executing program 5: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) r4 = socket(0x0, 0x0, 0x0) close(r4) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000300)={0x5, 0x70, 0x81, 0x1, 0x3f, 0x1, 0x0, 0x101, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x40, 0xe21bf5a1ec0ebacf, @perf_bp={&(0x7f0000000140), 0x4}, 0x122, 0x3, 0x7fffffff, 0x0, 0x8, 0x5, 0x5}, 0x0, 0x0, 0xffffffffffffffff, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000005, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7}]) [ 2132.799327][T17358] FAT-fs (loop0): error, fat_get_cluster: invalid cluster chain (i_pos 970769) 10:29:49 executing program 4: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) creat(&(0x7f0000000100)='./file0\x00', 0x0) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r1 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) socket(0x0, 0x0, 0x0) close(0xffffffffffffffff) r3 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x5, r3, 0x2) io_submit(r2, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r1, &(0x7f0000000000), 0x377140be6b5ef4c7}]) [ 2132.902126][T17358] FAT-fs (loop0): Filesystem has been set read-only [ 2133.007521][T17399] FAT-fs (loop0): error, fat_free_clusters: deleting FAT entry beyond EOF 10:29:49 executing program 2: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) r4 = socket(0x0, 0x0, 0x0) close(r4) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000300)={0x5, 0x70, 0x81, 0x1, 0x3f, 0x1, 0x0, 0x101, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x40, 0xe21bf5a1ec0ebacf, @perf_bp={&(0x7f0000000140), 0x4}, 0x122, 0x3, 0x7fffffff, 0x0, 0x8, 0x5, 0x5}, 0x0, 0x0, 0xffffffffffffffff, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0x200200}]) [ 2133.083501][T17385] FAT-fs (loop3): error, fat_free_clusters: deleting FAT entry beyond EOF [ 2133.105292][T17385] FAT-fs (loop3): Filesystem has been set read-only 10:29:50 executing program 0: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) socket(0x0, 0x0, 0x0) close(0xffffffffffffffff) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0) r4 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000300)={0x5, 0x70, 0x81, 0x1, 0x3f, 0x1, 0x0, 0x101, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x40, 0xe21bf5a1ec0ebacf, @perf_bp={&(0x7f0000000140), 0x4}, 0x122, 0x3, 0x7fffffff, 0x0, 0x8, 0x5, 0x5}, 0x0, 0x5, r4, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0x600200}]) 10:29:50 executing program 3: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) open(&(0x7f0000000040)='./file1\x00', 0x46080, 0x20) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) recvmsg$can_bcm(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000000300)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @remote}}}, 0x80, &(0x7f0000000140)=[{&(0x7f0000000080)=""/27, 0x1b}, {&(0x7f0000000380)=""/73, 0x49}], 0x2, &(0x7f0000000a00)=""/4096, 0x1000}, 0x20012040) r5 = syz_genetlink_get_family_id$nbd(&(0x7f0000000400)='nbd\x00') sendmsg$NBD_CMD_STATUS(r4, &(0x7f00000004c0)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000480)={&(0x7f0000000440)={0x20, r5, 0x1, 0x70bd26, 0x25dfdbfe, {}, [@NBD_ATTR_CLIENT_FLAGS={0xc, 0x6, 0x4}]}, 0x20}, 0x1, 0x0, 0x0, 0xa11da22a33a2ead4}, 0x4000) socket(0x0, 0x0, 0x0) close(0xffffffffffffffff) r6 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xfffffffffffffffe, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x5, r6, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7}]) [ 2134.017949][T17458] FAT-fs (loop1): error, fat_free_clusters: deleting FAT entry beyond EOF [ 2134.102516][T17458] FAT-fs (loop1): Filesystem has been set read-only [ 2134.312777][ T26] kauditd_printk_skb: 18 callbacks suppressed [ 2134.312857][ T26] audit: type=1804 audit(1578997791.132:3762): pid=17443 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir267585837/syzkaller.3H91Gd/1170/file0/file0" dev="loop2" ino=6619 res=1 [ 2134.366777][T17475] FAT-fs (loop3): error, fat_free_clusters: deleting FAT entry beyond EOF [ 2134.375429][T17475] FAT-fs (loop3): Filesystem has been set read-only 10:29:51 executing program 1: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) openat$vga_arbiter(0xffffffffffffff9c, 0x0, 0x800, 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, &(0x7f0000000380)={&(0x7f0000000280)='./file0/file0\x00'}, 0x10) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) creat(&(0x7f00000003c0)='./bus\x00', 0x0) io_setup(0x4, &(0x7f0000000180)=0x0) close(0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0x20000}]) [ 2134.511793][ T26] audit: type=1804 audit(1578997791.172:3763): pid=17469 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir432377370/syzkaller.fCXC0t/1255/file0/file0" dev="loop3" ino=6625 res=1 [ 2134.540158][T17457] FAT-fs (loop0): error, invalid access to FAT (entry 0x000006c0) 10:29:51 executing program 4: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) socket(0x0, 0x0, 0x0) close(0xffffffffffffffff) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0) r4 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000300)={0x5, 0x70, 0x81, 0x1, 0x3f, 0x1, 0x0, 0x101, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x40, 0xe21bf5a1ec0ebacf, @perf_bp={&(0x7f0000000140), 0x4}, 0x122, 0x3, 0x7fffffff, 0x0, 0x8, 0x5, 0x5}, 0x0, 0x5, r4, 0x2) io_submit(r3, 0x733, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7}]) [ 2134.558527][ T26] audit: type=1800 audit(1578997791.222:3764): pid=17443 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed comm="syz-executor.2" name="file0" dev="loop2" ino=6619 res=0 10:29:51 executing program 3: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) ioctl$SG_SET_DEBUG(0xffffffffffffffff, 0x227e, &(0x7f0000000080)) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) r4 = openat$full(0xffffffffffffff9c, &(0x7f0000000140)='/dev/full\x00', 0x579000, 0x0) ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) ioctl$SNDRV_TIMER_IOCTL_STATUS32(r4, 0x80585414, &(0x7f0000000300)) syz_open_procfs(0x0, 0x0) socket(0x0, 0x0, 0x0) close(0xffffffffffffffff) r5 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x5, r5, 0x2) r6 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vga_arbiter\x00', 0xa0100, 0x0) io_submit(r3, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x0, 0x0, 0x0, 0x0, r6}]) [ 2134.593097][ T26] audit: type=1804 audit(1578997791.222:3765): pid=17446 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir267585837/syzkaller.3H91Gd/1170/file0/file0" dev="loop2" ino=6619 res=1 [ 2134.631608][T17457] FAT-fs (loop0): Filesystem has been set read-only 10:29:51 executing program 2: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) r4 = socket(0x0, 0x0, 0x0) close(r4) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000300)={0x5, 0x70, 0x81, 0x1, 0x3f, 0x1, 0x0, 0x101, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x40, 0xe21bf5a1ec0ebacf, @perf_bp={&(0x7f0000000140), 0x4}, 0x122, 0x3, 0x7fffffff, 0x0, 0x8, 0x5, 0x5}, 0x0, 0x0, 0xffffffffffffffff, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0x200300}]) [ 2134.681951][ T26] audit: type=1804 audit(1578997791.472:3766): pid=17449 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir015439455/syzkaller.0lPw5D/1190/file0/file0" dev="loop0" ino=6623 res=1 10:29:51 executing program 0: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) socket(0x0, 0x0, 0x0) close(0xffffffffffffffff) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0) r4 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000300)={0x5, 0x70, 0x81, 0x1, 0x3f, 0x1, 0x0, 0x101, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x40, 0xe21bf5a1ec0ebacf, @perf_bp={&(0x7f0000000140), 0x4}, 0x122, 0x3, 0x7fffffff, 0x0, 0x8, 0x5, 0x5}, 0x0, 0x5, r4, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0x700000}]) 10:29:51 executing program 5: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) r4 = socket(0x0, 0x0, 0x0) close(r4) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000300)={0x5, 0x70, 0x81, 0x1, 0x3f, 0x1, 0x0, 0x101, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x40, 0xe21bf5a1ec0ebacf, @perf_bp={&(0x7f0000000140), 0x4}, 0x122, 0x3, 0x7fffffff, 0x0, 0x8, 0x5, 0x5}, 0x0, 0x0, 0xffffffffffffffff, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0x200200}]) [ 2135.209861][ T26] audit: type=1804 audit(1578997792.032:3767): pid=17503 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.1" name="/root/syzkaller-testdir084764212/syzkaller.RzbT3U/1142/file0/file0" dev="sda1" ino=17025 res=1 10:29:52 executing program 1: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) openat$vga_arbiter(0xffffffffffffff9c, 0x0, 0x800, 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, &(0x7f0000000380)={&(0x7f0000000280)='./file0/file0\x00'}, 0x10) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) creat(&(0x7f00000003c0)='./bus\x00', 0x0) io_setup(0x4, &(0x7f0000000180)=0x0) close(0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0x21000}]) [ 2135.842998][ T26] audit: type=1804 audit(1578997792.662:3768): pid=17515 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir432377370/syzkaller.fCXC0t/1256/file0/file0" dev="loop3" ino=6627 res=1 [ 2135.958826][ T26] audit: type=1800 audit(1578997792.662:3769): pid=17515 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed comm="syz-executor.3" name="file0" dev="loop3" ino=6627 res=0 10:29:52 executing program 4: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) socket(0x0, 0x0, 0x0) close(0xffffffffffffffff) r4 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x5, r4, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7}]) [ 2136.092348][ T26] audit: type=1804 audit(1578997792.662:3770): pid=17534 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.3" name="/root/syzkaller-testdir432377370/syzkaller.fCXC0t/1256/file0/file0" dev="loop3" ino=6627 res=1 [ 2136.131594][T17549] FAT-fs (loop2): error, invalid access to FAT (entry 0x000004f8) 10:29:53 executing program 3: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000040)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) socket(0x0, 0x0, 0x0) close(0xffffffffffffffff) r4 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x5, r4, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7}]) [ 2136.164135][ T26] audit: type=1804 audit(1578997792.812:3771): pid=17533 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir267585837/syzkaller.3H91Gd/1171/file0/file0" dev="loop2" ino=6629 res=1 [ 2136.174223][T17549] FAT-fs (loop2): Filesystem has been set read-only 10:29:53 executing program 5: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) socket(0x0, 0x0, 0x0) close(0xffffffffffffffff) r4 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x5, r4, 0x2) io_submit(r3, 0x731, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7}]) 10:29:53 executing program 0: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) socket(0x0, 0x0, 0x0) close(0xffffffffffffffff) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0) r4 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000300)={0x5, 0x70, 0x81, 0x1, 0x3f, 0x1, 0x0, 0x101, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x40, 0xe21bf5a1ec0ebacf, @perf_bp={&(0x7f0000000140), 0x4}, 0x122, 0x3, 0x7fffffff, 0x0, 0x8, 0x5, 0x5}, 0x0, 0x5, r4, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0x700100}]) 10:29:53 executing program 2: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) r4 = socket(0x0, 0x0, 0x0) close(r4) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000300)={0x5, 0x70, 0x81, 0x1, 0x3f, 0x1, 0x0, 0x101, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x40, 0xe21bf5a1ec0ebacf, @perf_bp={&(0x7f0000000140), 0x4}, 0x122, 0x3, 0x7fffffff, 0x0, 0x8, 0x5, 0x5}, 0x0, 0x0, 0xffffffffffffffff, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0x300000}]) 10:29:53 executing program 3: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000040)='IPVS\x00') sendmsg$IPVS_CMD_NEW_SERVICE(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000080)={0x28, r3, 0x1, 0x0, 0x0, {}, [@IPVS_CMD_ATTR_SERVICE={0x14, 0x1, [@IPVS_SVC_ATTR_FWMARK={0x8, 0x5, 0x2}, @IPVS_SVC_ATTR_AF={0x8, 0x1, 0x2}]}]}, 0x28}}, 0x0) sendmsg$NL80211_CMD_SET_REG(r2, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x5038879806f8f9ae}, 0xc, &(0x7f0000000080)={&(0x7f0000000300)=ANY=[@ANYBLOB="7c0000f5", @ANYRES16=0x0, @ANYBLOB="00042abd7000fcdbdf251a000000070021006161000008009a00020000000400cc001c00220008000100080000000800020001000000080002001800000008000100030000000400cc001400220008000600010000000800040001000000060021006200000008009a000600000008009a0002000000"], 0x7c}, 0x1, 0x0, 0x0, 0x80}, 0x24004831) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r4 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) socket(0x0, 0x0, 0x0) close(0xffffffffffffffff) r6 = perf_event_open(&(0x7f000001d000)={0x1, 0x134, 0x43, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, @perf_config_ext, 0x1, 0x0, 0x4000000, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x5, r6, 0x2) io_submit(r5, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r4, &(0x7f0000000000), 0x377140be6b5ef4c7}]) [ 2137.320098][T17579] FAT-fs (loop1): error, fat_free_clusters: deleting FAT entry beyond EOF [ 2137.411114][T17642] netlink: 'syz-executor.3': attribute type 1 has an invalid length. [ 2137.435514][T17579] FAT-fs (loop1): Filesystem has been set read-only 10:29:54 executing program 1: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) openat$vga_arbiter(0xffffffffffffff9c, 0x0, 0x800, 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, &(0x7f0000000380)={&(0x7f0000000280)='./file0/file0\x00'}, 0x10) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) creat(&(0x7f00000003c0)='./bus\x00', 0x0) io_setup(0x4, &(0x7f0000000180)=0x0) close(0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0x22000}]) 10:29:54 executing program 4: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000040)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) socket(0x0, 0x0, 0x0) close(0xffffffffffffffff) r4 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x5, r4, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7}]) [ 2138.023588][T17618] FAT-fs (loop2): error, fat_free_clusters: deleting FAT entry beyond EOF 10:29:54 executing program 5: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) socket(0x0, 0x0, 0x0) close(0xffffffffffffffff) r4 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x5, r4, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7}]) [ 2138.072631][T17618] FAT-fs (loop2): Filesystem has been set read-only 10:29:55 executing program 3: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = openat$ttynull(0xffffffffffffff9c, &(0x7f0000000280)='/dev/ttynull\x00', 0x48000, 0x0) ioctl$TIOCGPGRP(r0, 0x540f, &(0x7f00000003c0)) r1 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r1) r2 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r2, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r3 = creat(&(0x7f0000000000)='./bus\x00', 0x0) sendmsg$OSF_MSG_ADD(r2, &(0x7f0000000200)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000000140)={&(0x7f0000000a00)={0x964, 0x0, 0x5, 0x0, 0x70bd2d, 0x25dfdbff, {0x3, 0x0, 0x7}, [{{0x254, 0x1, {{0x3, 0x6}, 0x80, 0x9, 0x7, 0x7a, 0x25, 'syz0\x00', "b3bb7a4a051936e373af21f1de8383b59ba537232e487e31465ee0a83c58854f", "0d27aa39c00391055d61a4be264707cca89a706b06a807fcdb2fa5b8e221751b", [{0x1000, 0x9, {0x3, 0x4}}, {0x1001, 0x8001, {0x0, 0x4}}, {0x0, 0x78cc, {0x0, 0x8001}}, {0x8001, 0xd250, {0x2, 0xb2}}, {0x8000, 0xffc2, {0x0, 0x4}}, {0x6, 0x1, {0x0, 0x9}}, {0x8001, 0x1ff, {0x1, 0x10000}}, {0x1, 0xff, {0x3, 0x8}}, {0x1, 0x1, {0x3, 0x1}}, {0x3, 0xff, {0x2, 0x3f7f}}, {0x0, 0x1, {0x2, 0x322}}, {0x3, 0xad39, {0x0, 0x4}}, {0x41, 0x7243, {0x0, 0x3}}, {0x5, 0x4, {0x1, 0x7}}, {0x23, 0x3, {0x1, 0x9}}, {0x0, 0x400, {0x3, 0x7}}, {0x0, 0x100, {0x1, 0x8}}, {0x8000, 0x3ff, {0x0, 0x1}}, {0x800, 0x5, {0x0, 0x2}}, {0x3, 0x70, {0x1, 0x8}}, {0xf42, 0x3, {0x0, 0xda}}, {0x2, 0x2, {0x1, 0x7}}, {0x8, 0xd58b, {0x5, 0x100}}, {0x6, 0xfb2, {0x1, 0x2}}, {0x6, 0x7, {0x2, 0x6}}, {0x1, 0x80, {0x0, 0x9}}, {0x0, 0x8, {0x1, 0xfffffff7}}, {0x33, 0x48, {0x1, 0x6}}, {0x400, 0x3ff, {0x1, 0xfff}}, {0x2, 0x4, {0x2, 0xb6a}}, {0x0, 0x400, {0x1, 0x7fffffff}}, {0x7, 0x7f, {0x2}}, {0x3ff, 0x1, {0x3, 0xe2e}}, {0x8d, 0x8, {0x2, 0x1}}, {0xfff, 0x3, {0x0, 0x9}}, {0x4, 0x80, {0x0, 0x3}}, {0x100, 0x70, {0x1, 0x65a}}, {0x6, 0x400, {0x2, 0x8}}, {0x2, 0x7, {0x2, 0x800}}, {0x7, 0x8, {0x3, 0xffffffff}}]}}}, {{0x254, 0x1, {{0x3, 0x4}, 0x2, 0x0, 0x335, 0x9, 0x7, 'syz1\x00', "f34f8811d6ccd8fb4940bb763b9ab5604ddb71c38f4d3cf7962a54bbda7fefa1", "def7a8dbd6d9e73661c3a468a081e53f40e5a5e82416998043a5e7a2c40dd19c", [{0x1000, 0x0, {0x1, 0x6}}, {0x7f, 0x7, {0x1, 0x80000003}}, {0x200, 0x81, {0x3, 0x4}}, {0xe032, 0x4, {0x1, 0x8}}, {0x7, 0x8, {0x0, 0xfffffff9}}, {0x4, 0x1, {0x0, 0x9}}, {0x8, 0x0, {0x2, 0xcb63}}, {0x3, 0x3ff, {0x1, 0x2a1f09b1}}, {0xf000, 0x1f, {0x1, 0x2840}}, {0x401, 0xc0f, {0x3, 0x1f377362}}, {0xce9, 0x0, {0x1, 0x3}}, {0x8, 0x82, {0x3, 0x7}}, {0xe0c, 0x8, {0x0, 0xf1c0}}, {0x81, 0x8, {0x2, 0x401}}, {0x9, 0xc857, {0x2}}, {0x2480, 0x7f, {0x2}}, {0x401, 0x8, {0x0, 0x7fff}}, {0x9, 0x8, {0x1}}, {0x101, 0x25, {0x1, 0xffffff81}}, {0x6, 0xff01, {0x5, 0x1}}, {0xf001, 0x68, {0x3, 0x64d7}}, {0x2, 0x3, {0x1, 0xa5e3}}, {0x80, 0x4, {0x2}}, {0x7, 0x9, {0x1, 0x8}}, {0xf9a, 0x1, {0x6, 0x80}}, {0x2, 0x6, {0x2, 0x8}}, {0x2, 0x81, {0x1, 0x20000}}, {0x49a, 0x7fff, {0x3, 0x4}}, {0x404, 0x3, {0x2, 0x7ff}}, {0x2, 0xb2a2, {0x1, 0x7ff000}}, {0x5, 0x3, {0x2, 0x80}}, {0x1, 0x2, {0x1, 0x1}}, {0x7, 0x800, {0x4, 0x6}}, {0x200, 0xffff, {0x2, 0x7bff}}, {0x4, 0x7, {0x2, 0x6}}, {0x100, 0x0, {0x2, 0xc79}}, {0x1, 0x8001, {0x1, 0x401}}, {0xb8d1, 0x5, {0x1, 0x5}}, {0x1ff, 0x2, {0x2, 0x9}}, {0x20, 0x1, {0x2, 0x8}}]}}}, {{0x254, 0x1, {{0x2, 0x7}, 0x0, 0x3f, 0x130, 0x8, 0x1c, 'syz1\x00', "0feb5b2c7964fce30e6cd0a008abc491d05b6aa211365e56df858149804ee6e6", "161b72d6539a58d46575f2954a5c785b7972f98a813efdf398d0d8ce8c8477ad", [{0xfff7, 0x6aa, {0x2, 0xf7}}, {0x7ff, 0xffff, {0x0, 0x1}}, {0x0, 0x8}, {0x1a1d, 0x1, {0x2, 0x3}}, {0x337, 0x5, {0x3, 0x6}}, {0x2, 0x0, {0x2, 0x1}}, {0x2, 0x7, {0x2, 0x100}}, {0x1, 0x9, {0x3, 0x1}}, {0x833, 0xff7f, {0x0, 0x3}}, {0x7, 0x6, {0x0, 0x3}}, {0x7, 0x1c3, {0x1, 0x1ff}}, {0x3, 0x8d, {0x3, 0x5}}, {0x0, 0x3ff, {0x0, 0x9}}, {0x8001, 0x50, {0x2, 0x1}}, {0x2, 0x7, {0x1, 0xffffff80}}, {0x1, 0x0, {0x3, 0x7fffffff}}, {0x100, 0x4, {0x3, 0xff}}, {0x2, 0x9, {0xd59921678c6f68a, 0x3}}, {0x0, 0x7, {0x2, 0x5}}, {0xfff, 0x0, {0x2, 0x9}}, {0x81, 0xff, {0x46d0e71e5e3d0cc4, 0x7}}, {0x9, 0x9, {0x3, 0x4}}, {0x1f, 0x40, {0x3, 0x3ff}}, {0xbd3, 0x6b, {0x2, 0x8}}, {0x6, 0x6, {0x3, 0x8}}, {0xb591, 0x1, {0x3, 0x7}}, {0x7, 0x80, {0x0, 0x8000}}, {0xd392, 0x7ff, {0x2, 0xffffffff}}, {0x0, 0x8, {0x0, 0x400}}, {0x6}, {0x1, 0x89, {0x1, 0x40}}, {0x8000, 0x102, {0x71d0ff7b1b741487, 0x1ff}}, {0x0, 0x8, {0x3, 0x6}}, {0x9, 0xbc, {0x5, 0x7f}}, {0x40, 0x20, {0x2, 0x6}}, {0x8, 0x8, {0x3, 0x101}}, {0x400, 0x24e4, {0x0, 0x9}}, {0x1, 0x13e3, {0x2, 0x9}}, {0x7ff, 0x9, {0x2, 0x45}}, {0x8000, 0x3ff, {0x2, 0x800}}]}}}, {{0x254, 0x1, {{0x6, 0x2}, 0x4, 0xc, 0x7, 0x4, 0x1, 'syz0\x00', "3750b03d7ea1dffab33ab6debb824b7c1c86d9a2173f5629bbc2bd0368838bb1", "05bfbb4c39d7deff71e4c634146b53034aea37925d748532bd1487aaf60111c6", [{0x47, 0x5e, {0x3, 0x7}}, {0x7fff, 0x3ff, {0x0, 0xa8}}, {0x4, 0x6, {0x3, 0x3ff}}, {0x7ff, 0x4, {0x2, 0x8}}, {0xff, 0x1, {0x3, 0x80000001}}, {0x8, 0x8, {0x2, 0x3}}, {0x6, 0x80, {0x3, 0x1}}, {0x400, 0x101, {0x3, 0x7fff}}, {0xff81, 0x32cb, {0x2, 0x101}}, {0x0, 0x5, {0x0, 0x8000}}, {0x6, 0x3ff, {0x0, 0x40}}, {0x1, 0x2, {0x6, 0x2}}, {0x1, 0x4, {0x2, 0x7}}, {0xb5, 0x5, {0x0, 0x5}}, {0x7, 0x5, {0x2, 0xffffff3a}}, {0x7, 0x3, {0x2, 0x7}}, {0x800, 0x8, {0x1, 0x6}}, {0x0, 0x4, {0x0, 0x7}}, {0xfff9, 0x30a, {0x3, 0xffff}}, {0x8, 0x1, {0x3, 0x20}}, {0x20, 0xfffe, {0x1, 0x80}}, {0x8, 0x5a, {0x0, 0x349}}, {0x2, 0x3f, {0x2, 0x2e8}}, {0x1, 0x9, {0x1, 0x9}}, {0x0, 0xffff}, {0x0, 0xf33, {0x0, 0x80000000}}, {0x1, 0x4c2, {0x2, 0x7}}, {0x3f, 0x81, {0x0, 0xa8e}}, {0xe45, 0x2b, {0x3, 0x9}}, {0x6, 0x578, {0x2}}, {0x9, 0x0, {0xdd1cec7edb78063, 0x7ff}}, {0x4, 0x8001, {0x3, 0xa439}}, {0x80, 0x6, {0x1, 0x1}}, {0x7, 0x7f, {0x0, 0xba86}}, {0x1971, 0x1, {0x3, 0x8}}, {0xd2b, 0x7, {0x2, 0xffffffff}}, {0x5477, 0xfff9, {0x4, 0xffffffff}}, {0x7ff, 0x450, {0x1, 0x5}}, {0x1, 0x3, {0x3, 0x3f}}, {0x19d1, 0x1f, {0x3, 0x2}}]}}}]}, 0x964}, 0x1, 0x0, 0x0, 0x40042}, 0x20000081) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) ioctl$USBDEVFS_CONTROL(0xffffffffffffffff, 0xc0185500, &(0x7f0000000040)={0x60, 0x1, 0xaad, 0x2, 0x94, 0xff, &(0x7f0000000300)="d8a279394b62974fec3d0d1aecca7785e67cf4d60ed245dc832a6e3b60943cec175872d2194ba8dded0ef33a4278c9aa84668774c4701698494cabffe495d0d06f8d89eb8947fe609ccc52f1bbd3bec9b97d3d88dc54ab2a42207debcb2c8ed4ed48a94b7e83769a9149ff4097aead0a18f498e315e857664874fcd84b68f81095d8aa2844c7e21deec21d1939e248c32c9a5d2a"}) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) ioctl$EVIOCSKEYCODE(0xffffffffffffffff, 0x40084504, &(0x7f0000000400)=[0x1, 0x8001]) socket(0x0, 0x0, 0x0) close(0xffffffffffffffff) r5 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x5, r5, 0x2) io_submit(r4, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r3, &(0x7f0000000000), 0x377140be6b5ef4c7}]) 10:29:55 executing program 2: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) r4 = socket(0x0, 0x0, 0x0) close(r4) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000300)={0x5, 0x70, 0x81, 0x1, 0x3f, 0x1, 0x0, 0x101, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x40, 0xe21bf5a1ec0ebacf, @perf_bp={&(0x7f0000000140), 0x4}, 0x122, 0x3, 0x7fffffff, 0x0, 0x8, 0x5, 0x5}, 0x0, 0x0, 0xffffffffffffffff, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0x300100}]) 10:29:55 executing program 0: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) socket(0x0, 0x0, 0x0) close(0xffffffffffffffff) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0) r4 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000300)={0x5, 0x70, 0x81, 0x1, 0x3f, 0x1, 0x0, 0x101, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x40, 0xe21bf5a1ec0ebacf, @perf_bp={&(0x7f0000000140), 0x4}, 0x122, 0x3, 0x7fffffff, 0x0, 0x8, 0x5, 0x5}, 0x0, 0x5, r4, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0x700200}]) [ 2138.758458][T17661] FAT-fs (loop1): error, fat_free_clusters: deleting FAT entry beyond EOF [ 2138.848512][T17661] FAT-fs (loop1): Filesystem has been set read-only 10:29:55 executing program 3: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e01c, 0x2c4, &(0x7f0000000240), 0x10020, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) socket(0x0, 0x0, 0x0) close(0xffffffffffffffff) r4 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x5, r4, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7}]) 10:29:55 executing program 1: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) openat$vga_arbiter(0xffffffffffffff9c, 0x0, 0x800, 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, &(0x7f0000000380)={&(0x7f0000000280)='./file0/file0\x00'}, 0x10) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) creat(&(0x7f00000003c0)='./bus\x00', 0x0) io_setup(0x4, &(0x7f0000000180)=0x0) close(0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0x23000}]) [ 2139.361304][ T26] kauditd_printk_skb: 14 callbacks suppressed [ 2139.361330][ T26] audit: type=1804 audit(1578997796.182:3786): pid=17707 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir267585837/syzkaller.3H91Gd/1173/file0/file0" dev="loop2" ino=6648 res=1 10:29:56 executing program 4: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000040)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) socket(0x0, 0x0, 0x0) close(0xffffffffffffffff) r4 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x5, r4, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7}]) 10:29:56 executing program 2: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) r4 = socket(0x0, 0x0, 0x0) close(r4) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000300)={0x5, 0x70, 0x81, 0x1, 0x3f, 0x1, 0x0, 0x101, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x40, 0xe21bf5a1ec0ebacf, @perf_bp={&(0x7f0000000140), 0x4}, 0x122, 0x3, 0x7fffffff, 0x0, 0x8, 0x5, 0x5}, 0x0, 0x0, 0xffffffffffffffff, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0x300200}]) 10:29:56 executing program 5 (fault-call:14 fault-nth:0): syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_open_procfs(0x0, 0x0) socket(0x0, 0x0, 0x0) close(0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x5, 0xffffffffffffffff, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0x100012, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7}]) [ 2139.741464][ T26] audit: type=1804 audit(1578997796.562:3787): pid=17722 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir015439455/syzkaller.0lPw5D/1193/file0/file0" dev="sda1" ino=17597 res=1 10:29:57 executing program 0: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) socket(0x0, 0x0, 0x0) close(0xffffffffffffffff) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0) r4 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000300)={0x5, 0x70, 0x81, 0x1, 0x3f, 0x1, 0x0, 0x101, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x40, 0xe21bf5a1ec0ebacf, @perf_bp={&(0x7f0000000140), 0x4}, 0x122, 0x3, 0x7fffffff, 0x0, 0x8, 0x5, 0x5}, 0x0, 0x5, r4, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0x800000}]) [ 2140.399531][T17781] FAULT_INJECTION: forcing a failure. [ 2140.399531][T17781] name failslab, interval 1, probability 0, space 0, times 0 [ 2140.440866][T17781] CPU: 0 PID: 17781 Comm: syz-executor.5 Not tainted 5.5.0-rc1-syzkaller #0 [ 2140.449694][T17781] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2140.459756][T17781] Call Trace: [ 2140.463063][T17781] dump_stack+0x11d/0x181 [ 2140.467487][T17781] should_fail.cold+0xa/0x1a [ 2140.472120][T17781] __should_failslab+0xee/0x130 [ 2140.477015][T17781] should_failslab+0x9/0x14 [ 2140.481537][T17781] kmem_cache_alloc+0x29/0x5d0 [ 2140.486447][T17781] ? copy_user_enhanced_fast_string+0x10/0x30 [ 2140.492524][T17781] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2140.498796][T17781] ? _copy_from_user+0x98/0xf0 [ 2140.503581][T17781] io_submit_one+0xd0/0xdb0 [ 2140.508171][T17781] ? __rcu_read_unlock+0x66/0x3d0 [ 2140.513210][T17781] ? __sanitizer_cov_trace_switch+0x49/0x80 [ 2140.519196][T17781] ? blk_start_plug+0x62/0x120 [ 2140.524040][T17781] __x64_sys_io_submit+0x104/0x2a0 [ 2140.529245][T17781] ? btrfs_remove_chunk+0xf0/0xc20 [ 2140.534456][T17781] do_syscall_64+0xcc/0x3a0 [ 2140.539015][T17781] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2140.545007][T17781] RIP: 0033:0x45af49 [ 2140.548952][T17781] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2140.568564][T17781] RSP: 002b:00007faaf956fc78 EFLAGS: 00000246 ORIG_RAX: 00000000000000d1 [ 2140.576984][T17781] RAX: ffffffffffffffda RBX: 00007faaf956fc90 RCX: 000000000045af49 [ 2140.584992][T17781] RDX: 0000000020000540 RSI: 0000000000000732 RDI: 00007faaf9571000 [ 2140.592968][T17781] RBP: 000000000075c118 R08: 0000000000000000 R09: 0000000000000000 [ 2140.600943][T17781] R10: 0000000000000000 R11: 0000000000000246 R12: 00007faaf95706d4 [ 2140.603007][ T26] audit: type=1804 audit(1578997797.392:3788): pid=17796 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.1" name="/root/syzkaller-testdir084764212/syzkaller.RzbT3U/1145/file0/file0" dev="loop1" ino=6651 res=1 [ 2140.608985][T17781] R13: 00000000004c280f R14: 00000000004d8c20 R15: 0000000000000009 [ 2141.013798][T17796] FAT-fs (loop1): error, fat_free_clusters: deleting FAT entry beyond EOF [ 2141.042841][ T26] audit: type=1804 audit(1578997797.862:3789): pid=17785 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir432377370/syzkaller.fCXC0t/1260/file0" dev="sda1" ino=16531 res=1 [ 2141.088739][T17796] FAT-fs (loop1): Filesystem has been set read-only 10:29:58 executing program 5 (fault-call:14 fault-nth:1): syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_open_procfs(0x0, 0x0) socket(0x0, 0x0, 0x0) close(0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x5, 0xffffffffffffffff, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0x100012, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7}]) [ 2141.140779][ T26] audit: type=1804 audit(1578997797.922:3790): pid=17776 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir267585837/syzkaller.3H91Gd/1174/file0/file0" dev="sda1" ino=17553 res=1 10:29:58 executing program 4: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000040)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) socket(0x0, 0x0, 0x0) close(0xffffffffffffffff) r4 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x5, r4, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7}]) [ 2141.242910][ T26] audit: type=1800 audit(1578997797.922:3791): pid=17776 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed comm="syz-executor.2" name="file0" dev="sda1" ino=17553 res=0 10:29:58 executing program 1: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) openat$vga_arbiter(0xffffffffffffff9c, 0x0, 0x800, 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, &(0x7f0000000380)={&(0x7f0000000280)='./file0/file0\x00'}, 0x10) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) creat(&(0x7f00000003c0)='./bus\x00', 0x0) io_setup(0x4, &(0x7f0000000180)=0x0) close(0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0x24000}]) 10:29:58 executing program 2: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) r4 = socket(0x0, 0x0, 0x0) close(r4) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000300)={0x5, 0x70, 0x81, 0x1, 0x3f, 0x1, 0x0, 0x101, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x40, 0xe21bf5a1ec0ebacf, @perf_bp={&(0x7f0000000140), 0x4}, 0x122, 0x3, 0x7fffffff, 0x0, 0x8, 0x5, 0x5}, 0x0, 0x0, 0xffffffffffffffff, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0x400000}]) [ 2141.302102][ T26] audit: type=1804 audit(1578997797.922:3792): pid=17779 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir267585837/syzkaller.3H91Gd/1174/file0/file0" dev="sda1" ino=17553 res=1 [ 2141.637549][ T26] audit: type=1804 audit(1578997798.462:3793): pid=17815 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir015439455/syzkaller.0lPw5D/1194/file0/file0" dev="loop0" ino=6655 res=1 [ 2141.676439][T17823] FAULT_INJECTION: forcing a failure. 10:29:58 executing program 3: syz_mount_image$vfat(&(0x7f0000000380)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x1300800, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000100)='nl80211\x00') sendmsg$NL80211_CMD_GET_WIPHY(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000180)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r3, @ANYBLOB="15930000000000000000010000000800178100000000"], 0x1c}}, 0x0) sendmsg$NL80211_CMD_STOP_AP(r0, &(0x7f0000000340)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x1012200}, 0xc, &(0x7f0000000200)={&(0x7f00000010c0)={0x60c, r3, 0x10, 0x70bd25, 0x25dfdbfb, {}, [@NL80211_ATTR_P2P_OPPPS={0x5}, @NL80211_ATTR_P2P_CTWINDOW={0x5, 0xa2, 0xbf}, @NL80211_ATTR_PROBE_RESP={0x5dd, 0x91, "fd18c4a2f7bc54bc64bd374833b313f61d7d78b367600528188a5cdc8915d7618652229f4f409d097c9b1428d3ffa6671d647bd4dd05fd43349d9203d6650b0b8ea8ec1e888012c56d8b5e66f301c1020e69e6d7690d4f0dcb698f141e084ebdcfdfc7bcbb12af26393adb1cafded8e36168f5614a0b7ab4113f17784c46f535f6e6485eb724131bedc92717f4dd99fc15d6b2fdf8a52c5290437027762ac87766ba9552cc9ced7c86746ffa66fe77c61de1df9103a0f2224d0ec3ccfe18d02f5b86866a5f96c21f519b9d051d66edb1dfdde09f9a7316dcdeff1c344954673f106be058f99b81fd557a710fafefacd2100847a6f4f7ed0bd06d45150e11fc0e372160902b9bdd0b1b37eae45d4a499d5cc6b0186f079acdb29e8605b20c1bf2d3f6bfe755f9a41f1f1005d9fd86a5c473c0f41a8c52e0b5cedbb995cf7e05137e61e0481c9426866fcd021aa660ad06bd05584d0ad0956483cc8994177123706055d77d5c6be991c22fad0257d8c50a989cf1f595504a39692f7453f6f9bebef212ed56c81629eec213518914149392105b52b3a3302719a392c214875aa3473f33a92588d390d40104700d144e59445f479abf156f46198e8979fa2e2cbe385dba27f5927b054d288216c1b77da93ff2a62e918948381fcda0425931b919a9035901edaa824f47ddae860f9a7b8af2a5f4a938d388432b1e72a2f6e395a231628b68052c8c46f767e1a90066f1ea7930c9090ce7c4d802a742ccf2c1d883ce6387b2d84f5aa33c8e670b756b2694724be9667b4a09b17bfdfbb4957f4b5907b29187b6686f561c185cdd47cea4f2420cad97da6dadddae3d8263ae4dbebbaa1e81a84f095e8cfa22bb14bc482b6840eed8083edd6293011c1f0b36172f394b5cba3c40363259c7d57d5847529c61dc226ee7ca5cc5595d8c541728ef1f1f223bfd79db33b6f694a501f8b615495db1b0250a1232d8e15c3d90198f16620c2823270456d2c595805369a528d8061020a1521c72010c2f168d3ffb6308adb3a0263b04e5b69c6325e8f4b73636cbb62e80b557f992d7d5df8b4dd6fc3a63f3f0ad3b4776d5c105ca9f8d6c08f55a5cbf12411c6ca61faf93052aada81936214500b73368a2a9e4299d4548ea58af8a62ac44274d4c6637813bab9b55cad266a5de2b415f17cb0606f56f0b64842b1d6a0ff9387cae567b27895d71ec58cab22a636d3dc2754bb9f8e62866c1f9975c1770cf991857a42c3f98a9c0c7c9641d3c36adc05d388282b21221f808bdbdf3ac0c51d4c89316e827a28f1327c657b0df3d03b6035f824cc92b8e6fbd889c26dc27934b84abc91a79612e96102839babe0688a2677d1b6aa38beb937167db6ca4c5141d99a61cfefeb0c7bc9c2297c503338fa9e5882afaf12adfc90f779c40c4fb79efa816ddb606b7aa093f90d912f5622adae0cd23abd6e4fb5bea4b93a7533848fb5ce61cda935319879b35b393b9793a37aee7ab6cd7161cec6525c27613ec2e48bcb1dbc9b1cae09e79a471598dbcad31d2cf9bad1430c2ba36d154c50c99876415e85af625799766effa265d80f578ff6409f44de208335ed8dd4244e2f36d7925874d4d603bb31b289a7c65c09f23a7e972fae0bba6a41e2cee5dd669259c280b67e9fd80aec7b6775416c4a53e93073c38ea3200837fd6e1cbb99abd8cd5dd24b13d318a4b8e3dbd7c4347455dd0e355e338c43d3576eade3b9079a8960fc67fc9101d86c29622aaa0a127c95e025553cc00e4d47c090f0f398373e7711a5905abe28886464207b82f96be7bc17554235e0c725b08b0611e89ee8bc31a6c3c0cb8ae7fe967fe8b724d58bccb7a3d9ecd217b9d2efdf94160a145d4340b95ac38bb17c2fa17117ff413d9639c4ef114fe591501b1a68116d5455aa0da4213a7c4a9a47a386107bef599c4457247e0fe3ad6ee2596b3e5a05b4956e66fc212e4a583b888520db6db770efe88449927d61ccf6b77eba5839d73d824df1205c770f44fa97c1c6642f9e8ff5503b49567fc40d66ef0f2efba2b3ba37180d49f7610b692b411bb5ef56b2fac7ee3fd2aca97536f6b3517b2b2503654d95bb814f7e83af90f785de6"}, @NL80211_ATTR_AUTH_TYPE={0x8, 0x35, 0x4}]}, 0x60c}, 0x1, 0x0, 0x0, 0x98}, 0x8040) r4 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) r6 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r6, 0x6, 0x210000000013, &(0x7f0000000040)=0x100000001, 0x4) connect$inet(r6, &(0x7f0000000180)={0x2, 0x0, @local}, 0x10) ioctl$KDGKBMETA(r4, 0x4b62, &(0x7f00000003c0)) setsockopt$inet_opts(r6, 0x0, 0x2, 0x0, 0x0) ioctl$FS_IOC_MEASURE_VERITY(r6, 0xc0046686, &(0x7f0000000700)=ANY=[@ANYBLOB="0000af009c9b271f19b87d0cfaebc34a64770e38a0a0eb6cdfb2125f80da35a1d9dd39be6e03568439d28e1db913b0619f1f5395a3f44b6b76e0c47659b14278f33bec3dfc4ce34e7265fa8da8db5b20b35eab850d522eb6724ad43310a050304cbdc2853d07b3a17c947ccd9281164e49a0d4f0c8b211cb33be0f42581b87aee7f3ad4719244987647d19c376e8055a240503b373b95701a64f332c251d8c1411eb21cc909874d40decd82e7ce7e1e02ac2a2a92b1102048a34c5c0c1969c46160178645a053408feeb7f906fc34ba70a1ee9a25dad4ea7bb2c9bb3bc517a230c0be8db3000d086f26631358b65e33e587a8fa7a9201c2784d3e6b284907a60bd85974e095b113cba50e2d97d2291e8ac57993c249b279407dd7a3885c52bec2837ea9ba1c1b46dee66738756591570bc62b3b7d6dedca48fa54dd361ee1ec6c14ee3043b628d018d39d500"/341]) syz_open_procfs(0x0, 0x0) socket(0x0, 0x0, 0x0) close(0xffffffffffffffff) r7 = openat$ipvs(0xffffffffffffff9c, 0x0, 0x2, 0x0) ioctl$FS_IOC_FIEMAP(r7, 0xc020660b, &(0x7f0000000280)=ANY=[@ANYBLOB="09000000000000020000001900400003000000000000000000000000000000000000000000000000000000000225000000000000000096c96f0aa0db0000000000007200000000008001ee00000000000000000000000000000000000000000000000000000000000000010100000000000000000000000000006f6a0000000000000000f8847deae0460d0e28eb8b32b5c9b24894229bdd5d"]) r8 = gettid() tkill(r8, 0x16) r9 = perf_event_open(&(0x7f000001d000)={0x1, 0xae, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fe, 0x200, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080), 0x10}, 0x60050, 0x0, 0x0, 0x0, 0x0, 0x537, 0xffff}, 0x0, 0xffffffffffffffff, r7, 0x1a) perf_event_open(0x0, 0x0, 0x5, r9, 0x2) io_submit(r5, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r4, &(0x7f0000000000), 0x377140be6b5ef4c7}]) [ 2141.676439][T17823] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 2141.758422][T17823] CPU: 1 PID: 17823 Comm: syz-executor.5 Not tainted 5.5.0-rc1-syzkaller #0 [ 2141.759706][ T26] audit: type=1804 audit(1578997798.532:3794): pid=17840 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir015439455/syzkaller.0lPw5D/1194/file0/file0" dev="loop0" ino=6655 res=1 [ 2141.767294][T17823] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2141.767300][T17823] Call Trace: [ 2141.767327][T17823] dump_stack+0x11d/0x181 [ 2141.767380][T17823] should_fail.cold+0xa/0x1a [ 2141.767497][T17823] should_fail_alloc_page+0x50/0x60 [ 2141.795894][ T26] audit: type=1800 audit(1578997798.582:3795): pid=17815 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed comm="syz-executor.0" name="file0" dev="loop0" ino=6655 res=0 [ 2141.802452][T17823] __alloc_pages_nodemask+0xd2/0x310 [ 2141.802483][T17823] alloc_pages_current+0xd1/0x170 [ 2141.849997][T17823] __page_cache_alloc+0x183/0x1a0 [ 2141.855158][T17823] pagecache_get_page+0x24b/0x6f0 [ 2141.860238][T17823] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2141.866513][T17823] ? __this_cpu_preempt_check+0x45/0x140 [ 2141.872198][T17823] ? fat_add_cluster+0xd0/0xd0 [ 2141.877007][T17823] grab_cache_page_write_begin+0x5d/0x90 [ 2141.882658][T17823] block_write_begin+0x52/0x160 [ 2141.887611][T17823] cont_write_begin+0x3d6/0x670 [ 2141.892475][T17823] ? fat_add_cluster+0xd0/0xd0 [ 2141.897313][T17823] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 2141.903580][T17823] ? wb_io_lists_populated+0x8d/0xa0 [ 2141.908928][T17823] ? inode_io_list_move_locked+0xf2/0x200 [ 2141.914669][T17823] fat_write_begin+0x72/0xc0 [ 2141.919351][T17823] ? fat_add_cluster+0xd0/0xd0 [ 2141.924145][T17823] generic_perform_write+0x136/0x320 [ 2141.929439][T17823] ? __mnt_drop_write_file+0x2d/0x30 [ 2141.934736][T17823] ? __read_once_size.constprop.0+0x20/0x20 [ 2141.940663][T17823] __generic_file_write_iter+0x251/0x380 [ 2141.946333][T17823] ? generic_write_check_limits.isra.0+0x168/0x1c0 [ 2141.952916][T17823] generic_file_write_iter+0x28c/0x38c [ 2141.958396][T17823] aio_write+0x1de/0x2d0 [ 2141.962663][T17823] ? aio_write+0xa/0x2d0 [ 2141.966911][T17823] io_submit_one+0x61d/0xdb0 [ 2141.971592][T17823] ? debug_smp_processor_id+0x3e/0x137 [ 2141.977063][T17823] ? kcsan_setup_watchpoint+0x1d4/0x460 [ 2141.982708][T17823] __x64_sys_io_submit+0x104/0x2a0 [ 2141.987840][T17823] ? btrfs_remove_chunk+0xf0/0xc20 [ 2141.992966][T17823] do_syscall_64+0xcc/0x3a0 [ 2141.997509][T17823] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2142.003406][T17823] RIP: 0033:0x45af49 [ 2142.007310][T17823] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2142.027097][T17823] RSP: 002b:00007faaf95d3c78 EFLAGS: 00000246 ORIG_RAX: 00000000000000d1 [ 2142.035519][T17823] RAX: ffffffffffffffda RBX: 00007faaf95d3c90 RCX: 000000000045af49 [ 2142.043538][T17823] RDX: 0000000020000540 RSI: 0000000000000732 RDI: 00007faaf9592000 [ 2142.051642][T17823] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2142.059640][T17823] R10: 0000000000000000 R11: 0000000000000246 R12: 00007faaf95d46d4 [ 2142.067615][T17823] R13: 00000000004c280f R14: 00000000004d8c20 R15: 0000000000000007 [ 2142.148357][T17840] FAT-fs (loop0): error, fat_free_clusters: deleting FAT entry beyond EOF [ 2142.248543][T17840] FAT-fs (loop0): Filesystem has been set read-only [ 2142.293307][T17863] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'. 10:29:59 executing program 0: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) socket(0x0, 0x0, 0x0) close(0xffffffffffffffff) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0) r4 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000300)={0x5, 0x70, 0x81, 0x1, 0x3f, 0x1, 0x0, 0x101, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x40, 0xe21bf5a1ec0ebacf, @perf_bp={&(0x7f0000000140), 0x4}, 0x122, 0x3, 0x7fffffff, 0x0, 0x8, 0x5, 0x5}, 0x0, 0x5, r4, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0x800100}]) [ 2142.609886][T17878] FAT-fs (loop2): error, fat_free_clusters: deleting FAT entry beyond EOF [ 2142.675476][T17878] FAT-fs (loop2): Filesystem has been set read-only 10:29:59 executing program 5: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_open_procfs(0x0, 0x0) socket(0x0, 0x0, 0x0) close(0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x5, 0xffffffffffffffff, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0x100012, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7}]) 10:29:59 executing program 2: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) r4 = socket(0x0, 0x0, 0x0) close(r4) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000300)={0x5, 0x70, 0x81, 0x1, 0x3f, 0x1, 0x0, 0x101, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x40, 0xe21bf5a1ec0ebacf, @perf_bp={&(0x7f0000000140), 0x4}, 0x122, 0x3, 0x7fffffff, 0x0, 0x8, 0x5, 0x5}, 0x0, 0x0, 0xffffffffffffffff, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0x400100}]) 10:29:59 executing program 1: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) openat$vga_arbiter(0xffffffffffffff9c, 0x0, 0x800, 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, &(0x7f0000000380)={&(0x7f0000000280)='./file0/file0\x00'}, 0x10) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) creat(&(0x7f00000003c0)='./bus\x00', 0x0) io_setup(0x4, &(0x7f0000000180)=0x0) close(0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0x25000}]) 10:30:00 executing program 4: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) openat$vga_arbiter(0xffffffffffffff9c, 0x0, 0x800, 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, &(0x7f0000000380)={&(0x7f0000000280)='./file0/file0\x00'}, 0x10) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) creat(&(0x7f00000003c0)='./bus\x00', 0x0) io_setup(0x4, &(0x7f0000000180)=0x0) close(0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0x23000}]) [ 2143.616217][T17893] FAT-fs (loop0): error, fat_free_clusters: deleting FAT entry beyond EOF [ 2143.632963][T17893] FAT-fs (loop0): Filesystem has been set read-only 10:30:00 executing program 2: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) r4 = socket(0x0, 0x0, 0x0) close(r4) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000300)={0x5, 0x70, 0x81, 0x1, 0x3f, 0x1, 0x0, 0x101, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x40, 0xe21bf5a1ec0ebacf, @perf_bp={&(0x7f0000000140), 0x4}, 0x122, 0x3, 0x7fffffff, 0x0, 0x8, 0x5, 0x5}, 0x0, 0x0, 0xffffffffffffffff, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0x400200}]) 10:30:00 executing program 0: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) socket(0x0, 0x0, 0x0) close(0xffffffffffffffff) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0) r4 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000300)={0x5, 0x70, 0x81, 0x1, 0x3f, 0x1, 0x0, 0x101, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x40, 0xe21bf5a1ec0ebacf, @perf_bp={&(0x7f0000000140), 0x4}, 0x122, 0x3, 0x7fffffff, 0x0, 0x8, 0x5, 0x5}, 0x0, 0x5, r4, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0x800200}]) [ 2144.477539][T17948] FAT-fs (loop0): error, fat_free_clusters: deleting FAT entry beyond EOF [ 2144.509013][T17948] FAT-fs (loop0): Filesystem has been set read-only 10:30:01 executing program 0: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) socket(0x0, 0x0, 0x0) close(0xffffffffffffffff) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0) r4 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000300)={0x5, 0x70, 0x81, 0x1, 0x3f, 0x1, 0x0, 0x101, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x40, 0xe21bf5a1ec0ebacf, @perf_bp={&(0x7f0000000140), 0x4}, 0x122, 0x3, 0x7fffffff, 0x0, 0x8, 0x5, 0x5}, 0x0, 0x5, r4, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0x900000}]) 10:30:01 executing program 3: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) socket(0x0, 0x0, 0x0) close(0xffffffffffffffff) r4 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x5, r4, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7}]) openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000340)='/dev/sequencer2\x00', 0x26880, 0x0) getsockopt$inet_sctp6_SCTP_GET_PEER_ADDRS(r0, 0x84, 0x6c, &(0x7f0000000380)={0x0, 0xb2, "b1b23a2cde8a8ecb4d9944c7de28c9babeeb2183b02f299515d8c258340248369a0a73da27bc36c0b223f05bf84cad984f1cef9e6ca0964c29f47a94c69bb70f762eb85cdbd9d539211342444c5c4e707b02acc4dbce18548fc60a9965473350d88ce4ff2957d7dff857d8eb852a8d1b01c067f4f16196c7506c7602f7cde32450993b862e64eb54380f11d53831c22e64ff270244792869958bd55dd1d298a5ebd98fb0619d8cbaf613dc54584783a74582"}, &(0x7f0000000440)=0xba) r5 = memfd_create(&(0x7f000003e000)='\'', 0x0) r6 = dup2(0xffffffffffffffff, r5) getsockopt$inet_sctp6_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, &(0x7f0000000440)=@assoc_value={0x0}, 0x0) getsockopt$inet_sctp_SCTP_PEER_AUTH_CHUNKS(r6, 0x84, 0x1a, &(0x7f0000000400)={r7, 0x3c, "83bcf0be4e89004b1933552a8bb2f5ff9620a973e28ff580d461da853b8dc998daa1e4e570291e422e402533815ee0acc7913ee2ce73651368ea4aaf"}, &(0x7f0000000080)=0x44) r8 = openat$ipvs(0xffffffffffffff9c, 0x0, 0x2, 0x0) ioctl$FS_IOC_FIEMAP(r8, 0xc020660b, &(0x7f0000000280)=ANY=[@ANYBLOB="09000000000000020000001900400021000000000000000000000000000000000000000000000000000000000225000000000000000096c97449a0d20000000000007200000000008001ee000000a4129300000000000000000000000000000000000000000000000000000000010100000000000000000000000000006f6a0000000000000000f8847deae0460d0e28eb8b32b5e42b843e22"]) r9 = openat$ipvs(0xffffffffffffff9c, 0x0, 0x2, 0x0) ioctl$FS_IOC_FIEMAP(r9, 0xc020660b, &(0x7f0000000280)=ANY=[@ANYBLOB="09000000000000020000001900400003000000000000000000000000000000000000000000000000000000000225000000000000000096c96f0aa0db0000000000007200000000008001ee00000000000000000000000000000000000000000000000000000000000000010100000000000000000000000000006f6a0000000000000000f8847deae0460d0e28eb8b32b5c9b24894229bdd5d"]) getsockopt$inet_sctp6_SCTP_RESET_STREAMS(r9, 0x84, 0x77, &(0x7f0000000580)={r7, 0x7, 0x8000000000000239, [0x82, 0x6, 0x1]}, &(0x7f00000004c0)=0xfffffffffffffd38) r10 = openat$ipvs(0xffffffffffffff9c, 0x0, 0x2, 0x0) ioctl$FS_IOC_FIEMAP(r10, 0xc020660b, &(0x7f0000000280)=ANY=[@ANYBLOB="09000000000000020000001900400003000000000000000000000000000000000000000000000000000000000225000000000000000096c96f0aa0db0000000000007200000000008001ee00000000000000000000000000000000000000000000000000000000000000010100000000000000000000000000006f6a0000000000000000f8847deae0460d0e28eb8b32b5c9b24894229bdd5d"]) r11 = syz_genetlink_get_family_id$net_dm(&(0x7f0000000080)='NET_DM\x00') sendmsg$NET_DM_CMD_STOP(r10, &(0x7f0000000280)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000200)={&(0x7f0000000140)={0x14, r11, 0x4, 0x70bd26, 0x25dfdbff, {}, ["", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x4044020}, 0x40000000) 10:30:01 executing program 1: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) openat$vga_arbiter(0xffffffffffffff9c, 0x0, 0x800, 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, &(0x7f0000000380)={&(0x7f0000000280)='./file0/file0\x00'}, 0x10) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) creat(&(0x7f00000003c0)='./bus\x00', 0x0) io_setup(0x4, &(0x7f0000000180)=0x0) close(0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0x26000}]) 10:30:02 executing program 4 (fault-call:15 fault-nth:0): syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) socket(0x0, 0x0, 0x0) close(0xffffffffffffffff) r4 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x5, r4, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7}]) [ 2145.803070][ T26] kauditd_printk_skb: 8 callbacks suppressed [ 2145.803091][ T26] audit: type=1804 audit(1578997802.632:3804): pid=17985 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir267585837/syzkaller.3H91Gd/1177/file0/file0" dev="sda1" ino=17681 res=1 [ 2146.047942][ T26] audit: type=1804 audit(1578997802.872:3805): pid=17992 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.3" name="/root/syzkaller-testdir432377370/syzkaller.fCXC0t/1262/file0" dev="sda1" ino=17633 res=1 10:30:03 executing program 2: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) r4 = socket(0x0, 0x0, 0x0) close(r4) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000300)={0x5, 0x70, 0x81, 0x1, 0x3f, 0x1, 0x0, 0x101, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x40, 0xe21bf5a1ec0ebacf, @perf_bp={&(0x7f0000000140), 0x4}, 0x122, 0x3, 0x7fffffff, 0x0, 0x8, 0x5, 0x5}, 0x0, 0x0, 0xffffffffffffffff, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0x500000}]) [ 2146.294207][ T26] audit: type=1804 audit(1578997803.122:3806): pid=17977 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir015439455/syzkaller.0lPw5D/1197/file0/file0" dev="sda1" ino=17507 res=1 [ 2146.353342][T18024] FAULT_INJECTION: forcing a failure. [ 2146.353342][T18024] name failslab, interval 1, probability 0, space 0, times 0 [ 2146.436169][ T26] audit: type=1804 audit(1578997803.232:3807): pid=18029 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir084764212/syzkaller.RzbT3U/1148/file0/file0" dev="sda1" ino=16486 res=1 [ 2146.441177][T18024] CPU: 1 PID: 18024 Comm: syz-executor.4 Not tainted 5.5.0-rc1-syzkaller #0 [ 2146.470280][T18024] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2146.481661][T18024] Call Trace: [ 2146.484991][T18024] dump_stack+0x11d/0x181 [ 2146.489342][T18024] should_fail.cold+0xa/0x1a [ 2146.494006][T18024] __should_failslab+0xee/0x130 [ 2146.498906][T18024] should_failslab+0x9/0x14 [ 2146.503434][T18024] kmem_cache_alloc+0x29/0x5d0 [ 2146.504846][ T26] audit: type=1800 audit(1578997803.232:3808): pid=18029 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed comm="syz-executor.1" name="file0" dev="sda1" ino=16486 res=0 [ 2146.508263][T18024] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2146.508285][T18024] ? _copy_from_user+0x98/0xf0 [ 2146.508320][T18024] io_submit_one+0xd0/0xdb0 [ 2146.543727][T18024] ? __rcu_read_unlock+0x66/0x3d0 [ 2146.548767][T18024] ? __sanitizer_cov_trace_switch+0x49/0x80 [ 2146.553253][ T26] audit: type=1804 audit(1578997803.232:3809): pid=18034 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.1" name="/root/syzkaller-testdir084764212/syzkaller.RzbT3U/1148/file0/file0" dev="sda1" ino=16486 res=1 [ 2146.554773][T18024] ? blk_start_plug+0x62/0x120 [ 2146.554811][T18024] __x64_sys_io_submit+0x104/0x2a0 [ 2146.589602][T18024] ? btrfs_remove_chunk+0xf0/0xc20 [ 2146.594738][T18024] do_syscall_64+0xcc/0x3a0 [ 2146.599254][T18024] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2146.605169][T18024] RIP: 0033:0x45af49 [ 2146.609108][T18024] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2146.628728][T18024] RSP: 002b:00007ff20ba54c78 EFLAGS: 00000246 ORIG_RAX: 00000000000000d1 [ 2146.637216][T18024] RAX: ffffffffffffffda RBX: 00007ff20ba54c90 RCX: 000000000045af49 [ 2146.645203][T18024] RDX: 0000000020000540 RSI: 0000000000000732 RDI: 00007ff20ba34000 [ 2146.653228][T18024] RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000 [ 2146.661212][T18024] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ff20ba556d4 [ 2146.669203][T18024] R13: 00000000004c280f R14: 00000000004d8c20 R15: 0000000000000007 10:30:03 executing program 0: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) socket(0x0, 0x0, 0x0) close(0xffffffffffffffff) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0) r4 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000300)={0x5, 0x70, 0x81, 0x1, 0x3f, 0x1, 0x0, 0x101, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x40, 0xe21bf5a1ec0ebacf, @perf_bp={&(0x7f0000000140), 0x4}, 0x122, 0x3, 0x7fffffff, 0x0, 0x8, 0x5, 0x5}, 0x0, 0x5, r4, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0x900100}]) [ 2147.344217][ T26] audit: type=1804 audit(1578997804.172:3810): pid=18044 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir267585837/syzkaller.3H91Gd/1178/file0" dev="sda1" ino=17282 res=1 [ 2147.415647][ T26] audit: type=1800 audit(1578997804.242:3811): pid=18044 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed comm="syz-executor.2" name="file0" dev="sda1" ino=17282 res=0 [ 2147.449879][ T26] audit: type=1804 audit(1578997804.242:3812): pid=18060 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir267585837/syzkaller.3H91Gd/1178/file0" dev="sda1" ino=17282 res=1 [ 2147.877564][ T26] audit: type=1804 audit(1578997804.702:3813): pid=18066 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir015439455/syzkaller.0lPw5D/1198/file0/file0" dev="sda1" ino=16675 res=1 [ 2150.637158][T17922] FAT-fs (loop5): error, fat_get_cluster: detected the cluster chain loop (i_pos 970769) [ 2150.646995][T17922] FAT-fs (loop5): Filesystem has been set read-only 10:30:07 executing program 5: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_open_procfs(0x0, 0x0) socket(0x0, 0x0, 0x0) close(0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x5, 0xffffffffffffffff, 0x2) io_submit(r3, 0x730, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0x100012, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7}]) 10:30:07 executing program 1: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) openat$vga_arbiter(0xffffffffffffff9c, 0x0, 0x800, 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, &(0x7f0000000380)={&(0x7f0000000280)='./file0/file0\x00'}, 0x10) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) creat(&(0x7f00000003c0)='./bus\x00', 0x0) io_setup(0x4, &(0x7f0000000180)=0x0) close(0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0x27000}]) 10:30:07 executing program 3: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x8, 0x3af, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) socket(0x0, 0x0, 0x0) close(0xffffffffffffffff) r4 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x5, r4, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7}]) 10:30:07 executing program 2: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) r4 = socket(0x0, 0x0, 0x0) close(r4) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000300)={0x5, 0x70, 0x81, 0x1, 0x3f, 0x1, 0x0, 0x101, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x40, 0xe21bf5a1ec0ebacf, @perf_bp={&(0x7f0000000140), 0x4}, 0x122, 0x3, 0x7fffffff, 0x0, 0x8, 0x5, 0x5}, 0x0, 0x0, 0xffffffffffffffff, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0x500100}]) 10:30:07 executing program 4 (fault-call:15 fault-nth:1): syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) socket(0x0, 0x0, 0x0) close(0xffffffffffffffff) r4 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x5, r4, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7}]) 10:30:07 executing program 0: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) socket(0x0, 0x0, 0x0) close(0xffffffffffffffff) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0) r4 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000300)={0x5, 0x70, 0x81, 0x1, 0x3f, 0x1, 0x0, 0x101, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x40, 0xe21bf5a1ec0ebacf, @perf_bp={&(0x7f0000000140), 0x4}, 0x122, 0x3, 0x7fffffff, 0x0, 0x8, 0x5, 0x5}, 0x0, 0x5, r4, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0x900200}]) [ 2151.084749][T18110] FAULT_INJECTION: forcing a failure. [ 2151.084749][T18110] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 2151.533044][T18110] CPU: 0 PID: 18110 Comm: syz-executor.4 Not tainted 5.5.0-rc1-syzkaller #0 [ 2151.541775][T18110] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2151.551840][T18110] Call Trace: [ 2151.555143][T18110] dump_stack+0x11d/0x181 [ 2151.559505][T18110] should_fail.cold+0xa/0x1a [ 2151.564270][T18110] should_fail_alloc_page+0x50/0x60 [ 2151.569554][T18110] __alloc_pages_nodemask+0xd2/0x310 [ 2151.574863][T18110] alloc_pages_current+0xd1/0x170 [ 2151.579959][T18110] __page_cache_alloc+0x183/0x1a0 [ 2151.585002][T18110] pagecache_get_page+0x24b/0x6f0 [ 2151.590069][T18110] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2151.596374][T18110] ? __this_cpu_preempt_check+0x45/0x140 [ 2151.602030][T18110] ? fat_add_cluster+0xd0/0xd0 [ 2151.606807][T18110] grab_cache_page_write_begin+0x5d/0x90 [ 2151.612463][T18110] block_write_begin+0x52/0x160 [ 2151.617337][T18110] cont_write_begin+0x3d6/0x670 [ 2151.622241][T18110] ? fat_add_cluster+0xd0/0xd0 [ 2151.627026][T18110] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 2151.633345][T18110] ? wb_io_lists_populated+0x8d/0xa0 [ 2151.638636][T18110] ? inode_io_list_move_locked+0xf2/0x200 [ 2151.644362][T18110] fat_write_begin+0x72/0xc0 [ 2151.648968][T18110] ? fat_add_cluster+0xd0/0xd0 [ 2151.653799][T18110] generic_perform_write+0x136/0x320 [ 2151.659158][T18110] ? __mnt_drop_write_file+0x2d/0x30 [ 2151.664452][T18110] ? __read_once_size.constprop.0+0x20/0x20 [ 2151.670372][T18110] __generic_file_write_iter+0x251/0x380 [ 2151.676081][T18110] ? generic_write_check_limits.isra.0+0x168/0x1c0 [ 2151.682595][T18110] generic_file_write_iter+0x28c/0x38c [ 2151.688162][T18110] aio_write+0x1de/0x2d0 [ 2151.692444][T18110] ? __fget+0xb8/0x1d0 [ 2151.696530][T18110] io_submit_one+0x61d/0xdb0 [ 2151.701212][T18110] __x64_sys_io_submit+0x104/0x2a0 [ 2151.706398][T18110] ? btrfs_remove_chunk+0xf0/0xc20 [ 2151.711519][T18110] do_syscall_64+0xcc/0x3a0 [ 2151.716074][T18110] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2151.721975][T18110] RIP: 0033:0x45af49 [ 2151.725875][T18110] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2151.745474][T18110] RSP: 002b:00007ff20ba32c78 EFLAGS: 00000246 ORIG_RAX: 00000000000000d1 [ 2151.753978][T18110] RAX: ffffffffffffffda RBX: 00007ff20ba32c90 RCX: 000000000045af49 [ 2151.761996][T18110] RDX: 0000000020000540 RSI: 0000000000000732 RDI: 00007ff20ba34000 [ 2151.769979][T18110] RBP: 000000000075c070 R08: 0000000000000000 R09: 0000000000000000 [ 2151.777943][T18110] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ff20ba336d4 [ 2151.785924][T18110] R13: 00000000004c280f R14: 00000000004d8c20 R15: 0000000000000008 [ 2151.905185][ T26] audit: type=1804 audit(1578997808.732:3814): pid=18109 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir015439455/syzkaller.0lPw5D/1199/file0" dev="sda1" ino=16769 res=1 [ 2151.958647][T18121] FAT-fs (loop2): error, fat_free_clusters: deleting FAT entry beyond EOF [ 2151.982391][T18121] FAT-fs (loop2): Filesystem has been set read-only [ 2152.041800][ T26] audit: type=1800 audit(1578997808.762:3815): pid=18109 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed comm="syz-executor.0" name="file0" dev="sda1" ino=16769 res=0 10:30:08 executing program 2: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) r4 = socket(0x0, 0x0, 0x0) close(r4) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000300)={0x5, 0x70, 0x81, 0x1, 0x3f, 0x1, 0x0, 0x101, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x40, 0xe21bf5a1ec0ebacf, @perf_bp={&(0x7f0000000140), 0x4}, 0x122, 0x3, 0x7fffffff, 0x0, 0x8, 0x5, 0x5}, 0x0, 0x0, 0xffffffffffffffff, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0x500200}]) [ 2152.098679][ T26] audit: type=1804 audit(1578997808.762:3816): pid=18117 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir015439455/syzkaller.0lPw5D/1199/file0" dev="sda1" ino=16769 res=1 10:30:09 executing program 4: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) socket(0x0, 0x0, 0x0) close(0xffffffffffffffff) r4 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x5, r4, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7}]) 10:30:09 executing program 0: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) socket(0x0, 0x0, 0x0) close(0xffffffffffffffff) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0) r4 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000300)={0x5, 0x70, 0x81, 0x1, 0x3f, 0x1, 0x0, 0x101, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x40, 0xe21bf5a1ec0ebacf, @perf_bp={&(0x7f0000000140), 0x4}, 0x122, 0x3, 0x7fffffff, 0x0, 0x8, 0x5, 0x5}, 0x0, 0x5, r4, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0xa00000}]) 10:30:09 executing program 1: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) openat$vga_arbiter(0xffffffffffffff9c, 0x0, 0x800, 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, &(0x7f0000000380)={&(0x7f0000000280)='./file0/file0\x00'}, 0x10) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) creat(&(0x7f00000003c0)='./bus\x00', 0x0) io_setup(0x4, &(0x7f0000000180)=0x0) close(0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0x28000}]) [ 2152.331092][ T26] audit: type=1804 audit(1578997808.822:3817): pid=18106 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir267585837/syzkaller.3H91Gd/1179/file0/file0" dev="loop2" ino=6673 res=1 [ 2152.439785][ T26] audit: type=1804 audit(1578997808.902:3818): pid=18112 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir084764212/syzkaller.RzbT3U/1149/file0/file0" dev="sda1" ino=16785 res=1 [ 2152.550350][ T26] audit: type=1804 audit(1578997808.962:3819): pid=18130 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir776099957/syzkaller.77s99b/1535/file0/file0" dev="loop5" ino=6677 res=1 10:30:09 executing program 5: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_open_procfs(0x0, 0x0) socket(0x0, 0x0, 0x0) close(0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x5, 0xffffffffffffffff, 0x2) io_submit(r3, 0x731, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0x100012, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7}]) [ 2152.585441][ T26] audit: type=1804 audit(1578997809.042:3820): pid=18150 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.5" name="/root/syzkaller-testdir776099957/syzkaller.77s99b/1535/file0/file0" dev="loop5" ino=6677 res=1 [ 2152.638569][ T26] audit: type=1804 audit(1578997809.072:3821): pid=18123 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir432377370/syzkaller.fCXC0t/1263/file0" dev="sda1" ino=16753 res=1 [ 2152.708282][ T26] audit: type=1804 audit(1578997809.092:3822): pid=18155 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.3" name="/root/syzkaller-testdir432377370/syzkaller.fCXC0t/1263/file0" dev="sda1" ino=16753 res=1 10:30:09 executing program 3: syz_mount_image$vfat(&(0x7f0000000040)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0xfffffffffffffc27}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) socket(0x0, 0x0, 0x0) close(0xffffffffffffffff) r4 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x5, r4, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7}]) [ 2153.444615][ T26] audit: type=1804 audit(1578997810.272:3823): pid=18167 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir267585837/syzkaller.3H91Gd/1180/file0/file0" dev="sda1" ino=16673 res=1 10:30:10 executing program 2: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) r4 = socket(0x0, 0x0, 0x0) close(r4) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000300)={0x5, 0x70, 0x81, 0x1, 0x3f, 0x1, 0x0, 0x101, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x40, 0xe21bf5a1ec0ebacf, @perf_bp={&(0x7f0000000140), 0x4}, 0x122, 0x3, 0x7fffffff, 0x0, 0x8, 0x5, 0x5}, 0x0, 0x0, 0xffffffffffffffff, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0x600000}]) 10:30:10 executing program 0: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) socket(0x0, 0x0, 0x0) close(0xffffffffffffffff) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0) r4 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000300)={0x5, 0x70, 0x81, 0x1, 0x3f, 0x1, 0x0, 0x101, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x40, 0xe21bf5a1ec0ebacf, @perf_bp={&(0x7f0000000140), 0x4}, 0x122, 0x3, 0x7fffffff, 0x0, 0x8, 0x5, 0x5}, 0x0, 0x5, r4, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0xa00100}]) 10:30:10 executing program 1: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) openat$vga_arbiter(0xffffffffffffff9c, 0x0, 0x800, 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, &(0x7f0000000380)={&(0x7f0000000280)='./file0/file0\x00'}, 0x10) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) creat(&(0x7f00000003c0)='./bus\x00', 0x0) io_setup(0x4, &(0x7f0000000180)=0x0) close(0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0x29000}]) 10:30:11 executing program 5: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_open_procfs(0x0, 0x0) socket(0x0, 0x0, 0x0) close(0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x5, 0xffffffffffffffff, 0x2) io_submit(r3, 0x733, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0x100012, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7}]) 10:30:11 executing program 4: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) socket(0x0, 0x0, 0x0) close(0xffffffffffffffff) r4 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x5, r4, 0x2) io_submit(r3, 0x731, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7}]) 10:30:11 executing program 3: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_open_procfs(0x0, 0x0) socket(0x0, 0x0, 0x0) close(0xffffffffffffffff) r4 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x5, r4, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7}]) [ 2155.465503][T18305] FAT-fs (loop0): error, fat_free_clusters: deleting FAT entry beyond EOF [ 2155.508142][T18305] FAT-fs (loop0): Filesystem has been set read-only [ 2155.521193][T18311] FAT-fs (loop5): error, fat_free_clusters: deleting FAT entry beyond EOF [ 2155.542236][T18311] FAT-fs (loop5): Filesystem has been set read-only 10:30:12 executing program 1: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) openat$vga_arbiter(0xffffffffffffff9c, 0x0, 0x800, 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, &(0x7f0000000380)={&(0x7f0000000280)='./file0/file0\x00'}, 0x10) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) creat(&(0x7f00000003c0)='./bus\x00', 0x0) io_setup(0x4, &(0x7f0000000180)=0x0) close(0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0x2a000}]) 10:30:12 executing program 5: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_open_procfs(0x0, 0x0) socket(0x0, 0x0, 0x0) close(0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x5, 0xffffffffffffffff, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000002, 0x100012, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7}]) 10:30:12 executing program 0: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) socket(0x0, 0x0, 0x0) close(0xffffffffffffffff) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0) r4 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000300)={0x5, 0x70, 0x81, 0x1, 0x3f, 0x1, 0x0, 0x101, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x40, 0xe21bf5a1ec0ebacf, @perf_bp={&(0x7f0000000140), 0x4}, 0x122, 0x3, 0x7fffffff, 0x0, 0x8, 0x5, 0x5}, 0x0, 0x5, r4, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0xa00200}]) 10:30:12 executing program 2: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) r4 = socket(0x0, 0x0, 0x0) close(r4) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000300)={0x5, 0x70, 0x81, 0x1, 0x3f, 0x1, 0x0, 0x101, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x40, 0xe21bf5a1ec0ebacf, @perf_bp={&(0x7f0000000140), 0x4}, 0x122, 0x3, 0x7fffffff, 0x0, 0x8, 0x5, 0x5}, 0x0, 0x0, 0xffffffffffffffff, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0x600100}]) [ 2156.057729][T18347] FAT-fs (loop3): error, fat_free_clusters: deleting FAT entry beyond EOF [ 2156.205211][T18347] FAT-fs (loop3): Filesystem has been set read-only [ 2156.216898][T18306] FAT-fs (loop3): error, fat_free_clusters: deleting FAT entry beyond EOF 10:30:13 executing program 4: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) socket(0x0, 0x0, 0x0) close(0xffffffffffffffff) r4 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x5, r4, 0x2) io_submit(r3, 0x733, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7}]) 10:30:13 executing program 3: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) socket(0x0, 0x0, 0x0) r4 = openat$ipvs(0xffffffffffffff9c, 0x0, 0x2, 0x0) ioctl$EVIOCSABS3F(r0, 0x401845ff, &(0x7f0000000040)={0x90000000, 0x7b3, 0x7, 0xffffffe1, 0x80, 0x7}) ioctl$FS_IOC_FIEMAP(r4, 0xc020660b, &(0x7f0000000280)=ANY=[@ANYBLOB="09000000000000020000001900400003000000000000000000000000000000000000000000000000000000000225000000000000000096c96f0aa0db0000000000007200000000008001ee00000000000000000000000000000000000000000000000000000000000000010100000000000000000000000000006f6a0000000000000000f8847deae0460d0e28eb8b32b5c9b24894229bdd5d"]) ioctl$KDSETMODE(r4, 0x4b3a, 0x0) close(0xffffffffffffffff) r5 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x5, r5, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7}]) [ 2156.981824][ T26] kauditd_printk_skb: 29 callbacks suppressed [ 2156.981846][ T26] audit: type=1804 audit(1578997813.792:3853): pid=18355 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir776099957/syzkaller.77s99b/1538/file0/file0" dev="loop5" ino=6687 res=1 [ 2157.209808][ T26] audit: type=1804 audit(1578997813.952:3854): pid=18371 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir267585837/syzkaller.3H91Gd/1182/file0/file0" dev="loop2" ino=6688 res=1 10:30:14 executing program 5: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_open_procfs(0x0, 0x0) socket(0x0, 0x0, 0x0) close(0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x5, 0xffffffffffffffff, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000003, 0x100012, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7}]) [ 2157.310083][ T26] audit: type=1800 audit(1578997813.952:3855): pid=18371 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed comm="syz-executor.2" name="file0" dev="loop2" ino=6688 res=0 [ 2157.310116][T18409] FAT-fs (loop2): error, fat_free_clusters: deleting FAT entry beyond EOF [ 2157.357328][ T26] audit: type=1804 audit(1578997813.962:3856): pid=18409 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir267585837/syzkaller.3H91Gd/1182/file0/file0" dev="loop2" ino=6688 res=1 10:30:14 executing program 0: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) socket(0x0, 0x0, 0x0) close(0xffffffffffffffff) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0) r4 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000300)={0x5, 0x70, 0x81, 0x1, 0x3f, 0x1, 0x0, 0x101, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x40, 0xe21bf5a1ec0ebacf, @perf_bp={&(0x7f0000000140), 0x4}, 0x122, 0x3, 0x7fffffff, 0x0, 0x8, 0x5, 0x5}, 0x0, 0x5, r4, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0xb00000}]) [ 2157.410413][ T26] audit: type=1804 audit(1578997814.022:3857): pid=18350 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir084764212/syzkaller.RzbT3U/1152/file0" dev="sda1" ino=16592 res=1 [ 2157.437864][ T26] audit: type=1800 audit(1578997814.022:3858): pid=18350 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed comm="syz-executor.1" name="file0" dev="sda1" ino=16592 res=0 [ 2157.485979][T18409] FAT-fs (loop2): Filesystem has been set read-only [ 2157.495424][ T26] audit: type=1804 audit(1578997814.032:3859): pid=18390 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.1" name="/root/syzkaller-testdir084764212/syzkaller.RzbT3U/1152/file0" dev="sda1" ino=16592 res=1 [ 2157.555906][ T26] audit: type=1804 audit(1578997814.372:3860): pid=18396 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.3" name="/root/syzkaller-testdir432377370/syzkaller.fCXC0t/1266/file0/file0" dev="loop3" ino=6693 res=1 [ 2157.724736][T18403] FAT-fs (loop3): error, fat_get_cluster: invalid cluster chain (i_pos 970781) [ 2157.837810][T18428] FAT-fs (loop4): error, fat_free_clusters: deleting FAT entry beyond EOF 10:30:14 executing program 1: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) openat$vga_arbiter(0xffffffffffffff9c, 0x0, 0x800, 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, &(0x7f0000000380)={&(0x7f0000000280)='./file0/file0\x00'}, 0x10) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) creat(&(0x7f00000003c0)='./bus\x00', 0x0) io_setup(0x4, &(0x7f0000000180)=0x0) close(0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0x2b000}]) 10:30:14 executing program 2: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) r4 = socket(0x0, 0x0, 0x0) close(r4) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000300)={0x5, 0x70, 0x81, 0x1, 0x3f, 0x1, 0x0, 0x101, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x40, 0xe21bf5a1ec0ebacf, @perf_bp={&(0x7f0000000140), 0x4}, 0x122, 0x3, 0x7fffffff, 0x0, 0x8, 0x5, 0x5}, 0x0, 0x0, 0xffffffffffffffff, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0x600200}]) [ 2157.864728][ T26] audit: type=1804 audit(1578997814.572:3861): pid=18399 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir733692427/syzkaller.bylO6B/1209/file0/file0" dev="loop4" ino=6691 res=1 [ 2157.897788][T18403] FAT-fs (loop3): Filesystem has been set read-only [ 2157.961946][T18428] FAT-fs (loop4): Filesystem has been set read-only [ 2157.964299][T18440] FAT-fs (loop5): error, invalid access to FAT (entry 0x000006c0) [ 2157.973356][T18403] FAT-fs (loop3): error, fat_get_cluster: invalid cluster chain (i_pos 970781) [ 2158.004354][T18440] FAT-fs (loop5): Filesystem has been set read-only [ 2158.180170][ T26] audit: type=1800 audit(1578997814.572:3862): pid=18399 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed comm="syz-executor.4" name="file0" dev="loop4" ino=6691 res=0 10:30:15 executing program 4: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) socket(0x0, 0x0, 0x0) close(0xffffffffffffffff) r4 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x5, r4, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000002, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7}]) 10:30:15 executing program 5: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_open_procfs(0x0, 0x0) socket(0x0, 0x0, 0x0) close(0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x5, 0xffffffffffffffff, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000004, 0x100012, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7}]) 10:30:15 executing program 3: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) r3 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fcntl$setstatus(r3, 0x4, 0x42000) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x1, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x8, 0x5}, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xfffffffffffffffd, r3, 0x0) fallocate(r3, 0x0, 0x0, 0x6) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) socket(0x0, 0x0, 0x0) pause() close(0xffffffffffffffff) r5 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x5, r5, 0x2) io_submit(r4, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7}]) 10:30:15 executing program 2: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) r4 = socket(0x0, 0x0, 0x0) close(r4) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000300)={0x5, 0x70, 0x81, 0x1, 0x3f, 0x1, 0x0, 0x101, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x40, 0xe21bf5a1ec0ebacf, @perf_bp={&(0x7f0000000140), 0x4}, 0x122, 0x3, 0x7fffffff, 0x0, 0x8, 0x5, 0x5}, 0x0, 0x0, 0xffffffffffffffff, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0x700000}]) 10:30:16 executing program 0: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) socket(0x0, 0x0, 0x0) close(0xffffffffffffffff) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0) r4 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000300)={0x5, 0x70, 0x81, 0x1, 0x3f, 0x1, 0x0, 0x101, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x40, 0xe21bf5a1ec0ebacf, @perf_bp={&(0x7f0000000140), 0x4}, 0x122, 0x3, 0x7fffffff, 0x0, 0x8, 0x5, 0x5}, 0x0, 0x5, r4, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0xb00100}]) [ 2159.662241][T18500] FAT-fs (loop4): error, fat_free_clusters: deleting FAT entry beyond EOF [ 2159.696205][T18500] FAT-fs (loop4): Filesystem has been set read-only 10:30:16 executing program 1: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) openat$vga_arbiter(0xffffffffffffff9c, 0x0, 0x800, 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, &(0x7f0000000380)={&(0x7f0000000280)='./file0/file0\x00'}, 0x10) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) creat(&(0x7f00000003c0)='./bus\x00', 0x0) io_setup(0x4, &(0x7f0000000180)=0x0) close(0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0x2c000}]) 10:30:16 executing program 3: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) getsockopt$inet_sctp_SCTP_ADAPTATION_LAYER(r2, 0x84, 0x7, &(0x7f0000000040), &(0x7f0000000080)=0x4) syz_open_procfs(0x0, 0x0) socket(0x0, 0x0, 0x0) close(0xffffffffffffffff) pipe(&(0x7f0000000140)) r4 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x5, r4, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7}]) 10:30:16 executing program 4: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) socket(0x0, 0x0, 0x0) close(0xffffffffffffffff) r4 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x5, r4, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000003, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7}]) 10:30:16 executing program 5: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_open_procfs(0x0, 0x0) socket(0x0, 0x0, 0x0) close(0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x5, 0xffffffffffffffff, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000005, 0x100012, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7}]) 10:30:17 executing program 2: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) r4 = socket(0x0, 0x0, 0x0) close(r4) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000300)={0x5, 0x70, 0x81, 0x1, 0x3f, 0x1, 0x0, 0x101, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x40, 0xe21bf5a1ec0ebacf, @perf_bp={&(0x7f0000000140), 0x4}, 0x122, 0x3, 0x7fffffff, 0x0, 0x8, 0x5, 0x5}, 0x0, 0x0, 0xffffffffffffffff, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0x700100}]) [ 2160.837454][T18593] FAT-fs (loop0): error, fat_free_clusters: deleting FAT entry beyond EOF [ 2160.855758][T18593] FAT-fs (loop0): Filesystem has been set read-only [ 2161.055817][T18583] FAT-fs (loop4): error, fat_free_clusters: deleting FAT entry beyond EOF 10:30:18 executing program 0: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) socket(0x0, 0x0, 0x0) close(0xffffffffffffffff) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0) r4 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000300)={0x5, 0x70, 0x81, 0x1, 0x3f, 0x1, 0x0, 0x101, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x40, 0xe21bf5a1ec0ebacf, @perf_bp={&(0x7f0000000140), 0x4}, 0x122, 0x3, 0x7fffffff, 0x0, 0x8, 0x5, 0x5}, 0x0, 0x5, r4, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0xb00200}]) [ 2161.160760][T18583] FAT-fs (loop4): Filesystem has been set read-only 10:30:18 executing program 3: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) fcntl$setstatus(r1, 0x4, 0xc00) ioctl$TIOCCONS(0xffffffffffffffff, 0x541d) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) r4 = syz_open_procfs(0x0, 0x0) socket(0x0, 0x0, 0x0) close(0xffffffffffffffff) r5 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x5, r5, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7}]) ioctl$DRM_IOCTL_GET_SAREA_CTX(r4, 0xc010641d, &(0x7f0000000040)={0x0, &(0x7f0000000300)=""/237}) 10:30:18 executing program 4: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) socket(0x0, 0x0, 0x0) close(0xffffffffffffffff) r4 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x5, r4, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000004, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7}]) [ 2161.446964][T18631] FAT-fs (loop5): error, fat_free_clusters: deleting FAT entry beyond EOF 10:30:18 executing program 1: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) openat$vga_arbiter(0xffffffffffffff9c, 0x0, 0x800, 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, &(0x7f0000000380)={&(0x7f0000000280)='./file0/file0\x00'}, 0x10) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) creat(&(0x7f00000003c0)='./bus\x00', 0x0) io_setup(0x4, &(0x7f0000000180)=0x0) close(0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0x2d000}]) [ 2161.510748][T18631] FAT-fs (loop5): Filesystem has been set read-only 10:30:18 executing program 5: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_open_procfs(0x0, 0x0) socket(0x0, 0x0, 0x0) close(0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x5, 0xffffffffffffffff, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000006, 0x100012, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7}]) [ 2162.113441][ T26] kauditd_printk_skb: 29 callbacks suppressed [ 2162.113461][ T26] audit: type=1800 audit(1578997818.932:3892): pid=18612 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed comm="syz-executor.2" name="file0" dev="sda1" ino=17073 res=0 10:30:19 executing program 0: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) socket(0x0, 0x0, 0x0) close(0xffffffffffffffff) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0) r4 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000300)={0x5, 0x70, 0x81, 0x1, 0x3f, 0x1, 0x0, 0x101, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x40, 0xe21bf5a1ec0ebacf, @perf_bp={&(0x7f0000000140), 0x4}, 0x122, 0x3, 0x7fffffff, 0x0, 0x8, 0x5, 0x5}, 0x0, 0x5, r4, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0xc00000}]) [ 2162.475755][ T26] audit: type=1804 audit(1578997819.292:3893): pid=18656 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.3" name="/root/syzkaller-testdir432377370/syzkaller.fCXC0t/1269/file0/file0" dev="loop3" ino=6719 res=1 [ 2162.752920][ T26] audit: type=1804 audit(1578997819.392:3894): pid=18660 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.4" name="/root/syzkaller-testdir733692427/syzkaller.bylO6B/1212/file0/file0" dev="loop4" ino=6720 res=1 10:30:19 executing program 2: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) r4 = socket(0x0, 0x0, 0x0) close(r4) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000300)={0x5, 0x70, 0x81, 0x1, 0x3f, 0x1, 0x0, 0x101, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x40, 0xe21bf5a1ec0ebacf, @perf_bp={&(0x7f0000000140), 0x4}, 0x122, 0x3, 0x7fffffff, 0x0, 0x8, 0x5, 0x5}, 0x0, 0x0, 0xffffffffffffffff, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0x700200}]) [ 2162.921429][T18716] FAT-fs (loop1): error, fat_free_clusters: deleting FAT entry beyond EOF [ 2162.930024][T18716] FAT-fs (loop1): Filesystem has been set read-only 10:30:19 executing program 4: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) socket(0x0, 0x0, 0x0) close(0xffffffffffffffff) r4 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x5, r4, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000005, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7}]) [ 2162.984038][ T26] audit: type=1804 audit(1578997819.702:3895): pid=18685 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir084764212/syzkaller.RzbT3U/1155/file0/file0" dev="loop1" ino=6723 res=1 10:30:19 executing program 3: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) r2 = bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r3 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) socket(0x0, 0x0, 0x0) fcntl$getownex(r2, 0x10, &(0x7f0000000200)) close(0xffffffffffffffff) r5 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x5, r5, 0x2) r6 = openat$full(0xffffffffffffff9c, &(0x7f0000000140)='/dev/full\x00', 0x579000, 0x0) ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_LIST(r6, 0xc0505510, &(0x7f0000000300)={0x3, 0x2, 0x9, 0x1, &(0x7f0000000040)=[{}, {}]}) io_submit(r4, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r3, &(0x7f0000000000), 0x377140be6b5ef4c7}]) 10:30:19 executing program 1: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) openat$vga_arbiter(0xffffffffffffff9c, 0x0, 0x800, 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, &(0x7f0000000380)={&(0x7f0000000280)='./file0/file0\x00'}, 0x10) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) creat(&(0x7f00000003c0)='./bus\x00', 0x0) io_setup(0x4, &(0x7f0000000180)=0x0) close(0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0x2e000}]) [ 2163.119618][ T26] audit: type=1800 audit(1578997819.702:3896): pid=18685 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed comm="syz-executor.1" name="file0" dev="loop1" ino=6723 res=0 [ 2163.200688][T18695] FAT-fs (loop5): error, fat_free_clusters: deleting FAT entry beyond EOF [ 2163.213604][ T26] audit: type=1804 audit(1578997819.722:3897): pid=18716 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.1" name="/root/syzkaller-testdir084764212/syzkaller.RzbT3U/1155/file0/file0" dev="loop1" ino=6723 res=1 [ 2163.245017][T18695] FAT-fs (loop5): Filesystem has been set read-only [ 2163.251843][ T26] audit: type=1804 audit(1578997820.072:3898): pid=18689 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir776099957/syzkaller.77s99b/1542/file0/file0" dev="loop5" ino=6725 res=1 10:30:20 executing program 5: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_open_procfs(0x0, 0x0) socket(0x0, 0x0, 0x0) close(0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x5, 0xffffffffffffffff, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000007, 0x100012, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7}]) [ 2163.756048][ T26] audit: type=1804 audit(1578997820.582:3899): pid=18721 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir015439455/syzkaller.0lPw5D/1206/file0/file0" dev="loop0" ino=6727 res=1 [ 2163.996135][ T26] audit: type=1800 audit(1578997820.622:3900): pid=18721 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed comm="syz-executor.0" name="file0" dev="loop0" ino=6727 res=0 [ 2164.190767][ T26] audit: type=1804 audit(1578997820.632:3901): pid=18747 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir015439455/syzkaller.0lPw5D/1206/file0/file0" dev="loop0" ino=6727 res=1 10:30:21 executing program 0: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) socket(0x0, 0x0, 0x0) close(0xffffffffffffffff) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0) r4 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000300)={0x5, 0x70, 0x81, 0x1, 0x3f, 0x1, 0x0, 0x101, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x40, 0xe21bf5a1ec0ebacf, @perf_bp={&(0x7f0000000140), 0x4}, 0x122, 0x3, 0x7fffffff, 0x0, 0x8, 0x5, 0x5}, 0x0, 0x5, r4, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0xc00100}]) [ 2164.422200][T18761] FAT-fs (loop1): error, fat_free_clusters: deleting FAT entry beyond EOF [ 2164.431293][T18761] FAT-fs (loop1): Filesystem has been set read-only [ 2164.525865][T18773] FAT-fs (loop3): error, fat_free_clusters: deleting FAT entry beyond EOF [ 2164.583164][T18773] FAT-fs (loop3): Filesystem has been set read-only 10:30:21 executing program 4: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) socket(0x0, 0x0, 0x0) close(0xffffffffffffffff) r4 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x5, r4, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000006, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7}]) [ 2164.630982][T18774] FAT-fs (loop5): error, fat_free_clusters: deleting FAT entry beyond EOF [ 2164.652914][T18774] FAT-fs (loop5): Filesystem has been set read-only 10:30:21 executing program 1: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) openat$vga_arbiter(0xffffffffffffff9c, 0x0, 0x800, 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, &(0x7f0000000380)={&(0x7f0000000280)='./file0/file0\x00'}, 0x10) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) creat(&(0x7f00000003c0)='./bus\x00', 0x0) io_setup(0x4, &(0x7f0000000180)=0x0) close(0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0x2f000}]) 10:30:21 executing program 2: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) r4 = socket(0x0, 0x0, 0x0) close(r4) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000300)={0x5, 0x70, 0x81, 0x1, 0x3f, 0x1, 0x0, 0x101, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x40, 0xe21bf5a1ec0ebacf, @perf_bp={&(0x7f0000000140), 0x4}, 0x122, 0x3, 0x7fffffff, 0x0, 0x8, 0x5, 0x5}, 0x0, 0x0, 0xffffffffffffffff, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0x800000}]) 10:30:21 executing program 5: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_open_procfs(0x0, 0x0) socket(0x0, 0x0, 0x0) close(0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x5, 0xffffffffffffffff, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000008, 0x100012, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7}]) [ 2165.086186][T18813] FAT-fs (loop0): error, fat_free_clusters: deleting FAT entry beyond EOF [ 2165.094979][T18813] FAT-fs (loop0): Filesystem has been set read-only 10:30:22 executing program 0: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) socket(0x0, 0x0, 0x0) close(0xffffffffffffffff) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0) r4 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000300)={0x5, 0x70, 0x81, 0x1, 0x3f, 0x1, 0x0, 0x101, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x40, 0xe21bf5a1ec0ebacf, @perf_bp={&(0x7f0000000140), 0x4}, 0x122, 0x3, 0x7fffffff, 0x0, 0x8, 0x5, 0x5}, 0x0, 0x5, r4, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0xc00200}]) 10:30:22 executing program 3: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) ftruncate(r1, 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) r2 = bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r3 = openat$nvram(0xffffffffffffff9c, &(0x7f0000000280)='/dev/nvram\x00', 0x100, 0x0) r4 = openat$full(0xffffffffffffff9c, &(0x7f0000000140)='/dev/full\x00', 0x579000, 0x0) ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r4, 0xc0502100, &(0x7f0000000600)={0x0, 0x0}) lstat(&(0x7f0000000180)='./file0\x00', &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x0}) setsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, &(0x7f0000001480)={{{@in=@loopback, @in=@multicast2, 0x4e20, 0x1, 0x4e21, 0x1, 0x2, 0x180, 0x0, 0x73, 0x0, r6}, {0x3ff, 0x0, 0x0, 0x9, 0x20, 0x1, 0x9, 0x5}, {0x2, 0x5, 0x37, 0x1000}, 0xffffff01, 0x6e6bb2, 0x3, 0x1, 0x2, 0x3}, {{@in6=@ipv4={[], [], @multicast2}, 0x4d3}, 0xa, @in=@empty, 0x0, 0x0, 0x1, 0x3, 0x400, 0x9}}, 0xe8) fstat(r2, &(0x7f0000000680)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r8 = openat$ipvs(0xffffffffffffff9c, 0x0, 0x2, 0x0) ioctl$FS_IOC_FIEMAP(r8, 0xc020660b, &(0x7f0000000280)=ANY=[@ANYBLOB="09000000000000020000001900400003000000000000000000000000000000000000000000000000000000000225000000000000000096c96f0aa0db0000000000007200000000008001ee00000000000000000000000000000000000000000000000000000000000000010100000000000000000000000000006f6a0000000000000000f8847deae0460d0e28eb8b32b5c9b24894229bdd5d"]) r9 = socket$nl_generic(0x10, 0x3, 0x10) r10 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000040)='IPVS\x00') sendmsg$IPVS_CMD_NEW_SERVICE(r9, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000080)={0x28, r10, 0x1, 0x0, 0x0, {}, [@IPVS_CMD_ATTR_SERVICE={0x14, 0x1, [@IPVS_SVC_ATTR_FWMARK={0x8, 0x5, 0x2}, @IPVS_SVC_ATTR_AF={0x8, 0x1, 0x2}]}]}, 0x28}}, 0x0) r11 = socket$inet6_sctp(0xa, 0x5, 0x84) r12 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r12, 0x6, 0x210000000013, &(0x7f0000000040)=0x100000001, 0x4) connect$inet(r12, &(0x7f0000000180)={0x2, 0x0, @local}, 0x10) setsockopt$inet_opts(r12, 0x0, 0x2, 0x0, 0x0) r13 = socket$nl_generic(0x10, 0x3, 0x10) r14 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000040)='IPVS\x00') sendmsg$IPVS_CMD_NEW_SERVICE(r13, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000080)={0x28, r14, 0x1, 0x0, 0x0, {}, [@IPVS_CMD_ATTR_SERVICE={0x14, 0x1, [@IPVS_SVC_ATTR_FWMARK={0x8, 0x5, 0x2}, @IPVS_SVC_ATTR_AF={0x8, 0x1, 0x2}]}]}, 0x28}}, 0x0) r15 = openat$full(0xffffffffffffff9c, &(0x7f0000000140)='/dev/full\x00', 0x579000, 0x0) ioctl$KVM_CREATE_VM(r15, 0xae01, 0x0) ioctl$sock_FIOGETOWN(r15, 0x8903, &(0x7f0000000700)=0x0) lstat(&(0x7f0000000180)='./file0\x00', &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x0}) setsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, &(0x7f0000001480)={{{@in=@loopback, @in=@multicast2, 0x4e20, 0x1, 0x4e21, 0x1, 0x2, 0x180, 0x0, 0x73, 0x0, r17}, {0x3ff, 0x0, 0x0, 0x9, 0x20, 0x1, 0x9, 0x5}, {0x2, 0x5, 0x37, 0x1000}, 0xffffff01, 0x6e6bb2, 0x3, 0x1, 0x2, 0x3}, {{@in6=@ipv4={[], [], @multicast2}, 0x4d3}, 0xa, @in=@empty, 0x0, 0x0, 0x1, 0x3, 0x400, 0x9}}, 0xe8) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000580)={0x0, 0x0, 0x0}, &(0x7f00000005c0)=0xc) getgroups(0x3, &(0x7f0000000540)=[0xee00, 0xffffffffffffffff, r18]) r19 = syz_open_dev$usbfs(&(0x7f0000000740)='/dev/bus/usb/00#/00#\x00', 0x9, 0x2000) r20 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r20, 0x6, 0x210000000013, &(0x7f0000000040)=0x100000001, 0x4) connect$inet(r20, &(0x7f0000000180)={0x2, 0x0, @local}, 0x10) setsockopt$inet_opts(r20, 0x0, 0x2, 0x0, 0x0) r21 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r21, 0x6, 0x210000000013, &(0x7f0000000040)=0x100000001, 0x4) connect$inet(r21, &(0x7f0000000180)={0x2, 0x0, @local}, 0x10) setsockopt$inet_opts(r21, 0x0, 0x2, 0x0, 0x0) r22 = openat$full(0xffffffffffffff9c, &(0x7f0000000140)='/dev/full\x00', 0x579000, 0x0) ioctl$KVM_CREATE_VM(r22, 0xae01, 0x0) r23 = openat$ipvs(0xffffffffffffff9c, 0x0, 0x2, 0x0) ioctl$FS_IOC_FIEMAP(r23, 0xc020660b, &(0x7f0000000280)=ANY=[@ANYBLOB="09000000000000020000001900400003000000000000000000000000000000000000000000000000000000000225000000000000000096c96f0aa0db0000000000007200000000008001ee00000000000000000000000000000000000000000000000000000000000000010100000000000000000000000000006f6a0000000000000000f8847deae0460d0e28eb8b32b5c9b24894229bdd5d"]) r24 = openat$full(0xffffffffffffff9c, &(0x7f0000000140)='/dev/full\x00', 0x579000, 0x0) ioctl$KVM_CREATE_VM(r24, 0xae01, 0x0) r25 = openat$nullb(0xffffffffffffff9c, &(0x7f0000002f40)='/dev/nullb0\x00', 0x101100, 0x0) r26 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r26, 0x6, 0x210000000013, &(0x7f0000000040)=0x100000001, 0x4) connect$inet(r26, &(0x7f0000000180)={0x2, 0x0, @local}, 0x10) setsockopt$inet_opts(r26, 0x0, 0x2, 0x0, 0x0) r27 = openat$nvram(0xffffffffffffff9c, &(0x7f0000002f80)='/dev/nvram\x00', 0xa4000, 0x0) r28 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fcntl$setstatus(r28, 0x4, 0x42000) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x1, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x8, 0x5}, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xfffffffffffffffd, r28, 0x0) r29 = socket$nl_generic(0x10, 0x3, 0x10) r30 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000040)='IPVS\x00') sendmsg$IPVS_CMD_NEW_SERVICE(r29, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000080)={0x28, r30, 0x1, 0x0, 0x0, {}, [@IPVS_CMD_ATTR_SERVICE={0x14, 0x1, [@IPVS_SVC_ATTR_FWMARK={0x8, 0x5, 0x2}, @IPVS_SVC_ATTR_AF={0x8, 0x1, 0x2}]}]}, 0x28}}, 0x0) r31 = openat$ipvs(0xffffffffffffff9c, 0x0, 0x2, 0x0) ioctl$FS_IOC_FIEMAP(r31, 0xc020660b, &(0x7f0000000280)=ANY=[@ANYBLOB="09000000000000020000001900400003000000000000000000000000000000000000000000000000000000000225000000000000000096c96f0aa0db0000000000007200000000008001ee00000000000000000000000000000000000000000000000000000000000000010100000000000000000000000000006f6a0000000000000000f8847deae0460d0e28eb8b32b5c9b24894229bdd5d"]) r32 = socket$nl_generic(0x10, 0x3, 0x10) r33 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000040)='IPVS\x00') sendmsg$IPVS_CMD_NEW_SERVICE(r32, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000080)={0x28, r33, 0x1, 0x0, 0x0, {}, [@IPVS_CMD_ATTR_SERVICE={0x14, 0x1, [@IPVS_SVC_ATTR_FWMARK={0x8, 0x5, 0x2}, @IPVS_SVC_ATTR_AF={0x8, 0x1, 0x2}]}]}, 0x28}}, 0x0) r34 = openat$ipvs(0xffffffffffffff9c, 0x0, 0x2, 0x0) ioctl$FS_IOC_FIEMAP(r34, 0xc020660b, &(0x7f0000000280)=ANY=[@ANYBLOB="09000000000000020000001900400003000000000000000000000000000000000000000000000000000000000225000000000000000096c96f0aa0db0000000000007200000000008001ee00000000000000000000000000000000000000000000000000000000000000010100000000000000000000000000006f6a0000000000000000f8847deae0460d0e28eb8b32b5c9b24894229bdd5d"]) r35 = openat$full(0xffffffffffffff9c, &(0x7f0000000140)='/dev/full\x00', 0x579000, 0x0) ioctl$KVM_CREATE_VM(r35, 0xae01, 0x0) r36 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fcntl$setstatus(r36, 0x4, 0x42000) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x1, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x8, 0x5}, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xfffffffffffffffd, r36, 0x0) r37 = gettid() tkill(r37, 0x16) lstat(&(0x7f0000000180)='./file0\x00', &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x0}) setsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, &(0x7f0000001480)={{{@in=@loopback, @in=@multicast2, 0x4e20, 0x1, 0x4e21, 0x1, 0x2, 0x180, 0x0, 0x73, 0x0, r38}, {0x3ff, 0x0, 0x0, 0x9, 0x20, 0x1, 0x9, 0x5}, {0x2, 0x5, 0x37, 0x1000}, 0xffffff01, 0x6e6bb2, 0x3, 0x1, 0x2, 0x3}, {{@in6=@ipv4={[], [], @multicast2}, 0x4d3}, 0xa, @in=@empty, 0x0, 0x0, 0x1, 0x3, 0x400, 0x9}}, 0xe8) fstat(0xffffffffffffffff, &(0x7f0000002fc0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r40 = openat$ipvs(0xffffffffffffff9c, 0x0, 0x2, 0x0) ioctl$FS_IOC_FIEMAP(r40, 0xc020660b, &(0x7f0000000280)=ANY=[@ANYBLOB="09000000000000020000001900400003000000000000000000000000000000000000000000000000000000000225000000000000000096c96f0aa0db0000000000007200000000008001ee00000000000000000000000000000000000000000000000000000000000000010100000000000000000000000000006f6a0000000000000000f8847deae0460d0e28eb8b32b5c9b24894229bdd5d"]) r41 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fcntl$setstatus(r41, 0x4, 0x42000) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x1, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x8, 0x5}, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xfffffffffffffffd, r41, 0x0) r42 = openat$ipvs(0xffffffffffffff9c, 0x0, 0x2, 0x0) ioctl$FS_IOC_FIEMAP(r42, 0xc020660b, &(0x7f0000000280)=ANY=[@ANYBLOB="09000000000000020000001900400003000000000000000000000000000000000000000000000000000000000225000000000000000096c96f0aa0db0000000000007200000000008001ee00000000000000000000000000000000000000000000000000000000000000010100000000000000000000000000006f6a0000000000000000f8847deae0460d0e28eb8b32b5c9b24894229bdd5d"]) r43 = syz_init_net_socket$x25(0x9, 0x5, 0x0) lstat(&(0x7f0000000180)='./file0\x00', &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x0}) setsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, &(0x7f0000001480)={{{@in=@loopback, @in=@multicast2, 0x4e20, 0x1, 0x4e21, 0x1, 0x2, 0x180, 0x0, 0x73, 0x0, r44}, {0x3ff, 0x0, 0x0, 0x9, 0x20, 0x1, 0x9, 0x5}, {0x2, 0x5, 0x37, 0x1000}, 0xffffff01, 0x6e6bb2, 0x3, 0x1, 0x2, 0x3}, {{@in6=@ipv4={[], [], @multicast2}, 0x4d3}, 0xa, @in=@empty, 0x0, 0x0, 0x1, 0x3, 0x400, 0x9}}, 0xe8) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000580)={0x0, 0x0, 0x0}, &(0x7f00000005c0)=0xc) getgroups(0x3, &(0x7f0000000540)=[0xee00, 0xffffffffffffffff, r45]) r46 = gettid() tkill(r46, 0x16) lstat(&(0x7f0000000180)='./file0\x00', &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x0}) setsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, &(0x7f0000001480)={{{@in=@loopback, @in=@multicast2, 0x4e20, 0x1, 0x4e21, 0x1, 0x2, 0x180, 0x0, 0x73, 0x0, r47}, {0x3ff, 0x0, 0x0, 0x9, 0x20, 0x1, 0x9, 0x5}, {0x2, 0x5, 0x37, 0x1000}, 0xffffff01, 0x6e6bb2, 0x3, 0x1, 0x2, 0x3}, {{@in6=@ipv4={[], [], @multicast2}, 0x4d3}, 0xa, @in=@empty, 0x0, 0x0, 0x1, 0x3, 0x400, 0x9}}, 0xe8) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setreuid(0x0, r48) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setreuid(0x0, r49) r50 = getuid() r51 = creat(&(0x7f0000000040)='./bus\x00', 0x0) ftruncate(r51, 0x0) statx(r51, &(0x7f0000000340)='./file1\x00', 0x4000, 0x10, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x0}) lstat(&(0x7f0000000480)='./file0\x00', &(0x7f00000004c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000580)={0x0, 0x0, 0x0}, &(0x7f00000005c0)=0xc) getgroups(0x3, &(0x7f0000000540)=[0xee00, 0xffffffffffffffff, r54]) pipe(&(0x7f0000000080)={0xffffffffffffffff}) ioctl$VIDIOC_DV_TIMINGS_CAP(r56, 0xc0905664, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000580)={0x0, 0x0, 0x0}, &(0x7f00000005c0)=0xc) ioctl$TUNSETGROUP(r56, 0x400454ce, r57) newfstatat(0xffffffffffffff9c, &(0x7f0000000580)='./file1\x00', &(0x7f0000000680)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x6000) setxattr$system_posix_acl(&(0x7f0000000200)='./file1\x00', &(0x7f0000000300)='system.posix_acl_default\x00', &(0x7f0000000700)={{}, {0x1, 0x5}, [{0x2, 0x3930d883a5458cbb, r48}, {0x2, 0x4, r49}, {0x2, 0x5, r50}, {0x2, 0x0, r52}], {0x4, 0x1}, [{0x8, 0x6, r53}, {0x8, 0x3, r55}, {0x8, 0x6, r57}, {0x8, 0x4, r58}], {}, {0x20, 0x4}}, 0x64, 0x1) r59 = gettid() tkill(r59, 0x16) fstat(0xffffffffffffffff, &(0x7f0000004400)={0x0, 0x0, 0x0, 0x0, 0x0}) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000580)={0x0, 0x0, 0x0}, &(0x7f00000005c0)=0xc) getgroups(0x3, &(0x7f0000000540)=[0xee00, 0xffffffffffffffff, r61]) getgroups(0x1, &(0x7f0000004480)=[r61]) r63 = getpgrp(0xffffffffffffffff) statx(0xffffffffffffff9c, &(0x7f00000044c0)='./file0\x00', 0x0, 0x0, &(0x7f0000004500)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r65 = gettid() tkill(r65, 0x16) lstat(&(0x7f0000000180)='./file0\x00', &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x0}) setsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, &(0x7f0000001480)={{{@in=@loopback, @in=@multicast2, 0x4e20, 0x1, 0x4e21, 0x1, 0x2, 0x180, 0x0, 0x73, 0x0, r66}, {0x3ff, 0x0, 0x0, 0x9, 0x20, 0x1, 0x9, 0x5}, {0x2, 0x5, 0x37, 0x1000}, 0xffffff01, 0x6e6bb2, 0x3, 0x1, 0x2, 0x3}, {{@in6=@ipv4={[], [], @multicast2}, 0x4d3}, 0xa, @in=@empty, 0x0, 0x0, 0x1, 0x3, 0x400, 0x9}}, 0xe8) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000004600)={0x0, 0x0, 0x0}, &(0x7f0000004640)=0xc) r68 = socket$nl_generic(0x10, 0x3, 0x10) r69 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000040)='IPVS\x00') sendmsg$IPVS_CMD_NEW_SERVICE(r68, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000080)={0x28, r69, 0x1, 0x0, 0x0, {}, [@IPVS_CMD_ATTR_SERVICE={0x14, 0x1, [@IPVS_SVC_ATTR_FWMARK={0x8, 0x5, 0x2}, @IPVS_SVC_ATTR_AF={0x8, 0x1, 0x2}]}]}, 0x28}}, 0x0) r70 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fcntl$setstatus(r70, 0x4, 0x42000) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x1, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x8, 0x5}, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xfffffffffffffffd, r70, 0x0) r71 = openat$full(0xffffffffffffff9c, &(0x7f0000000140)='/dev/full\x00', 0x579000, 0x0) ioctl$KVM_CREATE_VM(r71, 0xae01, 0x0) r72 = socket$nl_generic(0x10, 0x3, 0x10) r73 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000040)='IPVS\x00') sendmsg$IPVS_CMD_NEW_SERVICE(r72, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000080)={0x28, r73, 0x1, 0x0, 0x0, {}, [@IPVS_CMD_ATTR_SERVICE={0x14, 0x1, [@IPVS_SVC_ATTR_FWMARK={0x8, 0x5, 0x2}, @IPVS_SVC_ATTR_AF={0x8, 0x1, 0x2}]}]}, 0x28}}, 0x0) r74 = openat$random(0xffffffffffffff9c, &(0x7f0000004680)='/dev/urandom\x00', 0x92b40, 0x0) r75 = openat$full(0xffffffffffffff9c, &(0x7f0000000140)='/dev/full\x00', 0x579000, 0x0) ioctl$KVM_CREATE_VM(r75, 0xae01, 0x0) clock_gettime(0x0, &(0x7f00000046c0)={0x0, 0x0}) r78 = openat$full(0xffffffffffffff9c, &(0x7f0000000140)='/dev/full\x00', 0x579000, 0x0) ioctl$KVM_CREATE_VM(r78, 0xae01, 0x0) r79 = openat$full(0xffffffffffffff9c, &(0x7f0000000140)='/dev/full\x00', 0x579000, 0x0) ioctl$KVM_CREATE_VM(r79, 0xae01, 0x0) ioctl$VIDIOC_DQBUF(r0, 0xc0585611, &(0x7f0000004700)={0xffffffff, 0x7, 0x4, 0x100, 0x6, {r76, r77/1000+30000}, {0x5, 0xc, 0x20, 0x16, 0x2, 0x0, "46c6eb4b"}, 0x9, 0x2, @fd=r78, 0x1f, 0x0, r79}) r81 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r81, 0x6, 0x210000000013, &(0x7f0000000040)=0x100000001, 0x4) connect$inet(r81, &(0x7f0000000180)={0x2, 0x0, @local}, 0x10) setsockopt$inet_opts(r81, 0x0, 0x2, 0x0, 0x0) ioctl$TIOCGSID(r1, 0x5429, &(0x7f0000004a00)=0x0) lstat(&(0x7f0000000180)='./file0\x00', &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x0}) setsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, &(0x7f0000001480)={{{@in=@loopback, @in=@multicast2, 0x4e20, 0x1, 0x4e21, 0x1, 0x2, 0x180, 0x0, 0x73, 0x0, r83}, {0x3ff, 0x0, 0x0, 0x9, 0x20, 0x1, 0x9, 0x5}, {0x2, 0x5, 0x37, 0x1000}, 0xffffff01, 0x6e6bb2, 0x3, 0x1, 0x2, 0x3}, {{@in6=@ipv4={[], [], @multicast2}, 0x4d3}, 0xa, @in=@empty, 0x0, 0x0, 0x1, 0x3, 0x400, 0x9}}, 0xe8) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000580)={0x0, 0x0, 0x0}, &(0x7f00000005c0)=0xc) getgroups(0x3, &(0x7f0000000540)=[0xee00, 0xffffffffffffffff, r84]) r85 = openat$ipvs(0xffffffffffffff9c, 0x0, 0x2, 0x0) ioctl$FS_IOC_FIEMAP(r85, 0xc020660b, &(0x7f0000000280)=ANY=[@ANYBLOB="09000000000000020000001900400003000000000000000000000000000000000000000000000000000000000225000000000000000096c96f0aa0db0000000000007200000000008001ee00000000000000000000000000000000000000000000000000000000000000010100000000000000000000000000006f6a0000000000000000f8847deae0460d0e28eb8b32b5c9b24894229bdd5d"]) r86 = openat$ipvs(0xffffffffffffff9c, 0x0, 0x2, 0x0) ioctl$FS_IOC_FIEMAP(r86, 0xc020660b, &(0x7f0000000280)=ANY=[@ANYBLOB="09000000000000020000001900400003000000000000000000000000000000000000000000000000000000000225000000000000000096c96f0aa0db0000000000007200000000008001ee00000000000000000000000000000000000000000000000000000000000000010100000000000000000000000000006f6a0000000000000000f8847deae0460d0e28eb8b32b5c9b24894229bdd5d"]) r87 = socket$nl_generic(0x10, 0x3, 0x10) r88 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000040)='IPVS\x00') sendmsg$IPVS_CMD_NEW_SERVICE(r87, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000080)={0x28, r88, 0x1, 0x0, 0x0, {}, [@IPVS_CMD_ATTR_SERVICE={0x14, 0x1, [@IPVS_SVC_ATTR_FWMARK={0x8, 0x5, 0x2}, @IPVS_SVC_ATTR_AF={0x8, 0x1, 0x2}]}]}, 0x28}}, 0x0) r89 = socket$nl_generic(0x10, 0x3, 0x10) r90 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000040)='IPVS\x00') sendmsg$IPVS_CMD_NEW_SERVICE(r89, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000080)={0x28, r90, 0x1, 0x0, 0x0, {}, [@IPVS_CMD_ATTR_SERVICE={0x14, 0x1, [@IPVS_SVC_ATTR_FWMARK={0x8, 0x5, 0x2}, @IPVS_SVC_ATTR_AF={0x8, 0x1, 0x2}]}]}, 0x28}}, 0x0) r91 = openat$ipvs(0xffffffffffffff9c, 0x0, 0x2, 0x0) ioctl$FS_IOC_FIEMAP(r91, 0xc020660b, &(0x7f0000000280)=ANY=[@ANYBLOB="09000000000000020000001900400003000000000000000000000000000000000000000000000000000000000225000000000000000096c96f0aa0db0000000000007200000000008001ee00000000000000000000000000000000000000000000000000000000000000010100000000000000000000000000006f6a0000000000000000f8847deae0460d0e28eb8b32b5c9b24894229bdd5d"]) r92 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) r93 = syz_open_dev$sg(&(0x7f0000004f00)='/dev/sg#\x00', 0x9, 0x601800) r94 = openat$ipvs(0xffffffffffffff9c, 0x0, 0x2, 0x0) ioctl$FS_IOC_FIEMAP(r94, 0xc020660b, &(0x7f0000000280)=ANY=[@ANYBLOB="09000000000000020000001900400003000000000000000000000000000000000000000000000000000000000225000000000000000096c96f0aa0db0000000000007200000000008001ee00000000000000000000000000000000000000000000000000000000000000010100000000000000000000000000006f6a0000000000000000f8847deae0460d0e28eb8b32b5c9b24894229bdd5d"]) r95 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fcntl$setstatus(r95, 0x4, 0x42000) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x1, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x8, 0x5}, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xfffffffffffffffd, r95, 0x0) fcntl$getownex(r95, 0x10, &(0x7f0000004f40)={0x0, 0x0}) fstat(0xffffffffffffffff, &(0x7f0000004f80)={0x0, 0x0, 0x0, 0x0, 0x0}) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000005000)={0x0, 0x0, 0x0}, &(0x7f0000005040)=0xc) r99 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fcntl$setstatus(r99, 0x4, 0x42000) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x1, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x8, 0x5}, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xfffffffffffffffd, r99, 0x0) r100 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fcntl$setstatus(r100, 0x4, 0x42000) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x1, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x8, 0x5}, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xfffffffffffffffd, r100, 0x0) r101 = syz_open_dev$mice(&(0x7f0000005080)='/dev/input/mice\x00', 0x0, 0x200) r102 = openat$full(0xffffffffffffff9c, &(0x7f0000000140)='/dev/full\x00', 0x579000, 0x0) ioctl$KVM_CREATE_VM(r102, 0xae01, 0x0) r103 = gettid() tkill(r103, 0x16) getresuid(&(0x7f00000050c0)=0x0, &(0x7f0000005100), &(0x7f0000005140)) getresgid(&(0x7f0000005180), &(0x7f00000051c0), &(0x7f0000005200)=0x0) r106 = gettid() tkill(r106, 0x16) lstat(&(0x7f0000000180)='./file0\x00', &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x0}) setsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, &(0x7f0000001480)={{{@in=@loopback, @in=@multicast2, 0x4e20, 0x1, 0x4e21, 0x1, 0x2, 0x180, 0x0, 0x73, 0x0, r107}, {0x3ff, 0x0, 0x0, 0x9, 0x20, 0x1, 0x9, 0x5}, {0x2, 0x5, 0x37, 0x1000}, 0xffffff01, 0x6e6bb2, 0x3, 0x1, 0x2, 0x3}, {{@in6=@ipv4={[], [], @multicast2}, 0x4d3}, 0xa, @in=@empty, 0x0, 0x0, 0x1, 0x3, 0x400, 0x9}}, 0xe8) statx(0xffffffffffffffff, &(0x7f0000005240)='./file0\x00', 0x0, 0x0, &(0x7f0000005280)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) lstat(&(0x7f0000000180)='./file0\x00', &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x0}) setsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, &(0x7f0000001480)={{{@in=@loopback, @in=@multicast2, 0x4e20, 0x1, 0x4e21, 0x1, 0x2, 0x180, 0x0, 0x73, 0x0, r109}, {0x3ff, 0x0, 0x0, 0x9, 0x20, 0x1, 0x9, 0x5}, {0x2, 0x5, 0x37, 0x1000}, 0xffffff01, 0x6e6bb2, 0x3, 0x1, 0x2, 0x3}, {{@in6=@ipv4={[], [], @multicast2}, 0x4d3}, 0xa, @in=@empty, 0x0, 0x0, 0x1, 0x3, 0x400, 0x9}}, 0xe8) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setreuid(0x0, r110) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setreuid(0x0, r111) r112 = getuid() r113 = creat(&(0x7f0000000040)='./bus\x00', 0x0) ftruncate(r113, 0x0) statx(r113, &(0x7f0000000340)='./file1\x00', 0x4000, 0x10, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x0}) lstat(&(0x7f0000000480)='./file0\x00', &(0x7f00000004c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000580)={0x0, 0x0, 0x0}, &(0x7f00000005c0)=0xc) getgroups(0x3, &(0x7f0000000540)=[0xee00, 0xffffffffffffffff, r116]) pipe(&(0x7f0000000080)={0xffffffffffffffff}) ioctl$VIDIOC_DV_TIMINGS_CAP(r118, 0xc0905664, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000580)={0x0, 0x0, 0x0}, &(0x7f00000005c0)=0xc) ioctl$TUNSETGROUP(r118, 0x400454ce, r119) newfstatat(0xffffffffffffff9c, &(0x7f0000000580)='./file1\x00', &(0x7f0000000680)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x6000) setxattr$system_posix_acl(&(0x7f0000000200)='./file1\x00', &(0x7f0000000300)='system.posix_acl_default\x00', &(0x7f0000000700)={{}, {0x1, 0x5}, [{0x2, 0x3930d883a5458cbb, r110}, {0x2, 0x4, r111}, {0x2, 0x5, r112}, {0x2, 0x0, r114}], {0x4, 0x1}, [{0x8, 0x6, r115}, {0x8, 0x3, r117}, {0x8, 0x6, r119}, {0x8, 0x4, r120}], {}, {0x20, 0x4}}, 0x64, 0x1) r121 = gettid() tkill(r121, 0x16) clone3(&(0x7f0000005600)={0x1000000, &(0x7f0000005380), &(0x7f00000053c0), &(0x7f0000005400)=0x0, {0xc}, &(0x7f0000005440)=""/160, 0xa0, &(0x7f0000005500)=""/144, &(0x7f00000055c0)=[0x0, r121, 0x0, 0x0], 0x4}, 0x50) lstat(&(0x7f0000000180)='./file0\x00', &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x0}) setsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, &(0x7f0000001480)={{{@in=@loopback, @in=@multicast2, 0x4e20, 0x1, 0x4e21, 0x1, 0x2, 0x180, 0x0, 0x73, 0x0, r123}, {0x3ff, 0x0, 0x0, 0x9, 0x20, 0x1, 0x9, 0x5}, {0x2, 0x5, 0x37, 0x1000}, 0xffffff01, 0x6e6bb2, 0x3, 0x1, 0x2, 0x3}, {{@in6=@ipv4={[], [], @multicast2}, 0x4d3}, 0xa, @in=@empty, 0x0, 0x0, 0x1, 0x3, 0x400, 0x9}}, 0xe8) r124 = getgid() sendmmsg$unix(r1, &(0x7f0000005780)=[{&(0x7f0000000340)=@abs={0x1, 0x0, 0x4e23}, 0x6e, &(0x7f0000000580)=[{&(0x7f0000000000)="6f490b92321810254c9148de89e8d44a9b35c59b550911cc5d7483fe9f309b1716372592edaa6486d9e4185c033f0070bf73d4ee2abc8352", 0x38}, {&(0x7f00000003c0)="28c394f479429b810ff32481ecbe68d8a0104c466cbffe873af87866ba745fb966125c4c2e9c14f0ed50ad3d39e373790e2eb7096f0365ec45adc62a6c4cfb3c259643b7c0a195c2192f61d3b8f0f3191c568dcf6d5cad072757077beebba619d9bf44e5b14942674fbd99c62e08519657670b20eed1709ca834a53881dbc1e932eaf7d512", 0x85}, {&(0x7f0000000140)="9c7f1afaab5abd9229202fc0e4443062260d82d0530bad62137b04021ecc8c96a1e3bfd3c65785f955880b053d66435468", 0x31}, {&(0x7f0000000a00)="654f52f3ed97f2893f4b34f73891e4655a6fee3f2feeeddc7011d52407ad7cc0725326072f539913b2cff8a5f1d52d6b5ca8df43eb71b75c83b35f1be8413c85568ae7db968a0e87ecf0dfa12e3ef0a822704b74e7837a3fb44853b834a88fbd75baa654b234f7d00004021af2b5960883604bcf30963e58cdd9630c275fba2ac1f97314f9d95b8c46314e23438e54cfe35347e0a359ffb833451592a9062d2161dd5f171e3e4aca43f7a38499f6204b446e2cc896f940ed736729f39eda16f6197251d2cbfc24d6e5c27b2715acfc1cda6401a3ef965c8e634bc73bc518ba1a5064274a936f462b763dcee6b4f73f29e3d74bfeb099db779d329f13a1c38323f2df63aba58ed00f657be0d86e41457283d3d039fe764e03297ba4cbd41415a781abcccda2d6fc59e878ce128ee2cf2a06b073f24e7fda2a569bf6a584d08fd43803e436f4b65d36a89cdceeda85ba356788868a229258269fb8b8cad188d248ecebbba3b87124b3aefd54e5eb4cb8b409070284de9b08416c36ca9d70fbc66366f8e44a6e6131566e05fef6fad2c44003a512cf1738d9cb4cb9053c4d0012a7f815d870a4384d79facec72586ce881adfc9b6ff286a85b689427ede7d125cdabfa32892dbf3466f8a885717444b174fd98deb6001830594da4baec0d5dbd76868d6a0263a324e1d2ff90ee16b27ec730a437d43a0203fb4882345f53dbc732ee589f025bdf47f8cc0df9aefd03a8ab12b4475bb13b0afbfe0d618880c1379c74e45bc0323f54b611d28ac414bef0ec1023f3df5eed196e09d18daf52011b32236b313866d5281f9f6e231978844a4562cbdfd3abfffbb9a9cecf0457261e01f84ba7b7421151b9772d4b0f05bb6ee2db8da2bea91a64d94c484225b93680c2b082f0e32d777aebb1164dbbb729d66230b453ccfbb25bdb509cd20e73736581bcbeb81a95a26bfc5bc2b5b337b3ea93418438abff31e7702c14d87fbcd168bfed4851d68341f3b85bb8b5c7193141ae03b0a7358291a4b1348ee957f77ff76d8484da1e4395d0f4cc5286ef24f2aabbabbb0b744803aea8162458bb7e799484d516a5b9c82eaea82ab2ba8deec5d07b79c1152871ffee2f2f3ead338c9e731a3237d1641b8388694815cfd2d350830542c4fe8ab9a8084afade464715905095f252a8ad16434fd0c1e6cff8fed5f3b96fa81b2c31f49c91f2c96f5d25b0c6796359069a2c88f0f21167cc45e87b7d464f355f37aea70184512169f8405715e70d884a8cdc18dff350c9397b03e629312dc7b215db1b2a20456080a608c02729f27f07c3086195c6651e6bcfa6df16bbfa35176a33bb24d5f7e74f52cbb4e869520d3e7433017d126001633734786ca9405d70afc033c61a8bb8529cd6d5a7780d91f55e1ba5b70ba1847e48f513b3f797d5b1cb91c12295b06ca65bbf361d1a3d094205b7dceb3e5502a6b12856fb327170769840607a174c42a0a25f04938c65bc4a42e7a656e6c7b4b011883e1360a300ede18c4becc61df301dd3090c71982bcd7622dde89eb4a9bbc5cf99457914a3a36d2bf1a3e9853064613d4b608d2020eaa670b79ed58afec686c60de5bd93daab4c7c52774ff0f72e05d072017f23a9af58176f36d2356dbe58ea74143260af1679969f576e9d4ee688b7c2f285c9c6ef028faf32ac99e6889f93a430599e5c242a3b3042b4f952422b2e5c4d11f0791fc697b95749bf332e6551e3aa7b3e6f4bbe78e97eab95ab2272c6db54b1d3c31409e274b1f8720c97419c6ad47e83c615ef100777107988392e1cc6a9560a65ff0477dfdcd8e58761fee0f99c96eae75a531479f5d07533d7253928106e88ad35709ea4428d5cff219c9e3a0b2973d1ce1dce48c579b65a11ca7817fab97f58d2f31776d30a91894d236cfdb5c62c48e311f65dc86901fa3472ad69e293ca7eff3ff016dc2694b0d9434d9b52182a327371c66f9991c975d2fe50ad3f88e111f1ec04b4d90bd04cf55c3ad9a255ab72915bf398f3e67f1ad130b1f07e74588a3ae7decb9c648d0a4e757616fd887f4b79b221d87951d830dc5bfb9f0cc68e2fc6c6f3cb4063ca7516a0b3e631b104456d99b008d19c5cd6d3b36ac2411a54c317187f06e9b4b72942d3b0296f678e4fe572bb9416b54e7a17f7cd9fdd73a5744345762963dd625f45339c0e3268fa5cdba33f292d3c565a7d8eba2f8031b6bece9d842b4b1bd08b674b6dbff3a57460b73173db05ea49e128ee09f8b18b029326b0d829b88092fe3fa11cb4577337da748b102a9f2f115cef0916cecf5896c0693e8fc410aeb92b6547f81d1c09aad1e88346f8b750ebbfbbff3496d31974efd6a1ec2bdd060d1576eb8232e44ab9f0ef0ab0c2813aeb016ac866464a3b8178e8b439db37a88f3be0a1caf7699217fbf865d982b42195f26b8bc1d6a41da969f2e969c0ae04509fb7a269e05da0a13a7b42196a1a305af97be713b466545ab49e8509e7db070a1b2fbe277ff5a1ca6a3cadb8d77487039eb1f995a2ae382e7d517422ee41b09cd71aaa9cfdf87ccfc99f7f76b8de5c2fa48b748fe91f22e21a22735c9673ed7085bfcf7164aabfa0027c478603d7e1c7f2fd2d26c271c668886a9aa525d378f7e023c559dd763552188337b74f3a3208cb2d5b67c50b61d837dfec6aec0285b7725ad003b264b940f0147db8849486e191519e6f098ba5b7e04186278885134f0c5b59393fc047eb430da5eab2a593611edfef037cec64a28be3068084cd12c43924d6c51b0c7784648ade11014538a2c4ae8d0aac8a3410163be97bb5a849d26e35b92614efcf4f1ddbb85803527779239d0850a8693eb192267ff7f276eb7d4f56b5c0b60a12c6ec0f911efdcd5b21db4ce0aea5f34d2c04511a78553c029151142710922b2d84a72f734d9b4019e17932164aa9c486ab958f924ab61ba8d246453e5ac09b246750b4d37b2d33cfc443382991b37efe82b71bfc4d6fb88f0a09c5ae569529ff154efb252fbcdb22f30ed8f16436501baa955ef9611a2d9d914dfec96a9a2e06beb4da1e15972959df350115ff83e31b770e8e99a904a0651148dcbf5e62aeff056f11b5612d73cef578fb6551ebcbc3da11f3e5cea3323792a0bffca45af0233f1716f3301fb4de6fb3423aa49474a338eea319a322afff64070ba6ab27b63505f99981e1320594088e6e6950f92d63be26bec7e435095f8cf00e203a34f2222ea09cd742782d62ece717bcfb0bf18b8aafa1486d55a55c96027d16d818380a4925692a9d2c77d1f4fddcd6feb4b0d59676909933fba090b8981c9bf6a74965c027d8a8fd65e775a24d2d59f2c115f6d906d5bdba57353deaf30160a987554868be64d3d3c2f6bb2ebc035b5104ce587c66c31d13706d78f90eb975ef5cb220e54914d4b13f765d421dc18eb28abc1120e02736b5898499de9e047279a942831df455149c81e667570f760381cf2917886f09b6db34a66aaf193e5442c8201ddb5e49aa3509d53b02bffc26c1afbcc95b1e0381e033a56c51ca8345ed094db4934d6c5c9e38a89191b5a67bb036cc6d15477fc10a664555a164e7a7a9114019a6cccca97a89c96a7e6cdf119d269994ae11a61c5b0f8bf19b11beddd8088376f0158eb34ab28e4720449088c3624c4920840ee4e046754a402ab602eaee8300f2722fe99d867219b456a06c435fe5faf8e7a7d09b745164c5f802ee0ffcd3dbe2e997f4ba87b2571937d3b0069cd4814cbad9dd2810c4880c43e413ed7d3152ffacda10b8538a4ef12b24041eb3e35eb674dc5f8acde849a3875b1c4e4eae2461d4b3a264e85848dc17c89625f7a8c43b38f0a3845411f0711dbecc99abce3e6583943873b6569979880aa28b93e4cab33957aac562a66688008866c1f0b57a7d353c1918098c84a152df83c9d024c5c321e616613e9dbad96d7404dd5e36d1dc27fde0ef7d353bce9cc9389374d41b2a9ab29b4cacc15b0b3d68846c8e4ad8abc405d73c10eefba5de4b63714cabbc64942e31d5f9b2f24f2ceb3bb079985242ba06ef17e5da7dd8af9407fc18524227b13a131ea7e6fe09c377dba13682149a95bee948c8d63e4cddb4fefa01885e8b8431044a5fe44859964dabc93ea61ea7b5e576099fe2b985e919e3c89d53c8c98f460e0b58e443e70dc71aab6719a4858f1dd9c572428a96d1e04dde6344882a37916df99925433bde77711d7a3f1183a00bc4657b103fad74780fd168034ba528a1a7a8e02e4fa833fdf9fe3eb4c914c70e09e93cbfe8844a8f3bf07d02d55aa46cf1a29da26b23a6c5582c0b5441b91936839747a5f5ca5071f6d30676bf40e5ded81595e8e5540cf10c01b392b0797344e7a421e7c31b07642a332857a5f6ae45e50be27c3fc52924386cbf013f0ad0f1cc697e8a43a8f5a79b727ce6ae9ac27c10565d3b7be2bf563d183d31f80ff35bb49de812646be9d514013aca302641b219f9d4ba724f0aba8d067e77797319377cb7d8a7058de91e100e1687c7a2b69ac5bc7fe922e33bec03d14c9d453bf878e4947d729899887a0b7a9162128b2c5fb84e16d6088399bff04ab13f2771c22b4cf5acf13e7a0f8e7d0df2fc8ccb5c7d34d42a031d829287668d03bb02f87f3959fb322e207bcc371cade29c6b3df02699d6d1856370df67dd899fa263aa0e47d1dafbe67e82eb3cea50d5d09079a9bdbad8a8381613881c0ba1a245db43d51e518f6c2f626d5eae7da0e57e45e9d11e094a4b8870c4a36e251be9a2d5db33c75eee98661d91a5acee099084c561f0e6520b073864b11df984faa84ec3d597a36b8e8c980918abf8e9b2ec585c93c18ea7605e441da1d36d41a34b1375f42b19ef2ae7cf60519b6e2cd9b23adc0ea24a0d7669cbf6317924cf89a769ca82a8a6b1ab97fdc1d27843e91b238ec4f7750b978b7a7c7c5c11631b41fda5fda74a16a881255523e53797baf1d30fcbaba3c675abd9f54ad5c8bb57bcb410a442b1d386d4b6e388069c754f04e0cc84923f8d44b2df75162e43e7e284c68622fa5bcaec0b195c1c34512d4541ce27cc9b3c7c416aff3e225cfa5d5a6590e65330856d2236e8e8e58b8b98ee73a5edeb04e47dc631bebcd7956b58adbb54ae930df8da08460a330cbb53df5fa31dbffd7a472569fc900389c456fed9fa5ed13edf97747e99b0fc02b42214cd8b70688fa9b370b8007771ec150ab7f99d449dd2d0d7a932c948215f2506fea169fbf009243a1124d1a626958a76d4daebdbf145adff6fb48b01ac74ebd814964b7055038cfeb9fc0ee613df8129b55b264c1c9eb8522aa9809ddfe766312664560b2dcc3e59640f7d3c98a52e9fc59e38694c83e4e31f7e4e53de8233f4d9c96e447bb35adc779005bdd9c7c4f39f479ca226077c0b2322c125780f9ea84e6274e6d8124e59141903e121dfb5f44277f781f5998ec78871ed5b3db932eb786a4c621cb2b0adb9424d39066b7712f225f22ea7e66a3d3e78f960de38a3cc87059058bfec843391b1d9cb6da4ec223169ff4581690bc218ff64e30f857501414eafcaee4be89c524d27d1c70f8bd12eb56fd14cab64c704ff2430d9de4bc48757de1c8a87a3eee1f37d52b8e603932b198a0bd0cb3deb99ffbc38c4b73b3664de6a70a0533694527abcc4655e92e55d0f3f9a342a9b2f694889a6ef2c8a791368487fa8af5f46fa8b07c5ba80bbd372c9af698122f858498ef64c9dea409ccb9e5173455a252ff095e71a490ffb58c36271d70efd5c008d2228027fab4007ddbb6b2b671d7d", 0x1000}, {&(0x7f0000000480)="9d3ea1d42101c4905f1ae3805c6502963e580506174dae334a074ca13c553c344be3a61382ed43341e5d065e6384348df831c20d07ec62f605beb23925f882f1586e760c7b8baf0bcb167aba474e209cca36e7a2f61968733727121ca5870383fea3056c80d25ba7de951e1ed055be883610b7529b23c0a15a5dbc5190e28e36bde1076f49a37243ac8db0977f7ef627fdb15e7339e3f3ce3649084b1362559590bfc2880e39105e3c3cae7feaaa", 0xae}, {&(0x7f0000000200)="b8c71a81a6b2e97fa729dede0ce86ac0fa9305364272b0ade55278870978c3d32925e087b975dbc4a073a5", 0x2b}], 0x6, &(0x7f0000000780)=[@rights={{0x1c, 0x1, 0x1, [r2, r3, r2]}}, @cred={{0x1c, 0x1, 0x2, {r5, r6, r7}}}, @rights={{0x30, 0x1, 0x1, [r1, 0xffffffffffffffff, r8, r9, r11, r12, r0, 0xffffffffffffffff]}}, @rights={{0x14, 0x1, 0x1, [r13]}}, @cred={{0x1c, 0x1, 0x2, {r16, r17, r18}}}, @rights={{0x24, 0x1, 0x1, [r1, r19, r0, r1, 0xffffffffffffffff]}}], 0xd0, 0x7f6c5407a9ff26fd}, {&(0x7f0000000880)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f0000000980)=[{&(0x7f0000000900)="4d4e3f53ca9f07b5700088e164cfccfe6d77412eca801effc110a05aabfda4df34239ec9beb3bdc57746825254e1248b516a4b11b19f33a0f2bc987de86ad9749bc596aa565fb91066", 0x49}, {&(0x7f0000001a00)="8b699ebf45e272fdc9ceaa398602b4713b4183fd0f0361c2551d438f1c5b7bd1deeef54782c0607dcf3bf803f03fa6827e4efeaa8f410030cde0d5bd06a731e7d535b32849587919c67e7493cdb46d", 0x4f}], 0x2, &(0x7f0000001a80)=[@rights={{0x14, 0x1, 0x1, [r1]}}], 0x18, 0x40000}, {&(0x7f0000001ac0)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f0000002d00)=[{&(0x7f0000001b40)="42fb406fa9f5dd0bf92a735b4e41b8bae2c589a372cd2db47a2639571d2aae7557835314c86f75f3dfe538f0e4007bcd", 0x30}, {&(0x7f0000001b80)="51c25b575627dcac7d1d53a88630b9413d1e215ece6c4ba2ee1a450395a01bc10acaa49f8524cd9b0db17d6b098b41405ec3acd846061eb819a99675e359de2c4be2baf50940769537e377f23c34c60dfc39b378f07b0b23cc36a2220d2c88afe0627a7806957b44e71149d34cd4a53c3b67f3a38d856f79cbd49852aba963033a9d7849313006efc157faa18c049eb5a4d208d1b3733cfcc1ea1fca982766c47a086d503c437546daaaad2aad626342af3fc33892813e444ba6fec1f3f0c047184fc5099a7813d61e724a7cc3f72cd47cd07653b3d3e80986e09d18ee3e794b75cf3452fecc1fc081bdc85f0e02364f3afd2cab1443b494eb58dcc79a8f83d9a8441a1c45435d8a3ff38cd0221c9ffdac5f36bc3e195a8932f1a93c9512dfe03868f371e35e9c2c420abbf0dd589928f365131d1c751460369a056799696090110859f9119c53f1d8de7aeeb81e96bfe1a734c40e79b8e63c4d9fbd3133905ffc9cc7887f756a7cc7d2d152ca671e61b0ed119fcb50e3c9843adbe9db0144a6c51ccbc36f8cf2e7bbfa9e1970ab6a74a3944875ed10652a8e8a16ad5f527ce538f627eaf53fc4a648d39bbefd391a225df8f1d729b1df3bdd85010ce3bdc921ddfecb2dd651c620b7496fcd6c2d77c3fc8a8a068d97871637e0c767c0521388504eae6449fa55a86a03afd910f22eb9f2f74e8350a85c60c1b28ba834cb09de8122d2625f3c8c0d0d041e5a3b2e5c3846270c516c0d2219fe592dd1f59a7b89b378a5ea143a562abafd41d97f90534f892d46fe6a0dd2f77a83c375d3a3e23d9bc192c79843ae6c7e61487abe1cbc7558807d4cd8f6d543d5d859475cc04be7823dff8beceb2535038ff626edea74cd7e1efb95f4ca1758960dd667f3e528292c548d97c398ebf07b01a6e5741d42a36972f412c98e450c90516f81734ed7b6575d8a51b563a69c0d057d52e2265f781eec6f1765006290ddebf6a9ea86e8fb85d770f76da5f5c64c26584de189fa0489d0a258b246cb92f5509b1b76d030b16074d3bc379487486d3282546b5f08b85b581f62d785f7179389cd480177b7a9c25f478ac6c5ee360b6edc380b970db91e455a65e39d81d8b30cc6124bfc7575870c30a6c97fe4418b49d6f0c8226ef85929cc58bdfc44dc0a57153017f8dcc81ebe7f44cb8acd53b443e3d1780af31c3ac76da70b4cd79ac45b28e30942f565b9729dc3903681153762a87c64fbbef847b8f93da546745727accb8b38cdcbac36718fdef490f65a6351feb3c08c0e1c8e3f72aa0dd7f9228a80693f4ed5ad54abc36b05ae1c7f1deb0b3f27a0090db95d8b2299cb6e4ae2e9adc2ae8572855c15e674ee8dcf7c2a63ae3dc01009e799e996763c48506f7a012810344e252fc021559312e4a52d868c936a0bc7e044d446a9eac1cc9cbf15d384e0e2a6e74441af824214a29c2c40ea2f48cb811b9a14a1b337713ba500cbbb0c7ac0f6d5b9ebb7e97230b7a9be382123d9323fc2bf72ff1212be3e51951b2153b09642dcaabe47088d155213a5afe0ba30262346b2cec06d42d0ec27eb8f0640ec179c81e8743e0d29cde39759e49ee3b56411667a3c8cc6c409d0b34f806e64339e16df847170eca30e78fc712e5568864a1c8c1c55da7d70faebc68871dd26c6d257a2caa9de21070aedbc447783d3fa275c0b4b05d4290f44fc836055f544539be8ebf18ff65c170e84f0a44e71dfd3b098fa40047b107b69b9a5281337391630a6383213ed772e3ad43441eb7ca70d855191c9993215675da029b2bed8fb15dd5a9e979b31d0fba0257338cd1b50d6c2080660632d1e9aa815052d092be0d933516a171fec11aba517316c4df214595b49f0da42bc5a422577823cb388bd3e4f026f7420e6d3ce4952c699034ea3a71cf54b940617666b659b4a2b3939ae03329edaef742e08f70895db5ef6fee378f8afaa3a07b999730d6b64700df064f5006087db0148bd6d8d89b5f4dac94455fcc085d8de9b3d44610abcd97c856b999d43f8543b135ac13b84b9193cb5c0f83fdc4abf05714cc81257c45608d2abb604695270047872eca07a7e9898b89ec1b797a7e43948f09abd55f848cbfb3d6b0c7d63a777750aef6ff9b0ff8b6436edd6bdb455c15260213b11ce56cc6ce5e75c5bfee5755c9e1a157a20479dc91823b6e76757f427546ac60e7055227adefe5c358e627649a20d2878922f90b869a1e93c380300b6624df4f686ab6d750249a88179b1fb984f6c27cba509c947f2c905304744bac9d1949be612db6d872e854d043a8c44895a7b0d02c88a15688179854d38ee9028667933ae96a61a0279a36fcd6896f2f02cca2ab6299d9130c99635c320f9da145b7babde1ed0152e7adb98d96b431fe729529774b06cba37b691bce3f6c715a8562aae636f481f7ca1d895c0c5bffe129b19acaab1a8f4eb880fc76ae38efdca3c7bbd53cafe07fdec3cd7971b195525ecfe12b9c6279e34818887989ab982f4e604da368122dcb22b084478885e34e3596a0ef75545d99f670c4368a603ba9e6ce21799da763ce21db40ca2d9f74e513f62eeb7b2bec7014d8e97577592dd86c50bc6cda0a567cace9a47226f4cf177e49c22283772281483889a394b12e310ffac0c517d63e2c55dd023a4c7e3768bc571ba0e1edff7be5ef08e53659db962230391122fd1b6f642b4caf06558dba2d40b91651ae4992e5cd4ed5fa8ab524c335141adf3dd254f6f1999a53741dfade2a4ce7178221fb9d596d1e36d715b86538eeee19fe9a5683ae83097d36bf51da05ec089c1664702f5998740fbcd799786a884101abe9958e189704f45e5d6ba37ca047247a5c84c52e8fc5c6ffab492694d08cf9242ad09cd1fcc7fedd5cddcb62189944fbed79dab6ae58f388dcf80ab6cc2d24d5e1885566b7696d9aa7c2c8b0c5d9532732edba3d44bb38612403eecfcb7e7ff7db9056c5a0cfbfeed08e876340477cc2c099db7a558fc78309f51991faef07e03de0dfbe0e3981ec06f812b15262d981a2dfae813b88bfcbc0acaf58b7f2a644059d5bdba251cb6dbe65b6f4b7b2342c08a1f972bf103f3650e3df0c801181088599c7704566711a343a1b95a1ce6b7bc2418187549e0e9f20bb0427e8be04de6aa4d3f239b0b6fb1fab5016091b66cb55226e1bf36698664935b97d30d5730db69c0a66466f0d6eebda561b05faeaeacef63ef174d91481ffa3135e3a923435dd34227ebc168a08fe2dde501c2b83b4d7a639b8a03c346027e23076484f8dd6f3b7875402bab4e36a06a9a5716737b4149a1951ed55a24d675b8a7495f27933a711a177b6c67ccdb372c3cfeb57e0e9db13b8ef3f2a6b480e1eeed506a8699a9df35a6fc1de05aac14f9bca717043658a3461a3f48899cd95edb6442af01a3d5fd4aaff5b591834b0d492ce44232e92c42a76454119bae9462ab6635191cc9a98a59badf4e604fe5ddf2da13f0388a389ddd24123da179f4b4434ec6ac9a4a998182e93c1911c35f7dd022fc8da9bf45a4093dce7600a829141eb89373c08822ac94dbacaf9bc1610768662839283bc90ac59594c40f9b283bf1f7a25e528bd4fb5e7c88bc84d228cddcd6045522466217a8d9f8ce2fd9fc15356cd3e362a2e0b5b44ccb21d62e3c1f1f82c8ed465f24723112fd802678c7ce26121e683032149a2b2b066d1b3ffb90ad82acbba7cd5b86c30314d8db62816da17945cd48c1bba67f5a5b73df7c815d981076e4ba4570478a9f8c8b566d2a2cbf657e7964624fddf9b190d521341805eae8c2d7e275d2b0a01ffaa93ca4c389f946e4cb42afa232af01704f1088b77cd8e06bade649d34742fe12dcc691ef37761289036f3c694698bd07aa5c62e976e05875f344b578946a95a1c716cdce29725ba127f1ea191a61c363ea2cdc8f85836934b7b581124244bfccb0a301cf9ff730684049b1956582caebfbd5b2dfcaf44b1389150fb0ec14d4c669a676ded9105b61e4a308f0af57cb74033ee1d3b21796fd8a4f17f40797748334a73ac298b6f38f1f1e21c8e4199579ed5615366c2fd772cd16dc217889427897b63b392cc5912ccfff05a09eadafc57c786a445e53a23bfe09953b1f420a5d1ebae2fba465fc956fc12a80e9bccbca37d98c0d95c6177bf1f5a6acf1731887eafaf7a9d1ad3348ea6b1ce6ecc71c8b627517dcefc6f8fc62d9df61dec0a3f31704916aa569294bf246902808ee3e1cf33772a5e8f31d298e3ac8dfaf60d805914735c0c5db2308779719b2c2435f4b334a61da1856569ed3101e2cc07eb6d5ff99c03e3becb98350805f0c6cfc230e2d0089dfc2790b21a0cb824e728994088d75ca672219baf7add4af9032d550edd72c05f4aefb0ce80ba4e9adfaed254274ac68f5f16baa09be1271c388e344241ff508412affdf2cb85ae72c8d79ad5a88897f502764d235c459ead880f512fffc6ade081603cae74e16621c4977a67df455747f79cb26869da0ea4bef6c0d2b344cf7021a262deadbcee59cb2fbba4bf1b0a15a34a7e580ac240a40d81c7985a22af587575459efefb7c7a3aaf0dcf467c4f7857d690cc645239586e0381b16d39485ef02b5e00d0637b7d7b3a77aca7260619e654d71978ef08aa5d960f0ad26c5603babad9dfbeaed69c953e23e0887d70eebd45e3a22e083b350dbc2ef06e688503d171c5866699a54a64e6a0f00d4bfefc055d5030f91dd34c9e72f913f64ef5e40477b8eae3c624c44fbc8771804a4fa2f660a9d34d9f5bd030fbd51106f503bed795b9f61bf3f25b40848aff5c821c5a7395b67207669f04cae5765a8303a68494573775c4bd409d7ec54bb7ba57348b8187165ae8a5707127415eca9bcd62927970fc9b0d5b595f1e264f041d36e0f8fb90db64c08fd96cab64774a7a206e60e8a0b1ab297894582ca1b94103bdd64224de88029eef458655159b5586cd10856d820a40bcfda5eb4c8ea963ad1b68f2a54ff4a4fcf30b8a0947e72b1a4fe6ef6647dc9638d349d7b19f1e8dba71e6f31e8def5886607d356916f6da07e9fb3feb1cd5a9cfcc0e491117eb5060a78f2f5a740674aadfac25c958d8602374664d7b373fe914959bce329bf3522879ab0231c6a83064656150f875b14aa63657f1285bda87144f8227e82c59351a9308f77da33dff0e21e4c91b02b56ddf551008821447c08ebf8b862d64360f21efaa18b62006b2530fa643cad3c4293a8ab67f6b3255a7053730401009958615624cc1a92411987c347791ed427880f37dcb0398f98396fa7ef29244363a2fc3122570e725d40de0b8261c577dd1a907b1ae67a2517cfce3f5011a1ddf7d7aaaee1518221ffa642acb9264e21d616ca87c8b8a95182e9261db5cd6a9c4eca63614559a39e4afe75889775759792778b059da5c68542cde5402eaa7e476d63d46576253167be939fc09146c5c92c95899a8f67f5ab874e6e8264d176040f57f86399e4ca25250b8c82d3ff96441a6d5be8e7d55bd1ba656ef3b01f68f1c6639b8271505471c0e089f4f748fe4071cb7ad9fa6da6933299488a36c59afcbf2b2b9ce512555d25530de51fc29f926782c4e27c3be907f1aea8887d3e600525544637a2dbce01515a3466117714bf51aac7b19212457631a3d8c7e8fb8167841c5031fd84ea94f7b8afd9983cd87ca80cd2379a6b9c82eab98bb2155a4d1a3259c004c3d2ffec8bc65a26476285b7c9a19380d808e892ebb07cf741ab09b21118ea39965871b708cff223b47f83b211f66d694853e4ae", 0x1000}, {&(0x7f0000002b80)="fecd1940902ba3b26969bff3af066cbcda9894fcd7fcc6d0a66eccfe510cc9637a1e460fb05f6767402ababcf4f6d61e9e3a0566f476c1fbf7d18f4948ee8998c11f4e18882df6157a5718be3ac642cc76c707b1d75f67e23b356f0221cb5ddc49d989597cf678d6f2ccf014e7fb7d46434d935a2882c2637101bdc5c95bb79d67a203eb5ec78a095f92a057548bf7f4fe9d8cc6bb", 0x95}, {&(0x7f0000002c40)="acb7b5608ca9c29e2c888ffad953a354f74109ec78552286f7137aacadbd6112a23185a62f11ffa4a891fa131bdc9a2acdd925ce9ced10ea86175207895cc6016c6cba862546fb1ace2a48621f0f2af7b74df39a2aab7273c3716080303b214fc6e9d0e80af07777e24dd8c3e7540e278fc156c641ef9708185f93901dabbc1ecd4fe4e50b7ed5ac0deb3a71f3aea775b1f8f0eefdf84f761da06c67e5c729ee30f8d40b3ede1cf4d36ca5a1b4bfd9224151742e93466411", 0xb8}], 0x4, &(0x7f0000002d40)=[@rights={{0x20, 0x1, 0x1, [r0, r20, r21, r22]}}], 0x20, 0x4080}, {&(0x7f0000002d80)=@abs={0x0, 0x0, 0x4e20}, 0x6e, &(0x7f0000002f00)=[{&(0x7f0000002e00)="fbceb2cbd27817cb45c5c7bd1aea18935caa5d5d253619874af40fd27af57269f8c897e9c8e368c7c841e6faf89babb5c3c24eb693ba5c1684e747fd2ea1312bc8a1b1eed898c9528e9979d5a796ada17546", 0x52}, {&(0x7f0000002e80)="8295614ed6da614afa245cfe222908d071153ab76350d3ede393763b501ac31e3d597d5c80f01d5a68faf88ec133948a865d651b47", 0x35}, {&(0x7f0000002ec0)="df7892bcf930da2a0a9a5ddf7852ebe3655b5d93fcd4518abb4477a0b6a0a4a6e6bc55da64474ff452fed0f92fadccf566ecd5cce7579716", 0x38}], 0x3, &(0x7f0000003040)=[@rights={{0x20, 0x1, 0x1, [r23, r24, r25, r26]}}, @rights={{0x20, 0x1, 0x1, [r2, r0, r1, r27]}}, @rights={{0x24, 0x1, 0x1, [r2, r28, r29, r31, 0xffffffffffffffff]}}, @rights={{0x18, 0x1, 0x1, [r2, r32]}}, @rights={{0x2c, 0x1, 0x1, [r34, 0xffffffffffffffff, 0xffffffffffffffff, r35, r0, r1, r36]}}, @cred={{0x1c, 0x1, 0x2, {r37, r38, r39}}}], 0xd0, 0x7c014}, {&(0x7f0000003140)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f00000043c0)=[{&(0x7f00000031c0)="42f2760ef9c015fd4ec58619bc7ac72628b52f123e5c1067cfa25677833d923fa076fd08be3c00cb87557568b2214299511a65d24e27ef741f3315ef6def293b2b7053bc540a2bdc7db989a7836787494cd8148ca49a09a888e1c01970492291f93faa640993bee8f46e478c30bc2112084661721a781dcc06d703e3da4bf120aeb78038bc89f666d70a1d94c673fb7aad41892426443af634cdef9bea5626d8049a38df15290caad4c7e9ccb56e9bbddbc67c5e758f21463409f5b02bb7e7c8d649", 0xc2}, {&(0x7f00000032c0)="80082907a5cc5dab226c855b5bd50d50dd7e91c04fc665ce57bc3e15f3bc07153b1306beca5543713cd746768986d297cad47f047eb590ede48ba160783cbf600a497c608023d8013edd5c89455d4b1c90247d84a15ac3fdbbea6a011f48c7ac74f315994c90b805cd4de9e39730bb1037c21f94d3ca40f0b1662cbccef891de0c63b41cb2ade7b75d8df158d48e5513e4f0c6a32b8f3288f5c5a7a6d592307e4073bbe63d0822d714ca55abd351d6b85d0550e17eb82c320dfbf2bb266fc31ea7873f5013ea8f320c68330d8bf731738d7b89dae18740df7da77f2cffc73309d19a60f5c77cb5c8707af4", 0xeb}, {&(0x7f00000033c0)="4de87cda112363d910baa0d77c90dc8040b97c04e9646fb21ca84b509d54514c134c30e258e53310ed18f02448a4671e123a2f54a1be84609ff587dd79de24a72ad41cafcb3560801b19078ea185f52e9b5b0d9f6b8a611eafac23e09c2def8950e96e129de5d6b6b0bf481e49ce0fd5bf3964f96b4762d63b39616f37ceb99bda18e0281a70c00d8be7f7162e2ef0800cbbdbe03247bb061f064ac31235c49567e1d104186d261b4451461fd0e4cfe3871628e23f8b2a454cad4f1cee5cd5e7d18c8fa7425d3cb48b5f69536acba8db1012b9288da557e66a4d75a74d0d21f8beea0e1ca7736503577e5b4894a360474b3c9e6af84264880ba867c6f358418c6cce127a2242b6e0ecfeea0273333ce9c1e1a665cf7f6bf009ccdbb2e0c2f24e9ab9d6490ac168528d689a6cfe54d48a099d4397ba6303c7d660146bd2892d8c44567425896eae204bf61b60e1141603bd53e0c683921f2d3689b4c469670254a32a7c54d37580124a6693ecb6e6bcbf74d1f2971a43b23361d32ccd79a4a31d259cb8f6b9ba0dc8a593f5a0852b8bc1b1162be6e7e4c5047fc7be3e8db8b5c217d6905ae5b0fc4cf40492ec248b7184f6712b4d659890fe1d822fa3a816411b00173ba666e0e6ed420897b91d0da49d934680a4408feef4ba59ad533702fc64eb47d5d8bc606f97d61cb4a1641c05b2d7ca4ec33959204dbab40c4ca16932b65a302d650e24d29711016e0e6cc9ea710aac41cd60604ad8b800c83fad468512a21fe6f7474d38982217c8cd6e0731b56d414116991eabf7849ad1cd79894c06fe9719cc729beb43a753079398d151619515f0d41b50eb63e8bc7010f165cc64ec3a2ef2eae76c2fe7d761305546e7430d202f66b942279cbb95b631400833d00ca5b44a7d4e539f4c52f77472e1c3b55755f159b43e1badbd2c706f7ea9d3b695cec5f61b4765e01d86565fc382e6501e2576fbe447cfacf818e52f191314c26d6484c9333b4e41be65a07871b8eb00556411a6edc9b62127a478cf88d7a97fb6746e9b14019d79dcb170dc822782081fc727082078678f9e20e0c6d629b16d93a8cf66306075659e01d4dd30704cb9cd83126cf138691e44601d5c6a42b0bcfe9a54842b9c14d6382154330b552295255b47739c9e34a2e597bf15db8f00efa07b5ee889ff220376e0e26571dad198439d02120ed624f7eb0f19fbebd95dbe30a88f1317d131d761d3bee4442d4e8e45939ffd7155d775fcc38941f2489481fce46a3a272295b5055501b58615933c6e4f3d6eae8016290060bec9fea06d070ccb7b7ac8625f67a3d98d518395ac900a759448893a759b6ad14bc0c6c6d68a7b9a7a4970655919128c049b16d6d389945ffc9e0ce56eb015ea331a1d14d5119d0d5acb61fa915bb51d44fdfa14985b95e15a5680da051c419aeffd9437ea9adfb0210cb81dc45c94300d045148ada8debff534ffc15e92e7cda47df3718c4cd10829794cd726ac27db1a3b6a0fe044027e3e95131991cf30e5758b3507ba0edcfb3404d40c360abf99392331e042d7baef3e9742aa4cddb8832d83cea4912cc970021036e16d35f8591d86c4d64a686a7176f07361aae9d829126b2bc940f0ad2c8ae64ba9edfa8dc491f84924fd01c33efb0358d3191a4fd6237b3fd21b92d4871caf0a99c4bd7c08f4569b5001031dfda096cbb3c5472314e97fb750f999cb38687e2ff56a5c72cb02a106ad09e4abaa00338c980115afc9bd45a449a7df2e49aa7aec5f85bb020d5fa5fce0ca2c668f660f097ca74e88258cc3a6cdca2d295ad8769de5bb23a398fab37f7b8809c055ac065488c9bd7579602618650b1b0d6388296f4e031df888461635de72e1b1e2ae174303f94d509faaa312138e96b871195397b0936e80a0c1f7b3b810dad50403547c3c9cd42b9f60104de34dd67f89566ff7b70feade8c605ef41b5d5eafdcdcf348a0ffb19616b588c875934802bff6a18d8838e20b2d5d1ec14d5f664cf49f27857f4cd3914cd96c8849149e7d212684027bd790fa313c9556116a5e2fd69a2b852f91afcc9603e02ff90e31abad11b767fc8b261be1f92dad06de3f2c6b36d9d4076b6620fc0df4e99b2f06c915e42855214d076ab17e435a3886152f6cb759fb0288861bc1d75e4569e8d7f8e20a2f7168e44b2816771058535ed4a3bea361b1128125f5ee58c179560503a33a9f1d6bada1dc497a1576fdebeea07b0901940fdefe18072ba3642b0bf010ef0cae0f11d45eae6b959ca5b8aa6f237712c7992d9ccdd5086f9e552e9e53f08af711bc714199300539a4b159fa8b2c9575bd5530564af7b8830a53d081672e66d95528cb6e4c268db1522098a9b996c7415409bb1f5769c880b893257b5b3b6180f87433bb8a0c6ccb700b4dca20ce8dbcb8692f4f588f1327b50a39e73d33cf31e6d00cf3658a09ea1dc8b77a6279a3219e841911e663502d4d25f6eef78b6bb6518183c101f82bb2f55618e79cf244c4193dfc6f3c9cdd8e2dbe1676ca5a9d4c1bc2f2bfc0058e101773ae476d06d59878d5e237b0076011952e6051ec290d0b3cd3571b6ff3f1f7905f6e823bb1aea46e2cb56dc251a507bfbabfa4cb1de92584eef39599012567d09f45f63857a0561bb88cb923e7d3f758427282d8987e4f89657fe9c0706d03221dd0b6a7144636fd65443bfe0ea9655fbc17651598901d9e2da334734280ff9a40324262181115f0992cc4bc9dc637546433263f7207e194ebba4f8dd80989776c4b3656314065d475b0d08fb6abcddbbdee9ba19f58e32cb0203f3a371c7386aa259745ed10ab252e710ca4fba0bf73e63d4ac364389ac32b0d51f4f190ae4b0e72565443800bded700d0949345041e7d9f2c851a136b481cb8d3ff36ce1a2383cf80d5f9313877a1f1836f8d9c91f1476cbc7818b4e64fe0d26d5ecbe9593e43353f91199443e511dac28290f0feec79fa9e8904c693ccc44e03742d02244a19f246bafa89a17e7ff17c1bb5c2fdc516092dcd3039aa858d2070054bfd4b08b096d1577b5621b13a78000eb55fc5c49c74d6ba4b4ee5536913e6174889bedc5da8060590a292b2ad0ba24c7b6e2363c54b22535125bf25026d8a73273262dc0c0fa24ab785cf7ac28888249547a7dfa60a9f26e028512246b6490095ef507e35b87ac8361416395d076a36f2ba27c6562b8dc5acc765d4f09dbd3231adf2df0b8ff7e18aa58ca47f4a64babc714941718ace91b6c3797f11928bdc015eb5106c48bffb13d7ccd4786b1163125e84255d6b0db4a42b17088394560e7877b959a8c1ce361c3a526a68f2b8d1aff9377e35312dcafcd0e6c468d2dbbbad42e65505609790cdc8e0d0c9338aa052bc2fe26190bda05846a564713fb181a9c6da70735d7634a3c8b28067c4d178655c937a680283fa648793f40856e8f4ffacef24331faf8868efbd1209d6d637bc4f48799b017323efb62680a542a4a372e33fc3a8bb8479f4a74077b1bc9172471e8ba54f8fe73bc9070e35f9ab48f991986ac5b05cb2b36c1726b76782b458aafb4f0c959ace125854b243dc917aadb7f25467f8998ea6d7c1b7fe00b5595bf96901571232cf69e86b3a775ecfd73dc446e9b58da7e000d21b98ef30e2224188ce3a73ff07e95f53f6037df5b7a5488086e42f4bf4b1fac4505146798f3952ae37eba097f384336eb6fe7d78bae7aa625d4545f18b85704b08aebdc538676e00b26163f532e6b1a43911fc899c33c06f6de0b3b1e165b7d190be4756f5ae3f1e3bb721dc30d68fe889189252d4229d62bf9bd6afa7939c8fa86ca4cecad878e4fe98691ed1a8b44efcbc81600c4b033ae19a626be1bb6ead9135a672215e5a666fa855ccd689b4b39e2cce9822c1dd7092273b3b20e76392eab848adfabafd58575d073a8717fd02526b8fca4d99fce169d7acb59c9f5fb5ea06604e7eddf61cda551ab31becdfcb96e6ba6c8b28808d5b460e67b57d86eeb8e6fc00e7f36d846c258fc02ccec128233edfa57ae2b730d84d6f2b79d02073692f608460ee9803a74c3b5bd8ba5ec12a2442e337c26affa116f72f8ed40fd8fb5a7ec8dd74a31cab9eb7d0c01c3b34c587c050501569cdb6c2ceacb42df988710e89679a00461ff3923d1fbf9609e3e99842dbad0326b7d8945fe2ab66f2ca3af481850ba6d297993dd007dc728f6c766dd577aa8686bbca549dc9b562767c2fcd85b5eaad9ebf6ac3fbf3298213b453f5a6e524a3072040e01cb2430b2c7d651e94926a9b263a030c8f3dbe1b4ceb25dfc19f96eebaaa487c9026ea0f80ecbf647466a085564c2ae272ae28bf8f15db6baca3f32250d95b9dfed63794e0870c0e9876fefe6f9f1800959e4ef1468efcede0a848e08506ef32d6ec72e03ad84fdba5615ad38cb27fe5e309fa8c287526ac0cf1ff0da58a580e45d4e97e911f792925f73d92bcd301f92929fff8bd7a1273b94da01a39e905612c5eb1c0ef57ccb4b8a272919d380729c1d5951481f08bef03410de380cc0423dd32d0b95b59342f12d214ffb25ea2782c5267ded5a9c9b86c3b6cb6082fdddf2f5b8d4dbe971a34330edf1986381d2e49d0b06706b08e2b5722e8ab1c0b9f1e75dd58e054a3739a4b9c9363c242d761bd4c88d2f3b595f77168b508fee6d5d9bc37d15baaf457caae8c780ed3b842b19b61cf9e5e7ca840c481b2a4c037e68d4e5469966d204a82dece014d88c082b06ad55fec477fb4daa7bb37dc6e01c6543cb586b2833046459bda624639dd63f66c5d036fe38d44dea5f3fb57b5f6892c9a7fa95941137c87fb8bcff62980e072c260c1c94928063396b11fbd2017191060dfa686e675600f73a1410d9ea50f9521592c72e91396ab59338529c2758677553ba6b687eb1fec73632fa5e628193f7eb5ec2e7b857e76134a957fff547599a8bb2676b7d004478049b00fd2b4ce94b0ef78c881831fda84832349e63cfbebdafefda9f078be1893f1232eca109ddd3d347362c33e3cb576f89fba1a9ad7364468b37b9c2eaa167d7c0f879f9723a6e199a961c721622d415812feca9e0de07b51c3461b8d4a2ef6ae2f51642afbe18077d77d4bc116f1670272086ec8a09e62ade08c69ad9e486c11565e17710e5692fbd1d29da90f07e531c81cf08159f31d566c845ca2f1b845467952a3e0d8fcdac33f396e1d7f282aefad1fcf851edf48f9f5a25056369ea995af8f5d3918afafafd0ec14e36240b7bb81c7148ed7e5819339674b38ee3b0db40612dc425b69814fc8ce2cae982cdd7371d52f3e365e1467347d4ef4afa46d50dd5153014d9fc3a7b3e4f1ca44be952163e9f9d815faf361b067204e37d87df615c081ee66bdc170127f997c67c159a0d4a3fbcf337b0f0eeecebbf76e4f878af85218bd120389ac47892566e61651e93217b77c7753016ee668f9e255953b21719837e8cc56b02bb8caf6a9b8a151de5a4b5c044870bed9572c21be5b618dfa65344b452a5debeb7fd442fea40fb122195444ec4bca8d63577cc6f573be935d409bd53332f455edf5ca0104e3b63af7ea3989896d26514459ac59b9a05df72c3c36e0523588b4a8e53d210430de59e1711d90248e55653562541d5b29fe1b1902baa47885444285031df48f17942f080bbb08666ef5e82aa90ae2a83693b7ad699b5610b0f9bfd5307ea6552845558d0efd686d11ae7e6a2d9a5952d9b75fd72f028f086e375420d4997ab6fa910b0220d8360765bcf96727996ab968db248946bbcb140eb231fb3d69543a", 0x1000}], 0x3, &(0x7f0000004780)=[@rights={{0x24, 0x1, 0x1, [r2, r40, r41, r42, r43]}}, @cred={{0x1c, 0x1, 0x2, {0x0, r44, r45}}}, @cred={{0x1c, 0x1, 0x2, {r46, r47, r58}}}, @cred={{0x1c, 0x1, 0x2, {r59, r60, r62}}}, @cred={{0x1c, 0x1, 0x2, {r63, 0xee01, r64}}}, @cred={{0x1c, 0x1, 0x2, {r65, r66, r67}}}, @rights={{0x18, 0x1, 0x1, [r68, r70]}}, @rights={{0x28, 0x1, 0x1, [r71, r72, r74, r75, r80, r81]}}], 0x108, 0x5ec402f4a4700c25}, {&(0x7f00000048c0)=@abs={0x1, 0x0, 0x4e20}, 0x6e, &(0x7f00000049c0)=[{&(0x7f0000004940)="769c6a4b19f7374f0ec220f0b9db2f52fa920f22b796e9975f06d5080927a7cdbe5517d4aa836a1d91885d701e7d39b6ebd6cab3affc1b5daf69926f6ddf90a289a8cff36cad9ef4b6c282638e4812bfb4e0b9dadfb316", 0x57}], 0x1, &(0x7f0000004a40)=[@cred={{0x1c, 0x1, 0x2, {r82, r83, r84}}}], 0x20, 0x84}, {&(0x7f0000004a80)=@file={0x1, './file0\x00'}, 0x6e, &(0x7f0000004bc0)=[{&(0x7f0000004b00)="43bd698aa9e7db523286cf9bdeec69fb3154435c5d4d2dec87b3d938e3984de3969a594c307557041723b560370f41b2390bc28db5123856380fab9275bfe2d1d73fe66e8d0ee70ea29faeab0c4bbca7729a13a85559da45a15ad06888f954bbf1c9a8c90a2e44a958ff92087aa44828289855eb476438d9ea83538590b874e9dddda823c8d20444e8f19686", 0x8c}], 0x1, &(0x7f0000004c00)=[@rights={{0x24, 0x1, 0x1, [r85, r2, r2, r86, 0xffffffffffffffff]}}], 0x28, 0x8000}, {&(0x7f0000004c40)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f0000004ec0)=[{&(0x7f0000004cc0)="ce360d77f99a13ba16ad968102d480ff38c12f1b0522c6f0d0e290f36c163d94a3ffafe167", 0x25}, {&(0x7f0000004d00)="133eb386108f27ce7c72192bc654704342f8bfc16706001be2486c7d42cdbfcd19f321df984dfb118d37dbafe1512eb53174dda60533d0605732aaabe1fdf41d6483feac2c770ce64244de8cf64f2888221085a9487ec6aa2c4925d20e365cc40c4cc8aaf49440c9f7e734e4f9eae1612418716ec26647f3cc459cb74273819cef094312d38a3eda9ed81972c5f9eb26efc11329b36ced8fa00189ff832681ba47175c8baaea77949a991e5542b8353f9ce80d1e73f120ba895b518b678ec365938b757bbfc197ddbf9d15d85dedd33ae00e4ceb8533f4789cff4c6b5802247fbdc49b", 0xe3}, {&(0x7f0000004e00)="e821e5edb834dcff30ff40d60846813e6d9deee35c414d97bbdce12c9daa18f6f7a8290e960b207637cb0c2ec249440aa730d1fb45", 0x35}, {&(0x7f0000004e40)="39e908e6ffa1096531d8a20beb97f1ed10566ae00ed88674aca1ce04e7f9253816629ecfd0fa748991ef54078b7b23e6fa276435ed3747b84ea9187ec4efbb7bfbfff93290cf", 0x46}], 0x4, &(0x7f0000005680)=[@rights={{0x34, 0x1, 0x1, [r87, r89, r91, r1, r92, r0, r93, r94, r2]}}, @cred={{0x1c, 0x1, 0x2, {r96, r97, r98}}}, @rights={{0x20, 0x1, 0x1, [r99, r100, r101, r102]}}, @cred={{0x1c, 0x1, 0x2, {r103, r104, r105}}}, @cred={{0x1c, 0x1, 0x2, {r106, r107, r108}}}, @cred={{0x1c, 0x1, 0x2, {0xffffffffffffffff, r109, r119}}}, @cred={{0x1c, 0x1, 0x2, {r122, r123, r124}}}], 0xf8, 0xa8e0aad0d728c539}], 0x8, 0x800) r125 = creat(&(0x7f0000000300)='./file0\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) r127 = bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000040)=0xffffffffffffffff, 0x4) ioctl$FS_IOC_FSSETXATTR(r127, 0x401c5820, &(0x7f0000000080)={0x1, 0x6, 0x4, 0xff, 0x699e}) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) socket(0x0, 0x0, 0x0) r128 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_config_ext={0x928, 0x3}, 0x2c8}, 0x0, 0x4000000008, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x5, r128, 0x2) io_submit(r126, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r125, &(0x7f0000000000), 0x377140be6b5ef4c7}]) 10:30:22 executing program 4: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) socket(0x0, 0x0, 0x0) close(0xffffffffffffffff) r4 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x5, r4, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000007, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7}]) [ 2166.291668][T18895] FAT-fs (loop5): error, invalid access to FAT (entry 0x00000a20) 10:30:23 executing program 2: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) r4 = socket(0x0, 0x0, 0x0) close(r4) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000300)={0x5, 0x70, 0x81, 0x1, 0x3f, 0x1, 0x0, 0x101, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x40, 0xe21bf5a1ec0ebacf, @perf_bp={&(0x7f0000000140), 0x4}, 0x122, 0x3, 0x7fffffff, 0x0, 0x8, 0x5, 0x5}, 0x0, 0x0, 0xffffffffffffffff, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0x800100}]) [ 2166.331981][T18895] FAT-fs (loop5): Filesystem has been set read-only [ 2166.362801][T18897] netlink: 'syz-executor.3': attribute type 1 has an invalid length. 10:30:23 executing program 1: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) openat$vga_arbiter(0xffffffffffffff9c, 0x0, 0x800, 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, &(0x7f0000000380)={&(0x7f0000000280)='./file0/file0\x00'}, 0x10) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) creat(&(0x7f00000003c0)='./bus\x00', 0x0) io_setup(0x4, &(0x7f0000000180)=0x0) close(0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0x30000}]) [ 2166.442748][T18889] FAT-fs (loop5): error, fat_free_clusters: deleting FAT entry beyond EOF [ 2166.494552][T18897] netlink: 'syz-executor.3': attribute type 1 has an invalid length. [ 2166.504059][T18897] netlink: 'syz-executor.3': attribute type 1 has an invalid length. 10:30:23 executing program 5: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_open_procfs(0x0, 0x0) socket(0x0, 0x0, 0x0) close(0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x5, 0xffffffffffffffff, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000009, 0x100012, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7}]) 10:30:23 executing program 4: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) socket(0x0, 0x0, 0x0) close(0xffffffffffffffff) r4 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x5, r4, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000008, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7}]) [ 2167.022713][T18881] FAT-fs (loop0): error, fat_free_clusters: deleting FAT entry beyond EOF [ 2167.066397][T18881] FAT-fs (loop0): Filesystem has been set read-only 10:30:24 executing program 0: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) socket(0x0, 0x0, 0x0) close(0xffffffffffffffff) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0) r4 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000300)={0x5, 0x70, 0x81, 0x1, 0x3f, 0x1, 0x0, 0x101, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x40, 0xe21bf5a1ec0ebacf, @perf_bp={&(0x7f0000000140), 0x4}, 0x122, 0x3, 0x7fffffff, 0x0, 0x8, 0x5, 0x5}, 0x0, 0x5, r4, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0xd00000}]) [ 2167.498896][ T26] kauditd_printk_skb: 17 callbacks suppressed [ 2167.498920][ T26] audit: type=1804 audit(1578997824.322:3919): pid=18930 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir267585837/syzkaller.3H91Gd/1188/file0/file0" dev="loop2" ino=6744 res=1 [ 2167.718845][T18930] FAT-fs (loop2): error, fat_free_clusters: deleting FAT entry beyond EOF [ 2167.754424][ T26] audit: type=1804 audit(1578997824.432:3920): pid=18952 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir084764212/syzkaller.RzbT3U/1158/file0/file0" dev="loop1" ino=6745 res=1 [ 2167.846044][ T26] audit: type=1804 audit(1578997824.462:3921): pid=18953 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.1" name="/root/syzkaller-testdir084764212/syzkaller.RzbT3U/1158/file0/file0" dev="loop1" ino=6745 res=1 [ 2167.846682][T18930] FAT-fs (loop2): Filesystem has been set read-only 10:30:24 executing program 1: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) openat$vga_arbiter(0xffffffffffffff9c, 0x0, 0x800, 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, &(0x7f0000000380)={&(0x7f0000000280)='./file0/file0\x00'}, 0x10) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) creat(&(0x7f00000003c0)='./bus\x00', 0x0) io_setup(0x4, &(0x7f0000000180)=0x0) close(0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0x31000}]) [ 2168.066417][ T26] audit: type=1804 audit(1578997824.892:3922): pid=18943 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir776099957/syzkaller.77s99b/1545/file0/file0" dev="sda1" ino=16576 res=1 10:30:25 executing program 2: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) r4 = socket(0x0, 0x0, 0x0) close(r4) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000300)={0x5, 0x70, 0x81, 0x1, 0x3f, 0x1, 0x0, 0x101, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x40, 0xe21bf5a1ec0ebacf, @perf_bp={&(0x7f0000000140), 0x4}, 0x122, 0x3, 0x7fffffff, 0x0, 0x8, 0x5, 0x5}, 0x0, 0x0, 0xffffffffffffffff, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0x800200}]) [ 2168.199151][ T26] audit: type=1800 audit(1578997824.892:3923): pid=18943 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed comm="syz-executor.5" name="file0" dev="sda1" ino=16576 res=0 [ 2168.292107][ T26] audit: type=1804 audit(1578997824.892:3924): pid=18965 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.5" name="/root/syzkaller-testdir776099957/syzkaller.77s99b/1545/file0/file0" dev="sda1" ino=16576 res=1 [ 2168.308282][T18975] FAT-fs (loop4): error, fat_free_clusters: deleting FAT entry beyond EOF [ 2168.321885][ T26] audit: type=1804 audit(1578997825.012:3925): pid=18944 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir733692427/syzkaller.bylO6B/1216/file0/file0" dev="loop4" ino=6748 res=1 [ 2168.351861][ T26] audit: type=1800 audit(1578997825.012:3926): pid=18944 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed comm="syz-executor.4" name="file0" dev="loop4" ino=6748 res=0 [ 2168.388211][ T26] audit: type=1804 audit(1578997825.012:3927): pid=18975 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.4" name="/root/syzkaller-testdir733692427/syzkaller.bylO6B/1216/file0/file0" dev="loop4" ino=6748 res=1 10:30:25 executing program 5: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_open_procfs(0x0, 0x0) socket(0x0, 0x0, 0x0) close(0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x5, 0xffffffffffffffff, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x90000000000000a, 0x100012, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7}]) [ 2168.516516][T18975] FAT-fs (loop4): Filesystem has been set read-only [ 2168.642446][ T26] audit: type=1804 audit(1578997825.462:3928): pid=18964 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir015439455/syzkaller.0lPw5D/1209/file0/file0" dev="loop0" ino=6750 res=1 10:30:25 executing program 4: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) socket(0x0, 0x0, 0x0) close(0xffffffffffffffff) r4 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x5, r4, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000009, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7}]) [ 2168.799635][T18964] FAT-fs (loop0): error, fat_free_clusters: deleting FAT entry beyond EOF [ 2168.896320][T18964] FAT-fs (loop0): Filesystem has been set read-only 10:30:26 executing program 0: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) socket(0x0, 0x0, 0x0) close(0xffffffffffffffff) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0) r4 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000300)={0x5, 0x70, 0x81, 0x1, 0x3f, 0x1, 0x0, 0x101, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x40, 0xe21bf5a1ec0ebacf, @perf_bp={&(0x7f0000000140), 0x4}, 0x122, 0x3, 0x7fffffff, 0x0, 0x8, 0x5, 0x5}, 0x0, 0x5, r4, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0xd00100}]) [ 2169.505160][T19015] FAT-fs (loop1): error, fat_free_clusters: deleting FAT entry beyond EOF [ 2169.571710][T19015] FAT-fs (loop1): Filesystem has been set read-only 10:30:26 executing program 3: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) r2 = bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r3 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x4000000, 0x602) fsetxattr$trusted_overlay_redirect(r2, &(0x7f0000000040)='trusted.overlay.redirect\x00', &(0x7f0000000080)='./bus\x00', 0x6, 0x4) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) socket(0x0, 0x0, 0x0) close(0xffffffffffffffff) r5 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x5, r5, 0x2) io_submit(r4, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r3, &(0x7f0000000000), 0x377140be6b5ef4c7}]) 10:30:26 executing program 1: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) openat$vga_arbiter(0xffffffffffffff9c, 0x0, 0x800, 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, &(0x7f0000000380)={&(0x7f0000000280)='./file0/file0\x00'}, 0x10) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) creat(&(0x7f00000003c0)='./bus\x00', 0x0) io_setup(0x4, &(0x7f0000000180)=0x0) close(0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0x32000}]) 10:30:26 executing program 2: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) r4 = socket(0x0, 0x0, 0x0) close(r4) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000300)={0x5, 0x70, 0x81, 0x1, 0x3f, 0x1, 0x0, 0x101, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x40, 0xe21bf5a1ec0ebacf, @perf_bp={&(0x7f0000000140), 0x4}, 0x122, 0x3, 0x7fffffff, 0x0, 0x8, 0x5, 0x5}, 0x0, 0x0, 0xffffffffffffffff, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0x900000}]) [ 2169.909924][T19041] FAT-fs (loop5): error, fat_free_clusters: deleting FAT entry beyond EOF [ 2169.963354][T19041] FAT-fs (loop5): Filesystem has been set read-only 10:30:27 executing program 5: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_open_procfs(0x0, 0x0) socket(0x0, 0x0, 0x0) close(0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x5, 0xffffffffffffffff, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x90000000000000b, 0x100012, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7}]) 10:30:27 executing program 4: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) socket(0x0, 0x0, 0x0) close(0xffffffffffffffff) r4 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x5, r4, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x90000000000000a, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7}]) 10:30:27 executing program 0: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) socket(0x0, 0x0, 0x0) close(0xffffffffffffffff) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0) r4 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000300)={0x5, 0x70, 0x81, 0x1, 0x3f, 0x1, 0x0, 0x101, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x40, 0xe21bf5a1ec0ebacf, @perf_bp={&(0x7f0000000140), 0x4}, 0x122, 0x3, 0x7fffffff, 0x0, 0x8, 0x5, 0x5}, 0x0, 0x5, r4, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0xd00200}]) [ 2171.416898][T19124] FAT-fs (loop5): error, fat_get_cluster: invalid cluster chain (i_pos 970794) [ 2171.427068][T19124] FAT-fs (loop5): Filesystem has been set read-only 10:30:28 executing program 1: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) openat$vga_arbiter(0xffffffffffffff9c, 0x0, 0x800, 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, &(0x7f0000000380)={&(0x7f0000000280)='./file0/file0\x00'}, 0x10) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) creat(&(0x7f00000003c0)='./bus\x00', 0x0) io_setup(0x4, &(0x7f0000000180)=0x0) close(0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0x33000}]) [ 2171.463098][T19124] FAT-fs (loop5): error, fat_get_cluster: invalid cluster chain (i_pos 970794) 10:30:28 executing program 4: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) socket(0x0, 0x0, 0x0) close(0xffffffffffffffff) r4 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x5, r4, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x90000000000000b, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7}]) 10:30:28 executing program 2: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) r4 = socket(0x0, 0x0, 0x0) close(r4) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000300)={0x5, 0x70, 0x81, 0x1, 0x3f, 0x1, 0x0, 0x101, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x40, 0xe21bf5a1ec0ebacf, @perf_bp={&(0x7f0000000140), 0x4}, 0x122, 0x3, 0x7fffffff, 0x0, 0x8, 0x5, 0x5}, 0x0, 0x0, 0xffffffffffffffff, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0x900100}]) 10:30:28 executing program 5: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_open_procfs(0x0, 0x0) socket(0x0, 0x0, 0x0) close(0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x5, 0xffffffffffffffff, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x90000000000000c, 0x100012, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7}]) 10:30:28 executing program 3: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) fchdir(0xffffffffffffffff) r0 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r0, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r1 = openat$full(0xffffffffffffff9c, &(0x7f0000000140)='/dev/full\x00', 0x579000, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) recvfrom$l2tp6(r1, &(0x7f0000000040)=""/25, 0x19, 0x20, &(0x7f0000000080), 0x20) r3 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) socket(0x0, 0x0, 0x0) close(0xffffffffffffffff) r5 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x5, r5, 0x2) r6 = openat$full(0xffffffffffffff9c, &(0x7f0000000140)='/dev/full\x00', 0x579000, 0x0) ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0) sync_file_range(r2, 0x3, 0x9, 0x1) ioctl$KDGKBLED(r6, 0x4b64, &(0x7f00000001c0)) io_submit(r4, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r3, &(0x7f0000000000), 0x377140be6b5ef4c7}]) [ 2172.689700][ T26] kauditd_printk_skb: 14 callbacks suppressed [ 2172.689726][ T26] audit: type=1804 audit(1578997829.512:3943): pid=19130 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir015439455/syzkaller.0lPw5D/1211/file0/file0" dev="sda1" ino=16546 res=1 [ 2172.966083][T19158] FAT-fs (loop4): error, fat_free_clusters: deleting FAT entry beyond EOF [ 2173.003892][ T26] audit: type=1800 audit(1578997829.552:3944): pid=19130 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed comm="syz-executor.0" name="file0" dev="sda1" ino=16546 res=0 [ 2173.036916][T19195] FAT-fs (loop2): error, fat_free_clusters: deleting FAT entry beyond EOF [ 2173.048990][T19158] FAT-fs (loop4): Filesystem has been set read-only 10:30:29 executing program 0: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) socket(0x0, 0x0, 0x0) close(0xffffffffffffffff) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0) r4 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000300)={0x5, 0x70, 0x81, 0x1, 0x3f, 0x1, 0x0, 0x101, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x40, 0xe21bf5a1ec0ebacf, @perf_bp={&(0x7f0000000140), 0x4}, 0x122, 0x3, 0x7fffffff, 0x0, 0x8, 0x5, 0x5}, 0x0, 0x5, r4, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0xe00000}]) 10:30:29 executing program 1: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) openat$vga_arbiter(0xffffffffffffff9c, 0x0, 0x800, 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, &(0x7f0000000380)={&(0x7f0000000280)='./file0/file0\x00'}, 0x10) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) creat(&(0x7f00000003c0)='./bus\x00', 0x0) io_setup(0x4, &(0x7f0000000180)=0x0) close(0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0x34000}]) [ 2173.093913][ T26] audit: type=1804 audit(1578997829.552:3945): pid=19178 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir015439455/syzkaller.0lPw5D/1211/file0/file0" dev="sda1" ino=16546 res=1 [ 2173.099747][T19195] FAT-fs (loop2): Filesystem has been set read-only [ 2173.133358][T19212] FAT-fs (loop5): error, fat_free_clusters: deleting FAT entry beyond EOF 10:30:30 executing program 4: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) socket(0x0, 0x0, 0x0) close(0xffffffffffffffff) r4 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x5, r4, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x90000000000000c, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7}]) [ 2173.165677][T19212] FAT-fs (loop5): Filesystem has been set read-only [ 2173.174657][ T26] audit: type=1804 audit(1578997829.572:3946): pid=19156 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir084764212/syzkaller.RzbT3U/1161/file0/file0" dev="loop1" ino=6766 res=1 [ 2173.232940][ T26] audit: type=1800 audit(1578997829.572:3947): pid=19156 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed comm="syz-executor.1" name="file0" dev="loop1" ino=6766 res=0 [ 2173.267530][ T26] audit: type=1804 audit(1578997829.572:3948): pid=19190 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.1" name="/root/syzkaller-testdir084764212/syzkaller.RzbT3U/1161/file0/file0" dev="loop1" ino=6766 res=1 [ 2173.320600][ T26] audit: type=1804 audit(1578997829.592:3949): pid=19158 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.4" name="/root/syzkaller-testdir733692427/syzkaller.bylO6B/1219/file0/file0" dev="loop4" ino=6767 res=1 10:30:30 executing program 5: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_open_procfs(0x0, 0x0) socket(0x0, 0x0, 0x0) close(0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x5, 0xffffffffffffffff, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x90000000000000d, 0x100012, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7}]) 10:30:30 executing program 2: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) r4 = socket(0x0, 0x0, 0x0) close(r4) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000300)={0x5, 0x70, 0x81, 0x1, 0x3f, 0x1, 0x0, 0x101, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x40, 0xe21bf5a1ec0ebacf, @perf_bp={&(0x7f0000000140), 0x4}, 0x122, 0x3, 0x7fffffff, 0x0, 0x8, 0x5, 0x5}, 0x0, 0x0, 0xffffffffffffffff, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0x900200}]) 10:30:30 executing program 3: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) write$P9_RREMOVE(0xffffffffffffffff, &(0x7f0000000040)={0x7, 0x7b, 0x1}, 0x7) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) socket(0x0, 0x0, 0x0) close(0xffffffffffffffff) r4 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x10}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x5, r4, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7}]) [ 2173.575934][ T26] audit: type=1804 audit(1578997829.682:3950): pid=19194 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir267585837/syzkaller.3H91Gd/1191/file0/file0" dev="loop2" ino=6769 res=1 [ 2173.968008][ T26] audit: type=1800 audit(1578997829.692:3951): pid=19194 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed comm="syz-executor.2" name="file0" dev="loop2" ino=6769 res=0 [ 2174.086472][ T26] audit: type=1804 audit(1578997829.692:3952): pid=19195 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir267585837/syzkaller.3H91Gd/1191/file0/file0" dev="loop2" ino=6769 res=1 [ 2174.515421][T19276] FAT-fs (loop0): error, fat_free_clusters: deleting FAT entry beyond EOF [ 2174.535860][T19276] FAT-fs (loop0): Filesystem has been set read-only [ 2174.669630][T19281] FAT-fs (loop4): error, invalid access to FAT (entry 0x00000001) [ 2174.742667][T19281] FAT-fs (loop4): Filesystem has been set read-only 10:30:31 executing program 0: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) socket(0x0, 0x0, 0x0) close(0xffffffffffffffff) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0) r4 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000300)={0x5, 0x70, 0x81, 0x1, 0x3f, 0x1, 0x0, 0x101, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x40, 0xe21bf5a1ec0ebacf, @perf_bp={&(0x7f0000000140), 0x4}, 0x122, 0x3, 0x7fffffff, 0x0, 0x8, 0x5, 0x5}, 0x0, 0x5, r4, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0xe00100}]) 10:30:31 executing program 2: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) r4 = socket(0x0, 0x0, 0x0) close(r4) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000300)={0x5, 0x70, 0x81, 0x1, 0x3f, 0x1, 0x0, 0x101, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x40, 0xe21bf5a1ec0ebacf, @perf_bp={&(0x7f0000000140), 0x4}, 0x122, 0x3, 0x7fffffff, 0x0, 0x8, 0x5, 0x5}, 0x0, 0x0, 0xffffffffffffffff, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0xa00000}]) 10:30:31 executing program 1: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) openat$vga_arbiter(0xffffffffffffff9c, 0x0, 0x800, 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, &(0x7f0000000380)={&(0x7f0000000280)='./file0/file0\x00'}, 0x10) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) creat(&(0x7f00000003c0)='./bus\x00', 0x0) io_setup(0x4, &(0x7f0000000180)=0x0) close(0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0x35000}]) 10:30:31 executing program 4: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) socket(0x0, 0x0, 0x0) close(0xffffffffffffffff) r4 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x5, r4, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x90000000000000d, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7}]) [ 2175.328487][T19325] FAT-fs (loop5): error, fat_free_clusters: deleting FAT entry beyond EOF [ 2175.337591][T19325] FAT-fs (loop5): Filesystem has been set read-only 10:30:32 executing program 3: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) socket(0x0, 0x0, 0x0) close(0xffffffffffffffff) r4 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x5, r4, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7}]) r5 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r5, 0x6, 0x210000000013, &(0x7f0000000040)=0x100000001, 0x4) connect$inet(r5, &(0x7f0000000180)={0x2, 0x0, @local}, 0x10) setsockopt$inet_opts(r5, 0x0, 0x2, 0x0, 0x0) ioctl$sock_SIOCOUTQNSD(r5, 0x894b, &(0x7f0000000040)) 10:30:32 executing program 5: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_open_procfs(0x0, 0x0) socket(0x0, 0x0, 0x0) close(0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x5, 0xffffffffffffffff, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x90000000000000e, 0x100012, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7}]) 10:30:33 executing program 1: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) openat$vga_arbiter(0xffffffffffffff9c, 0x0, 0x800, 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, &(0x7f0000000380)={&(0x7f0000000280)='./file0/file0\x00'}, 0x10) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) creat(&(0x7f00000003c0)='./bus\x00', 0x0) io_setup(0x4, &(0x7f0000000180)=0x0) close(0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0x36000}]) [ 2176.319742][T19358] FAT-fs (loop4): error, fat_free_clusters: deleting FAT entry beyond EOF 10:30:33 executing program 0: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) socket(0x0, 0x0, 0x0) close(0xffffffffffffffff) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0) r4 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000300)={0x5, 0x70, 0x81, 0x1, 0x3f, 0x1, 0x0, 0x101, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x40, 0xe21bf5a1ec0ebacf, @perf_bp={&(0x7f0000000140), 0x4}, 0x122, 0x3, 0x7fffffff, 0x0, 0x8, 0x5, 0x5}, 0x0, 0x5, r4, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0xe00200}]) [ 2176.412620][T19358] FAT-fs (loop4): Filesystem has been set read-only 10:30:33 executing program 2: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) r4 = socket(0x0, 0x0, 0x0) close(r4) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000300)={0x5, 0x70, 0x81, 0x1, 0x3f, 0x1, 0x0, 0x101, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x40, 0xe21bf5a1ec0ebacf, @perf_bp={&(0x7f0000000140), 0x4}, 0x122, 0x3, 0x7fffffff, 0x0, 0x8, 0x5, 0x5}, 0x0, 0x0, 0xffffffffffffffff, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0xa00100}]) 10:30:33 executing program 4: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) socket(0x0, 0x0, 0x0) close(0xffffffffffffffff) r4 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x5, r4, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x90000000000000e, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7}]) 10:30:34 executing program 3: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) r4 = syz_open_procfs(0x0, 0x0) socket(0x0, 0x0, 0x0) close(0xffffffffffffffff) r5 = socket(0x22, 0x5, 0x0) setsockopt$IP_VS_SO_SET_ADDDEST(r5, 0x0, 0x487, &(0x7f0000000040)={{0x3a, @multicast1, 0x4e24, 0x2, 'wrr\x00', 0x2, 0x5, 0xd}, {@rand_addr=0x3fb, 0x4e22, 0x0, 0x8000, 0x2, 0x1f}}, 0x44) r6 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockopt$IPT_SO_GET_ENTRIES(r4, 0x0, 0x41, &(0x7f0000000580)=ANY=[@ANYBLOB="736563757a697479000000000000000000000000000000000000000000000000dd0000003e9caa3c07e2e93d532020ba4f35e7ee37875ad5c178515cd1aa68810f4d3a5fbd652f0e801e24301b8c6d6aa84cef580bd03aeb18c90610ef633a57828f70f57c44826c5925e7a0eadb3db2d436906d10d5efd769dd29af3bcd69bede8a0992eda1805cfd9726a347f791b60c43ede28f04f2c71974b671bdd48fb2aa1f4666a136b91888ce8f024cbeadd67992dbdba8f636bf1396810acc0d4278175c4e752af3a3441fa1e9deae890a0609f36b8fa197761b3d6eb8933b240a5cd9c500"/258], &(0x7f0000000140)=0x101) perf_event_open(0x0, 0x0, 0x5, r6, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7}]) 10:30:34 executing program 4: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) socket(0x0, 0x0, 0x0) close(0xffffffffffffffff) r4 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x5, r4, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x90000000000000f, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7}]) [ 2177.498316][T19434] FAT-fs (loop5): error, fat_free_clusters: deleting FAT entry beyond EOF [ 2177.520492][T19398] FAT-fs (loop1): error, fat_free_clusters: deleting FAT entry beyond EOF [ 2177.563013][T19434] FAT-fs (loop5): Filesystem has been set read-only [ 2177.655094][T19398] FAT-fs (loop1): Filesystem has been set read-only 10:30:34 executing program 1: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) openat$vga_arbiter(0xffffffffffffff9c, 0x0, 0x800, 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, &(0x7f0000000380)={&(0x7f0000000280)='./file0/file0\x00'}, 0x10) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) creat(&(0x7f00000003c0)='./bus\x00', 0x0) io_setup(0x4, &(0x7f0000000180)=0x0) close(0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0x100000}]) 10:30:34 executing program 5: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_open_procfs(0x0, 0x0) socket(0x0, 0x0, 0x0) close(0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x5, 0xffffffffffffffff, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x90000000000000f, 0x100012, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7}]) [ 2177.906572][ T26] kauditd_printk_skb: 30 callbacks suppressed [ 2177.906617][ T26] audit: type=1804 audit(1578997834.732:3983): pid=19414 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir015439455/syzkaller.0lPw5D/1214/file0" dev="sda1" ino=16487 res=1 [ 2178.040786][ T26] audit: type=1804 audit(1578997834.762:3984): pid=19428 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir267585837/syzkaller.3H91Gd/1194/file0/file0" dev="sda1" ino=16666 res=1 10:30:34 executing program 0: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) socket(0x0, 0x0, 0x0) close(0xffffffffffffffff) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0) r4 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000300)={0x5, 0x70, 0x81, 0x1, 0x3f, 0x1, 0x0, 0x101, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x40, 0xe21bf5a1ec0ebacf, @perf_bp={&(0x7f0000000140), 0x4}, 0x122, 0x3, 0x7fffffff, 0x0, 0x8, 0x5, 0x5}, 0x0, 0x5, r4, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0xf00000}]) 10:30:35 executing program 2: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) r4 = socket(0x0, 0x0, 0x0) close(r4) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000300)={0x5, 0x70, 0x81, 0x1, 0x3f, 0x1, 0x0, 0x101, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x40, 0xe21bf5a1ec0ebacf, @perf_bp={&(0x7f0000000140), 0x4}, 0x122, 0x3, 0x7fffffff, 0x0, 0x8, 0x5, 0x5}, 0x0, 0x0, 0xffffffffffffffff, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0xa00200}]) [ 2178.626906][ T26] audit: type=1804 audit(1578997835.452:3985): pid=19472 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir432377370/syzkaller.fCXC0t/1276/file0/file0" dev="loop3" ino=6794 res=1 [ 2178.739443][T19509] FAT-fs (loop3): error, invalid access to FAT (entry 0x000009d2) [ 2178.759832][ T26] audit: type=1800 audit(1578997835.482:3986): pid=19472 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed comm="syz-executor.3" name="file0" dev="loop3" ino=6794 res=0 [ 2178.772261][T19509] FAT-fs (loop3): Filesystem has been set read-only [ 2178.853239][ T26] audit: type=1804 audit(1578997835.482:3987): pid=19509 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.3" name="/root/syzkaller-testdir432377370/syzkaller.fCXC0t/1276/file0/file0" dev="loop3" ino=6794 res=1 [ 2179.041006][ T26] audit: type=1804 audit(1578997835.712:3988): pid=19487 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir733692427/syzkaller.bylO6B/1223/file0/file0" dev="sda1" ino=16656 res=1 [ 2179.069688][ T26] audit: type=1800 audit(1578997835.712:3989): pid=19487 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed comm="syz-executor.4" name="file0" dev="sda1" ino=16656 res=0 [ 2179.122124][ T26] audit: type=1804 audit(1578997835.722:3990): pid=19519 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.4" name="/root/syzkaller-testdir733692427/syzkaller.bylO6B/1223/file0/file0" dev="sda1" ino=16656 res=1 [ 2179.199659][T19503] FAT-fs (loop0): error, fat_free_clusters: deleting FAT entry beyond EOF [ 2179.211136][ T26] audit: type=1804 audit(1578997835.922:3991): pid=19533 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir084764212/syzkaller.RzbT3U/1165/file0/file0" dev="loop1" ino=6797 res=1 [ 2179.238977][T19503] FAT-fs (loop0): Filesystem has been set read-only 10:30:36 executing program 3: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000040)='./file0\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) socket(0x0, 0x0, 0x0) close(0xffffffffffffffff) r4 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x5, r4, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7}]) 10:30:36 executing program 4: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) socket(0x0, 0x0, 0x0) close(0xffffffffffffffff) r4 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x5, r4, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000011, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7}]) [ 2179.333252][T19491] FAT-fs (loop1): error, fat_free_clusters: deleting FAT entry beyond EOF [ 2179.358637][ T26] audit: type=1804 audit(1578997835.922:3992): pid=19491 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.1" name="/root/syzkaller-testdir084764212/syzkaller.RzbT3U/1165/file0/file0" dev="loop1" ino=6797 res=1 10:30:36 executing program 5: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_open_procfs(0x0, 0x0) socket(0x0, 0x0, 0x0) close(0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x5, 0xffffffffffffffff, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000011, 0x100012, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7}]) 10:30:36 executing program 0: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) socket(0x0, 0x0, 0x0) close(0xffffffffffffffff) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0) r4 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000300)={0x5, 0x70, 0x81, 0x1, 0x3f, 0x1, 0x0, 0x101, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x40, 0xe21bf5a1ec0ebacf, @perf_bp={&(0x7f0000000140), 0x4}, 0x122, 0x3, 0x7fffffff, 0x0, 0x8, 0x5, 0x5}, 0x0, 0x5, r4, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0xf00100}]) [ 2179.435938][T19491] FAT-fs (loop1): Filesystem has been set read-only 10:30:36 executing program 1: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) openat$vga_arbiter(0xffffffffffffff9c, 0x0, 0x800, 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, &(0x7f0000000380)={&(0x7f0000000280)='./file0/file0\x00'}, 0x10) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) creat(&(0x7f00000003c0)='./bus\x00', 0x0) io_setup(0x4, &(0x7f0000000180)=0x0) close(0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0x100100}]) [ 2179.766435][T19537] FAT-fs (loop2): error, fat_free_clusters: deleting FAT entry beyond EOF [ 2179.775534][T19537] FAT-fs (loop2): Filesystem has been set read-only 10:30:36 executing program 2: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) r4 = socket(0x0, 0x0, 0x0) close(r4) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000300)={0x5, 0x70, 0x81, 0x1, 0x3f, 0x1, 0x0, 0x101, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x40, 0xe21bf5a1ec0ebacf, @perf_bp={&(0x7f0000000140), 0x4}, 0x122, 0x3, 0x7fffffff, 0x0, 0x8, 0x5, 0x5}, 0x0, 0x0, 0xffffffffffffffff, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0xb00000}]) [ 2180.721550][T19599] FAT-fs (loop4): error, fat_free_clusters: deleting FAT entry beyond EOF [ 2180.741580][T19599] FAT-fs (loop4): Filesystem has been set read-only 10:30:37 executing program 3: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) r3 = openat$full(0xffffffffffffff9c, &(0x7f0000000140)='/dev/full\x00', 0x579000, 0x0) ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$int_in(r3, 0x5421, &(0x7f0000000040)=0x5c) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) lstat(&(0x7f0000000180)='./file0\x00', &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x0}) setsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, &(0x7f0000001480)={{{@in=@loopback, @in=@multicast2, 0x4e20, 0x1, 0x4e21, 0x1, 0x2, 0x180, 0x0, 0x73, 0x0, r5}, {0x3ff, 0x0, 0x0, 0x9, 0x20, 0x1, 0x9, 0x5}, {0x2, 0x5, 0x37, 0x1000}, 0xffffff01, 0x6e6bb2, 0x3, 0x1, 0x2, 0x3}, {{@in6=@ipv4={[], [], @multicast2}, 0x4d3}, 0xa, @in=@empty, 0x0, 0x0, 0x1, 0x3, 0x400, 0x9}}, 0xe8) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000580)={0x0, 0x0, 0x0}, &(0x7f00000005c0)=0xc) getgroups(0x3, &(0x7f0000000540)=[0xee00, 0xffffffffffffffff, r6]) fchown(r3, r5, r6) syz_open_procfs(0x0, 0x0) socket(0x0, 0x0, 0x0) close(0xffffffffffffffff) r7 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x5, r7, 0x2) io_submit(r4, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7}]) ioctl$KVM_GET_PIT(0xffffffffffffffff, 0xc048ae65, &(0x7f0000000340)) r8 = socket$rxrpc(0x21, 0x2, 0x69ef8eaae1dd3aa1) getsockopt$sock_timeval(r8, 0x1, 0x43, &(0x7f0000000200), &(0x7f0000000280)=0x10) 10:30:37 executing program 0: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) socket(0x0, 0x0, 0x0) close(0xffffffffffffffff) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0) r4 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000300)={0x5, 0x70, 0x81, 0x1, 0x3f, 0x1, 0x0, 0x101, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x40, 0xe21bf5a1ec0ebacf, @perf_bp={&(0x7f0000000140), 0x4}, 0x122, 0x3, 0x7fffffff, 0x0, 0x8, 0x5, 0x5}, 0x0, 0x5, r4, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0xf00200}]) 10:30:37 executing program 4: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) socket(0x0, 0x0, 0x0) close(0xffffffffffffffff) r4 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x5, r4, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x9000000000000e0, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7}]) [ 2181.092154][T19633] FAT-fs (loop5): error, fat_free_clusters: deleting FAT entry beyond EOF [ 2181.142447][T19633] FAT-fs (loop5): Filesystem has been set read-only [ 2181.175412][T19639] FAT-fs (loop1): error, fat_free_clusters: deleting FAT entry beyond EOF [ 2181.227510][T19639] FAT-fs (loop1): Filesystem has been set read-only 10:30:38 executing program 5: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_open_procfs(0x0, 0x0) socket(0x0, 0x0, 0x0) close(0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x5, 0xffffffffffffffff, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000012, 0x100012, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7}]) 10:30:38 executing program 1: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) openat$vga_arbiter(0xffffffffffffff9c, 0x0, 0x800, 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, &(0x7f0000000380)={&(0x7f0000000280)='./file0/file0\x00'}, 0x10) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) creat(&(0x7f00000003c0)='./bus\x00', 0x0) io_setup(0x4, &(0x7f0000000180)=0x0) close(0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0x100200}]) 10:30:38 executing program 2: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) r4 = socket(0x0, 0x0, 0x0) close(r4) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000300)={0x5, 0x70, 0x81, 0x1, 0x3f, 0x1, 0x0, 0x101, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x40, 0xe21bf5a1ec0ebacf, @perf_bp={&(0x7f0000000140), 0x4}, 0x122, 0x3, 0x7fffffff, 0x0, 0x8, 0x5, 0x5}, 0x0, 0x0, 0xffffffffffffffff, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0xb00100}]) [ 2182.197061][T19693] FAT-fs (loop1): error, fat_free_clusters: deleting FAT entry beyond EOF [ 2182.218072][T19693] FAT-fs (loop1): Filesystem has been set read-only [ 2182.226767][T19700] FAT-fs (loop4): error, fat_free_clusters: deleting FAT entry beyond EOF [ 2182.242980][T19700] FAT-fs (loop4): Filesystem has been set read-only [ 2182.392798][T19710] FAT-fs (loop0): error, fat_free_clusters: deleting FAT entry beyond EOF 10:30:39 executing program 1: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) openat$vga_arbiter(0xffffffffffffff9c, 0x0, 0x800, 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, &(0x7f0000000380)={&(0x7f0000000280)='./file0/file0\x00'}, 0x10) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) creat(&(0x7f00000003c0)='./bus\x00', 0x0) io_setup(0x4, &(0x7f0000000180)=0x0) close(0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0x100300}]) 10:30:39 executing program 4: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) socket(0x0, 0x0, 0x0) close(0xffffffffffffffff) r4 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x5, r4, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x90000000000171b, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7}]) [ 2182.495485][T19710] FAT-fs (loop0): Filesystem has been set read-only 10:30:39 executing program 3: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) socket(0x0, 0x0, 0x0) close(0xffffffffffffffff) r4 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x5, r4, 0x2) io_submit(r3, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0xfffe, r2, &(0x7f0000000000), 0x26c, 0x0, 0x0, 0x0, r0}]) 10:30:39 executing program 0: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) socket(0x0, 0x0, 0x0) close(0xffffffffffffffff) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0) r4 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000300)={0x5, 0x70, 0x81, 0x1, 0x3f, 0x1, 0x0, 0x101, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x40, 0xe21bf5a1ec0ebacf, @perf_bp={&(0x7f0000000140), 0x4}, 0x122, 0x3, 0x7fffffff, 0x0, 0x8, 0x5, 0x5}, 0x0, 0x5, r4, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0x1000000}]) [ 2182.984795][T19741] FAT-fs (loop3): error, fat_get_cluster: invalid cluster chain (i_pos 970769) [ 2183.042197][T19741] FAT-fs (loop3): Filesystem has been set read-only [ 2183.049512][T19741] FAT-fs (loop3): error, fat_get_cluster: invalid cluster chain (i_pos 970769) [ 2183.205015][ T26] kauditd_printk_skb: 31 callbacks suppressed [ 2183.205040][ T26] audit: type=1804 audit(1578997840.032:4024): pid=19726 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir267585837/syzkaller.3H91Gd/1197/file0/file0" dev="loop2" ino=6819 res=1 [ 2183.270806][T19726] FAT-fs (loop2): error, fat_free_clusters: deleting FAT entry beyond EOF 10:30:40 executing program 3: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) openat$cgroup_procs(r0, &(0x7f0000000040)='cgroup.procs\x00', 0x2, 0x0) socket(0x0, 0x0, 0x0) close(0xffffffffffffffff) r4 = openat$ipvs(0xffffffffffffff9c, 0x0, 0x2, 0x0) ioctl$FS_IOC_FIEMAP(r4, 0xc020660b, &(0x7f0000000280)=ANY=[@ANYBLOB="09000000000000020000001900400003000000000000000000000000000000000000000000000000000000000225000000000000000096c96f0aa0db0000000000007200000000008001ee00000000000000000000000000000000000000000000000000000000000000010100000000000000000000000000006f6a0000000000000000f8847deae0460d0e28eb8b32b5c9b24894229bdd5d"]) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000040)='IPVS\x00') sendmsg$IPVS_CMD_NEW_SERVICE(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000080)={0x28, r6, 0x1, 0x0, 0x0, {}, [@IPVS_CMD_ATTR_SERVICE={0x14, 0x1, [@IPVS_SVC_ATTR_FWMARK={0x8, 0x5, 0x2}, @IPVS_SVC_ATTR_AF={0x8, 0x1, 0x2}]}]}, 0x28}}, 0x0) r7 = dup2(r4, r5) r8 = perf_event_open(&(0x7f000001d000)={0x1, 0x6b, 0x0, 0x2, 0x0, 0x1, 0x0, 0x83, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080), 0x2}, 0x10000, 0x0, 0xfffffffc, 0x1, 0xffffffffffffffff, 0x0, 0x4}, 0x0, 0xffffffffffffffff, r7, 0x0) perf_event_open(0x0, 0x0, 0x5, r8, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7}]) [ 2183.328581][T19726] FAT-fs (loop2): Filesystem has been set read-only 10:30:40 executing program 5: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_open_procfs(0x0, 0x0) socket(0x0, 0x0, 0x0) close(0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x5, 0xffffffffffffffff, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000013, 0x100012, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7}]) [ 2183.434595][ T8138] FAT-fs (loop3): error, fat_get_cluster: invalid cluster chain (i_pos 970769) [ 2183.596823][ T26] audit: type=1804 audit(1578997840.422:4025): pid=19747 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.4" name="/root/syzkaller-testdir733692427/syzkaller.bylO6B/1226/file0/file0" dev="sda1" ino=16700 res=1 10:30:40 executing program 2: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) r4 = socket(0x0, 0x0, 0x0) close(r4) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000300)={0x5, 0x70, 0x81, 0x1, 0x3f, 0x1, 0x0, 0x101, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x40, 0xe21bf5a1ec0ebacf, @perf_bp={&(0x7f0000000140), 0x4}, 0x122, 0x3, 0x7fffffff, 0x0, 0x8, 0x5, 0x5}, 0x0, 0x0, 0xffffffffffffffff, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0xb00200}]) [ 2183.712964][ T26] audit: type=1804 audit(1578997840.532:4026): pid=19750 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir084764212/syzkaller.RzbT3U/1168/file0/file0" dev="loop1" ino=6822 res=1 [ 2183.835631][ T26] audit: type=1804 audit(1578997840.642:4027): pid=19755 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.1" name="/root/syzkaller-testdir084764212/syzkaller.RzbT3U/1168/file0/file0" dev="loop1" ino=6822 res=1 [ 2183.863666][T19805] netlink: 'syz-executor.3': attribute type 1 has an invalid length. [ 2183.881005][T19751] FAT-fs (loop0): error, invalid access to FAT (entry 0x00000001) 10:30:40 executing program 4: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) socket(0x0, 0x0, 0x0) close(0xffffffffffffffff) r4 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x5, r4, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x90000000000ffe0, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7}]) [ 2184.035076][T19751] FAT-fs (loop0): Filesystem has been set read-only [ 2184.082198][ T26] audit: type=1804 audit(1578997840.902:4028): pid=19771 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir015439455/syzkaller.0lPw5D/1218/file0/file0" dev="loop0" ino=6825 res=1 10:30:41 executing program 1: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) openat$vga_arbiter(0xffffffffffffff9c, 0x0, 0x800, 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, &(0x7f0000000380)={&(0x7f0000000280)='./file0/file0\x00'}, 0x10) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) creat(&(0x7f00000003c0)='./bus\x00', 0x0) io_setup(0x4, &(0x7f0000000180)=0x0) close(0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0x200000}]) [ 2184.330754][T19799] FAT-fs (loop0): error, invalid access to FAT (entry 0x00000001) [ 2184.368498][ T26] audit: type=1800 audit(1578997840.942:4029): pid=19771 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed comm="syz-executor.0" name="file0" dev="loop0" ino=6825 res=0 [ 2184.732458][ T26] audit: type=1804 audit(1578997840.942:4030): pid=19799 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir015439455/syzkaller.0lPw5D/1218/file0/file0" dev="loop0" ino=6825 res=1 [ 2184.743195][T19794] netlink: 'syz-executor.3': attribute type 1 has an invalid length. [ 2184.761816][ T26] audit: type=1804 audit(1578997841.452:4031): pid=19784 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir432377370/syzkaller.fCXC0t/1280/file0/file0" dev="loop3" ino=6827 res=1 10:30:41 executing program 0: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) socket(0x0, 0x0, 0x0) close(0xffffffffffffffff) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0) r4 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000300)={0x5, 0x70, 0x81, 0x1, 0x3f, 0x1, 0x0, 0x101, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x40, 0xe21bf5a1ec0ebacf, @perf_bp={&(0x7f0000000140), 0x4}, 0x122, 0x3, 0x7fffffff, 0x0, 0x8, 0x5, 0x5}, 0x0, 0x5, r4, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0x2000000}]) [ 2184.915924][ T26] audit: type=1804 audit(1578997841.652:4032): pid=19811 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir776099957/syzkaller.77s99b/1554/file0/file0" dev="sda1" ino=16648 res=1 [ 2185.009397][T19846] FAT-fs (loop2): error, fat_free_clusters: deleting FAT entry beyond EOF [ 2185.014340][ T26] audit: type=1800 audit(1578997841.652:4033): pid=19811 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed comm="syz-executor.5" name="file0" dev="sda1" ino=16648 res=0 [ 2185.059440][T19846] FAT-fs (loop2): Filesystem has been set read-only 10:30:42 executing program 5: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_open_procfs(0x0, 0x0) socket(0x0, 0x0, 0x0) close(0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x5, 0xffffffffffffffff, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000014, 0x100012, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7}]) 10:30:42 executing program 3: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16, 0x3}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) socket(0x0, 0x0, 0x0) close(0xffffffffffffffff) r4 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x5, r4, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7}]) r5 = openat$full(0xffffffffffffff9c, &(0x7f0000000140)='/dev/full\x00', 0x579000, 0x0) ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) fchmodat(0xffffffffffffffff, &(0x7f0000000080)='./bus\x00', 0x40aab8fcfe93fc7e) fcntl$setsig(r5, 0xa, 0x11) r6 = openat$ipvs(0xffffffffffffff9c, 0x0, 0x2, 0x0) ioctl$FS_IOC_FIEMAP(r6, 0xc020660b, &(0x7f0000000280)=ANY=[@ANYBLOB="09000000000000020000001900400003000000000000000000000000000000000000000000000000000000000225000000000000000096c96f0aa0db0000000000007200000000008001ee00000000000000000000000000000000000000000000000000000000000000010100000000000000000000000000006f6a0000000000000000f8847deae0460d0e28eb8b32b5c9b24894229bdd5d"]) ioctl$VIDIOC_SUBDEV_G_CROP(r6, 0xc038563b, &(0x7f0000000040)={0x0, 0x0, {0x4, 0x81, 0x5, 0x8}}) [ 2185.414506][T19832] FAT-fs (loop4): error, fat_free_clusters: deleting FAT entry beyond EOF [ 2185.423734][T19832] FAT-fs (loop4): Filesystem has been set read-only 10:30:42 executing program 2: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) r4 = socket(0x0, 0x0, 0x0) close(r4) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000300)={0x5, 0x70, 0x81, 0x1, 0x3f, 0x1, 0x0, 0x101, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x40, 0xe21bf5a1ec0ebacf, @perf_bp={&(0x7f0000000140), 0x4}, 0x122, 0x3, 0x7fffffff, 0x0, 0x8, 0x5, 0x5}, 0x0, 0x0, 0xffffffffffffffff, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0xc00000}]) 10:30:42 executing program 4: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) socket(0x0, 0x0, 0x0) close(0xffffffffffffffff) r4 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x5, r4, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x9000000ffffffe0, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7}]) 10:30:42 executing program 1: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) openat$vga_arbiter(0xffffffffffffff9c, 0x0, 0x800, 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, &(0x7f0000000380)={&(0x7f0000000280)='./file0/file0\x00'}, 0x10) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) creat(&(0x7f00000003c0)='./bus\x00', 0x0) io_setup(0x4, &(0x7f0000000180)=0x0) close(0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0x200100}]) 10:30:42 executing program 0: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) socket(0x0, 0x0, 0x0) close(0xffffffffffffffff) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0) r4 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000300)={0x5, 0x70, 0x81, 0x1, 0x3f, 0x1, 0x0, 0x101, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x40, 0xe21bf5a1ec0ebacf, @perf_bp={&(0x7f0000000140), 0x4}, 0x122, 0x3, 0x7fffffff, 0x0, 0x8, 0x5, 0x5}, 0x0, 0x5, r4, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0x3000000}]) [ 2185.652177][T19887] FAT-fs (loop3): invalid media value (0x02) [ 2185.673252][T19887] FAT-fs (loop3): Can't find a valid FAT filesystem [ 2186.499678][T19887] FAT-fs (loop3): invalid media value (0x02) [ 2186.623110][T19887] FAT-fs (loop3): Can't find a valid FAT filesystem 10:30:43 executing program 5: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_open_procfs(0x0, 0x0) socket(0x0, 0x0, 0x0) close(0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x5, 0xffffffffffffffff, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000015, 0x100012, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7}]) [ 2187.080937][T19926] FAT-fs (loop0): error, fat_free_clusters: deleting FAT entry beyond EOF [ 2187.096185][T19926] FAT-fs (loop0): Filesystem has been set read-only 10:30:44 executing program 4: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) socket(0x0, 0x0, 0x0) close(0xffffffffffffffff) r4 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x5, r4, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x9000000fffffffe, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7}]) 10:30:44 executing program 2: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) r4 = socket(0x0, 0x0, 0x0) close(r4) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000300)={0x5, 0x70, 0x81, 0x1, 0x3f, 0x1, 0x0, 0x101, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x40, 0xe21bf5a1ec0ebacf, @perf_bp={&(0x7f0000000140), 0x4}, 0x122, 0x3, 0x7fffffff, 0x0, 0x8, 0x5, 0x5}, 0x0, 0x0, 0xffffffffffffffff, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0xc00100}]) 10:30:44 executing program 1: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) openat$vga_arbiter(0xffffffffffffff9c, 0x0, 0x800, 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, &(0x7f0000000380)={&(0x7f0000000280)='./file0/file0\x00'}, 0x10) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) creat(&(0x7f00000003c0)='./bus\x00', 0x0) io_setup(0x4, &(0x7f0000000180)=0x0) close(0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0x200200}]) 10:30:44 executing program 0: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) socket(0x0, 0x0, 0x0) close(0xffffffffffffffff) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0) r4 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000300)={0x5, 0x70, 0x81, 0x1, 0x3f, 0x1, 0x0, 0x101, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x40, 0xe21bf5a1ec0ebacf, @perf_bp={&(0x7f0000000140), 0x4}, 0x122, 0x3, 0x7fffffff, 0x0, 0x8, 0x5, 0x5}, 0x0, 0x5, r4, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0x4000000}]) [ 2187.725735][T19983] FAT-fs (loop5): error, fat_get_cluster: invalid cluster chain (i_pos 970788) [ 2187.784185][T19983] FAT-fs (loop5): Filesystem has been set read-only [ 2187.802582][T19983] FAT-fs (loop5): error, fat_get_cluster: invalid cluster chain (i_pos 970788) 10:30:44 executing program 5: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_open_procfs(0x0, 0x0) socket(0x0, 0x0, 0x0) close(0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x5, 0xffffffffffffffff, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000016, 0x100012, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7}]) [ 2188.480909][ T26] kauditd_printk_skb: 18 callbacks suppressed [ 2188.480937][ T26] audit: type=1804 audit(1578997845.302:4052): pid=20025 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.4" name="/root/syzkaller-testdir733692427/syzkaller.bylO6B/1229/file0/file0" dev="loop4" ino=6845 res=1 10:30:45 executing program 3: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) syz_read_part_table(0xd2fe, 0x5, &(0x7f0000000680)=[{&(0x7f0000000a00)="29a43085f0b6ff9305587a77109a072e90a97ea01efe3cb475791da4b0772c3b3dae99964eb1877ec88afbf9a4b37b1142e42dc9955a76c20b0c49ede2a947704006c0f0d2b1bbb0b16981151ec9f58995ac686ef64d01aa8b4a784a75f3180372fec7024dc61197ad5ed30989e435613cba23e9ae9c264cd425ce9ddec28fbc65e9335f3ff465fe8c0d087603baa306f300757ba309464f7e1f949f88713b7877c5b31555de3297411289682a907aef3ba3935da99806db8de59cf63711d2be53d52b6ae5f293e30d41d8770cafcd614a1589aa506ee660647178fb83f0c8c5890aa7e95cc31fab7238f140bbd07570cfe3f73ff9aed30cfc5739ef3f99f6b3a3baecb31c3f75a9cc9be528640d7806b6742929ceb82ed28c8b6843186a00e88d5db0a5b49899b98bf1531d8d7c65b96333275e6eb1d3ec4ec1586b8dda7f5087ef245c3eb6a22f87f37b2269a3351a910d4271ea17b37258436dae796aa24037402f04c70488a2d2c6a2cbd45a95ccdc3fce76d9e40458e5dbec90ab8ce3660b05f5bdcd3d4dcfb6e685f631ae075491028065e71bea18937fec225c6b075320cdea280e25f154ec3522c7d86bd31a8a3c070c3ef1660d0f225a5253fdff6b07c786c05e949c5cdae4357f4f02930cf3fbcdda7a5b62a3f4d045fe651dc7bcd187b333a16ddd14e850b22fea60dea3cbf98c25e760c56db8bb4577ad56fb221c61237f121909a5e886068b9b5e86cd6433d1069ab7fb74a4d1630382e0a95f3dd5523b6a08248aff8aebd7c3441a3b427c6512f66aaab6e580dc8d57a1b2539908fa2edcfdd8b390003f006ce2eee06355c3634745a17724011149dbae3f5fbec2923228eaabb9cbd3ba7d49819833eab6e14e0203b8fd1bf06a52420196d37a75d51c276163cce3e0d59043279e264b39cf8b1744ff58dc00d367a0791f485b51f25217a2cc9c8114940aec52f49dff893be0750fcf7c9e658098bbf16f4619523e54d25089146be32ce337895e3c252bb1345d85e17182a8821341dfbef8f5265b0dcfe05aefb0fd4649b90924bbbd4703563de8bc5c347cf03aa025d856697f0ee2031af7077f42246f08274537c5b0bfcd1718f5968a847d3e9c6d1ddaa28f9eb6f92e9b09b57d4870b34f42f374c67fa3aa506889fb77866fc88b0aa446ea66c2d616151deed7c0985dcd1282369048f3dcb009d50bc9ef7f996296929a4f08e0a3bdee6e12092a765754b5f6d4e7ec60eb56bc37443317d2e7496926919a5c96e69cbc44ef6f0df8cfa8baf906a1d444cefb4eb18e3b4b636bc27726166f950d42b973874c58223d0bd593b1559dc3dd6acb1524dfefc30e758f932cdd2f8d02e5feb1a242413054f251bd4b85e7c91839d6a86ff05773d8701bef69411be87f71aa559757079fb3c249334ffa768c4228baf8ee6e9c1fa3b4c15c4488a76f117c2e3ca9915644c9a673406392708b4dd36a270729da94776d07934cfe4b711d62b475cf7bc004cc40307a10d56f6a19125cd18fd9fa7bae8e7b0c137b28fa2010876550daaea770cfa72fd69dd20f4d229c84ced9344f6dee59ef2ee45a105b0de655f25c11548bde1f2ffac66c56a3989e31923f760dac5701b3f2cb2623566910e1bcc2300bda170285aba2f7ad53009052a2c4ccfc659a81fc530200d0b041a7afdfb1ce3bb7465aa2da7bd9d3dd52e43197895ea2feeb4b355174e7d0ebc71584e0f89a6c0c900ec37de2bf7d90059efbcd92ad937255882437c15b04f1799ca38b4fc6e8b6ff0e413aa211a6ffc3710332972b6f3f2ce2918ea1edc9a3e5f456790203a70cf5a85e5ccdc388e5204babdb0e11eeffba15ba59b5d1c55e9d5d7f92ea56bdcc00cc44b877af80cea34325f778fdd446abfe287037307c3af96d4b828c204435b8b236c95a7e7e3709cde499cdcbe94796a7fd9855abb513671aa30310fda457953390b5dfa3282873037de077d94ff1f9fbf9d28964234fd133a8e71088e6c0fb99f528b94bc9cda7d299dc34489fd36522a6cc9608b9846915ae407984645933ac0332e44af4ad614b7cbba8a14dd51adcec3d2a83ba769a415243a0b3d5f952a04109396048bb42844cc9140f6c5456fa3454183e55632cc2e2ea3ca0a6621b0f822ad9959fd3ecc84d32c69b295379763458aa381ee9b936f9508aba687b15c094e62c64ca346efa193668c6121d9b88d43b8b5ac56de3d1eeed1c3e66e15178613f417ee9fe3546cc6fea5d2e2de7f03585d45f2ef178f8db7dff17b1968fdf4d22e7c372a5f4f15bba1eacc3f8f615f6be71ca8ffa66457675f011948fbbd70a8f09e1f9897d8e22cddda574115f28808e0150c18adce9d2f8a17ca58f21730ccf42f47d36aca2c381e28b36743c08ad7050b46cda550c22748adbb96e7a94f9439fa556dc20ede48774c8f253b323dbe78df5a50293b63ed8ccfd2c2bf54ad6b2aa80265215ccd391baad5f2dfb06930d2f5cb7b1cc24400ff91fe98456dca6d64bc69256f47e64a6b6380540e41763842baa46e17a9ca7ff0002536fad1c51af317d1671cdeace82af2cb854c64a1108cefd509149f2da12d0d5d2a32b5f06b7fb08eacb0cdf9e819bafb0bb6a75b0229a466f639ad9d11c35d3132e3c292bd8977a5ef1637c2a72a86e57dd79216dee0fb06657994b6b5dbec6b9b9a15471c481faafb04611208487df114fa57631c061ce3f97e6fd210c239b7275dda3e1f73e811e64ce02e14bf575c2518e4ae444ffbf2e76a3f82550a226c1ee2772d107eecfec75a739a6f03f74235016782d4eef54b8bdf7c3f1f585181f888743d8ba8bb51d19051097b5b21cef2627ee1c6017cdd0f886bdb3e31aa06e5bc6f02e4d59f92a5e836500745799f34fa6fda83cde054afb6ca2bfdd2b1b9238ede74a47cf1f57a72cf75750a04ed86e4c9a5a7b33ecf3b0b21f2e6f3584260bf508534b6916b9921596bbee223c2a299d5fb31ef6506c178eeecadb214112cccbed9f89b73a1a5c2ce80b98b75f268da47081d511b56418285cccb42c11e96c9e0d089a53dae5d552b281d423d1e355427690fd1e4768938134ff3dc2edc062c706b5733f4bcd74ddb26c0c6952c959651329b5566d73975da980e063a60c5130dc6ccb0772642368feb243fd661eb7041d3043d27eca52ba1eaf9702d403df2821083730e9dd364c1990cf9bf92a7eb107d2da0b4c3ffa03d808383257ac119a33be5f5494037d9b4a3f956f5015aa6373617f01c5d3806ba6d98b5011086ee49f4047e135e16ae8502a34a51e6f455bc8cfd73c7522ea5e6bd0244ecc79cdb8234c04fc5a3f097c86b1e81d95b12111891683a720c885b656a5b50d0bc180054336ffe588a66096f29581142682f6e42e71ca33fe1b94f8d3e70c9b0bcfd4a9f620b35227273102f7de7be1e565afb7af16d697a36b2ec72cc451a9f6740fb4482d8b050913747220b59aec73a92bd7782850b9afae674daecfa2df7d80068290ecc030b55fd714871c284eba8485729eca7c7c6ecafd6fd35c710ab720bf0b75e1b23e822e1064dba337761323a85559e169066f80c4336e25b46b0d6e072293fe115c29b00efce423fdadf4a93a5b7e78bd1e830ba675c09be1bb303f3c1d357b504fee3a7bba129619ff73621ee612ee309c9af3d82eda45af4dc5a7f68934835a8c5a8e27faf52182403df3a1bcd58363d1cd52c5c62f6acb898cf0781240d66f7cd27f4beab7cafd4e015b687eae7f15042f84120355d0c19ca75f6fde2e7640ea8ba5488c5024875a73791b6e0371549f46d8da503166140007f05bb80afa80ed503681c5831be68ed320116e686724dc7220a1633cfcd6dcff3f75187701e08ad30bda4f59478602060a24770465fd7694ce8833e03c493a382722937b381e5761431cb0f0a78042ee0c62359c7200faa615b045631865253776ebae0bcc20b4d3e45e77a07a8e063466d41b4b48557ed0c10db77cc486a3b945da16c849802f82a773a527049948dae8435a4e794ece1940f59a6aa999ed03538a3fee491f1979d13ff1bfa9e0a9774358fd5c0f8ea7cc549100032e53daed4f8dd57a34d8f8d54aed1005c5da1b9f3654ec73c0d8345052eaf2c4431b0e566f3f08bff6614ae59a6c632e8a76df0bedbb38ae05b3b60c7504b35d747254d440313fbb076eaede505560011984a9b12802e4ce8ea2a0b5d6ecd76a3928f250542655a5674cad83d3b693f8bd10fd5ef523a38a4235dea66804ae3765e291d1dab41b97b7b8259ec6d07f125c1d2ea0e8ded2aa51d0c1c38f0b4975425176b6fdc0ab6327780a0d1b88d1fbfe05d9cf624e63d75b86cf633b320d46435a0c863be964070b790bdea7d595d4a51340283fb878e145c5eefa80164601990e506899f3b93c00b7d0fd2aa4d13da120ac11aca8e320584f8f9a3e04ae167414ee187f66ecfc6d6cb857da50752300dc478428aa0b4d38535c037cbfaeabe7800b5bdb548967c40fc66fcb0dfd89de438e70745551f7ef92fb3dbec947a9ddd73b870276f0bc09920d443470fad4e0b5b04775fc07c31fd93c01a41685cbcda3109a293a42bb3e0a752000c0a4a267872a4eb8d3d4d5ba6c7c3196d70c63b95ab75dced4521acb2cc084eef555d2bec0550bed49b78cec57fffd781602e6265c241ffba0e9cc2a3e21f744548f645cd12597c86c28128804ea2bae7ec5cdd2da0419447bc565b7e659db3e8a8b54cd456017abb2edca05820ed966dab6d11ee04b674ad333b1ff9c2732163107ee81dbfd5ccacf902b3dfb5ee6ad7008e9a3c75722fc5bb3af410c2273f8b5a529a57a4955ec9ab13551ec3c7a6492cd3aaaa4968d5e3f7255cd68d6037721e7b2452f5af39f36a202b6932907656577a722cb47e1fab4449b16090ccc7daf89f08a874f7fe0ffd2004bb05e62d634732827baa3ffd44b773c9c17af86efb51c4aa6e94247ee16ae0393725ac80bf285e8bd76de998ec092cb360551179ef90596d99966a518078257ce81393688a152c9451295963d2d04bffb9a354f53d9181c6acf0e4d21e06f776fcaf3f7e41cbfc88d4f227abd1e11905f3587bee2427783ded039fa3de805089b958cc2e0ecc1f1365e173bcbc649a5832a20d4a9e5ec13ef4c8033461c7d8582c15fb73e5fa64a40f892fa1d7533b7a447087a6e7f6b06ef7c96ba7160320f3511705da605fbe883b201843e50a1bdae5ccae350fa67734debccd545d621b81abc625719bd2280c19598f4e75872a3ba869053ac36a318c7cedcf38aded59ceba5a44ad12bc6fd04789fcfe5ccfb406c030739b34c5873046e3ecbaae098af8ff81b2b469d6104cbb1441e9b777d72125ae226d5087c632b4ce753eee0b8825d32420fe0e5a2e36e1521681b09c38beadcc66da68275327ff55a0b9244f02399379cda66d8a4e5bf7b693888649bad82e4eaf4b888bf2750b79dda4d92f3ccfcdc661d95eea631dd952d08ce8f02d0345c197bb735be80b28c6a0584835336fc822898ebaccc1370146c7cd32fe9a7c4a3b8a40bcec4031b658f5b674688bbbb8f73b7f8334c3de1f495da3537c6e9f68fedaee8325ac82ee3c9ad362c1aa63fbd3530be06cb8553985317a87988205441ee788821aca45cbef162c47784b09e186c3ec3b41f46df1ff1d94e3e8d16a90d199dff77546c774ecd8b6996014d2ca87e6ccc808702189afb9c0a1d35651766fc924c2d50a63426a4e4543d7a34053b62478c4caf9e2f732de107337bce8b6affbfbf69d52d6abe940168ee090e3c49", 0x1000, 0xf18b}, {&(0x7f0000000400)="09818c3b48be8c8f83224ace01c2584e36672f20ddadf6e73e717c9d2e502c9bdf5d29d14ef304179a8580cb443b460f51e7d1516e92a21c0aff03924722a73289434fd032d27b7204c837e27e618d5c42a65972b79b", 0x56, 0x1}, {&(0x7f0000000480)="e04d7978d6e8f1434d55fa70b62a0d1aeed3c23b3f617f8352cd9aaa239027451e947380d29ed16091df16ab1abbd2d4cb993426fe0ae2b3f82dd82f6b", 0x3d, 0x6}, {&(0x7f0000000580)="2f28f8a792dbbd2fbb0fc276d9623a814dc328196bbfa2fb5fd71e79d20cdb0b53b0a9f68cce6633f4d4ede57041732bd5502179bd16506fad113bcc1a8c3cc7e035ba958f0e7d2f64776d0c66b8c0dccf667430b4d1eb8567daa50a8d79cd642e75124482f1e9f98daf0b2ced9f0feeb8118557740429f087eefc131f5ecfcca87a8a020382fe63a29cc984813f0c5361bb5b145ed4eaba7ef495ecac564fd2ddd1ad18db3925923d7ef9ed52b5eb22addc866d0c395416ea87b24cb7e9f1f7ef283e5dac53257ff2e708f0182ddf6c45d3c45761e244a1a194c03b23bd62c50b74bd99fe0a03592ad51c914aa318c7b6ce20faf87d8be2", 0xf8, 0xffffffffffffffff}, {&(0x7f00000004c0)="cdc2ad9a5704fb9d3286522c491f5560b3ebb76b5f8b0f0a6d9c035850", 0x1d, 0x54}]) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000040)='IPVS\x00') sendmsg$IPVS_CMD_NEW_SERVICE(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000080)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="01000000000000000000010000001400010008020500020000000800010002000000"], 0x28}}, 0x0) r3 = syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f00000001c0)='NLBL_MGMT\x00') sendmsg$NLBL_MGMT_C_ADDDEF(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x10000068}, 0xc, &(0x7f0000000240)={&(0x7f0000000200)={0x24, r3, 0x400, 0x70bd27, 0x25dfdbfb, {}, [@NLBL_MGMT_A_IPV4ADDR={0x8, 0x7, @remote}, @NLBL_MGMT_A_FAMILY={0x8, 0xb, 0x11}]}, 0x24}, 0x1, 0x0, 0x0, 0x20004861}, 0x8000040) sendmsg$NLBL_MGMT_C_PROTOCOLS(r1, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x400004}, 0xc, &(0x7f0000000080)={&(0x7f0000000300)={0x44, r3, 0x200, 0x70bd2b, 0x25dfdbfd, {}, [@NLBL_MGMT_A_PROTOCOL={0x8, 0x2, 0x3}, @NLBL_MGMT_A_IPV6ADDR={0x14, 0x5, @loopback}, @NLBL_MGMT_A_IPV6MASK={0x14, 0x6, @empty}]}, 0x44}, 0x1, 0x0, 0x0, 0x80084}, 0x4) fchdir(r0) r4 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r4, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r5 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_open_procfs(0x0, 0x0) socket(0x0, 0x0, 0x0) close(0xffffffffffffffff) r7 = creat(&(0x7f0000000380)='./file0\x00', 0x8) r8 = perf_event_open(&(0x7f000001d000)={0x6, 0x70, 0x0, 0x0, 0x85, 0x0, 0x0, 0x10000000007f, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000003c0), 0x2}, 0x0, 0x0, 0x0, 0xa83b35d650a4b677, 0x20000005}, 0x0, 0x10, r7, 0x2) perf_event_open(0x0, 0x0, 0x5, r8, 0x2) io_submit(r6, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r5, &(0x7f0000000000), 0x377140be6b5ef4c7}]) [ 2188.627731][T20025] FAT-fs (loop4): error, fat_free_clusters: deleting FAT entry beyond EOF [ 2188.685934][T20025] FAT-fs (loop4): Filesystem has been set read-only [ 2188.693101][ T26] audit: type=1800 audit(1578997845.402:4053): pid=19998 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed comm="syz-executor.4" name="file0" dev="loop4" ino=6845 res=0 [ 2188.789684][ T26] audit: type=1804 audit(1578997845.552:4054): pid=20014 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir015439455/syzkaller.0lPw5D/1221/file0/file0" dev="loop0" ino=6843 res=1 [ 2188.798076][T20040] FAT-fs (loop1): error, fat_free_clusters: deleting FAT entry beyond EOF [ 2188.818933][ T26] audit: type=1800 audit(1578997845.552:4055): pid=20014 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed comm="syz-executor.0" name="file0" dev="loop0" ino=6843 res=0 10:30:45 executing program 4: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) socket(0x0, 0x0, 0x0) close(0xffffffffffffffff) r4 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x5, r4, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0x120, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7}]) [ 2188.870826][T20031] FAT-fs (loop0): error, fat_free_clusters: deleting FAT entry beyond EOF [ 2188.893362][T20061] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.3'. [ 2188.905600][T20031] FAT-fs (loop0): Filesystem has been set read-only [ 2188.921029][ T26] audit: type=1804 audit(1578997845.562:4056): pid=20031 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir015439455/syzkaller.0lPw5D/1221/file0/file0" dev="loop0" ino=6843 res=1 [ 2188.935479][T20042] FAT-fs (loop2): error, fat_free_clusters: deleting FAT entry beyond EOF [ 2188.954707][T20042] FAT-fs (loop2): Filesystem has been set read-only [ 2188.975673][T20040] FAT-fs (loop1): Filesystem has been set read-only [ 2189.026338][ T26] audit: type=1804 audit(1578997845.572:4057): pid=20028 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir084764212/syzkaller.RzbT3U/1171/file0/file0" dev="loop1" ino=6844 res=1 10:30:45 executing program 0: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) socket(0x0, 0x0, 0x0) close(0xffffffffffffffff) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0) r4 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000300)={0x5, 0x70, 0x81, 0x1, 0x3f, 0x1, 0x0, 0x101, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x40, 0xe21bf5a1ec0ebacf, @perf_bp={&(0x7f0000000140), 0x4}, 0x122, 0x3, 0x7fffffff, 0x0, 0x8, 0x5, 0x5}, 0x0, 0x5, r4, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0x5000000}]) [ 2189.119053][T20024] FAT-fs (loop5): error, fat_free_clusters: deleting FAT entry beyond EOF 10:30:46 executing program 2: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) r4 = socket(0x0, 0x0, 0x0) close(r4) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000300)={0x5, 0x70, 0x81, 0x1, 0x3f, 0x1, 0x0, 0x101, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x40, 0xe21bf5a1ec0ebacf, @perf_bp={&(0x7f0000000140), 0x4}, 0x122, 0x3, 0x7fffffff, 0x0, 0x8, 0x5, 0x5}, 0x0, 0x0, 0xffffffffffffffff, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0xc00200}]) [ 2189.192284][ T26] audit: type=1800 audit(1578997845.572:4058): pid=20028 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed comm="syz-executor.1" name="file0" dev="loop1" ino=6844 res=0 [ 2189.206258][T20024] FAT-fs (loop5): Filesystem has been set read-only [ 2189.238023][ T26] audit: type=1804 audit(1578997845.572:4059): pid=20040 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.1" name="/root/syzkaller-testdir084764212/syzkaller.RzbT3U/1171/file0/file0" dev="loop1" ino=6844 res=1 [ 2189.263880][ T26] audit: type=1804 audit(1578997845.692:4060): pid=20013 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir267585837/syzkaller.3H91Gd/1200/file0/file0" dev="loop2" ino=6846 res=1 10:30:46 executing program 1: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) openat$vga_arbiter(0xffffffffffffff9c, 0x0, 0x800, 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, &(0x7f0000000380)={&(0x7f0000000280)='./file0/file0\x00'}, 0x10) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) creat(&(0x7f00000003c0)='./bus\x00', 0x0) io_setup(0x4, &(0x7f0000000180)=0x0) close(0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0x200300}]) [ 2189.307955][ T26] audit: type=1800 audit(1578997845.692:4061): pid=20013 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed comm="syz-executor.2" name="file0" dev="loop2" ino=6846 res=0 10:30:46 executing program 5: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_open_procfs(0x0, 0x0) socket(0x0, 0x0, 0x0) close(0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x5, 0xffffffffffffffff, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000017, 0x100012, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7}]) 10:30:46 executing program 3: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x1c8) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) socket(0x1b, 0x80c, 0x0) close(0xffffffffffffffff) r4 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x5, r4, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7}]) 10:30:47 executing program 4: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) socket(0x0, 0x0, 0x0) close(0xffffffffffffffff) r4 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x5, r4, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0x220, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7}]) [ 2190.701668][T20139] FAT-fs (loop1): error, fat_free_clusters: deleting FAT entry beyond EOF 10:30:47 executing program 2: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) r4 = socket(0x0, 0x0, 0x0) close(r4) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000300)={0x5, 0x70, 0x81, 0x1, 0x3f, 0x1, 0x0, 0x101, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x40, 0xe21bf5a1ec0ebacf, @perf_bp={&(0x7f0000000140), 0x4}, 0x122, 0x3, 0x7fffffff, 0x0, 0x8, 0x5, 0x5}, 0x0, 0x0, 0xffffffffffffffff, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0xd00000}]) [ 2190.780390][T20139] FAT-fs (loop1): Filesystem has been set read-only 10:30:47 executing program 5: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_open_procfs(0x0, 0x0) socket(0x0, 0x0, 0x0) close(0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x5, 0xffffffffffffffff, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x9000000000000fb, 0x100012, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7}]) 10:30:47 executing program 0: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) socket(0x0, 0x0, 0x0) close(0xffffffffffffffff) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0) r4 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000300)={0x5, 0x70, 0x81, 0x1, 0x3f, 0x1, 0x0, 0x101, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x40, 0xe21bf5a1ec0ebacf, @perf_bp={&(0x7f0000000140), 0x4}, 0x122, 0x3, 0x7fffffff, 0x0, 0x8, 0x5, 0x5}, 0x0, 0x5, r4, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0x6000000}]) 10:30:47 executing program 1: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) openat$vga_arbiter(0xffffffffffffff9c, 0x0, 0x800, 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, &(0x7f0000000380)={&(0x7f0000000280)='./file0/file0\x00'}, 0x10) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) creat(&(0x7f00000003c0)='./bus\x00', 0x0) io_setup(0x4, &(0x7f0000000180)=0x0) close(0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0x300000}]) [ 2191.472889][T20191] FAT-fs (loop2): error, fat_get_cluster: invalid cluster chain (i_pos 970781) [ 2191.481877][T20191] FAT-fs (loop2): Filesystem has been set read-only 10:30:48 executing program 3: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x22) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) socket(0x0, 0x0, 0x0) close(0xffffffffffffffff) r4 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x5, r4, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7}]) [ 2191.668189][T20191] FAT-fs (loop2): error, fat_get_cluster: invalid cluster chain (i_pos 970781) 10:30:48 executing program 2: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) r4 = socket(0x0, 0x0, 0x0) close(r4) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000300)={0x5, 0x70, 0x81, 0x1, 0x3f, 0x1, 0x0, 0x101, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x40, 0xe21bf5a1ec0ebacf, @perf_bp={&(0x7f0000000140), 0x4}, 0x122, 0x3, 0x7fffffff, 0x0, 0x8, 0x5, 0x5}, 0x0, 0x0, 0xffffffffffffffff, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0xd00100}]) [ 2192.097502][T20167] FAT-fs (loop4): error, fat_free_clusters: deleting FAT entry beyond EOF [ 2192.116737][T20167] FAT-fs (loop4): Filesystem has been set read-only [ 2192.165951][ T8136] FAT-fs (loop2): error, fat_get_cluster: invalid cluster chain (i_pos 970781) 10:30:49 executing program 4: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) socket(0x0, 0x0, 0x0) close(0xffffffffffffffff) r4 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x5, r4, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0x320, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7}]) [ 2192.553694][T20230] FAT-fs (loop0): error, fat_free_clusters: deleting FAT entry beyond EOF [ 2192.561418][T20196] FAT-fs (loop1): error, fat_free_clusters: deleting FAT entry beyond EOF [ 2192.597485][T20196] FAT-fs (loop1): Filesystem has been set read-only [ 2192.679448][T20230] FAT-fs (loop0): Filesystem has been set read-only 10:30:49 executing program 1: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) openat$vga_arbiter(0xffffffffffffff9c, 0x0, 0x800, 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, &(0x7f0000000380)={&(0x7f0000000280)='./file0/file0\x00'}, 0x10) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) creat(&(0x7f00000003c0)='./bus\x00', 0x0) io_setup(0x4, &(0x7f0000000180)=0x0) close(0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0x300100}]) 10:30:49 executing program 5: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_open_procfs(0x0, 0x0) socket(0x0, 0x0, 0x0) close(0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x5, 0xffffffffffffffff, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x9000000000000fc, 0x100012, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7}]) 10:30:49 executing program 0: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) socket(0x0, 0x0, 0x0) close(0xffffffffffffffff) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0) r4 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000300)={0x5, 0x70, 0x81, 0x1, 0x3f, 0x1, 0x0, 0x101, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x40, 0xe21bf5a1ec0ebacf, @perf_bp={&(0x7f0000000140), 0x4}, 0x122, 0x3, 0x7fffffff, 0x0, 0x8, 0x5, 0x5}, 0x0, 0x5, r4, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0x7000000}]) [ 2193.011906][T20271] FAT-fs (loop2): error, fat_get_cluster: invalid cluster chain (i_pos 970784) [ 2193.026174][T20271] FAT-fs (loop2): Filesystem has been set read-only [ 2193.043621][T20271] FAT-fs (loop2): error, fat_get_cluster: invalid cluster chain (i_pos 970784) 10:30:50 executing program 2: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) r4 = socket(0x0, 0x0, 0x0) close(r4) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000300)={0x5, 0x70, 0x81, 0x1, 0x3f, 0x1, 0x0, 0x101, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x40, 0xe21bf5a1ec0ebacf, @perf_bp={&(0x7f0000000140), 0x4}, 0x122, 0x3, 0x7fffffff, 0x0, 0x8, 0x5, 0x5}, 0x0, 0x0, 0xffffffffffffffff, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0xd00200}]) 10:30:50 executing program 3: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f0000000040)='./file0\x00', 0x9, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c916d6b66732e66617400020401ed01000270fff8", 0x16, 0x9}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) socket(0x0, 0x0, 0x0) close(0xffffffffffffffff) r4 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x5, r4, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7}]) [ 2193.226048][ T8136] FAT-fs (loop2): error, fat_get_cluster: invalid cluster chain (i_pos 970784) [ 2193.285547][T20256] FAT-fs (loop4): error, invalid access to FAT (entry 0x000006c0) [ 2193.322940][T20256] FAT-fs (loop4): Filesystem has been set read-only [ 2193.463184][T20302] FAT-fs (loop3): bogus number of reserved sectors [ 2193.469914][T20302] FAT-fs (loop3): Can't find a valid FAT filesystem 10:30:50 executing program 4: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) socket(0x0, 0x0, 0x0) close(0xffffffffffffffff) r4 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x5, r4, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0x100002, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7}]) [ 2193.835030][ T26] kauditd_printk_skb: 33 callbacks suppressed [ 2193.835118][ T26] audit: type=1804 audit(1578997850.662:4095): pid=20292 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir776099957/syzkaller.77s99b/1560/file0/file0" dev="loop5" ino=6874 res=1 [ 2194.189295][T20301] FAT-fs (loop5): error, invalid access to FAT (entry 0x00000500) [ 2194.214711][ T26] audit: type=1804 audit(1578997850.692:4096): pid=20301 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.5" name="/root/syzkaller-testdir776099957/syzkaller.77s99b/1560/file0/file0" dev="loop5" ino=6874 res=1 [ 2194.272962][T20301] FAT-fs (loop5): Filesystem has been set read-only [ 2194.352970][T20322] FAT-fs (loop3): bogus number of reserved sectors [ 2194.434904][ T26] audit: type=1804 audit(1578997851.022:4097): pid=20276 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir015439455/syzkaller.0lPw5D/1224/file0/file0" dev="sda1" ino=16651 res=1 10:30:51 executing program 5: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_open_procfs(0x0, 0x0) socket(0x0, 0x0, 0x0) close(0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x5, 0xffffffffffffffff, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x9000000000000fd, 0x100012, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7}]) 10:30:51 executing program 0: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) socket(0x0, 0x0, 0x0) close(0xffffffffffffffff) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0) r4 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000300)={0x5, 0x70, 0x81, 0x1, 0x3f, 0x1, 0x0, 0x101, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x40, 0xe21bf5a1ec0ebacf, @perf_bp={&(0x7f0000000140), 0x4}, 0x122, 0x3, 0x7fffffff, 0x0, 0x8, 0x5, 0x5}, 0x0, 0x5, r4, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0x8000000}]) [ 2194.486062][T20322] FAT-fs (loop3): Can't find a valid FAT filesystem 10:30:51 executing program 1: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) openat$vga_arbiter(0xffffffffffffff9c, 0x0, 0x800, 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, &(0x7f0000000380)={&(0x7f0000000280)='./file0/file0\x00'}, 0x10) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) creat(&(0x7f00000003c0)='./bus\x00', 0x0) io_setup(0x4, &(0x7f0000000180)=0x0) close(0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0x300200}]) [ 2194.562362][ T26] audit: type=1800 audit(1578997851.022:4098): pid=20276 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed comm="syz-executor.0" name="file0" dev="sda1" ino=16651 res=0 [ 2194.599176][ T26] audit: type=1804 audit(1578997851.022:4099): pid=20298 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir015439455/syzkaller.0lPw5D/1224/file0/file0" dev="sda1" ino=16651 res=1 [ 2194.626668][ T26] audit: type=1804 audit(1578997851.042:4100): pid=20305 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir084764212/syzkaller.RzbT3U/1174/file0/file0" dev="loop1" ino=6873 res=1 [ 2194.626698][T20321] FAT-fs (loop2): error, fat_free_clusters: deleting FAT entry beyond EOF [ 2194.626718][T20321] FAT-fs (loop2): Filesystem has been set read-only [ 2194.656552][ T26] audit: type=1800 audit(1578997851.042:4101): pid=20305 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed comm="syz-executor.1" name="file0" dev="loop1" ino=6873 res=0 [ 2194.750408][T20370] FAT-fs (loop4): error, invalid access to FAT (entry 0x00000001) [ 2194.759056][T20370] FAT-fs (loop4): Filesystem has been set read-only 10:30:51 executing program 2: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) r4 = socket(0x0, 0x0, 0x0) close(r4) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000300)={0x5, 0x70, 0x81, 0x1, 0x3f, 0x1, 0x0, 0x101, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x40, 0xe21bf5a1ec0ebacf, @perf_bp={&(0x7f0000000140), 0x4}, 0x122, 0x3, 0x7fffffff, 0x0, 0x8, 0x5, 0x5}, 0x0, 0x0, 0xffffffffffffffff, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0xe00000}]) [ 2194.779829][ T26] audit: type=1804 audit(1578997851.042:4102): pid=20347 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.1" name="/root/syzkaller-testdir084764212/syzkaller.RzbT3U/1174/file0/file0" dev="loop1" ino=6873 res=1 [ 2194.817133][ T26] audit: type=1804 audit(1578997851.372:4103): pid=20355 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir432377370/syzkaller.fCXC0t/1285/file0/file0" dev="sda1" ino=16736 res=1 10:30:51 executing program 3: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) r4 = syz_open_procfs(0x0, 0x0) socket(0x0, 0x0, 0x0) close(0xffffffffffffffff) r5 = getpid() r6 = perf_event_open(&(0x7f000001d000)={0x1, 0xfffffffffffffe88, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, r5, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x5, r6, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7}]) r7 = geteuid() r8 = socket$nl_generic(0x10, 0x3, 0x10) r9 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000040)='IPVS\x00') sendmsg$IPVS_CMD_NEW_SERVICE(r8, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000080)={0x28, r9, 0x1, 0x0, 0x0, {}, [@IPVS_CMD_ATTR_SERVICE={0x14, 0x1, [@IPVS_SVC_ATTR_FWMARK={0x8, 0x5, 0x2}, @IPVS_SVC_ATTR_AF={0x8, 0x1, 0x2}]}]}, 0x28}}, 0x0) getsockopt$sock_cred(r8, 0x1, 0x11, &(0x7f0000000080)={0x0, 0x0, 0x0}, &(0x7f0000000140)=0xc) fchownat(r4, &(0x7f0000000040)='./bus\x00', r7, r10, 0x100) [ 2194.842800][ T26] audit: type=1800 audit(1578997851.372:4104): pid=20355 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed comm="syz-executor.3" name="file0" dev="sda1" ino=16736 res=0 10:30:51 executing program 4: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) socket(0x0, 0x0, 0x0) close(0xffffffffffffffff) r4 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x5, r4, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0x100003, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7}]) [ 2196.440696][T20463] FAT-fs (loop3): error, fat_free_clusters: deleting FAT entry beyond EOF 10:30:53 executing program 2: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) r4 = socket(0x0, 0x0, 0x0) close(r4) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000300)={0x5, 0x70, 0x81, 0x1, 0x3f, 0x1, 0x0, 0x101, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x40, 0xe21bf5a1ec0ebacf, @perf_bp={&(0x7f0000000140), 0x4}, 0x122, 0x3, 0x7fffffff, 0x0, 0x8, 0x5, 0x5}, 0x0, 0x0, 0xffffffffffffffff, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0xe00100}]) [ 2196.527278][T20463] FAT-fs (loop3): Filesystem has been set read-only 10:30:53 executing program 5: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_open_procfs(0x0, 0x0) socket(0x0, 0x0, 0x0) close(0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x5, 0xffffffffffffffff, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x9000000000000fe, 0x100012, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7}]) 10:30:53 executing program 3: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) socket(0x0, 0x0, 0x0) close(0xffffffffffffffff) perf_event_open(0x0, 0x0, 0x5, 0xffffffffffffffff, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7}]) 10:30:53 executing program 0: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) socket(0x0, 0x0, 0x0) close(0xffffffffffffffff) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0) r4 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000300)={0x5, 0x70, 0x81, 0x1, 0x3f, 0x1, 0x0, 0x101, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x40, 0xe21bf5a1ec0ebacf, @perf_bp={&(0x7f0000000140), 0x4}, 0x122, 0x3, 0x7fffffff, 0x0, 0x8, 0x5, 0x5}, 0x0, 0x5, r4, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0x8040000}]) 10:30:53 executing program 4: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) socket(0x0, 0x0, 0x0) close(0xffffffffffffffff) r4 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x5, r4, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0x100004, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7}]) 10:30:54 executing program 1: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) openat$vga_arbiter(0xffffffffffffff9c, 0x0, 0x800, 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, &(0x7f0000000380)={&(0x7f0000000280)='./file0/file0\x00'}, 0x10) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) creat(&(0x7f00000003c0)='./bus\x00', 0x0) io_setup(0x4, &(0x7f0000000180)=0x0) close(0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0x300300}]) [ 2197.796139][T20486] FAT-fs (loop5): error, fat_free_clusters: deleting FAT entry beyond EOF 10:30:54 executing program 4: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) socket(0x0, 0x0, 0x0) close(0xffffffffffffffff) r4 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x5, r4, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0x100005, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7}]) [ 2197.840879][T20486] FAT-fs (loop5): Filesystem has been set read-only [ 2197.943976][T20530] FAT-fs (loop2): error, fat_free_clusters: deleting FAT entry beyond EOF [ 2197.998623][T20530] FAT-fs (loop2): Filesystem has been set read-only 10:30:54 executing program 5: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_open_procfs(0x0, 0x0) socket(0x0, 0x0, 0x0) close(0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x5, 0xffffffffffffffff, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000495, 0x100012, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7}]) 10:30:55 executing program 2: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) r4 = socket(0x0, 0x0, 0x0) close(r4) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000300)={0x5, 0x70, 0x81, 0x1, 0x3f, 0x1, 0x0, 0x101, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x40, 0xe21bf5a1ec0ebacf, @perf_bp={&(0x7f0000000140), 0x4}, 0x122, 0x3, 0x7fffffff, 0x0, 0x8, 0x5, 0x5}, 0x0, 0x0, 0xffffffffffffffff, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0xe00200}]) 10:30:55 executing program 0: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) socket(0x0, 0x0, 0x0) close(0xffffffffffffffff) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0) r4 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000300)={0x5, 0x70, 0x81, 0x1, 0x3f, 0x1, 0x0, 0x101, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x40, 0xe21bf5a1ec0ebacf, @perf_bp={&(0x7f0000000140), 0x4}, 0x122, 0x3, 0x7fffffff, 0x0, 0x8, 0x5, 0x5}, 0x0, 0x5, r4, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0x8800000}]) 10:30:55 executing program 3: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) socket(0x0, 0x0, 0x0) close(0xffffffffffffffff) r4 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x5, r4, 0x2) openat$audio(0xffffffffffffff9c, &(0x7f0000000040)='/dev/audio\x00', 0x44200, 0x0) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7}]) [ 2198.926124][ T26] kauditd_printk_skb: 24 callbacks suppressed [ 2198.926211][ T26] audit: type=1804 audit(1578997855.752:4129): pid=20578 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir267585837/syzkaller.3H91Gd/1207/file0/file0" dev="loop2" ino=6891 res=1 10:30:55 executing program 2: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) r4 = socket(0x0, 0x0, 0x0) close(r4) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000300)={0x5, 0x70, 0x81, 0x1, 0x3f, 0x1, 0x0, 0x101, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x40, 0xe21bf5a1ec0ebacf, @perf_bp={&(0x7f0000000140), 0x4}, 0x122, 0x3, 0x7fffffff, 0x0, 0x8, 0x5, 0x5}, 0x0, 0x0, 0xffffffffffffffff, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0xf00000}]) [ 2199.099515][T20552] FAT-fs (loop4): error, fat_get_cluster: invalid cluster chain (i_pos 970769) [ 2199.108729][T20552] FAT-fs (loop4): Filesystem has been set read-only [ 2199.178892][T20558] FAT-fs (loop4): error, fat_free_clusters: deleting FAT entry beyond EOF [ 2199.203012][ T26] audit: type=1804 audit(1578997855.992:4130): pid=20564 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir733692427/syzkaller.bylO6B/1236/file0/file0" dev="loop4" ino=6889 res=1 [ 2199.230360][ T26] audit: type=1804 audit(1578997855.992:4131): pid=20558 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.4" name="/root/syzkaller-testdir733692427/syzkaller.bylO6B/1236/file0/file0" dev="loop4" ino=6889 res=1 10:30:56 executing program 4: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) socket(0x0, 0x0, 0x0) close(0xffffffffffffffff) r4 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x5, r4, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0x100006, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7}]) 10:30:56 executing program 1: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) openat$vga_arbiter(0xffffffffffffff9c, 0x0, 0x800, 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, &(0x7f0000000380)={&(0x7f0000000280)='./file0/file0\x00'}, 0x10) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) creat(&(0x7f00000003c0)='./bus\x00', 0x0) io_setup(0x4, &(0x7f0000000180)=0x0) close(0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0x400000}]) [ 2199.684521][ T26] audit: type=1804 audit(1578997856.512:4132): pid=20567 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir776099957/syzkaller.77s99b/1563/file0/file0" dev="sda1" ino=16619 res=1 [ 2199.776166][ T26] audit: type=1804 audit(1578997856.602:4133): pid=20597 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir015439455/syzkaller.0lPw5D/1227/file0/file0" dev="loop0" ino=6893 res=1 10:30:56 executing program 5: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_open_procfs(0x0, 0x0) socket(0x0, 0x0, 0x0) close(0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x5, 0xffffffffffffffff, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x90000000000fffb, 0x100012, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7}]) [ 2200.178563][ T26] audit: type=1804 audit(1578997857.002:4134): pid=20650 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir267585837/syzkaller.3H91Gd/1208/file0/file0" dev="loop2" ino=6895 res=1 [ 2200.290564][ T26] audit: type=1804 audit(1578997857.042:4135): pid=20652 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir267585837/syzkaller.3H91Gd/1208/file0/file0" dev="loop2" ino=6895 res=1 [ 2200.351560][T20652] FAT-fs (loop2): error, fat_free_clusters: deleting FAT entry beyond EOF [ 2200.404245][T20652] FAT-fs (loop2): Filesystem has been set read-only 10:30:57 executing program 0: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) socket(0x0, 0x0, 0x0) close(0xffffffffffffffff) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0) r4 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000300)={0x5, 0x70, 0x81, 0x1, 0x3f, 0x1, 0x0, 0x101, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x40, 0xe21bf5a1ec0ebacf, @perf_bp={&(0x7f0000000140), 0x4}, 0x122, 0x3, 0x7fffffff, 0x0, 0x8, 0x5, 0x5}, 0x0, 0x5, r4, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0x9000000}]) [ 2200.590419][ T26] audit: type=1804 audit(1578997857.052:4136): pid=20628 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.3" name="/root/syzkaller-testdir432377370/syzkaller.fCXC0t/1288/file0/file0" dev="sda1" ino=16743 res=1 [ 2200.722671][ T26] audit: type=1804 audit(1578997857.352:4137): pid=20638 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir733692427/syzkaller.bylO6B/1237/file0/file0" dev="loop4" ino=6897 res=1 10:30:57 executing program 3: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000040)='./file0\x00', 0x0, 0x112) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) socket(0x0, 0x0, 0x0) close(0xffffffffffffffff) r4 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x5, r4, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7}]) 10:30:57 executing program 4: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) socket(0x0, 0x0, 0x0) close(0xffffffffffffffff) r4 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x5, r4, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0x100007, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7}]) 10:30:57 executing program 2: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) r4 = socket(0x0, 0x0, 0x0) close(r4) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000300)={0x5, 0x70, 0x81, 0x1, 0x3f, 0x1, 0x0, 0x101, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x40, 0xe21bf5a1ec0ebacf, @perf_bp={&(0x7f0000000140), 0x4}, 0x122, 0x3, 0x7fffffff, 0x0, 0x8, 0x5, 0x5}, 0x0, 0x0, 0xffffffffffffffff, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0xf00100}]) [ 2201.044135][ T26] audit: type=1804 audit(1578997857.352:4138): pid=20675 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.4" name="/root/syzkaller-testdir733692427/syzkaller.bylO6B/1237/file0/file0" dev="loop4" ino=6897 res=1 [ 2201.516075][T20716] FAT-fs (loop5): error, fat_free_clusters: deleting FAT entry beyond EOF [ 2201.602954][T20716] FAT-fs (loop5): Filesystem has been set read-only 10:30:58 executing program 1: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) openat$vga_arbiter(0xffffffffffffff9c, 0x0, 0x800, 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, &(0x7f0000000380)={&(0x7f0000000280)='./file0/file0\x00'}, 0x10) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) creat(&(0x7f00000003c0)='./bus\x00', 0x0) io_setup(0x4, &(0x7f0000000180)=0x0) close(0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0x400100}]) 10:30:58 executing program 5: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_open_procfs(0x0, 0x0) socket(0x0, 0x0, 0x0) close(0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x5, 0xffffffffffffffff, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x90000000000fffc, 0x100012, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7}]) [ 2202.414832][T20715] FAT-fs (loop4): error, fat_free_clusters: deleting FAT entry beyond EOF 10:30:59 executing program 0: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) socket(0x0, 0x0, 0x0) close(0xffffffffffffffff) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0) r4 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000300)={0x5, 0x70, 0x81, 0x1, 0x3f, 0x1, 0x0, 0x101, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x40, 0xe21bf5a1ec0ebacf, @perf_bp={&(0x7f0000000140), 0x4}, 0x122, 0x3, 0x7fffffff, 0x0, 0x8, 0x5, 0x5}, 0x0, 0x5, r4, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0xa000000}]) 10:30:59 executing program 3: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f0000000080)='./file0\x00', 0x68d00000, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) ioctl$RTC_VL_CLR(r0, 0x7014) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) modify_ldt$read(0x0, &(0x7f00000003c0)=""/162, 0x5) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) getsockname$l2tp6(r2, &(0x7f0000000040)={0xa, 0x0, 0x0, @initdev}, &(0x7f0000000140)=0x20) socket(0x0, 0x0, 0x0) close(0xffffffffffffffff) r4 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) open(&(0x7f00000000c0)='./file0\x00', 0xc0, 0x58) perf_event_open(0x0, 0xffffffffffffffff, 0x5, r4, 0x3) read$midi(r0, &(0x7f0000000340)=""/90, 0x5a) io_submit(r3, 0x0, &(0x7f0000000540)) [ 2202.491853][T20715] FAT-fs (loop4): Filesystem has been set read-only 10:30:59 executing program 4: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) socket(0x0, 0x0, 0x0) close(0xffffffffffffffff) r4 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x5, r4, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0x100008, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7}]) [ 2202.788186][T20753] FAT-fs (loop1): error, fat_free_clusters: deleting FAT entry beyond EOF [ 2202.825579][T20753] FAT-fs (loop1): Filesystem has been set read-only 10:30:59 executing program 2: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) r4 = socket(0x0, 0x0, 0x0) close(r4) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000300)={0x5, 0x70, 0x81, 0x1, 0x3f, 0x1, 0x0, 0x101, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x40, 0xe21bf5a1ec0ebacf, @perf_bp={&(0x7f0000000140), 0x4}, 0x122, 0x3, 0x7fffffff, 0x0, 0x8, 0x5, 0x5}, 0x0, 0x0, 0xffffffffffffffff, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0xf00200}]) 10:31:00 executing program 1: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) openat$vga_arbiter(0xffffffffffffff9c, 0x0, 0x800, 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, &(0x7f0000000380)={&(0x7f0000000280)='./file0/file0\x00'}, 0x10) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) creat(&(0x7f00000003c0)='./bus\x00', 0x0) io_setup(0x4, &(0x7f0000000180)=0x0) close(0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0x400200}]) 10:31:00 executing program 5: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_open_procfs(0x0, 0x0) socket(0x0, 0x0, 0x0) close(0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x5, 0xffffffffffffffff, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x90000000000fffd, 0x100012, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7}]) 10:31:00 executing program 0: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) socket(0x0, 0x0, 0x0) close(0xffffffffffffffff) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0) r4 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000300)={0x5, 0x70, 0x81, 0x1, 0x3f, 0x1, 0x0, 0x101, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x40, 0xe21bf5a1ec0ebacf, @perf_bp={&(0x7f0000000140), 0x4}, 0x122, 0x3, 0x7fffffff, 0x0, 0x8, 0x5, 0x5}, 0x0, 0x5, r4, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0xb000000}]) [ 2204.034789][ T26] kauditd_printk_skb: 17 callbacks suppressed [ 2204.034929][ T26] audit: type=1804 audit(1578997860.862:4156): pid=20803 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir432377370/syzkaller.fCXC0t/1290/file0/file0" dev="sda1" ino=16696 res=1 [ 2204.350751][ T26] audit: type=1800 audit(1578997860.922:4157): pid=20803 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed comm="syz-executor.3" name="file0" dev="sda1" ino=16696 res=0 [ 2204.371399][ T26] audit: type=1804 audit(1578997860.922:4158): pid=20817 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.3" name="/root/syzkaller-testdir432377370/syzkaller.fCXC0t/1290/file0/file0" dev="sda1" ino=16696 res=1 [ 2204.413459][ T26] audit: type=1804 audit(1578997861.092:4159): pid=20838 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.1" name="/root/syzkaller-testdir084764212/syzkaller.RzbT3U/1179/file0/file0" dev="loop1" ino=6907 res=1 [ 2204.439415][ T26] audit: type=1804 audit(1578997861.172:4160): pid=20840 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir267585837/syzkaller.3H91Gd/1210/file0/file0" dev="sda1" ino=16533 res=1 [ 2204.466351][ T26] audit: type=1800 audit(1578997861.172:4161): pid=20840 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed comm="syz-executor.2" name="file0" dev="sda1" ino=16533 res=0 [ 2204.549383][T20838] FAT-fs (loop1): error, fat_free_clusters: deleting FAT entry beyond EOF 10:31:01 executing program 3: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000040)='./file0\x00', 0x200000, 0x100) setsockopt$inet_sctp_SCTP_PARTIAL_DELIVERY_POINT(r0, 0x84, 0x13, &(0x7f0000000080)=0x10001, 0x4) r1 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r1) r2 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r2, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r3 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) socket$l2tp6(0xa, 0x2, 0x73) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) socket(0x0, 0x0, 0x0) close(0xffffffffffffffff) r5 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x5, r5, 0x2) r6 = openat$ipvs(0xffffffffffffff9c, 0x0, 0x2, 0x0) ioctl$FS_IOC_FIEMAP(r6, 0xc020660b, &(0x7f0000000280)=ANY=[@ANYBLOB="09000000000000020000001900400003000000000000000000000000000000000000000000000000000000000225000000000000000096c96f0aa0db0000000000007200000000008001ee00000000000000000000000000000000000000000000000000000000000000010100000000000000000000000000006f6a0000000000000000f8847deae0460d0e28eb8b32b5c9b24894229bdd5d"]) r7 = accept(r6, &(0x7f0000000400)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @initdev}}}, &(0x7f0000000480)=0x80) r8 = memfd_create(&(0x7f000003e000)='\'', 0x0) r9 = dup2(0xffffffffffffffff, r8) getsockopt$inet_sctp6_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, &(0x7f0000000440)=@assoc_value={0x0}, 0x0) getsockopt$inet_sctp_SCTP_PEER_AUTH_CHUNKS(r9, 0x84, 0x1a, &(0x7f0000000400)={r10, 0x3c, "83bcf0be4e89004b1933552a8bb2f5ff9620a973e28ff580d461da853b8dc998daa1e4e570291e422e402533815ee0acc7913ee2ce73651368ea4aaf"}, &(0x7f0000000080)=0x44) setsockopt$inet_sctp_SCTP_AUTH_ACTIVE_KEY(0xffffffffffffffff, 0x84, 0x18, &(0x7f00000000c0)={r10, 0xfff}, 0x8) setsockopt$inet_sctp_SCTP_RESET_STREAMS(r7, 0x84, 0x77, &(0x7f00000004c0)={0x0, 0x9a, 0x5, [0x3f, 0x3, 0x5, 0x1, 0x8]}, 0x12) io_submit(r4, 0x1, &(0x7f0000000140)=[&(0x7f0000000200)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x6, 0x0, r3}]) [ 2204.651625][ T26] audit: type=1804 audit(1578997861.172:4162): pid=20820 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir267585837/syzkaller.3H91Gd/1210/file0/file0" dev="sda1" ino=16533 res=1 10:31:01 executing program 4: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) socket(0x0, 0x0, 0x0) close(0xffffffffffffffff) r4 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x5, r4, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0x100009, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7}]) [ 2204.678525][ T26] audit: type=1804 audit(1578997861.332:4163): pid=20862 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir015439455/syzkaller.0lPw5D/1230/file0/file0" dev="loop0" ino=6910 res=1 [ 2204.723123][T20838] FAT-fs (loop1): Filesystem has been set read-only 10:31:01 executing program 2: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) r4 = socket(0x0, 0x0, 0x0) close(r4) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000300)={0x5, 0x70, 0x81, 0x1, 0x3f, 0x1, 0x0, 0x101, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x40, 0xe21bf5a1ec0ebacf, @perf_bp={&(0x7f0000000140), 0x4}, 0x122, 0x3, 0x7fffffff, 0x0, 0x8, 0x5, 0x5}, 0x0, 0x0, 0xffffffffffffffff, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0x1000000}]) 10:31:01 executing program 0: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) socket(0x0, 0x0, 0x0) close(0xffffffffffffffff) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0) r4 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000300)={0x5, 0x70, 0x81, 0x1, 0x3f, 0x1, 0x0, 0x101, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x40, 0xe21bf5a1ec0ebacf, @perf_bp={&(0x7f0000000140), 0x4}, 0x122, 0x3, 0x7fffffff, 0x0, 0x8, 0x5, 0x5}, 0x0, 0x5, r4, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0xc000000}]) [ 2204.834262][ T26] audit: type=1804 audit(1578997861.592:4164): pid=20867 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.5" name="/root/syzkaller-testdir776099957/syzkaller.77s99b/1566/file0/file0" dev="loop5" ino=6909 res=1 10:31:01 executing program 1: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) openat$vga_arbiter(0xffffffffffffff9c, 0x0, 0x800, 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, &(0x7f0000000380)={&(0x7f0000000280)='./file0/file0\x00'}, 0x10) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) creat(&(0x7f00000003c0)='./bus\x00', 0x0) io_setup(0x4, &(0x7f0000000180)=0x0) close(0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0x400300}]) 10:31:02 executing program 5: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_open_procfs(0x0, 0x0) socket(0x0, 0x0, 0x0) close(0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x5, 0xffffffffffffffff, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x90000000000fffe, 0x100012, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7}]) [ 2205.344651][ T26] audit: type=1804 audit(1578997862.162:4165): pid=20898 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.3" name="/root/syzkaller-testdir432377370/syzkaller.fCXC0t/1291/file0/file0" dev="loop3" ino=6913 res=1 10:31:02 executing program 3: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000000380)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16, 0x7db0}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) ioctl$FS_IOC_FIEMAP(0xffffffffffffffff, 0xc020660b, &(0x7f0000000280)=ANY=[@ANYBLOB="09000000000000020000001900400003000000000000000000000000000000000000000000000000000000000225000000000000000096c96f0aa0db0000000000007200000000008001ee00000000000000000000000000000000000000000000000000000000000000010100000000000000000000000000006f6a0000000000000000f8847deae0460d0e28eb8b32b5c9b24894229bdd5d"]) getsockopt$XDP_STATISTICS(0xffffffffffffffff, 0x11b, 0x7, &(0x7f0000000200), &(0x7f0000000280)=0x18) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) socket(0x0, 0x0, 0x0) close(0xffffffffffffffff) socket$inet6_udplite(0xa, 0x2, 0x88) r4 = perf_event_open(&(0x7f000001d000)={0x4, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x5, r4, 0x2) socket$isdn_base(0x22, 0x3, 0x0) r5 = openat$ipvs(0xffffffffffffff9c, 0x0, 0x2, 0x0) ioctl$FS_IOC_FIEMAP(r5, 0xc020660b, &(0x7f0000000280)=ANY=[@ANYBLOB="09000000000000020000001900400003000000000000000000000000000000000000000000000000000000000225000000000000000096c96f0aa0db0000000000007200000000008001ee00000000000000000000000000000000000000000000000000000000000000010100000000000000000000000000006f6a0000000000000000f8847deae0460d0e28eb8b32b5c9b24894229bdd5d"]) ioctl$DRM_IOCTL_ADD_CTX(r2, 0xc0086420, &(0x7f00000003c0)={0x0}) ioctl$DRM_IOCTL_UNLOCK(r5, 0x4008642b, &(0x7f0000000400)={r6, 0x8}) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7}]) ioctl$FS_IOC_SETFLAGS(r0, 0x40086602, &(0x7f0000000040)=0x6) r7 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) ioctl$FS_IOC_RESVSP(r7, 0x40305828, &(0x7f0000000140)={0x0, 0x5, 0x6}) [ 2206.143628][T20929] FAT-fs (loop2): error, fat_free_clusters: deleting FAT entry beyond EOF [ 2206.199567][T20929] FAT-fs (loop2): Filesystem has been set read-only [ 2206.317207][T20979] FAT-fs (loop3): bogus number of reserved sectors 10:31:03 executing program 2: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) r4 = socket(0x0, 0x0, 0x0) close(r4) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000300)={0x5, 0x70, 0x81, 0x1, 0x3f, 0x1, 0x0, 0x101, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x40, 0xe21bf5a1ec0ebacf, @perf_bp={&(0x7f0000000140), 0x4}, 0x122, 0x3, 0x7fffffff, 0x0, 0x8, 0x5, 0x5}, 0x0, 0x0, 0xffffffffffffffff, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0x2000000}]) [ 2206.388024][T20979] FAT-fs (loop3): Can't find a valid FAT filesystem 10:31:03 executing program 1: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) openat$vga_arbiter(0xffffffffffffff9c, 0x0, 0x800, 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, &(0x7f0000000380)={&(0x7f0000000280)='./file0/file0\x00'}, 0x10) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) creat(&(0x7f00000003c0)='./bus\x00', 0x0) io_setup(0x4, &(0x7f0000000180)=0x0) close(0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0x500000}]) 10:31:03 executing program 4: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) socket(0x0, 0x0, 0x0) close(0xffffffffffffffff) r4 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x5, r4, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0x10000a, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7}]) 10:31:03 executing program 0: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) socket(0x0, 0x0, 0x0) close(0xffffffffffffffff) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0) r4 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000300)={0x5, 0x70, 0x81, 0x1, 0x3f, 0x1, 0x0, 0x101, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x40, 0xe21bf5a1ec0ebacf, @perf_bp={&(0x7f0000000140), 0x4}, 0x122, 0x3, 0x7fffffff, 0x0, 0x8, 0x5, 0x5}, 0x0, 0x5, r4, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0xd000000}]) 10:31:03 executing program 5: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_open_procfs(0x0, 0x0) socket(0x0, 0x0, 0x0) close(0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x5, 0xffffffffffffffff, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x9000000001fffff, 0x100012, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7}]) [ 2207.237394][T20979] FAT-fs (loop3): bogus number of reserved sectors [ 2207.245000][T20979] FAT-fs (loop3): Can't find a valid FAT filesystem [ 2207.925065][T21019] FAT-fs (loop4): error, invalid access to FAT (entry 0x000006c0) [ 2207.937415][T21009] FAT-fs (loop1): error, fat_free_clusters: deleting FAT entry beyond EOF [ 2207.956251][T21016] FAT-fs (loop0): error, fat_free_clusters: deleting FAT entry beyond EOF [ 2207.983253][T21019] FAT-fs (loop4): Filesystem has been set read-only [ 2207.995833][T21009] FAT-fs (loop1): Filesystem has been set read-only [ 2208.000999][T21016] FAT-fs (loop0): Filesystem has been set read-only 10:31:04 executing program 3: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) socket(0x0, 0x0, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000040)='IPVS\x00') sendmsg$IPVS_CMD_NEW_SERVICE(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000080)={0x28, r5, 0x1, 0x0, 0x0, {}, [@IPVS_CMD_ATTR_SERVICE={0x14, 0x1, [@IPVS_SVC_ATTR_FWMARK={0x8, 0x5, 0x2}, @IPVS_SVC_ATTR_AF={0x8, 0x1, 0x2}]}]}, 0x28}}, 0x0) r6 = openat$ipvs(0xffffffffffffff9c, 0x0, 0x2, 0x0) ioctl$FS_IOC_FIEMAP(r6, 0xc020660b, &(0x7f0000000280)=ANY=[@ANYBLOB="09000000000000020000001900400003000000000000000000000000000000000000000000000000000000000225000000000000000096c96f0aa0db0000000000007200000000008001ee00000000000000000000000000000000000000000000000000000000000000010100000000000000000000000000006f6a0000000000000000f8847deae0460d0e28eb8b32b5c9b24894229bdd5d"]) r7 = socket$nl_generic(0x10, 0x3, 0x10) r8 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000040)='IPVS\x00') sendmsg$IPVS_CMD_NEW_SERVICE(r7, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000080)={0x28, r8, 0x1, 0x0, 0x0, {}, [@IPVS_CMD_ATTR_SERVICE={0x14, 0x1, [@IPVS_SVC_ATTR_FWMARK={0x8, 0x5, 0x2}, @IPVS_SVC_ATTR_AF={0x8, 0x1, 0x2}]}]}, 0x28}}, 0x0) close(r7) r9 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x5, r9, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7}]) 10:31:04 executing program 1: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) openat$vga_arbiter(0xffffffffffffff9c, 0x0, 0x800, 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, &(0x7f0000000380)={&(0x7f0000000280)='./file0/file0\x00'}, 0x10) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) creat(&(0x7f00000003c0)='./bus\x00', 0x0) io_setup(0x4, &(0x7f0000000180)=0x0) close(0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0x500100}]) 10:31:05 executing program 4: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) socket(0x0, 0x0, 0x0) close(0xffffffffffffffff) r4 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x5, r4, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0x10000b, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7}]) 10:31:05 executing program 0: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) socket(0x0, 0x0, 0x0) close(0xffffffffffffffff) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0) r4 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000300)={0x5, 0x70, 0x81, 0x1, 0x3f, 0x1, 0x0, 0x101, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x40, 0xe21bf5a1ec0ebacf, @perf_bp={&(0x7f0000000140), 0x4}, 0x122, 0x3, 0x7fffffff, 0x0, 0x8, 0x5, 0x5}, 0x0, 0x5, r4, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0xe000000}]) 10:31:05 executing program 2: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) r4 = socket(0x0, 0x0, 0x0) close(r4) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000300)={0x5, 0x70, 0x81, 0x1, 0x3f, 0x1, 0x0, 0x101, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x40, 0xe21bf5a1ec0ebacf, @perf_bp={&(0x7f0000000140), 0x4}, 0x122, 0x3, 0x7fffffff, 0x0, 0x8, 0x5, 0x5}, 0x0, 0x0, 0xffffffffffffffff, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0x3000000}]) [ 2208.665692][T21108] netlink: 'syz-executor.3': attribute type 1 has an invalid length. [ 2209.290051][ T26] kauditd_printk_skb: 17 callbacks suppressed [ 2209.290073][ T26] audit: type=1804 audit(1578997866.112:4183): pid=21073 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir432377370/syzkaller.fCXC0t/1293/file0/file0" dev="sda1" ino=16782 res=1 10:31:06 executing program 5: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_open_procfs(0x0, 0x0) socket(0x0, 0x0, 0x0) close(0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x5, 0xffffffffffffffff, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x90000000fffffff, 0x100012, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7}]) [ 2209.538736][ T26] audit: type=1800 audit(1578997866.162:4184): pid=21073 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed comm="syz-executor.3" name="file0" dev="sda1" ino=16782 res=0 [ 2209.561214][T21126] FAT-fs (loop4): error, fat_free_clusters: deleting FAT entry beyond EOF [ 2209.618329][T21126] FAT-fs (loop4): Filesystem has been set read-only 10:31:06 executing program 3: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) accept4$x25(r2, &(0x7f0000000040), &(0x7f0000000080)=0x12, 0x1800) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) socket(0x0, 0x0, 0x0) close(0xffffffffffffffff) r4 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x5, r4, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7}]) [ 2209.666709][ T26] audit: type=1804 audit(1578997866.162:4185): pid=21089 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.3" name="/root/syzkaller-testdir432377370/syzkaller.fCXC0t/1293/file0/file0" dev="sda1" ino=16782 res=1 [ 2209.728661][ T26] audit: type=1804 audit(1578997866.222:4186): pid=21091 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir733692427/syzkaller.bylO6B/1242/file0/file0" dev="loop4" ino=6923 res=1 10:31:06 executing program 4: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) socket(0x0, 0x0, 0x0) close(0xffffffffffffffff) r4 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x5, r4, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0x10000c, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7}]) [ 2209.859610][ T26] audit: type=1800 audit(1578997866.252:4187): pid=21091 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed comm="syz-executor.4" name="file0" dev="loop4" ino=6923 res=0 [ 2209.880130][ T26] audit: type=1804 audit(1578997866.262:4188): pid=21126 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.4" name="/root/syzkaller-testdir733692427/syzkaller.bylO6B/1242/file0/file0" dev="loop4" ino=6923 res=1 10:31:06 executing program 1: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) openat$vga_arbiter(0xffffffffffffff9c, 0x0, 0x800, 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, &(0x7f0000000380)={&(0x7f0000000280)='./file0/file0\x00'}, 0x10) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) creat(&(0x7f00000003c0)='./bus\x00', 0x0) io_setup(0x4, &(0x7f0000000180)=0x0) close(0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0x500200}]) 10:31:06 executing program 0: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) socket(0x0, 0x0, 0x0) close(0xffffffffffffffff) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0) r4 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000300)={0x5, 0x70, 0x81, 0x1, 0x3f, 0x1, 0x0, 0x101, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x40, 0xe21bf5a1ec0ebacf, @perf_bp={&(0x7f0000000140), 0x4}, 0x122, 0x3, 0x7fffffff, 0x0, 0x8, 0x5, 0x5}, 0x0, 0x5, r4, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0xf000000}]) [ 2209.910355][ T26] audit: type=1804 audit(1578997866.342:4189): pid=21135 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir084764212/syzkaller.RzbT3U/1182/file0/file0" dev="sda1" ino=16800 res=1 10:31:06 executing program 2: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) r4 = socket(0x0, 0x0, 0x0) close(r4) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000300)={0x5, 0x70, 0x81, 0x1, 0x3f, 0x1, 0x0, 0x101, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x40, 0xe21bf5a1ec0ebacf, @perf_bp={&(0x7f0000000140), 0x4}, 0x122, 0x3, 0x7fffffff, 0x0, 0x8, 0x5, 0x5}, 0x0, 0x0, 0xffffffffffffffff, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0x4000000}]) [ 2210.179899][ T26] audit: type=1800 audit(1578997866.342:4190): pid=21135 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed comm="syz-executor.1" name="file0" dev="sda1" ino=16800 res=0 [ 2210.251880][ T26] audit: type=1804 audit(1578997866.342:4191): pid=21136 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.1" name="/root/syzkaller-testdir084764212/syzkaller.RzbT3U/1182/file0/file0" dev="sda1" ino=16800 res=1 [ 2210.383641][ T26] audit: type=1804 audit(1578997866.432:4192): pid=21117 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir015439455/syzkaller.0lPw5D/1233/file0/file0" dev="sda1" ino=17393 res=1 10:31:07 executing program 3: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) r3 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r3, 0x6, 0x210000000013, &(0x7f0000000040)=0x100000001, 0x4) connect$inet(r3, &(0x7f0000000180)={0x2, 0x0, @local}, 0x10) setsockopt$inet_opts(r3, 0x0, 0x2, 0x0, 0x0) lseek(r3, 0x4839, 0x1) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) r4 = syz_open_dev$mouse(&(0x7f0000000080)='/dev/input/mouse#\x00', 0x5, 0x2000) clock_gettime(0x0, &(0x7f0000000200)={0x0, 0x0}) futimesat(r4, &(0x7f0000000140)='./file0\x00', &(0x7f0000000280)={{0x0, 0x2710}, {r5, r6/1000+10000}}) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) socket(0x0, 0x0, 0x0) setsockopt$CAIFSO_REQ_PARAM(r0, 0x116, 0x80, &(0x7f0000000300)="c7eaa2145e9a27b233cca7becd023ecdf208431be5aeaaf162737106aae444cf3c46a31e1c537e7cf198807fe3bb4ee7dde12ca0da261cad4d07c45cdd44d23c25ef45637675eeb616c480743ad0d8350c58f08e8b9f00e63605b18b26c8289866b00381d8e96b3c5c12abb88c84530c6fe9214b69fb6c30bd053f1f767223b1037aeabbd0771c191228e2fa6462a69eb730b4b560a0192bae289ad8f6ff65f7887f950bf595235d00943f6e0471c969bb504419f916ee638382ada2baa0af251df82146eec925e1968c73051e3b03f13341d9ba6dfa7471e1eacff81221c52b4ca3c8c8e48ef1f5f0ffe26b19b0d0c4", 0xf0) close(0xffffffffffffffff) r8 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x5, r8, 0x2) io_submit(r7, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7}]) [ 2210.849451][T21205] FAT-fs (loop5): error, fat_free_clusters: deleting FAT entry beyond EOF [ 2210.902981][T21205] FAT-fs (loop5): Filesystem has been set read-only 10:31:07 executing program 5: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_open_procfs(0x0, 0x0) socket(0x0, 0x0, 0x0) close(0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x5, 0xffffffffffffffff, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x9000000fffffffb, 0x100012, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7}]) 10:31:08 executing program 4: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) socket(0x0, 0x0, 0x0) close(0xffffffffffffffff) r4 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x5, r4, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0x10000d, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7}]) 10:31:08 executing program 1: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) openat$vga_arbiter(0xffffffffffffff9c, 0x0, 0x800, 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, &(0x7f0000000380)={&(0x7f0000000280)='./file0/file0\x00'}, 0x10) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) creat(&(0x7f00000003c0)='./bus\x00', 0x0) io_setup(0x4, &(0x7f0000000180)=0x0) close(0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0x500300}]) 10:31:08 executing program 0: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) socket(0x0, 0x0, 0x0) close(0xffffffffffffffff) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0) r4 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000300)={0x5, 0x70, 0x81, 0x1, 0x3f, 0x1, 0x0, 0x101, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x40, 0xe21bf5a1ec0ebacf, @perf_bp={&(0x7f0000000140), 0x4}, 0x122, 0x3, 0x7fffffff, 0x0, 0x8, 0x5, 0x5}, 0x0, 0x5, r4, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0x10000000}]) 10:31:09 executing program 3: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./bus\x00', 0x80) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) accept(0xffffffffffffffff, &(0x7f0000000040)=@pppol2tpin6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @dev}}}, &(0x7f0000000140)=0x80) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r3 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) socket(0x0, 0x0, 0x0) close(0xffffffffffffffff) r5 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x5, r5, 0x2) io_submit(r4, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r3, &(0x7f0000000000), 0x377140be6b5ef4c7}]) r6 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000200)='/dev/vcs\x00', 0x521401, 0x0) ioctl$sock_bt_hidp_HIDPCONNADD(r6, 0x400448c8, &(0x7f00000003c0)={r2, r2, 0x4, 0x84, &(0x7f0000000300)="1bdd66f17262c4eea60e24d6da467032c1baca1096899ea928ab2f6407cc5446d53285b33cfc5527ed1b239ef83a3f5aa9da7fbb3ddb8f97ce22e4cb22c0a066497a73c6ff7c047c0828c27e238a3f8e4c57bce991b4f4faa54f74cf70f7a683407b6723bef54b9c6fe470628b5af687914a4822faf6f5cd10a9c9bf16d4549d778ccec7", 0x1, 0x7f, 0x9df8, 0x1000, 0x59, 0x1, 0x2a, 'syz1\x00'}) 10:31:09 executing program 2: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xa6ba0) io_setup(0x4, &(0x7f0000000180)=0x0) syz_genetlink_get_family_id$nbd(0x0) syz_open_procfs(0x0, 0x0) r4 = socket(0x0, 0x0, 0x0) close(r4) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000300)={0x5, 0x70, 0x81, 0x1, 0x3f, 0x1, 0x0, 0x101, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x40, 0xe21bf5a1ec0ebacf, @perf_bp={&(0x7f0000000140), 0x4}, 0x122, 0x3, 0x7fffffff, 0x0, 0x8, 0x5, 0x5}, 0x0, 0x0, 0xffffffffffffffff, 0x2) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0x5000000}]) [ 2212.269559][T21255] ================================================================== [ 2212.277828][T21255] BUG: KCSAN: data-race in block_write_full_page / truncate_setsize [ 2212.285833][T21255] [ 2212.288191][T21255] write to 0xffff88812525b758 of 8 bytes by task 21288 on cpu 1: [ 2212.295928][T21255] truncate_setsize+0x3a/0x90 [ 2212.300614][T21255] fat_setattr+0x7fa/0x840 [ 2212.305041][T21255] notify_change+0x7e1/0xaa0 [ 2212.309647][T21255] do_truncate+0xfb/0x180 [ 2212.313984][T21255] path_openat+0x13e8/0x3580 [ 2212.318585][T21255] do_filp_open+0x11e/0x1b0 [ 2212.323095][T21255] do_sys_open+0x3b3/0x4f0 [ 2212.327523][T21255] __x64_sys_creat+0x45/0x60 [ 2212.332121][T21255] do_syscall_64+0xcc/0x3a0 [ 2212.336634][T21255] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2212.342516][T21255] [ 2212.344854][T21255] read to 0xffff88812525b758 of 8 bytes by task 21255 on cpu 0: [ 2212.352491][T21255] block_write_full_page+0x4d/0x1e0 [ 2212.357694][T21255] fat_writepage+0x2e/0x40 [ 2212.362123][T21255] __mpage_writepage+0x837/0xe70 [ 2212.367063][T21255] write_cache_pages+0x47a/0xb40 [ 2212.372006][T21255] mpage_writepages+0xab/0x180 [ 2212.376780][T21255] fat_writepages+0x2e/0x40 [ 2212.381302][T21255] do_writepages+0x6b/0x170 [ 2212.385822][T21255] __filemap_fdatawrite_range+0x1c5/0x230 [ 2212.391550][T21255] file_write_and_wait_range+0xfd/0x160 [ 2212.397109][T21255] __generic_file_fsync+0x59/0x190 [ 2212.402229][T21255] fat_file_fsync+0x58/0x120 [ 2212.406824][T21255] vfs_fsync_range+0x82/0x150 [ 2212.411623][T21255] generic_file_write_iter+0x318/0x38c [ 2212.417083][T21255] aio_write+0x1de/0x2d0 [ 2212.421329][T21255] io_submit_one+0x61d/0xdb0 [ 2212.425925][T21255] __x64_sys_io_submit+0x104/0x2a0 [ 2212.431049][T21255] do_syscall_64+0xcc/0x3a0 [ 2212.435585][T21255] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2212.441470][T21255] [ 2212.443798][T21255] Reported by Kernel Concurrency Sanitizer on: [ 2212.449979][T21255] CPU: 0 PID: 21255 Comm: syz-executor.5 Not tainted 5.5.0-rc1-syzkaller #0 [ 2212.458653][T21255] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2212.468745][T21255] ================================================================== [ 2212.476822][T21255] Kernel panic - not syncing: panic_on_warn set ... [ 2212.483443][T21255] CPU: 0 PID: 21255 Comm: syz-executor.5 Not tainted 5.5.0-rc1-syzkaller #0 [ 2212.492241][T21255] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2212.502298][T21255] Call Trace: [ 2212.505597][T21255] dump_stack+0x11d/0x181 [ 2212.509940][T21255] panic+0x210/0x640 [ 2212.513850][T21255] ? vprintk_func+0x8d/0x140 [ 2212.518453][T21255] kcsan_report.cold+0xc/0xd [ 2212.523053][T21255] kcsan_setup_watchpoint+0x3fe/0x460 [ 2212.528435][T21255] __tsan_read8+0xc6/0x100 [ 2212.532874][T21255] block_write_full_page+0x4d/0x1e0 [ 2212.538085][T21255] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 2212.543818][T21255] ? fat_add_cluster+0xd0/0xd0 [ 2212.548600][T21255] fat_writepage+0x2e/0x40 [ 2212.553042][T21255] __mpage_writepage+0x837/0xe70 [ 2212.557998][T21255] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2212.564261][T21255] ? __this_cpu_preempt_check+0x45/0x140 [ 2212.569913][T21255] ? __this_cpu_preempt_check+0x45/0x140 [ 2212.575557][T21255] ? __rcu_read_unlock+0x66/0x3d0 [ 2212.580605][T21255] ? percpu_counter_add_batch+0x124/0x150 [ 2212.586329][T21255] write_cache_pages+0x47a/0xb40 [ 2212.591265][T21255] ? clean_buffers+0x1b0/0x1b0 [ 2212.596061][T21255] ? fat_add_cluster+0xd0/0xd0 [ 2212.600819][T21255] ? fat_readpages+0x50/0x50 [ 2212.605406][T21255] mpage_writepages+0xab/0x180 [ 2212.610174][T21255] ? fat_add_cluster+0xd0/0xd0 [ 2212.614947][T21255] ? __rcu_read_unlock+0x66/0x3d0 [ 2212.619970][T21255] ? __update_load_avg_se+0x20a/0x2f0 [ 2212.625869][T21255] fat_writepages+0x2e/0x40 [ 2212.630370][T21255] do_writepages+0x6b/0x170 [ 2212.634870][T21255] ? wbc_attach_and_unlock_inode+0xdd/0x3b0 [ 2212.640776][T21255] ? __enqueue_entity+0x8b/0x90 [ 2212.645626][T21255] ? enqueue_entity+0x10a/0x5d0 [ 2212.650479][T21255] __filemap_fdatawrite_range+0x1c5/0x230 [ 2212.656204][T21255] file_write_and_wait_range+0xfd/0x160 [ 2212.661757][T21255] __generic_file_fsync+0x59/0x190 [ 2212.666879][T21255] fat_file_fsync+0x58/0x120 [ 2212.671478][T21255] ? fat_free_clusters.cold+0x30/0x30 [ 2212.676852][T21255] vfs_fsync_range+0x82/0x150 [ 2212.681529][T21255] generic_file_write_iter+0x318/0x38c [ 2212.686986][T21255] aio_write+0x1de/0x2d0 [ 2212.691230][T21255] ? __fget+0xb8/0x1d0 [ 2212.695300][T21255] io_submit_one+0x61d/0xdb0 [ 2212.699910][T21255] __x64_sys_io_submit+0x104/0x2a0 [ 2212.705020][T21255] ? btrfs_remove_chunk+0xf7/0xc20 [ 2212.710132][T21255] do_syscall_64+0xcc/0x3a0 [ 2212.714651][T21255] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2212.720547][T21255] RIP: 0033:0x45af49 [ 2212.724446][T21255] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2212.744058][T21255] RSP: 002b:00007faaf95b2c78 EFLAGS: 00000246 ORIG_RAX: 00000000000000d1 [ 2212.752459][T21255] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000000045af49 [ 2212.760420][T21255] RDX: 0000000020000540 RSI: 0000000000000732 RDI: 00007faaf9592000 [ 2212.768382][T21255] RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000 [ 2212.776345][T21255] R10: 0000000000000000 R11: 0000000000000246 R12: 00007faaf95b36d4 [ 2212.784307][T21255] R13: 00000000004c280f R14: 00000000004d8c20 R15: 00000000ffffffff [ 2212.793546][T21255] Kernel Offset: disabled [ 2212.797874][T21255] Rebooting in 86400 seconds..