='/dev/vsock\x00', 0x0, 0x0) poll(0x0, 0x0, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer\x00', 0x801, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000380)={[0x0, 0xf0, 0xfffffffffffffffc, 0x1, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) 11:37:48 executing program 0: r0 = getpid() r1 = openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) lseek(r1, 0x1, 0x0) sched_setscheduler(r0, 0x0, &(0x7f0000000380)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, &(0x7f0000000200)='/dev/vsock\x00', 0x0, 0x0) poll(0x0, 0x0, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer\x00', 0x801, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000380)={[0x0, 0xf0, 0xfffffffffffffffc, 0x1, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) [ 1759.624829] FAT-fs (loop2): bogus number of reserved sectors [ 1759.630873] FAT-fs (loop2): Can't find a valid FAT filesystem 11:37:49 executing program 0: r0 = getpid() r1 = openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) lseek(r1, 0x1, 0x0) sched_setscheduler(r0, 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, &(0x7f0000000200)='/dev/vsock\x00', 0x0, 0x0) poll(0x0, 0x0, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer\x00', 0x801, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000380)={[0x0, 0xf0, 0xfffffffffffffffc, 0x1, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) 11:37:49 executing program 3: r0 = getpid() r1 = openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) lseek(r1, 0x1, 0x0) sched_setscheduler(r0, 0x0, &(0x7f0000000380)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, &(0x7f0000000200)='/dev/vsock\x00', 0x0, 0x0) poll(0x0, 0x0, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer\x00', 0x801, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000380)={[0x0, 0xf0, 0xfffffffffffffffc, 0x1, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) 11:37:49 executing program 0: r0 = getpid() r1 = openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) lseek(r1, 0x1, 0x0) sched_setscheduler(r0, 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, &(0x7f0000000200)='/dev/vsock\x00', 0x0, 0x0) poll(0x0, 0x0, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer\x00', 0x801, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000380)={[0x0, 0xf0, 0xfffffffffffffffc, 0x1, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) 11:37:49 executing program 4: r0 = getpid() r1 = openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) lseek(r1, 0x0, 0x0) sched_setscheduler(r0, 0x5, &(0x7f0000000380)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) socket$pptp(0x18, 0x1, 0x2) openat$sequencer(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer\x00', 0x801, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000380)={[0x0, 0xf0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) 11:37:49 executing program 2: socket$nl_xfrm(0x10, 0x3, 0x6) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x20}, 0x0) open(&(0x7f0000000040)='./bus\x00', 0x8001141042, 0x0) add_key$user(0x0, &(0x7f0000000040)={'syz', 0x0}, &(0x7f0000000280)='f', 0x1, 0xfffffffffffffffd) keyctl$clear(0x7, 0x0) request_key(0x0, &(0x7f0000000180)={'syz', 0x0}, 0x0, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) ioctl$TCSETXW(0xffffffffffffffff, 0x5435, &(0x7f00000000c0)={0x0, 0x0, [0x0, 0x0, 0x6, 0x2], 0x8}) fcntl$setpipe(r2, 0x407, 0x0) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000480)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)}], 0x0, 0x0) 11:37:49 executing program 5: socket$nl_xfrm(0x10, 0x3, 0x6) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x20}, 0x0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x8001141042, 0x0) write(r1, &(0x7f0000000000)="b6", 0xfffffe7e) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000480)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x0, 0x0) 11:37:49 executing program 1: r0 = getpid() openat$procfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/schedstat\x00', 0x0, 0x0) sched_setscheduler(r0, 0x5, &(0x7f0000000380)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0xfffffffffffffffc, 0x1, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 11:37:49 executing program 0: r0 = getpid() r1 = openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) lseek(r1, 0x1, 0x0) sched_setscheduler(r0, 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, &(0x7f0000000200)='/dev/vsock\x00', 0x0, 0x0) poll(0x0, 0x0, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer\x00', 0x801, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000380)={[0x0, 0xf0, 0xfffffffffffffffc, 0x1, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) 11:37:49 executing program 3: socket$nl_xfrm(0x10, 0x3, 0x6) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x20}, 0x0) open(&(0x7f0000000040)='./bus\x00', 0x8001141042, 0x0) add_key$user(0x0, &(0x7f0000000040)={'syz', 0x0}, &(0x7f0000000280)='f', 0x1, 0xfffffffffffffffd) keyctl$clear(0x7, 0x0) request_key(0x0, &(0x7f0000000180)={'syz', 0x0}, 0x0, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000480)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x0, 0x0) 11:37:50 executing program 0: r0 = getpid() r1 = openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) lseek(r1, 0x1, 0x0) sched_setscheduler(r0, 0x5, &(0x7f0000000380)) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, &(0x7f0000000200)='/dev/vsock\x00', 0x0, 0x0) poll(0x0, 0x0, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer\x00', 0x801, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000380)={[0x0, 0xf0, 0xfffffffffffffffc, 0x1, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) [ 1760.833906] FAT-fs (loop2): bogus number of reserved sectors [ 1760.839801] FAT-fs (loop2): Can't find a valid FAT filesystem 11:37:50 executing program 3: r0 = getpid() r1 = openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) lseek(r1, 0x1, 0x0) sched_setscheduler(r0, 0x5, &(0x7f0000000380)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, &(0x7f0000000200)='/dev/vsock\x00', 0x0, 0x0) poll(0x0, 0x0, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer\x00', 0x801, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000380)={[0x0, 0xf0, 0xfffffffffffffffc, 0x1, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) 11:37:50 executing program 4: r0 = getpid() r1 = openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) lseek(r1, 0x0, 0x0) sched_setscheduler(r0, 0x5, &(0x7f0000000380)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) socket$pptp(0x18, 0x1, 0x2) openat$sequencer(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer\x00', 0x801, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000380)={[0x0, 0xf0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) 11:37:50 executing program 5: socket$nl_xfrm(0x10, 0x3, 0x6) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x20}, 0x0) write(0xffffffffffffffff, &(0x7f0000000000)="b6", 0xfffffe7e) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000480)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x0, 0x0) 11:37:50 executing program 2: socket$nl_xfrm(0x10, 0x3, 0x6) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x20}, 0x0) open(&(0x7f0000000040)='./bus\x00', 0x8001141042, 0x0) add_key$user(0x0, &(0x7f0000000040)={'syz', 0x0}, &(0x7f0000000280)='f', 0x1, 0xfffffffffffffffd) keyctl$clear(0x7, 0x0) request_key(0x0, &(0x7f0000000180)={'syz', 0x0}, 0x0, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) ioctl$TCSETXW(0xffffffffffffffff, 0x5435, &(0x7f00000000c0)={0x0, 0x0, [0x0, 0x0, 0x6, 0x2], 0x8}) fcntl$setpipe(r2, 0x407, 0x0) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000480)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)}], 0x0, 0x0) 11:37:51 executing program 0: r0 = getpid() r1 = openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) lseek(r1, 0x1, 0x0) sched_setscheduler(r0, 0x5, &(0x7f0000000380)) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, &(0x7f0000000200)='/dev/vsock\x00', 0x0, 0x0) poll(0x0, 0x0, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer\x00', 0x801, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000380)={[0x0, 0xf0, 0xfffffffffffffffc, 0x1, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) [ 1761.871163] FAT-fs (loop2): bogus number of reserved sectors [ 1761.877196] FAT-fs (loop2): Can't find a valid FAT filesystem 11:37:51 executing program 5: socket$nl_xfrm(0x10, 0x3, 0x6) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x20}, 0x0) write(0xffffffffffffffff, &(0x7f0000000000)="b6", 0xfffffe7e) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000480)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x0, 0x0) 11:37:51 executing program 1: r0 = getpid() openat$procfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/schedstat\x00', 0x0, 0x0) sched_setscheduler(r0, 0x5, &(0x7f0000000380)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0xfffffffffffffffc, 0x1, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 11:37:51 executing program 5: socket$nl_xfrm(0x10, 0x3, 0x6) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x20}, 0x0) write(0xffffffffffffffff, &(0x7f0000000000)="b6", 0xfffffe7e) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000480)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x0, 0x0) 11:37:51 executing program 0: r0 = getpid() r1 = openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) lseek(r1, 0x1, 0x0) sched_setscheduler(r0, 0x5, &(0x7f0000000380)) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, &(0x7f0000000200)='/dev/vsock\x00', 0x0, 0x0) poll(0x0, 0x0, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer\x00', 0x801, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000380)={[0x0, 0xf0, 0xfffffffffffffffc, 0x1, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) 11:37:51 executing program 3: r0 = getpid() r1 = openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) lseek(r1, 0x1, 0x0) sched_setscheduler(r0, 0x5, &(0x7f0000000380)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, &(0x7f0000000200)='/dev/vsock\x00', 0x0, 0x0) poll(0x0, 0x0, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer\x00', 0x801, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000380)={[0x0, 0xf0, 0xfffffffffffffffc, 0x1, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) 11:37:51 executing program 2: socket$nl_xfrm(0x10, 0x3, 0x6) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x20}, 0x0) open(&(0x7f0000000040)='./bus\x00', 0x8001141042, 0x0) add_key$user(0x0, &(0x7f0000000040)={'syz', 0x0}, &(0x7f0000000280)='f', 0x1, 0xfffffffffffffffd) keyctl$clear(0x7, 0x0) request_key(0x0, &(0x7f0000000180)={'syz', 0x0}, 0x0, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) ioctl$TCSETXW(0xffffffffffffffff, 0x5435, &(0x7f00000000c0)={0x0, 0x0, [0x0, 0x0, 0x6, 0x2], 0x8}) fcntl$setpipe(r2, 0x407, 0x0) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000480)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174", 0xb}], 0x0, 0x0) 11:37:51 executing program 1: r0 = getpid() openat$procfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/schedstat\x00', 0x0, 0x0) sched_setscheduler(r0, 0x5, &(0x7f0000000380)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0xf0, 0xfffffffffffffffc, 0x1, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 11:37:52 executing program 5: socket$nl_xfrm(0x10, 0x3, 0x6) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) getpid() r0 = open(&(0x7f0000000040)='./bus\x00', 0x8001141042, 0x0) write(r0, &(0x7f0000000000)="b6", 0xfffffe7e) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000480)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x0, 0x0) 11:37:52 executing program 4: r0 = getpid() r1 = openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) lseek(r1, 0x0, 0x0) sched_setscheduler(r0, 0x5, &(0x7f0000000380)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) socket$pptp(0x18, 0x1, 0x2) openat$sequencer(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer\x00', 0x801, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000380)={[0x0, 0xf0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) 11:37:52 executing program 0: r0 = getpid() r1 = openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) lseek(r1, 0x1, 0x0) sched_setscheduler(r0, 0x5, &(0x7f0000000380)) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, &(0x7f0000000200)='/dev/vsock\x00', 0x0, 0x0) poll(0x0, 0x0, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer\x00', 0x801, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000380)={[0x0, 0xf0, 0xfffffffffffffffc, 0x1, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) [ 1763.048793] FAT-fs (loop2): bogus number of reserved sectors [ 1763.054738] FAT-fs (loop2): Can't find a valid FAT filesystem 11:37:52 executing program 1: r0 = getpid() openat$procfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/schedstat\x00', 0x0, 0x0) sched_setscheduler(r0, 0x5, &(0x7f0000000380)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0xf0, 0xfffffffffffffffc, 0x1, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 11:37:52 executing program 0: r0 = getpid() r1 = openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) lseek(r1, 0x1, 0x0) sched_setscheduler(r0, 0x5, &(0x7f0000000380)) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, &(0x7f0000000200)='/dev/vsock\x00', 0x0, 0x0) poll(0x0, 0x0, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer\x00', 0x801, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000380)={[0x0, 0xf0, 0xfffffffffffffffc, 0x1, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) 11:37:52 executing program 5: socket$nl_xfrm(0x10, 0x3, 0x6) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) getpid() r0 = open(&(0x7f0000000040)='./bus\x00', 0x8001141042, 0x0) write(r0, &(0x7f0000000000)="b6", 0xfffffe7e) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000480)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x0, 0x0) 11:37:52 executing program 1: r0 = getpid() openat$procfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/schedstat\x00', 0x0, 0x0) sched_setscheduler(r0, 0x5, &(0x7f0000000380)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0xf0, 0xfffffffffffffffc, 0x1, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 11:37:52 executing program 4: r0 = getpid() r1 = openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) lseek(r1, 0x0, 0x0) sched_setscheduler(r0, 0x5, &(0x7f0000000380)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) socket$pptp(0x18, 0x1, 0x2) openat$sequencer(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer\x00', 0x801, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000380)={[0x0, 0xf0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) 11:37:52 executing program 3: r0 = getpid() r1 = openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) lseek(r1, 0x0, 0x0) sched_setscheduler(r0, 0x5, &(0x7f0000000380)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) socket$pptp(0x18, 0x1, 0x2) openat$sequencer(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer\x00', 0x801, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000380)={[0x0, 0xf0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) 11:37:53 executing program 2: socket$nl_xfrm(0x10, 0x3, 0x6) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x20}, 0x0) open(&(0x7f0000000040)='./bus\x00', 0x8001141042, 0x0) add_key$user(0x0, &(0x7f0000000040)={'syz', 0x0}, &(0x7f0000000280)='f', 0x1, 0xfffffffffffffffd) keyctl$clear(0x7, 0x0) request_key(0x0, &(0x7f0000000180)={'syz', 0x0}, 0x0, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) ioctl$TCSETXW(0xffffffffffffffff, 0x5435, &(0x7f00000000c0)={0x0, 0x0, [0x0, 0x0, 0x6, 0x2], 0x8}) fcntl$setpipe(r2, 0x407, 0x0) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000480)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174", 0xb}], 0x0, 0x0) 11:37:53 executing program 0: r0 = getpid() r1 = openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) lseek(r1, 0x1, 0x0) sched_setscheduler(r0, 0x5, &(0x7f0000000380)) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, &(0x7f0000000200)='/dev/vsock\x00', 0x0, 0x0) poll(0x0, 0x0, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer\x00', 0x801, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000380)={[0x0, 0xf0, 0xfffffffffffffffc, 0x1, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) 11:37:53 executing program 5: socket$nl_xfrm(0x10, 0x3, 0x6) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) getpid() r0 = open(&(0x7f0000000040)='./bus\x00', 0x8001141042, 0x0) write(r0, &(0x7f0000000000)="b6", 0xfffffe7e) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000480)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x0, 0x0) 11:37:53 executing program 4: r0 = getpid() r1 = openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) lseek(r1, 0x0, 0x0) sched_setscheduler(r0, 0x5, &(0x7f0000000380)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) socket$pptp(0x18, 0x1, 0x2) openat$sequencer(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer\x00', 0x801, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000380)={[0x0, 0xf0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) [ 1764.584873] FAT-fs (loop2): bogus number of reserved sectors [ 1764.590841] FAT-fs (loop2): Can't find a valid FAT filesystem 11:37:54 executing program 1: r0 = getpid() openat$procfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/schedstat\x00', 0x0, 0x0) sched_setscheduler(r0, 0x5, &(0x7f0000000380)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0xf0, 0xfffffffffffffffc, 0x1, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) 11:37:54 executing program 5: socket$nl_xfrm(0x10, 0x3, 0x6) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x20}, 0x0) r0 = open(&(0x7f0000000040)='./bus\x00', 0x8001141042, 0x0) write(r0, &(0x7f0000000000)="b6", 0xfffffe7e) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000480)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x0, 0x0) 11:37:54 executing program 4: r0 = getpid() lseek(0xffffffffffffffff, 0x1, 0x0) sched_setscheduler(r0, 0x5, &(0x7f0000000380)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, &(0x7f0000000200)='/dev/vsock\x00', 0x0, 0x0) poll(0x0, 0x0, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer\x00', 0x801, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0xf0, 0xfffffffffffffffc, 0x1, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 11:37:54 executing program 2: socket$nl_xfrm(0x10, 0x3, 0x6) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x20}, 0x0) open(&(0x7f0000000040)='./bus\x00', 0x8001141042, 0x0) add_key$user(0x0, &(0x7f0000000040)={'syz', 0x0}, &(0x7f0000000280)='f', 0x1, 0xfffffffffffffffd) keyctl$clear(0x7, 0x0) request_key(0x0, &(0x7f0000000180)={'syz', 0x0}, 0x0, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) ioctl$TCSETXW(0xffffffffffffffff, 0x5435, &(0x7f00000000c0)={0x0, 0x0, [0x0, 0x0, 0x6, 0x2], 0x8}) fcntl$setpipe(r2, 0x407, 0x0) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000480)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174", 0xb}], 0x0, 0x0) 11:37:54 executing program 0: r0 = getpid() r1 = openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) lseek(r1, 0x1, 0x0) sched_setscheduler(r0, 0x5, &(0x7f0000000380)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, &(0x7f0000000200)='/dev/vsock\x00', 0x0, 0x0) poll(0x0, 0x0, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer\x00', 0x801, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000380)={[0x0, 0xf0, 0xfffffffffffffffc, 0x1, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) 11:37:55 executing program 5: socket$nl_xfrm(0x10, 0x3, 0x6) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x20}, 0x0) r0 = open(&(0x7f0000000040)='./bus\x00', 0x8001141042, 0x0) write(r0, &(0x7f0000000000)="b6", 0xfffffe7e) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000480)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x0, 0x0) 11:37:55 executing program 1: r0 = getpid() openat$procfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/schedstat\x00', 0x0, 0x0) sched_setscheduler(r0, 0x5, &(0x7f0000000380)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0xf0, 0xfffffffffffffffc, 0x1, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) 11:37:55 executing program 3: r0 = getpid() openat$procfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/schedstat\x00', 0x0, 0x0) sched_setscheduler(r0, 0x5, &(0x7f0000000380)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0xf0, 0xfffffffffffffffc, 0x1, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 11:37:55 executing program 0: r0 = getpid() r1 = openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) lseek(r1, 0x1, 0x0) sched_setscheduler(r0, 0x5, &(0x7f0000000380)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, &(0x7f0000000200)='/dev/vsock\x00', 0x0, 0x0) poll(0x0, 0x0, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer\x00', 0x801, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000380)={[0x0, 0xf0, 0xfffffffffffffffc, 0x1, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) [ 1766.090162] FAT-fs (loop2): bogus number of reserved sectors [ 1766.096031] FAT-fs (loop2): Can't find a valid FAT filesystem 11:37:55 executing program 3: r0 = getpid() r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/schedstat\x00', 0x0, 0x0) lseek(r1, 0x1, 0x0) sched_setscheduler(r0, 0x5, &(0x7f0000000380)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, &(0x7f0000000200)='/dev/vsock\x00', 0x0, 0x0) poll(0x0, 0x0, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer\x00', 0x801, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000380)={[0x0, 0xf0, 0xfffffffffffffffc, 0x1, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) 11:37:55 executing program 4: r0 = getpid() lseek(0xffffffffffffffff, 0x1, 0x0) sched_setscheduler(r0, 0x5, &(0x7f0000000380)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, &(0x7f0000000200)='/dev/vsock\x00', 0x0, 0x0) poll(0x0, 0x0, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer\x00', 0x801, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0xf0, 0xfffffffffffffffc, 0x1, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 11:37:55 executing program 0: r0 = getpid() r1 = openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) lseek(r1, 0x1, 0x0) sched_setscheduler(r0, 0x5, &(0x7f0000000380)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, &(0x7f0000000200)='/dev/vsock\x00', 0x0, 0x0) poll(0x0, 0x0, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer\x00', 0x801, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000380)={[0x0, 0xf0, 0xfffffffffffffffc, 0x1, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) 11:37:56 executing program 2: socket$nl_xfrm(0x10, 0x3, 0x6) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x20}, 0x0) open(&(0x7f0000000040)='./bus\x00', 0x8001141042, 0x0) add_key$user(0x0, &(0x7f0000000040)={'syz', 0x0}, &(0x7f0000000280)='f', 0x1, 0xfffffffffffffffd) keyctl$clear(0x7, 0x0) request_key(0x0, &(0x7f0000000180)={'syz', 0x0}, 0x0, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) ioctl$TCSETXW(0xffffffffffffffff, 0x5435, &(0x7f00000000c0)={0x0, 0x0, [0x0, 0x0, 0x6, 0x2], 0x8}) fcntl$setpipe(r2, 0x407, 0x0) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000480)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002", 0x11}], 0x0, 0x0) 11:37:56 executing program 1: r0 = getpid() openat$procfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/schedstat\x00', 0x0, 0x0) sched_setscheduler(r0, 0x5, &(0x7f0000000380)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0xf0, 0xfffffffffffffffc, 0x1, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) 11:37:56 executing program 0: r0 = getpid() r1 = openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) lseek(r1, 0x1, 0x0) sched_setscheduler(r0, 0x5, &(0x7f0000000380)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, &(0x7f0000000200)='/dev/vsock\x00', 0x0, 0x0) poll(0x0, 0x0, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer\x00', 0x801, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000380)={[0x0, 0xf0, 0xfffffffffffffffc, 0x1, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) 11:37:56 executing program 5: socket$nl_xfrm(0x10, 0x3, 0x6) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x20}, 0x0) r0 = open(&(0x7f0000000040)='./bus\x00', 0x8001141042, 0x0) write(r0, &(0x7f0000000000)="b6", 0xfffffe7e) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000480)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x0, 0x0) [ 1767.211104] FAT-fs (loop2): invalid media value (0x00) [ 1767.216486] FAT-fs (loop2): Can't find a valid FAT filesystem 11:37:56 executing program 1: r0 = getpid() openat$procfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/schedstat\x00', 0x0, 0x0) sched_setscheduler(r0, 0x5, &(0x7f0000000380)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0xf0, 0xfffffffffffffffc, 0x1, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 11:37:56 executing program 3: r0 = getpid() r1 = openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) lseek(r1, 0x0, 0x0) sched_setscheduler(r0, 0x5, &(0x7f0000000380)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) socket$pptp(0x18, 0x1, 0x2) openat$sequencer(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer\x00', 0x801, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000380)={[0x0, 0xf0, 0xfffffffffffffffc, 0x1, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) 11:37:57 executing program 0: r0 = getpid() r1 = openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) lseek(r1, 0x1, 0x0) sched_setscheduler(r0, 0x5, &(0x7f0000000380)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, &(0x7f0000000200)='/dev/vsock\x00', 0x0, 0x0) poll(0x0, 0x0, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer\x00', 0x801, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000380)={[0x0, 0xf0, 0xfffffffffffffffc, 0x1, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) 11:37:57 executing program 5: socket$nl_xfrm(0x10, 0x3, 0x6) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x20}, 0x0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x8001141042, 0x0) write(r1, &(0x7f0000000000)="b6", 0xfffffe7e) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000480)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x0, 0x0) 11:37:57 executing program 2: socket$nl_xfrm(0x10, 0x3, 0x6) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x20}, 0x0) open(&(0x7f0000000040)='./bus\x00', 0x8001141042, 0x0) add_key$user(0x0, &(0x7f0000000040)={'syz', 0x0}, &(0x7f0000000280)='f', 0x1, 0xfffffffffffffffd) keyctl$clear(0x7, 0x0) request_key(0x0, &(0x7f0000000180)={'syz', 0x0}, 0x0, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) ioctl$TCSETXW(0xffffffffffffffff, 0x5435, &(0x7f00000000c0)={0x0, 0x0, [0x0, 0x0, 0x6, 0x2], 0x8}) fcntl$setpipe(r2, 0x407, 0x0) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000480)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002", 0x11}], 0x0, 0x0) 11:37:57 executing program 1: r0 = getpid() lseek(0xffffffffffffffff, 0x0, 0x0) sched_setscheduler(r0, 0x0, &(0x7f0000000380)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0xf0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 11:37:57 executing program 4: getpid() lseek(0xffffffffffffffff, 0x0, 0x0) sched_setscheduler(0x0, 0x5, &(0x7f0000000380)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0x0, 0xf0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 11:37:57 executing program 0: r0 = getpid() r1 = openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) lseek(r1, 0x1, 0x0) sched_setscheduler(r0, 0x5, &(0x7f0000000380)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, &(0x7f0000000200)='/dev/vsock\x00', 0x0, 0x0) poll(0x0, 0x0, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer\x00', 0x801, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000380)={[0x0, 0xf0, 0xfffffffffffffffc, 0x1, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) [ 1768.462480] FAT-fs (loop2): invalid media value (0x00) [ 1768.467834] FAT-fs (loop2): Can't find a valid FAT filesystem 11:37:57 executing program 5: socket$nl_xfrm(0x10, 0x3, 0x6) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x20}, 0x0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x8001141042, 0x0) write(r1, &(0x7f0000000000)="b6", 0xfffffe7e) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000480)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x0, 0x0) 11:37:57 executing program 1: socket$nl_xfrm(0x10, 0x3, 0x6) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x20}, 0x0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x8001141042, 0x0) add_key$user(0x0, &(0x7f0000000040)={'syz', 0x0}, &(0x7f0000000280)='f', 0x1, 0xfffffffffffffffd) keyctl$clear(0x7, 0x0) request_key(0x0, &(0x7f0000000180)={'syz', 0x0}, 0x0, 0x0) write(r1, &(0x7f0000000000)="b6", 0xfffffe7e) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0) dup3(r4, r5, 0x0) ioctl$TCSETXW(0xffffffffffffffff, 0x5435, &(0x7f00000000c0)={0x0, 0x0, [0x0, 0x0, 0x6, 0x2], 0x8}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) setsockopt$netlink_NETLINK_LISTEN_ALL_NSID(0xffffffffffffffff, 0x10e, 0x8, 0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000480)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x0, 0x0) 11:37:58 executing program 4: getpid() lseek(0xffffffffffffffff, 0x0, 0x0) sched_setscheduler(0x0, 0x5, &(0x7f0000000380)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0x0, 0xf0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 11:37:58 executing program 1: socket$nl_xfrm(0x10, 0x3, 0x6) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x20}, 0x0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x8001141042, 0x0) add_key$user(0x0, &(0x7f0000000040)={'syz', 0x0}, &(0x7f0000000280)='f', 0x1, 0xfffffffffffffffd) keyctl$clear(0x7, 0x0) request_key(0x0, &(0x7f0000000180)={'syz', 0x0}, 0x0, 0x0) write(r1, &(0x7f0000000000)="b6", 0xfffffe7e) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0) dup3(r4, r5, 0x0) ioctl$TCSETXW(0xffffffffffffffff, 0x5435, &(0x7f00000000c0)={0x0, 0x0, [0x0, 0x0, 0x6, 0x2], 0x8}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) setsockopt$netlink_NETLINK_LISTEN_ALL_NSID(0xffffffffffffffff, 0x10e, 0x8, 0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000480)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x0, 0x0) 11:37:58 executing program 5: socket$nl_xfrm(0x10, 0x3, 0x6) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x20}, 0x0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x8001141042, 0x0) write(r1, &(0x7f0000000000)="b6", 0xfffffe7e) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000480)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x0, 0x0) 11:37:59 executing program 3: r0 = getpid() r1 = openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) lseek(r1, 0x0, 0x0) sched_setscheduler(r0, 0x5, &(0x7f0000000380)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) socket$pptp(0x18, 0x1, 0x2) openat$sequencer(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer\x00', 0x801, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000380)={[0x0, 0xf0, 0xfffffffffffffffc, 0x1, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) 11:37:59 executing program 2: socket$nl_xfrm(0x10, 0x3, 0x6) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x20}, 0x0) open(&(0x7f0000000040)='./bus\x00', 0x8001141042, 0x0) add_key$user(0x0, &(0x7f0000000040)={'syz', 0x0}, &(0x7f0000000280)='f', 0x1, 0xfffffffffffffffd) keyctl$clear(0x7, 0x0) request_key(0x0, &(0x7f0000000180)={'syz', 0x0}, 0x0, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) ioctl$TCSETXW(0xffffffffffffffff, 0x5435, &(0x7f00000000c0)={0x0, 0x0, [0x0, 0x0, 0x6, 0x2], 0x8}) fcntl$setpipe(r2, 0x407, 0x0) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000480)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002", 0x11}], 0x0, 0x0) 11:37:59 executing program 4: getpid() lseek(0xffffffffffffffff, 0x0, 0x0) sched_setscheduler(0x0, 0x5, &(0x7f0000000380)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0x0, 0xf0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 11:37:59 executing program 1: socket$nl_xfrm(0x10, 0x3, 0x6) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x20}, 0x0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x8001141042, 0x0) add_key$user(0x0, &(0x7f0000000040)={'syz', 0x0}, &(0x7f0000000280)='f', 0x1, 0xfffffffffffffffd) keyctl$clear(0x7, 0x0) request_key(0x0, &(0x7f0000000180)={'syz', 0x0}, 0x0, 0x0) write(r1, &(0x7f0000000000)="b6", 0xfffffe7e) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0) dup3(r4, r5, 0x0) ioctl$TCSETXW(0xffffffffffffffff, 0x5435, &(0x7f00000000c0)={0x0, 0x0, [0x0, 0x0, 0x6, 0x2], 0x8}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) setsockopt$netlink_NETLINK_LISTEN_ALL_NSID(0xffffffffffffffff, 0x10e, 0x8, 0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000480)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x0, 0x0) 11:37:59 executing program 0: r0 = getpid() r1 = openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) lseek(r1, 0x1, 0x0) sched_setscheduler(r0, 0x5, &(0x7f0000000380)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, &(0x7f0000000200)='/dev/vsock\x00', 0x0, 0x0) poll(0x0, 0x0, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer\x00', 0x801, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000380)={[0x0, 0xf0, 0xfffffffffffffffc, 0x1, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) 11:37:59 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x20}, 0x0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x8001141042, 0x0) write(r1, &(0x7f0000000000)="b6", 0xfffffe7e) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000480)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x0, 0x0) 11:38:00 executing program 0: r0 = getpid() r1 = openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) lseek(r1, 0x1, 0x0) sched_setscheduler(r0, 0x5, &(0x7f0000000380)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, &(0x7f0000000200)='/dev/vsock\x00', 0x0, 0x0) poll(0x0, 0x0, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer\x00', 0x801, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000380)={[0x0, 0xf0, 0xfffffffffffffffc, 0x1, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) [ 1770.887968] FAT-fs (loop2): invalid media value (0x00) [ 1770.893585] FAT-fs (loop2): Can't find a valid FAT filesystem 11:38:00 executing program 2: socket$nl_xfrm(0x10, 0x3, 0x6) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x20}, 0x0) open(&(0x7f0000000040)='./bus\x00', 0x8001141042, 0x0) add_key$user(0x0, &(0x7f0000000040)={'syz', 0x0}, &(0x7f0000000280)='f', 0x1, 0xfffffffffffffffd) keyctl$clear(0x7, 0x0) request_key(0x0, &(0x7f0000000180)={'syz', 0x0}, 0x0, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) ioctl$TCSETXW(0xffffffffffffffff, 0x5435, &(0x7f00000000c0)={0x0, 0x0, [0x0, 0x0, 0x6, 0x2], 0x8}) fcntl$setpipe(r2, 0x407, 0x0) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000480)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270", 0x14}], 0x0, 0x0) 11:38:01 executing program 1: socket$nl_xfrm(0x10, 0x3, 0x6) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x20}, 0x0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x8001141042, 0x0) add_key$user(0x0, &(0x7f0000000040)={'syz', 0x0}, &(0x7f0000000280)='f', 0x1, 0xfffffffffffffffd) keyctl$clear(0x7, 0x0) request_key(0x0, &(0x7f0000000180)={'syz', 0x0}, 0x0, 0x0) write(r1, &(0x7f0000000000)="b6", 0xfffffe7e) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0) dup3(r4, r5, 0x0) ioctl$TCSETXW(0xffffffffffffffff, 0x5435, &(0x7f00000000c0)={0x0, 0x0, [0x0, 0x0, 0x6, 0x2], 0x8}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000480)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x0, 0x0) 11:38:01 executing program 5: prlimit64(0x0, 0x0, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x20}, 0x0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x8001141042, 0x0) write(r1, &(0x7f0000000000)="b6", 0xfffffe7e) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000480)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x0, 0x0) 11:38:01 executing program 0: r0 = getpid() r1 = openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) lseek(r1, 0x1, 0x0) sched_setscheduler(r0, 0x5, &(0x7f0000000380)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, &(0x7f0000000200)='/dev/vsock\x00', 0x0, 0x0) poll(0x0, 0x0, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer\x00', 0x801, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000380)={[0x0, 0xf0, 0xfffffffffffffffc, 0x1, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) 11:38:01 executing program 4: r0 = getpid() r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/schedstat\x00', 0x0, 0x0) lseek(r1, 0x1, 0x0) sendmsg$NFNL_MSG_CTHELPER_NEW(r1, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000080)={&(0x7f0000000240)={0x4c, 0x0, 0x9, 0x3, 0x0, 0x0, {0x0, 0x0, 0x8}, [@NFCTH_NAME={0x9, 0x1, 'syz0\x00'}, @NFCTH_NAME={0x9, 0x1, 'syz0\x00'}, @NFCTH_STATUS={0x8}, @NFCTH_TUPLE={0xc, 0x2, [@CTA_TUPLE_ZONE={0x6}]}, @NFCTH_NAME={0x9, 0x1, 'syz0\x00'}]}, 0x4c}}, 0x8011) sched_setscheduler(r0, 0x5, &(0x7f0000000380)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, &(0x7f0000000200)='/dev/vsock\x00', 0x0, 0x0) socket$pptp(0x18, 0x1, 0x2) openat$sequencer(0xffffffffffffff9c, 0x0, 0x801, 0x0) inotify_init1(0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer\x00', 0x801, 0x0) poll(0x0, 0x0, 0x0) syz_open_dev$vivid(&(0x7f0000000540)='/dev/video#\x00', 0x0, 0x2) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000380)={[0x0, 0xf0, 0xfffffffffffffffc, 0x1, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) [ 1771.981844] FAT-fs (loop2): invalid media value (0x00) [ 1771.987198] FAT-fs (loop2): Can't find a valid FAT filesystem 11:38:02 executing program 3: socket$nl_xfrm(0x10, 0x3, 0x6) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x20}, 0x0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x8001141042, 0x0) add_key$user(0x0, &(0x7f0000000040)={'syz', 0x0}, &(0x7f0000000280)='f', 0x1, 0xfffffffffffffffd) keyctl$clear(0x7, 0x0) request_key(0x0, &(0x7f0000000180)={'syz', 0x0}, 0x0, 0x0) write(r1, &(0x7f0000000000)="b6", 0xfffffe7e) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0) dup3(r4, r5, 0x0) ioctl$TCSETXW(0xffffffffffffffff, 0x5435, &(0x7f00000000c0)={0x0, 0x0, [0x0, 0x0, 0x6, 0x2], 0x8}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000480)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x0, 0x0) 11:38:02 executing program 2: socket$nl_xfrm(0x10, 0x3, 0x6) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x20}, 0x0) open(&(0x7f0000000040)='./bus\x00', 0x8001141042, 0x0) add_key$user(0x0, &(0x7f0000000040)={'syz', 0x0}, &(0x7f0000000280)='f', 0x1, 0xfffffffffffffffd) keyctl$clear(0x7, 0x0) request_key(0x0, &(0x7f0000000180)={'syz', 0x0}, 0x0, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) ioctl$TCSETXW(0xffffffffffffffff, 0x5435, &(0x7f00000000c0)={0x0, 0x0, [0x0, 0x0, 0x6, 0x2], 0x8}) fcntl$setpipe(r2, 0x407, 0x0) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000480)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270", 0x14}], 0x0, 0x0) 11:38:02 executing program 1: socket$nl_xfrm(0x10, 0x3, 0x6) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x20}, 0x0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x8001141042, 0x0) add_key$user(0x0, &(0x7f0000000040)={'syz', 0x0}, &(0x7f0000000280)='f', 0x1, 0xfffffffffffffffd) keyctl$clear(0x7, 0x0) request_key(0x0, &(0x7f0000000180)={'syz', 0x0}, 0x0, 0x0) write(r1, &(0x7f0000000000)="b6", 0xfffffe7e) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0) dup3(r4, r5, 0x0) ioctl$TCSETXW(0xffffffffffffffff, 0x5435, &(0x7f00000000c0)={0x0, 0x0, [0x0, 0x0, 0x6, 0x2], 0x8}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000480)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x0, 0x0) 11:38:02 executing program 5: prlimit64(0x0, 0x0, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x20}, 0x0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x8001141042, 0x0) write(r1, &(0x7f0000000000)="b6", 0xfffffe7e) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000480)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x0, 0x0) 11:38:02 executing program 0: r0 = getpid() r1 = openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) lseek(r1, 0x1, 0x0) sched_setscheduler(r0, 0x5, &(0x7f0000000380)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) openat$vsock(0xffffffffffffff9c, &(0x7f0000000200)='/dev/vsock\x00', 0x0, 0x0) poll(0x0, 0x0, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer\x00', 0x801, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000380)={[0x0, 0xf0, 0xfffffffffffffffc, 0x1, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) 11:38:03 executing program 0: r0 = getpid() r1 = openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) lseek(r1, 0x1, 0x0) sched_setscheduler(r0, 0x5, &(0x7f0000000380)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) openat$vsock(0xffffffffffffff9c, &(0x7f0000000200)='/dev/vsock\x00', 0x0, 0x0) poll(0x0, 0x0, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer\x00', 0x801, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000380)={[0x0, 0xf0, 0xfffffffffffffffc, 0x1, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) 11:38:03 executing program 0: r0 = getpid() r1 = openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) lseek(r1, 0x1, 0x0) sched_setscheduler(r0, 0x5, &(0x7f0000000380)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) openat$vsock(0xffffffffffffff9c, &(0x7f0000000200)='/dev/vsock\x00', 0x0, 0x0) poll(0x0, 0x0, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer\x00', 0x801, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000380)={[0x0, 0xf0, 0xfffffffffffffffc, 0x1, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) 11:38:03 executing program 3: socket$nl_xfrm(0x10, 0x3, 0x6) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x20}, 0x0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x8001141042, 0x0) add_key$user(0x0, &(0x7f0000000040)={'syz', 0x0}, &(0x7f0000000280)='f', 0x1, 0xfffffffffffffffd) keyctl$clear(0x7, 0x0) request_key(0x0, &(0x7f0000000180)={'syz', 0x0}, 0x0, 0x0) write(r1, &(0x7f0000000000)="b6", 0xfffffe7e) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0) dup3(r4, r5, 0x0) ioctl$TCSETXW(0xffffffffffffffff, 0x5435, &(0x7f00000000c0)={0x0, 0x0, [0x0, 0x0, 0x6, 0x2], 0x8}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) setsockopt$netlink_NETLINK_LISTEN_ALL_NSID(0xffffffffffffffff, 0x10e, 0x8, 0x0, 0x0) syz_open_dev$evdev(&(0x7f000004a000)='/dev/input/event#\x00', 0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000480)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x0, 0x0) [ 1774.236071] FAT-fs (loop2): invalid media value (0x00) [ 1774.241651] FAT-fs (loop2): Can't find a valid FAT filesystem 11:38:03 executing program 1: socket$nl_xfrm(0x10, 0x3, 0x6) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x20}, 0x0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x8001141042, 0x0) add_key$user(0x0, &(0x7f0000000040)={'syz', 0x0}, &(0x7f0000000280)='f', 0x1, 0xfffffffffffffffd) keyctl$clear(0x7, 0x0) request_key(0x0, &(0x7f0000000180)={'syz', 0x0}, 0x0, 0x0) write(r1, &(0x7f0000000000)="b6", 0xfffffe7e) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0) dup3(r4, r5, 0x0) ioctl$TCSETXW(0xffffffffffffffff, 0x5435, &(0x7f00000000c0)={0x0, 0x0, [0x0, 0x0, 0x6, 0x2], 0x8}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000480)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x0, 0x0) 11:38:03 executing program 5: prlimit64(0x0, 0x0, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x20}, 0x0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x8001141042, 0x0) write(r1, &(0x7f0000000000)="b6", 0xfffffe7e) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000480)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x0, 0x0) 11:38:03 executing program 0: r0 = getpid() r1 = openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) lseek(r1, 0x1, 0x0) sched_setscheduler(r0, 0x5, &(0x7f0000000380)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, 0x0, 0x0, 0x0) poll(0x0, 0x0, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer\x00', 0x801, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000380)={[0x0, 0xf0, 0xfffffffffffffffc, 0x1, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) 11:38:03 executing program 4: r0 = getpid() r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/schedstat\x00', 0x0, 0x0) lseek(r1, 0x1, 0x0) sendmsg$NFNL_MSG_CTHELPER_NEW(r1, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000080)={&(0x7f0000000240)={0x4c, 0x0, 0x9, 0x3, 0x0, 0x0, {0x0, 0x0, 0x8}, [@NFCTH_NAME={0x9, 0x1, 'syz0\x00'}, @NFCTH_NAME={0x9, 0x1, 'syz0\x00'}, @NFCTH_STATUS={0x8}, @NFCTH_TUPLE={0xc, 0x2, [@CTA_TUPLE_ZONE={0x6}]}, @NFCTH_NAME={0x9, 0x1, 'syz0\x00'}]}, 0x4c}}, 0x8011) sched_setscheduler(r0, 0x5, &(0x7f0000000380)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, &(0x7f0000000200)='/dev/vsock\x00', 0x0, 0x0) socket$pptp(0x18, 0x1, 0x2) openat$sequencer(0xffffffffffffff9c, 0x0, 0x801, 0x0) inotify_init1(0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer\x00', 0x801, 0x0) poll(0x0, 0x0, 0x0) syz_open_dev$vivid(&(0x7f0000000540)='/dev/video#\x00', 0x0, 0x2) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000380)={[0x0, 0xf0, 0xfffffffffffffffc, 0x1, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) 11:38:04 executing program 3: socket$nl_xfrm(0x10, 0x3, 0x6) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x20}, 0x0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x8001141042, 0x0) add_key$user(0x0, &(0x7f0000000040)={'syz', 0x0}, &(0x7f0000000280)='f', 0x1, 0xfffffffffffffffd) keyctl$clear(0x7, 0x0) request_key(0x0, &(0x7f0000000180)={'syz', 0x0}, 0x0, 0x0) write(r1, &(0x7f0000000000)="b6", 0xfffffe7e) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0) dup3(r4, r5, 0x0) ioctl$TCSETXW(0xffffffffffffffff, 0x5435, &(0x7f00000000c0)={0x0, 0x0, [0x0, 0x0, 0x6, 0x2], 0x8}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) setsockopt$netlink_NETLINK_LISTEN_ALL_NSID(0xffffffffffffffff, 0x10e, 0x8, 0x0, 0x0) syz_open_dev$evdev(&(0x7f000004a000)='/dev/input/event#\x00', 0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000480)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x0, 0x0) 11:38:04 executing program 2: socket$nl_xfrm(0x10, 0x3, 0x6) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x20}, 0x0) open(&(0x7f0000000040)='./bus\x00', 0x8001141042, 0x0) add_key$user(0x0, &(0x7f0000000040)={'syz', 0x0}, &(0x7f0000000280)='f', 0x1, 0xfffffffffffffffd) keyctl$clear(0x7, 0x0) request_key(0x0, &(0x7f0000000180)={'syz', 0x0}, 0x0, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) ioctl$TCSETXW(0xffffffffffffffff, 0x5435, &(0x7f00000000c0)={0x0, 0x0, [0x0, 0x0, 0x6, 0x2], 0x8}) fcntl$setpipe(r2, 0x407, 0x0) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000480)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270", 0x14}], 0x0, 0x0) 11:38:04 executing program 1: socket$nl_xfrm(0x10, 0x3, 0x6) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x20}, 0x0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x8001141042, 0x0) add_key$user(0x0, &(0x7f0000000040)={'syz', 0x0}, &(0x7f0000000280)='f', 0x1, 0xfffffffffffffffd) keyctl$clear(0x7, 0x0) request_key(0x0, &(0x7f0000000180)={'syz', 0x0}, 0x0, 0x0) write(r1, &(0x7f0000000000)="b6", 0xfffffe7e) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) dup3(r3, r4, 0x0) ioctl$TCSETXW(0xffffffffffffffff, 0x5435, &(0x7f00000000c0)={0x0, 0x0, [0x0, 0x0, 0x6, 0x2], 0x8}) fcntl$setpipe(r2, 0x407, 0x0) write(r2, &(0x7f0000000340), 0x41395527) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000480)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x0, 0x0) 11:38:04 executing program 5: prlimit64(0x0, 0xe, 0x0, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x20}, 0x0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x8001141042, 0x0) write(r1, &(0x7f0000000000)="b6", 0xfffffe7e) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000480)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x0, 0x0) 11:38:04 executing program 0: r0 = getpid() r1 = openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) lseek(r1, 0x1, 0x0) sched_setscheduler(r0, 0x5, &(0x7f0000000380)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, 0x0, 0x0, 0x0) poll(0x0, 0x0, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer\x00', 0x801, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000380)={[0x0, 0xf0, 0xfffffffffffffffc, 0x1, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) [ 1775.817797] FAT-fs (loop2): invalid media value (0x00) [ 1775.823456] FAT-fs (loop2): Can't find a valid FAT filesystem 11:38:05 executing program 2: socket$nl_xfrm(0x10, 0x3, 0x6) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x20}, 0x0) open(&(0x7f0000000040)='./bus\x00', 0x8001141042, 0x0) add_key$user(0x0, &(0x7f0000000040)={'syz', 0x0}, &(0x7f0000000280)='f', 0x1, 0xfffffffffffffffd) keyctl$clear(0x7, 0x0) request_key(0x0, &(0x7f0000000180)={'syz', 0x0}, 0x0, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) ioctl$TCSETXW(0xffffffffffffffff, 0x5435, &(0x7f00000000c0)={0x0, 0x0, [0x0, 0x0, 0x6, 0x2], 0x8}) fcntl$setpipe(r2, 0x407, 0x0) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000480)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270f7", 0x15}], 0x0, 0x0) 11:38:06 executing program 3: socket$nl_xfrm(0x10, 0x3, 0x6) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x20}, 0x0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x8001141042, 0x0) add_key$user(0x0, &(0x7f0000000040)={'syz', 0x0}, &(0x7f0000000280)='f', 0x1, 0xfffffffffffffffd) keyctl$clear(0x7, 0x0) request_key(0x0, &(0x7f0000000180)={'syz', 0x0}, 0x0, 0x0) write(r1, &(0x7f0000000000)="b6", 0xfffffe7e) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0) dup3(r4, r5, 0x0) ioctl$TCSETXW(0xffffffffffffffff, 0x5435, &(0x7f00000000c0)={0x0, 0x0, [0x0, 0x0, 0x6, 0x2], 0x8}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) setsockopt$netlink_NETLINK_LISTEN_ALL_NSID(0xffffffffffffffff, 0x10e, 0x8, 0x0, 0x0) syz_open_dev$evdev(&(0x7f000004a000)='/dev/input/event#\x00', 0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000480)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x0, 0x0) 11:38:06 executing program 5: prlimit64(0x0, 0xe, 0x0, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x20}, 0x0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x8001141042, 0x0) write(r1, &(0x7f0000000000)="b6", 0xfffffe7e) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000480)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x0, 0x0) 11:38:06 executing program 1: socket$nl_xfrm(0x10, 0x3, 0x6) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x20}, 0x0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x8001141042, 0x0) add_key$user(0x0, &(0x7f0000000040)={'syz', 0x0}, &(0x7f0000000280)='f', 0x1, 0xfffffffffffffffd) keyctl$clear(0x7, 0x0) request_key(0x0, &(0x7f0000000180)={'syz', 0x0}, 0x0, 0x0) write(r1, &(0x7f0000000000)="b6", 0xfffffe7e) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) dup3(r3, r4, 0x0) ioctl$TCSETXW(0xffffffffffffffff, 0x5435, &(0x7f00000000c0)={0x0, 0x0, [0x0, 0x0, 0x6, 0x2], 0x8}) fcntl$setpipe(r2, 0x407, 0x0) write(r2, &(0x7f0000000340), 0x41395527) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000480)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x0, 0x0) 11:38:06 executing program 0: r0 = getpid() r1 = openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) lseek(r1, 0x1, 0x0) sched_setscheduler(r0, 0x5, &(0x7f0000000380)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, 0x0, 0x0, 0x0) poll(0x0, 0x0, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer\x00', 0x801, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000380)={[0x0, 0xf0, 0xfffffffffffffffc, 0x1, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) [ 1777.680299] FAT-fs (loop2): invalid media value (0x00) [ 1777.685713] FAT-fs (loop2): Can't find a valid FAT filesystem 11:38:07 executing program 3: socket$nl_xfrm(0x10, 0x3, 0x6) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x20}, 0x0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x8001141042, 0x0) add_key$user(0x0, &(0x7f0000000040)={'syz', 0x0}, &(0x7f0000000280)='f', 0x1, 0xfffffffffffffffd) keyctl$clear(0x7, 0x0) request_key(0x0, &(0x7f0000000180)={'syz', 0x0}, 0x0, 0x0) write(r1, &(0x7f0000000000)="b6", 0xfffffe7e) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0) dup3(r4, r5, 0x0) ioctl$TCSETXW(0xffffffffffffffff, 0x5435, &(0x7f00000000c0)={0x0, 0x0, [0x0, 0x0, 0x6, 0x2], 0x8}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) setsockopt$netlink_NETLINK_LISTEN_ALL_NSID(0xffffffffffffffff, 0x10e, 0x8, 0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000480)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x0, 0x0) 11:38:08 executing program 4: r0 = getpid() r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/schedstat\x00', 0x0, 0x0) lseek(r1, 0x1, 0x0) sendmsg$NFNL_MSG_CTHELPER_NEW(r1, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000080)={&(0x7f0000000240)={0x4c, 0x0, 0x9, 0x3, 0x0, 0x0, {0x0, 0x0, 0x8}, [@NFCTH_NAME={0x9, 0x1, 'syz0\x00'}, @NFCTH_NAME={0x9, 0x1, 'syz0\x00'}, @NFCTH_STATUS={0x8}, @NFCTH_TUPLE={0xc, 0x2, [@CTA_TUPLE_ZONE={0x6}]}, @NFCTH_NAME={0x9, 0x1, 'syz0\x00'}]}, 0x4c}}, 0x8011) sched_setscheduler(r0, 0x5, &(0x7f0000000380)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, &(0x7f0000000200)='/dev/vsock\x00', 0x0, 0x0) socket$pptp(0x18, 0x1, 0x2) openat$sequencer(0xffffffffffffff9c, 0x0, 0x801, 0x0) inotify_init1(0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer\x00', 0x801, 0x0) poll(0x0, 0x0, 0x0) syz_open_dev$vivid(&(0x7f0000000540)='/dev/video#\x00', 0x0, 0x2) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000380)={[0x0, 0xf0, 0xfffffffffffffffc, 0x1, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) 11:38:08 executing program 5: prlimit64(0x0, 0xe, 0x0, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x20}, 0x0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x8001141042, 0x0) write(r1, &(0x7f0000000000)="b6", 0xfffffe7e) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000480)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x0, 0x0) 11:38:08 executing program 1: socket$nl_xfrm(0x10, 0x3, 0x6) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x20}, 0x0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x8001141042, 0x0) add_key$user(0x0, &(0x7f0000000040)={'syz', 0x0}, &(0x7f0000000280)='f', 0x1, 0xfffffffffffffffd) keyctl$clear(0x7, 0x0) request_key(0x0, &(0x7f0000000180)={'syz', 0x0}, 0x0, 0x0) write(r1, &(0x7f0000000000)="b6", 0xfffffe7e) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) dup3(r3, r4, 0x0) ioctl$TCSETXW(0xffffffffffffffff, 0x5435, &(0x7f00000000c0)={0x0, 0x0, [0x0, 0x0, 0x6, 0x2], 0x8}) fcntl$setpipe(r2, 0x407, 0x0) write(r2, &(0x7f0000000340), 0x41395527) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000480)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x0, 0x0) 11:38:08 executing program 2: socket$nl_xfrm(0x10, 0x3, 0x6) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x20}, 0x0) open(&(0x7f0000000040)='./bus\x00', 0x8001141042, 0x0) add_key$user(0x0, &(0x7f0000000040)={'syz', 0x0}, &(0x7f0000000280)='f', 0x1, 0xfffffffffffffffd) keyctl$clear(0x7, 0x0) request_key(0x0, &(0x7f0000000180)={'syz', 0x0}, 0x0, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) ioctl$TCSETXW(0xffffffffffffffff, 0x5435, &(0x7f00000000c0)={0x0, 0x0, [0x0, 0x0, 0x6, 0x2], 0x8}) fcntl$setpipe(r2, 0x407, 0x0) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000480)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270f7", 0x15}], 0x0, 0x0) 11:38:08 executing program 3: socket$nl_xfrm(0x10, 0x3, 0x6) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x20}, 0x0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x8001141042, 0x0) add_key$user(0x0, &(0x7f0000000040)={'syz', 0x0}, &(0x7f0000000280)='f', 0x1, 0xfffffffffffffffd) keyctl$clear(0x7, 0x0) request_key(0x0, &(0x7f0000000180)={'syz', 0x0}, 0x0, 0x0) write(r1, &(0x7f0000000000)="b6", 0xfffffe7e) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0) dup3(r4, r5, 0x0) ioctl$TCSETXW(0xffffffffffffffff, 0x5435, &(0x7f00000000c0)={0x0, 0x0, [0x0, 0x0, 0x6, 0x2], 0x8}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000480)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x0, 0x0) 11:38:08 executing program 0: r0 = getpid() r1 = openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) lseek(r1, 0x1, 0x0) sched_setscheduler(r0, 0x5, &(0x7f0000000380)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, &(0x7f0000000200)='/dev/vsock\x00', 0x0, 0x0) poll(0x0, 0x0, 0x0) openat$sequencer(0xffffffffffffff9c, 0x0, 0x801, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000380)={[0x0, 0xf0, 0xfffffffffffffffc, 0x1, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) 11:38:09 executing program 1: socket$nl_xfrm(0x10, 0x3, 0x6) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x20}, 0x0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x8001141042, 0x0) add_key$user(0x0, &(0x7f0000000040)={'syz', 0x0}, &(0x7f0000000280)='f', 0x1, 0xfffffffffffffffd) keyctl$clear(0x7, 0x0) request_key(0x0, &(0x7f0000000180)={'syz', 0x0}, 0x0, 0x0) write(r1, &(0x7f0000000000)="b6", 0xfffffe7e) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0) dup3(r4, r5, 0x0) ioctl$TCSETXW(0xffffffffffffffff, 0x5435, &(0x7f00000000c0)={0x0, 0x0, [0x0, 0x0, 0x6, 0x2], 0x8}) fcntl$setpipe(r3, 0x407, 0x0) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000480)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x0, 0x0) [ 1780.059661] FAT-fs (loop2): invalid media value (0x00) [ 1780.065249] FAT-fs (loop2): Can't find a valid FAT filesystem 11:38:09 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x0, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x20}, 0x0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x8001141042, 0x0) write(r1, &(0x7f0000000000)="b6", 0xfffffe7e) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000480)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x0, 0x0) 11:38:09 executing program 3: socket$nl_xfrm(0x10, 0x3, 0x6) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x20}, 0x0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x8001141042, 0x0) add_key$user(0x0, &(0x7f0000000040)={'syz', 0x0}, &(0x7f0000000280)='f', 0x1, 0xfffffffffffffffd) keyctl$clear(0x7, 0x0) request_key(0x0, &(0x7f0000000180)={'syz', 0x0}, 0x0, 0x0) write(r1, &(0x7f0000000000)="b6", 0xfffffe7e) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0) dup3(r4, r5, 0x0) ioctl$TCSETXW(0xffffffffffffffff, 0x5435, &(0x7f00000000c0)={0x0, 0x0, [0x0, 0x0, 0x6, 0x2], 0x8}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000480)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x0, 0x0) 11:38:10 executing program 1: socket$nl_xfrm(0x10, 0x3, 0x6) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x20}, 0x0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x8001141042, 0x0) add_key$user(0x0, &(0x7f0000000040)={'syz', 0x0}, &(0x7f0000000280)='f', 0x1, 0xfffffffffffffffd) keyctl$clear(0x7, 0x0) request_key(0x0, &(0x7f0000000180)={'syz', 0x0}, 0x0, 0x0) write(r1, &(0x7f0000000000)="b6", 0xfffffe7e) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0) dup3(r4, r5, 0x0) ioctl$TCSETXW(0xffffffffffffffff, 0x5435, &(0x7f00000000c0)={0x0, 0x0, [0x0, 0x0, 0x6, 0x2], 0x8}) fcntl$setpipe(r3, 0x407, 0x0) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000480)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x0, 0x0) 11:38:10 executing program 2: socket$nl_xfrm(0x10, 0x3, 0x6) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x20}, 0x0) open(&(0x7f0000000040)='./bus\x00', 0x8001141042, 0x0) add_key$user(0x0, &(0x7f0000000040)={'syz', 0x0}, &(0x7f0000000280)='f', 0x1, 0xfffffffffffffffd) keyctl$clear(0x7, 0x0) request_key(0x0, &(0x7f0000000180)={'syz', 0x0}, 0x0, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) ioctl$TCSETXW(0xffffffffffffffff, 0x5435, &(0x7f00000000c0)={0x0, 0x0, [0x0, 0x0, 0x6, 0x2], 0x8}) fcntl$setpipe(r2, 0x407, 0x0) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000480)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270f7", 0x15}], 0x0, 0x0) 11:38:10 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x0, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x20}, 0x0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x8001141042, 0x0) write(r1, &(0x7f0000000000)="b6", 0xfffffe7e) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000480)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x0, 0x0) [ 1781.755590] FAT-fs (loop2): invalid media value (0x00) [ 1781.761004] FAT-fs (loop2): Can't find a valid FAT filesystem 11:38:11 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x0, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x20}, 0x0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x8001141042, 0x0) write(r1, &(0x7f0000000000)="b6", 0xfffffe7e) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000480)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x0, 0x0) 11:38:11 executing program 3: socket$nl_xfrm(0x10, 0x3, 0x6) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x20}, 0x0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x8001141042, 0x0) add_key$user(0x0, &(0x7f0000000040)={'syz', 0x0}, &(0x7f0000000280)='f', 0x1, 0xfffffffffffffffd) keyctl$clear(0x7, 0x0) request_key(0x0, &(0x7f0000000180)={'syz', 0x0}, 0x0, 0x0) write(r1, &(0x7f0000000000)="b6", 0xfffffe7e) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) dup3(r3, r4, 0x0) ioctl$TCSETXW(0xffffffffffffffff, 0x5435, &(0x7f00000000c0)={0x0, 0x0, [0x0, 0x0, 0x6, 0x2], 0x8}) fcntl$setpipe(r2, 0x407, 0x0) write(r2, &(0x7f0000000340), 0x41395527) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000480)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x0, 0x0) 11:38:11 executing program 0: r0 = getpid() r1 = openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) lseek(r1, 0x1, 0x0) sched_setscheduler(r0, 0x5, &(0x7f0000000380)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, &(0x7f0000000200)='/dev/vsock\x00', 0x0, 0x0) poll(0x0, 0x0, 0x0) openat$sequencer(0xffffffffffffff9c, 0x0, 0x801, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000380)={[0x0, 0xf0, 0xfffffffffffffffc, 0x1, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) 11:38:11 executing program 1: socket$nl_xfrm(0x10, 0x3, 0x6) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x20}, 0x0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x8001141042, 0x0) add_key$user(0x0, &(0x7f0000000040)={'syz', 0x0}, &(0x7f0000000280)='f', 0x1, 0xfffffffffffffffd) keyctl$clear(0x7, 0x0) request_key(0x0, &(0x7f0000000180)={'syz', 0x0}, 0x0, 0x0) write(r1, &(0x7f0000000000)="b6", 0xfffffe7e) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0) dup3(r4, r5, 0x0) ioctl$TCSETXW(0xffffffffffffffff, 0x5435, &(0x7f00000000c0)={0x0, 0x0, [0x0, 0x0, 0x6, 0x2], 0x8}) fcntl$setpipe(r3, 0x407, 0x0) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000480)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x0, 0x0) 11:38:11 executing program 2: r0 = getpid() r1 = openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) lseek(r1, 0x1, 0x0) sched_setscheduler(r0, 0x5, &(0x7f0000000380)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, &(0x7f0000000200)='/dev/vsock\x00', 0x0, 0x0) poll(0x0, 0x0, 0x0) openat$sequencer(0xffffffffffffff9c, 0x0, 0x801, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000380)={[0x0, 0xf0, 0xfffffffffffffffc, 0x1, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) 11:38:11 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x0, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x20}, 0x0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x8001141042, 0x0) write(r1, &(0x7f0000000000)="b6", 0xfffffe7e) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000480)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x0, 0x0) 11:38:12 executing program 3: socket$nl_xfrm(0x10, 0x3, 0x6) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x20}, 0x0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x8001141042, 0x0) add_key$user(0x0, &(0x7f0000000040)={'syz', 0x0}, &(0x7f0000000280)='f', 0x1, 0xfffffffffffffffd) keyctl$clear(0x7, 0x0) request_key(0x0, &(0x7f0000000180)={'syz', 0x0}, 0x0, 0x0) write(r1, &(0x7f0000000000)="b6", 0xfffffe7e) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) dup3(r3, r4, 0x0) ioctl$TCSETXW(0xffffffffffffffff, 0x5435, &(0x7f00000000c0)={0x0, 0x0, [0x0, 0x0, 0x6, 0x2], 0x8}) fcntl$setpipe(r2, 0x407, 0x0) write(r2, &(0x7f0000000340), 0x41395527) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000480)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x0, 0x0) 11:38:12 executing program 1: socket$nl_xfrm(0x10, 0x3, 0x6) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x20}, 0x0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x8001141042, 0x0) add_key$user(0x0, &(0x7f0000000040)={'syz', 0x0}, &(0x7f0000000280)='f', 0x1, 0xfffffffffffffffd) keyctl$clear(0x7, 0x0) request_key(0x0, &(0x7f0000000180)={'syz', 0x0}, 0x0, 0x0) write(r1, &(0x7f0000000000)="b6", 0xfffffe7e) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0) dup3(r4, r5, 0x0) ioctl$TCSETXW(0xffffffffffffffff, 0x5435, &(0x7f00000000c0)={0x0, 0x0, [0x0, 0x0, 0x6, 0x2], 0x8}) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000480)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x0, 0x0) 11:38:12 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x0, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x20}, 0x0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x8001141042, 0x0) write(r1, &(0x7f0000000000)="b6", 0xfffffe7e) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000480)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x0, 0x0) 11:38:13 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x20}, 0x0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x8001141042, 0x0) write(r1, &(0x7f0000000000)="b6", 0xfffffe7e) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000480)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x0, 0x0) 11:38:14 executing program 3: socket$nl_xfrm(0x10, 0x3, 0x6) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x20}, 0x0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x8001141042, 0x0) add_key$user(0x0, &(0x7f0000000040)={'syz', 0x0}, &(0x7f0000000280)='f', 0x1, 0xfffffffffffffffd) keyctl$clear(0x7, 0x0) request_key(0x0, &(0x7f0000000180)={'syz', 0x0}, 0x0, 0x0) write(r1, &(0x7f0000000000)="b6", 0xfffffe7e) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) dup3(r3, r4, 0x0) ioctl$TCSETXW(0xffffffffffffffff, 0x5435, &(0x7f00000000c0)={0x0, 0x0, [0x0, 0x0, 0x6, 0x2], 0x8}) fcntl$setpipe(r2, 0x407, 0x0) write(r2, &(0x7f0000000340), 0x41395527) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000480)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x0, 0x0) 11:38:14 executing program 1: socket$nl_xfrm(0x10, 0x3, 0x6) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x20}, 0x0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x8001141042, 0x0) add_key$user(0x0, &(0x7f0000000040)={'syz', 0x0}, &(0x7f0000000280)='f', 0x1, 0xfffffffffffffffd) keyctl$clear(0x7, 0x0) request_key(0x0, &(0x7f0000000180)={'syz', 0x0}, 0x0, 0x0) write(r1, &(0x7f0000000000)="b6", 0xfffffe7e) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0) dup3(r4, r5, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000480)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x0, 0x0) 11:38:14 executing program 4: socket$nl_xfrm(0x10, 0x3, 0x6) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x20}, 0x0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x8001141042, 0x0) add_key$user(0x0, &(0x7f0000000040)={'syz', 0x0}, &(0x7f0000000280)='f', 0x1, 0xfffffffffffffffd) keyctl$clear(0x7, 0x0) request_key(0x0, &(0x7f0000000180)={'syz', 0x0}, 0x0, 0x0) write(r1, &(0x7f0000000000)="b6", 0xfffffe7e) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0) dup3(r4, r5, 0x0) ioctl$TCSETXW(0xffffffffffffffff, 0x5435, &(0x7f00000000c0)={0x0, 0x0, [0x0, 0x0, 0x6, 0x2], 0x8}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000480)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x0, 0x0) 11:38:14 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x20}, 0x0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x8001141042, 0x0) write(r1, &(0x7f0000000000)="b6", 0xfffffe7e) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000480)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x0, 0x0) 11:38:16 executing program 0: r0 = getpid() r1 = openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) lseek(r1, 0x1, 0x0) sched_setscheduler(r0, 0x5, &(0x7f0000000380)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, &(0x7f0000000200)='/dev/vsock\x00', 0x0, 0x0) poll(0x0, 0x0, 0x0) openat$sequencer(0xffffffffffffff9c, 0x0, 0x801, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000380)={[0x0, 0xf0, 0xfffffffffffffffc, 0x1, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) 11:38:16 executing program 3: socket$nl_xfrm(0x10, 0x3, 0x6) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x20}, 0x0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x8001141042, 0x0) add_key$user(0x0, &(0x7f0000000040)={'syz', 0x0}, &(0x7f0000000280)='f', 0x1, 0xfffffffffffffffd) keyctl$clear(0x7, 0x0) request_key(0x0, &(0x7f0000000180)={'syz', 0x0}, 0x0, 0x0) write(r1, &(0x7f0000000000)="b6", 0xfffffe7e) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0) dup3(r4, r5, 0x0) ioctl$TCSETXW(0xffffffffffffffff, 0x5435, &(0x7f00000000c0)={0x0, 0x0, [0x0, 0x0, 0x6, 0x2], 0x8}) fcntl$setpipe(r3, 0x407, 0x0) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000480)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x0, 0x0) 11:38:16 executing program 4: socket$nl_xfrm(0x10, 0x3, 0x6) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x20}, 0x0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x8001141042, 0x0) add_key$user(0x0, &(0x7f0000000040)={'syz', 0x0}, &(0x7f0000000280)='f', 0x1, 0xfffffffffffffffd) keyctl$clear(0x7, 0x0) request_key(0x0, &(0x7f0000000180)={'syz', 0x0}, 0x0, 0x0) write(r1, &(0x7f0000000000)="b6", 0xfffffe7e) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0) dup3(r4, r5, 0x0) ioctl$TCSETXW(0xffffffffffffffff, 0x5435, &(0x7f00000000c0)={0x0, 0x0, [0x0, 0x0, 0x6, 0x2], 0x8}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000480)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x0, 0x0) 11:38:16 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x20}, 0x0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x8001141042, 0x0) write(r1, &(0x7f0000000000)="b6", 0xfffffe7e) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000480)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x0, 0x0) 11:38:16 executing program 1: socket$nl_xfrm(0x10, 0x3, 0x6) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x20}, 0x0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x8001141042, 0x0) add_key$user(0x0, &(0x7f0000000040)={'syz', 0x0}, &(0x7f0000000280)='f', 0x1, 0xfffffffffffffffd) keyctl$clear(0x7, 0x0) request_key(0x0, &(0x7f0000000180)={'syz', 0x0}, 0x0, 0x0) write(r1, &(0x7f0000000000)="b6", 0xfffffe7e) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000480)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x0, 0x0) 11:38:16 executing program 2: r0 = getpid() r1 = openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) lseek(r1, 0x1, 0x0) sched_setscheduler(r0, 0x5, &(0x7f0000000380)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, &(0x7f0000000200)='/dev/vsock\x00', 0x0, 0x0) poll(0x0, 0x0, 0x0) openat$sequencer(0xffffffffffffff9c, 0x0, 0x801, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000380)={[0x0, 0xf0, 0xfffffffffffffffc, 0x1, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) 11:38:17 executing program 3: socket$nl_xfrm(0x10, 0x3, 0x6) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x20}, 0x0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x8001141042, 0x0) add_key$user(0x0, &(0x7f0000000040)={'syz', 0x0}, &(0x7f0000000280)='f', 0x1, 0xfffffffffffffffd) keyctl$clear(0x7, 0x0) request_key(0x0, &(0x7f0000000180)={'syz', 0x0}, 0x0, 0x0) write(r1, &(0x7f0000000000)="b6", 0xfffffe7e) pipe(&(0x7f00000001c0)={0xffffffffffffffff}) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) dup3(r3, r4, 0x0) ioctl$TCSETXW(0xffffffffffffffff, 0x5435, &(0x7f00000000c0)={0x0, 0x0, [0x0, 0x0, 0x6, 0x2], 0x8}) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000480)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x0, 0x0) 11:38:17 executing program 4: socket$nl_xfrm(0x10, 0x3, 0x6) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x20}, 0x0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x8001141042, 0x0) add_key$user(0x0, &(0x7f0000000040)={'syz', 0x0}, &(0x7f0000000280)='f', 0x1, 0xfffffffffffffffd) keyctl$clear(0x7, 0x0) request_key(0x0, &(0x7f0000000180)={'syz', 0x0}, 0x0, 0x0) write(r1, &(0x7f0000000000)="b6", 0xfffffe7e) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0) dup3(r4, r5, 0x0) ioctl$TCSETXW(0xffffffffffffffff, 0x5435, &(0x7f00000000c0)={0x0, 0x0, [0x0, 0x0, 0x6, 0x2], 0x8}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) setsockopt$netlink_NETLINK_LISTEN_ALL_NSID(0xffffffffffffffff, 0x10e, 0x8, 0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000480)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x0, 0x0) 11:38:17 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) getpid() sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x20}, 0x0) r0 = open(&(0x7f0000000040)='./bus\x00', 0x8001141042, 0x0) write(r0, &(0x7f0000000000)="b6", 0xfffffe7e) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000480)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x0, 0x0) 11:38:17 executing program 1: socket$nl_xfrm(0x10, 0x3, 0x6) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x20}, 0x0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x8001141042, 0x0) add_key$user(0x0, &(0x7f0000000040)={'syz', 0x0}, &(0x7f0000000280)='f', 0x1, 0xfffffffffffffffd) keyctl$clear(0x7, 0x0) request_key(0x0, &(0x7f0000000180)={'syz', 0x0}, 0x0, 0x0) write(r1, &(0x7f0000000000)="b6", 0xfffffe7e) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000480)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x0, 0x0) 11:38:17 executing program 0: r0 = getpid() r1 = openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) lseek(r1, 0x1, 0x0) sched_setscheduler(r0, 0x5, &(0x7f0000000380)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, &(0x7f0000000200)='/dev/vsock\x00', 0x0, 0x0) poll(0x0, 0x0, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000380)={[0x0, 0xf0, 0xfffffffffffffffc, 0x1, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) 11:38:17 executing program 2: r0 = getpid() r1 = openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) lseek(r1, 0x1, 0x0) sched_setscheduler(r0, 0x5, &(0x7f0000000380)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, &(0x7f0000000200)='/dev/vsock\x00', 0x0, 0x0) poll(0x0, 0x0, 0x0) openat$sequencer(0xffffffffffffff9c, 0x0, 0x801, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000380)={[0x0, 0xf0, 0xfffffffffffffffc, 0x1, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) 11:38:18 executing program 4: socket$nl_xfrm(0x10, 0x3, 0x6) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x20}, 0x0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x8001141042, 0x0) add_key$user(0x0, &(0x7f0000000040)={'syz', 0x0}, &(0x7f0000000280)='f', 0x1, 0xfffffffffffffffd) keyctl$clear(0x7, 0x0) request_key(0x0, &(0x7f0000000180)={'syz', 0x0}, 0x0, 0x0) write(r1, &(0x7f0000000000)="b6", 0xfffffe7e) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0) dup3(r4, r5, 0x0) ioctl$TCSETXW(0xffffffffffffffff, 0x5435, &(0x7f00000000c0)={0x0, 0x0, [0x0, 0x0, 0x6, 0x2], 0x8}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) setsockopt$netlink_NETLINK_LISTEN_ALL_NSID(0xffffffffffffffff, 0x10e, 0x8, 0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000480)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x0, 0x0) 11:38:18 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) getpid() sched_setattr(0x0, 0x0, 0x0) r0 = open(&(0x7f0000000040)='./bus\x00', 0x8001141042, 0x0) write(r0, &(0x7f0000000000)="b6", 0xfffffe7e) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000480)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x0, 0x0) 11:38:18 executing program 3: socket$nl_xfrm(0x10, 0x3, 0x6) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x20}, 0x0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x8001141042, 0x0) add_key$user(0x0, &(0x7f0000000040)={'syz', 0x0}, &(0x7f0000000280)='f', 0x1, 0xfffffffffffffffd) keyctl$clear(0x7, 0x0) request_key(0x0, &(0x7f0000000180)={'syz', 0x0}, 0x0, 0x0) write(r1, &(0x7f0000000000)="b6", 0xfffffe7e) pipe(&(0x7f00000001c0)={0xffffffffffffffff}) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) dup3(r3, r4, 0x0) ioctl$TCSETXW(0xffffffffffffffff, 0x5435, &(0x7f00000000c0)={0x0, 0x0, [0x0, 0x0, 0x6, 0x2], 0x8}) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000480)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x0, 0x0) 11:38:19 executing program 1: socket$nl_xfrm(0x10, 0x3, 0x6) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x20}, 0x0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x8001141042, 0x0) add_key$user(0x0, &(0x7f0000000040)={'syz', 0x0}, &(0x7f0000000280)='f', 0x1, 0xfffffffffffffffd) keyctl$clear(0x7, 0x0) request_key(0x0, &(0x7f0000000180)={'syz', 0x0}, 0x0, 0x0) write(r1, &(0x7f0000000000)="b6", 0xfffffe7e) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000480)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x0, 0x0) 11:38:19 executing program 3: socket$nl_xfrm(0x10, 0x3, 0x6) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x20}, 0x0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x8001141042, 0x0) add_key$user(0x0, &(0x7f0000000040)={'syz', 0x0}, &(0x7f0000000280)='f', 0x1, 0xfffffffffffffffd) keyctl$clear(0x7, 0x0) request_key(0x0, &(0x7f0000000180)={'syz', 0x0}, 0x0, 0x0) write(r1, &(0x7f0000000000)="b6", 0xfffffe7e) pipe(&(0x7f00000001c0)={0xffffffffffffffff}) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) dup3(r3, r4, 0x0) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000480)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x0, 0x0) 11:38:19 executing program 4: socket$nl_xfrm(0x10, 0x3, 0x6) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x20}, 0x0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x8001141042, 0x0) add_key$user(0x0, &(0x7f0000000040)={'syz', 0x0}, &(0x7f0000000280)='f', 0x1, 0xfffffffffffffffd) keyctl$clear(0x7, 0x0) request_key(0x0, &(0x7f0000000180)={'syz', 0x0}, 0x0, 0x0) write(r1, &(0x7f0000000000)="b6", 0xfffffe7e) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0) dup3(r4, r5, 0x0) ioctl$TCSETXW(0xffffffffffffffff, 0x5435, &(0x7f00000000c0)={0x0, 0x0, [0x0, 0x0, 0x6, 0x2], 0x8}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000480)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x0, 0x0) 11:38:19 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) getpid() sched_setattr(0x0, 0x0, 0x0) r0 = open(&(0x7f0000000040)='./bus\x00', 0x8001141042, 0x0) write(r0, &(0x7f0000000000)="b6", 0xfffffe7e) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000480)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x0, 0x0) 11:38:19 executing program 2: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) getpid() sched_setattr(0x0, 0x0, 0x0) r0 = open(&(0x7f0000000040)='./bus\x00', 0x8001141042, 0x0) write(r0, &(0x7f0000000000)="b6", 0xfffffe7e) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000480)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x0, 0x0) 11:38:20 executing program 1: socket$nl_xfrm(0x10, 0x3, 0x6) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x20}, 0x0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x8001141042, 0x0) add_key$user(0x0, &(0x7f0000000040)={'syz', 0x0}, &(0x7f0000000280)='f', 0x1, 0xfffffffffffffffd) keyctl$clear(0x7, 0x0) request_key(0x0, &(0x7f0000000180)={'syz', 0x0}, 0x0, 0x0) write(r1, &(0x7f0000000000)="b6", 0xfffffe7e) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000480)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x0, 0x0) 11:38:21 executing program 3: socket$nl_xfrm(0x10, 0x3, 0x6) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x20}, 0x0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x8001141042, 0x0) add_key$user(0x0, &(0x7f0000000040)={'syz', 0x0}, &(0x7f0000000280)='f', 0x1, 0xfffffffffffffffd) keyctl$clear(0x7, 0x0) request_key(0x0, &(0x7f0000000180)={'syz', 0x0}, 0x0, 0x0) write(r1, &(0x7f0000000000)="b6", 0xfffffe7e) pipe(&(0x7f00000001c0)={0xffffffffffffffff}) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) dup3(r3, r4, 0x0) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000480)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x0, 0x0) 11:38:21 executing program 0: r0 = getpid() r1 = openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) lseek(r1, 0x1, 0x0) sched_setscheduler(r0, 0x5, &(0x7f0000000380)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, &(0x7f0000000200)='/dev/vsock\x00', 0x0, 0x0) poll(0x0, 0x0, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000380)={[0x0, 0xf0, 0xfffffffffffffffc, 0x1, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) 11:38:21 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) getpid() sched_setattr(0x0, 0x0, 0x0) r0 = open(&(0x7f0000000040)='./bus\x00', 0x8001141042, 0x0) write(r0, &(0x7f0000000000)="b6", 0xfffffe7e) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000480)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x0, 0x0) 11:38:21 executing program 4: r0 = getpid() r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/schedstat\x00', 0x0, 0x0) lseek(r1, 0x1, 0x0) sendmsg$NFNL_MSG_CTHELPER_NEW(r1, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000080)={&(0x7f0000000240)={0x4c, 0x0, 0x9, 0x3, 0x0, 0x0, {0x0, 0x0, 0x8}, [@NFCTH_NAME={0x9, 0x1, 'syz0\x00'}, @NFCTH_NAME={0x9, 0x1, 'syz0\x00'}, @NFCTH_STATUS={0x8}, @NFCTH_TUPLE={0xc, 0x2, [@CTA_TUPLE_ZONE={0x6}]}, @NFCTH_NAME={0x9, 0x1, 'syz0\x00'}]}, 0x4c}}, 0x8011) sched_setscheduler(r0, 0x5, &(0x7f0000000380)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, &(0x7f0000000200)='/dev/vsock\x00', 0x0, 0x0) socket$pptp(0x18, 0x1, 0x2) openat$sequencer(0xffffffffffffff9c, 0x0, 0x801, 0x0) inotify_init1(0x0) poll(0x0, 0x0, 0x0) poll(0x0, 0x0, 0x0) syz_open_dev$vivid(&(0x7f0000000540)='/dev/video#\x00', 0x0, 0x2) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000380)={[0x0, 0xf0, 0xfffffffffffffffc, 0x1, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) 11:38:21 executing program 1: socket$nl_xfrm(0x10, 0x3, 0x6) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x20}, 0x0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x8001141042, 0x0) add_key$user(0x0, &(0x7f0000000040)={'syz', 0x0}, &(0x7f0000000280)='f', 0x1, 0xfffffffffffffffd) keyctl$clear(0x7, 0x0) request_key(0x0, &(0x7f0000000180)={'syz', 0x0}, 0x0, 0x0) write(r1, &(0x7f0000000000)="b6", 0xfffffe7e) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000480)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x0, 0x0) 11:38:22 executing program 3: socket$nl_xfrm(0x10, 0x3, 0x6) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x20}, 0x0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x8001141042, 0x0) add_key$user(0x0, &(0x7f0000000040)={'syz', 0x0}, &(0x7f0000000280)='f', 0x1, 0xfffffffffffffffd) keyctl$clear(0x7, 0x0) request_key(0x0, &(0x7f0000000180)={'syz', 0x0}, 0x0, 0x0) write(r1, &(0x7f0000000000)="b6", 0xfffffe7e) pipe(&(0x7f00000001c0)={0xffffffffffffffff}) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) dup3(r3, r4, 0x0) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000480)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x0, 0x0) 11:38:22 executing program 1: socket$nl_xfrm(0x10, 0x3, 0x6) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x20}, 0x0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x8001141042, 0x0) add_key$user(0x0, &(0x7f0000000040)={'syz', 0x0}, &(0x7f0000000280)='f', 0x1, 0xfffffffffffffffd) keyctl$clear(0x7, 0x0) request_key(0x0, &(0x7f0000000180)={'syz', 0x0}, 0x0, 0x0) write(r1, &(0x7f0000000000)="b6", 0xfffffe7e) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000480)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x0, 0x0) 11:38:22 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) getpid() sched_setattr(0x0, 0x0, 0x0) r0 = open(0x0, 0x8001141042, 0x0) write(r0, &(0x7f0000000000)="b6", 0xfffffe7e) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000480)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x0, 0x0) 11:38:23 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) getpid() sched_setattr(0x0, 0x0, 0x0) r0 = open(0x0, 0x8001141042, 0x0) write(r0, &(0x7f0000000000)="b6", 0xfffffe7e) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000480)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x0, 0x0) 11:38:23 executing program 1: socket$nl_xfrm(0x10, 0x3, 0x6) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x20}, 0x0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x8001141042, 0x0) add_key$user(0x0, &(0x7f0000000040)={'syz', 0x0}, &(0x7f0000000280)='f', 0x1, 0xfffffffffffffffd) keyctl$clear(0x7, 0x0) request_key(0x0, &(0x7f0000000180)={'syz', 0x0}, 0x0, 0x0) write(r1, &(0x7f0000000000)="b6", 0xfffffe7e) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000480)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x0, 0x0) 11:38:23 executing program 2: r0 = getpid() r1 = openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) lseek(r1, 0x1, 0x0) sched_setscheduler(r0, 0x5, &(0x7f0000000380)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, &(0x7f0000000200)='/dev/vsock\x00', 0x0, 0x0) poll(0x0, 0x0, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000380)={[0x0, 0xf0, 0xfffffffffffffffc, 0x1, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) 11:38:23 executing program 0: r0 = getpid() r1 = openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) lseek(r1, 0x1, 0x0) sched_setscheduler(r0, 0x5, &(0x7f0000000380)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, &(0x7f0000000200)='/dev/vsock\x00', 0x0, 0x0) poll(0x0, 0x0, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0xf0, 0xfffffffffffffffc, 0x1, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 11:38:23 executing program 3: socket$nl_xfrm(0x10, 0x3, 0x6) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x20}, 0x0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x8001141042, 0x0) add_key$user(0x0, &(0x7f0000000040)={'syz', 0x0}, &(0x7f0000000280)='f', 0x1, 0xfffffffffffffffd) keyctl$clear(0x7, 0x0) request_key(0x0, &(0x7f0000000180)={'syz', 0x0}, 0x0, 0x0) write(r1, &(0x7f0000000000)="b6", 0xfffffe7e) pipe(&(0x7f00000001c0)={0xffffffffffffffff}) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) ioctl$TCSETXW(0xffffffffffffffff, 0x5435, &(0x7f00000000c0)={0x0, 0x0, [0x0, 0x0, 0x6, 0x2], 0x8}) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000480)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x0, 0x0) 11:38:23 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) getpid() sched_setattr(0x0, 0x0, 0x0) r0 = open(0x0, 0x8001141042, 0x0) write(r0, &(0x7f0000000000)="b6", 0xfffffe7e) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000480)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x0, 0x0) 11:38:24 executing program 0: r0 = getpid() r1 = openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) lseek(r1, 0x1, 0x0) sched_setscheduler(r0, 0x5, &(0x7f0000000380)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, &(0x7f0000000200)='/dev/vsock\x00', 0x0, 0x0) poll(0x0, 0x0, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0xf0, 0xfffffffffffffffc, 0x1, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 11:38:24 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) getpid() sched_setattr(0x0, 0x0, 0x0) r0 = open(0x0, 0x8001141042, 0x0) write(r0, &(0x7f0000000000)="b6", 0xfffffe7e) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000480)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x0, 0x0) 11:38:24 executing program 1: socket$nl_xfrm(0x10, 0x3, 0x6) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x20}, 0x0) open(&(0x7f0000000040)='./bus\x00', 0x8001141042, 0x0) add_key$user(0x0, &(0x7f0000000040)={'syz', 0x0}, &(0x7f0000000280)='f', 0x1, 0xfffffffffffffffd) keyctl$clear(0x7, 0x0) request_key(0x0, &(0x7f0000000180)={'syz', 0x0}, 0x0, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000480)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x0, 0x0) 11:38:24 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) getpid() sched_setattr(0x0, 0x0, 0x0) r0 = open(&(0x7f0000000040)='./bus\x00', 0x0, 0x0) write(r0, &(0x7f0000000000)="b6", 0xfffffe7e) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000480)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x0, 0x0) 11:38:24 executing program 3: socket$nl_xfrm(0x10, 0x3, 0x6) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x20}, 0x0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x8001141042, 0x0) add_key$user(0x0, &(0x7f0000000040)={'syz', 0x0}, &(0x7f0000000280)='f', 0x1, 0xfffffffffffffffd) keyctl$clear(0x7, 0x0) request_key(0x0, &(0x7f0000000180)={'syz', 0x0}, 0x0, 0x0) write(r1, &(0x7f0000000000)="b6", 0xfffffe7e) pipe(&(0x7f00000001c0)={0xffffffffffffffff}) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) ioctl$TCSETXW(0xffffffffffffffff, 0x5435, &(0x7f00000000c0)={0x0, 0x0, [0x0, 0x0, 0x6, 0x2], 0x8}) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000480)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x0, 0x0) 11:38:24 executing program 1: socket$nl_xfrm(0x10, 0x3, 0x6) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x20}, 0x0) open(&(0x7f0000000040)='./bus\x00', 0x8001141042, 0x0) add_key$user(0x0, &(0x7f0000000040)={'syz', 0x0}, &(0x7f0000000280)='f', 0x1, 0xfffffffffffffffd) keyctl$clear(0x7, 0x0) request_key(0x0, &(0x7f0000000180)={'syz', 0x0}, 0x0, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000480)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x0, 0x0) 11:38:24 executing program 0: r0 = getpid() r1 = openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) lseek(r1, 0x1, 0x0) sched_setscheduler(r0, 0x5, &(0x7f0000000380)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, &(0x7f0000000200)='/dev/vsock\x00', 0x0, 0x0) poll(0x0, 0x0, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0xf0, 0xfffffffffffffffc, 0x1, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 11:38:24 executing program 4: r0 = getpid() lseek(0xffffffffffffffff, 0x0, 0x0) sched_setscheduler(r0, 0x5, &(0x7f0000000380)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0xf0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 11:38:24 executing program 2: r0 = getpid() r1 = openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) lseek(r1, 0x1, 0x0) sched_setscheduler(r0, 0x5, &(0x7f0000000380)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, &(0x7f0000000200)='/dev/vsock\x00', 0x0, 0x0) poll(0x0, 0x0, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000380)={[0x0, 0xf0, 0xfffffffffffffffc, 0x1, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) 11:38:24 executing program 0: r0 = getpid() r1 = openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) lseek(r1, 0x1, 0x0) sched_setscheduler(r0, 0x5, &(0x7f0000000380)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, &(0x7f0000000200)='/dev/vsock\x00', 0x0, 0x0) poll(0x0, 0x0, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000380)={[0x0, 0xf0, 0xfffffffffffffffc, 0x1, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) 11:38:25 executing program 1: socket$nl_xfrm(0x10, 0x3, 0x6) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x20}, 0x0) open(&(0x7f0000000040)='./bus\x00', 0x8001141042, 0x0) add_key$user(0x0, &(0x7f0000000040)={'syz', 0x0}, &(0x7f0000000280)='f', 0x1, 0xfffffffffffffffd) keyctl$clear(0x7, 0x0) request_key(0x0, &(0x7f0000000180)={'syz', 0x0}, 0x0, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000480)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x0, 0x0) 11:38:25 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) getpid() sched_setattr(0x0, 0x0, 0x0) r0 = open(&(0x7f0000000040)='./bus\x00', 0x0, 0x0) write(r0, &(0x7f0000000000)="b6", 0xfffffe7e) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000480)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x0, 0x0) 11:38:25 executing program 0: r0 = getpid() r1 = openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) lseek(r1, 0x1, 0x0) sched_setscheduler(r0, 0x5, &(0x7f0000000380)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, &(0x7f0000000200)='/dev/vsock\x00', 0x0, 0x0) poll(0x0, 0x0, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000380)={[0x0, 0xf0, 0xfffffffffffffffc, 0x1, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) 11:38:25 executing program 3: socket$nl_xfrm(0x10, 0x3, 0x6) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x20}, 0x0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x8001141042, 0x0) add_key$user(0x0, &(0x7f0000000040)={'syz', 0x0}, &(0x7f0000000280)='f', 0x1, 0xfffffffffffffffd) keyctl$clear(0x7, 0x0) request_key(0x0, &(0x7f0000000180)={'syz', 0x0}, 0x0, 0x0) write(r1, &(0x7f0000000000)="b6", 0xfffffe7e) pipe(&(0x7f00000001c0)={0xffffffffffffffff}) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$TCSETXW(0xffffffffffffffff, 0x5435, &(0x7f00000000c0)={0x0, 0x0, [0x0, 0x0, 0x6, 0x2], 0x8}) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000480)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x0, 0x0) 11:38:25 executing program 1: socket$nl_xfrm(0x10, 0x3, 0x6) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x20}, 0x0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x8001141042, 0x0) add_key$user(0x0, &(0x7f0000000040)={'syz', 0x0}, &(0x7f0000000280)='f', 0x1, 0xfffffffffffffffd) keyctl$clear(0x7, 0x0) write(r1, &(0x7f0000000000)="b6", 0xfffffe7e) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000480)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x0, 0x0) 11:38:26 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) getpid() sched_setattr(0x0, 0x0, 0x0) r0 = open(&(0x7f0000000040)='./bus\x00', 0x0, 0x0) write(r0, &(0x7f0000000000)="b6", 0xfffffe7e) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000480)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x0, 0x0) 11:38:26 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) getpid() sched_setattr(0x0, 0x0, 0x0) open(&(0x7f0000000040)='./bus\x00', 0x8001141042, 0x0) write(0xffffffffffffffff, &(0x7f0000000000)="b6", 0xfffffe7e) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000000340), 0x41395527) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000480)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x0, 0x0) 11:38:26 executing program 0: r0 = getpid() r1 = openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) lseek(r1, 0x1, 0x0) sched_setscheduler(r0, 0x5, &(0x7f0000000380)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, &(0x7f0000000200)='/dev/vsock\x00', 0x0, 0x0) poll(0x0, 0x0, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000380)={[0x0, 0xf0, 0xfffffffffffffffc, 0x1, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) 11:38:26 executing program 1: socket$nl_xfrm(0x10, 0x3, 0x6) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x20}, 0x0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x8001141042, 0x0) add_key$user(0x0, &(0x7f0000000040)={'syz', 0x0}, &(0x7f0000000280)='f', 0x1, 0xfffffffffffffffd) keyctl$clear(0x7, 0x0) write(r1, &(0x7f0000000000)="b6", 0xfffffe7e) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000480)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x0, 0x0) 11:38:26 executing program 4: r0 = getpid() r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/schedstat\x00', 0x0, 0x0) lseek(r1, 0x1, 0x0) sendmsg$NFNL_MSG_CTHELPER_NEW(r1, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000080)={&(0x7f0000000240)={0x4c, 0x0, 0x9, 0x3, 0x0, 0x0, {0x0, 0x0, 0x8}, [@NFCTH_NAME={0x9, 0x1, 'syz0\x00'}, @NFCTH_NAME={0x9, 0x1, 'syz0\x00'}, @NFCTH_STATUS={0x8}, @NFCTH_TUPLE={0xc, 0x2, [@CTA_TUPLE_ZONE={0x6}]}, @NFCTH_NAME={0x9, 0x1, 'syz0\x00'}]}, 0x4c}}, 0x8011) sched_setscheduler(r0, 0x5, &(0x7f0000000380)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, &(0x7f0000000200)='/dev/vsock\x00', 0x0, 0x0) socket$pptp(0x18, 0x1, 0x2) openat$sequencer(0xffffffffffffff9c, 0x0, 0x801, 0x0) inotify_init1(0x0) poll(0x0, 0x0, 0x0) poll(0x0, 0x0, 0x0) syz_open_dev$vivid(&(0x7f0000000540)='/dev/video#\x00', 0x0, 0x2) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000380)={[0x0, 0xf0, 0xfffffffffffffffc, 0x1, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) 11:38:27 executing program 2: r0 = getpid() r1 = openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) lseek(r1, 0x1, 0x0) sched_setscheduler(r0, 0x5, &(0x7f0000000380)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, &(0x7f0000000200)='/dev/vsock\x00', 0x0, 0x0) poll(0x0, 0x0, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000380)={[0x0, 0xf0, 0xfffffffffffffffc, 0x1, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) 11:38:27 executing program 3: socket$nl_xfrm(0x10, 0x3, 0x6) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x20}, 0x0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x8001141042, 0x0) add_key$user(0x0, &(0x7f0000000040)={'syz', 0x0}, &(0x7f0000000280)='f', 0x1, 0xfffffffffffffffd) keyctl$clear(0x7, 0x0) request_key(0x0, &(0x7f0000000180)={'syz', 0x0}, 0x0, 0x0) write(r1, &(0x7f0000000000)="b6", 0xfffffe7e) pipe(&(0x7f00000001c0)={0xffffffffffffffff}) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$TCSETXW(0xffffffffffffffff, 0x5435, &(0x7f00000000c0)={0x0, 0x0, [0x0, 0x0, 0x6, 0x2], 0x8}) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000480)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x0, 0x0) 11:38:27 executing program 0: r0 = getpid() r1 = openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) lseek(r1, 0x1, 0x0) sched_setscheduler(r0, 0x5, &(0x7f0000000380)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, &(0x7f0000000200)='/dev/vsock\x00', 0x0, 0x0) poll(0x0, 0x0, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000380)={[0x0, 0xf0, 0xfffffffffffffffc, 0x1, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) 11:38:27 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) getpid() sched_setattr(0x0, 0x0, 0x0) open(&(0x7f0000000040)='./bus\x00', 0x8001141042, 0x0) write(0xffffffffffffffff, &(0x7f0000000000)="b6", 0xfffffe7e) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000000340), 0x41395527) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000480)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x0, 0x0) 11:38:27 executing program 1: socket$nl_xfrm(0x10, 0x3, 0x6) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x20}, 0x0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x8001141042, 0x0) add_key$user(0x0, &(0x7f0000000040)={'syz', 0x0}, &(0x7f0000000280)='f', 0x1, 0xfffffffffffffffd) write(r1, &(0x7f0000000000)="b6", 0xfffffe7e) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000480)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x0, 0x0) 11:38:27 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) getpid() sched_setattr(0x0, 0x0, 0x0) open(&(0x7f0000000040)='./bus\x00', 0x8001141042, 0x0) write(0xffffffffffffffff, &(0x7f0000000000)="b6", 0xfffffe7e) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000000340), 0x41395527) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000480)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x0, 0x0) 11:38:28 executing program 3: socket$nl_xfrm(0x10, 0x3, 0x6) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x20}, 0x0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x8001141042, 0x0) add_key$user(0x0, &(0x7f0000000040)={'syz', 0x0}, &(0x7f0000000280)='f', 0x1, 0xfffffffffffffffd) keyctl$clear(0x7, 0x0) request_key(0x0, &(0x7f0000000180)={'syz', 0x0}, 0x0, 0x0) write(r1, &(0x7f0000000000)="b6", 0xfffffe7e) pipe(&(0x7f00000001c0)={0xffffffffffffffff}) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$TCSETXW(0xffffffffffffffff, 0x5435, &(0x7f00000000c0)={0x0, 0x0, [0x0, 0x0, 0x6, 0x2], 0x8}) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000480)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x0, 0x0) 11:38:28 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) getpid() sched_setattr(0x0, 0x0, 0x0) r0 = open(&(0x7f0000000040)='./bus\x00', 0x8001141042, 0x0) write(r0, 0x0, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000480)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x0, 0x0) 11:38:28 executing program 1: socket$nl_xfrm(0x10, 0x3, 0x6) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x20}, 0x0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x8001141042, 0x0) write(r1, &(0x7f0000000000)="b6", 0xfffffe7e) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000480)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x0, 0x0) 11:38:29 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) getpid() sched_setattr(0x0, 0x0, 0x0) r0 = open(&(0x7f0000000040)='./bus\x00', 0x8001141042, 0x0) write(r0, 0x0, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000480)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x0, 0x0) 11:38:29 executing program 3: socket$nl_xfrm(0x10, 0x3, 0x6) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x20}, 0x0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x8001141042, 0x0) add_key$user(0x0, &(0x7f0000000040)={'syz', 0x0}, &(0x7f0000000280)='f', 0x1, 0xfffffffffffffffd) keyctl$clear(0x7, 0x0) request_key(0x0, &(0x7f0000000180)={'syz', 0x0}, 0x0, 0x0) write(r1, &(0x7f0000000000)="b6", 0xfffffe7e) pipe(&(0x7f00000001c0)={0xffffffffffffffff}) openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$TCSETXW(0xffffffffffffffff, 0x5435, &(0x7f00000000c0)={0x0, 0x0, [0x0, 0x0, 0x6, 0x2], 0x8}) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000480)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x0, 0x0) 11:38:29 executing program 0: r0 = getpid() r1 = openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) lseek(r1, 0x1, 0x0) sched_setscheduler(r0, 0x5, &(0x7f0000000380)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, &(0x7f0000000200)='/dev/vsock\x00', 0x0, 0x0) poll(0x0, 0x0, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000380)={[0x0, 0xf0, 0xfffffffffffffffc, 0x1, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) 11:38:29 executing program 2: r0 = getpid() r1 = openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) lseek(r1, 0x1, 0x0) sched_setscheduler(r0, 0x5, &(0x7f0000000380)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, &(0x7f0000000200)='/dev/vsock\x00', 0x0, 0x0) poll(0x0, 0x0, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000380)={[0x0, 0xf0, 0xfffffffffffffffc, 0x1, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) 11:38:29 executing program 4: socket$nl_xfrm(0x10, 0x3, 0x6) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x20}, 0x0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x8001141042, 0x0) write(r1, &(0x7f0000000000)="b6", 0xfffffe7e) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000480)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x0, 0x0) 11:38:29 executing program 1: socket$nl_xfrm(0x10, 0x3, 0x6) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x20}, 0x0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x8001141042, 0x0) write(r1, &(0x7f0000000000)="b6", 0xfffffe7e) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000480)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x0, 0x0) 11:38:29 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) getpid() sched_setattr(0x0, 0x0, 0x0) r0 = open(&(0x7f0000000040)='./bus\x00', 0x8001141042, 0x0) write(r0, 0x0, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000480)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x0, 0x0) 11:38:30 executing program 3: socket$nl_xfrm(0x10, 0x3, 0x6) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x20}, 0x0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x8001141042, 0x0) add_key$user(0x0, &(0x7f0000000040)={'syz', 0x0}, &(0x7f0000000280)='f', 0x1, 0xfffffffffffffffd) keyctl$clear(0x7, 0x0) request_key(0x0, &(0x7f0000000180)={'syz', 0x0}, 0x0, 0x0) write(r1, &(0x7f0000000000)="b6", 0xfffffe7e) pipe(&(0x7f00000001c0)={0xffffffffffffffff}) openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$TCSETXW(0xffffffffffffffff, 0x5435, &(0x7f00000000c0)={0x0, 0x0, [0x0, 0x0, 0x6, 0x2], 0x8}) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000480)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x0, 0x0) 11:38:30 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) getpid() sched_setattr(0x0, 0x0, 0x0) r0 = open(&(0x7f0000000040)='./bus\x00', 0x8001141042, 0x0) write(r0, &(0x7f0000000000), 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000480)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x0, 0x0) 11:38:30 executing program 1: socket$nl_xfrm(0x10, 0x3, 0x6) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x20}, 0x0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x8001141042, 0x0) write(r1, &(0x7f0000000000)="b6", 0xfffffe7e) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000480)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x0, 0x0) 11:38:30 executing program 4: socket$nl_xfrm(0x10, 0x3, 0x6) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x20}, 0x0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x8001141042, 0x0) add_key$user(0x0, &(0x7f0000000040)={'syz', 0x0}, &(0x7f0000000280)='f', 0x1, 0xfffffffffffffffd) keyctl$clear(0x7, 0x0) request_key(0x0, &(0x7f0000000180)={'syz', 0x0}, 0x0, 0x0) write(r1, &(0x7f0000000000)="b6", 0xfffffe7e) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0) dup3(r4, r5, 0x0) ioctl$TCSETXW(0xffffffffffffffff, 0x5435, &(0x7f00000000c0)={0x0, 0x0, [0x0, 0x0, 0x6, 0x2], 0x8}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) setsockopt$netlink_NETLINK_LISTEN_ALL_NSID(0xffffffffffffffff, 0x10e, 0x8, 0x0, 0x0) r6 = syz_open_dev$evdev(&(0x7f000004a000)='/dev/input/event#\x00', 0x0, 0x0) ioctl$EVIOCGMASK(r6, 0x80104592, 0x0) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000480)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x0, 0x0) 11:38:31 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) getpid() sched_setattr(0x0, 0x0, 0x0) r0 = open(&(0x7f0000000040)='./bus\x00', 0x8001141042, 0x0) write(r0, &(0x7f0000000000), 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000480)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x0, 0x0) 11:38:31 executing program 3: socket$nl_xfrm(0x10, 0x3, 0x6) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x20}, 0x0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x8001141042, 0x0) add_key$user(0x0, &(0x7f0000000040)={'syz', 0x0}, &(0x7f0000000280)='f', 0x1, 0xfffffffffffffffd) keyctl$clear(0x7, 0x0) request_key(0x0, &(0x7f0000000180)={'syz', 0x0}, 0x0, 0x0) write(r1, &(0x7f0000000000)="b6", 0xfffffe7e) pipe(&(0x7f00000001c0)={0xffffffffffffffff}) openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$TCSETXW(0xffffffffffffffff, 0x5435, &(0x7f00000000c0)={0x0, 0x0, [0x0, 0x0, 0x6, 0x2], 0x8}) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000480)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x0, 0x0) 11:38:32 executing program 1: socket$nl_xfrm(0x10, 0x3, 0x6) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x20}, 0x0) write(0xffffffffffffffff, &(0x7f0000000000)="b6", 0xfffffe7e) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000480)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x0, 0x0) 11:38:32 executing program 4: socket$nl_xfrm(0x10, 0x3, 0x6) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x20}, 0x0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x8001141042, 0x0) add_key$user(0x0, &(0x7f0000000040)={'syz', 0x0}, &(0x7f0000000280)='f', 0x1, 0xfffffffffffffffd) keyctl$clear(0x7, 0x0) request_key(0x0, &(0x7f0000000180)={'syz', 0x0}, 0x0, 0x0) write(r1, &(0x7f0000000000)="b6", 0xfffffe7e) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0) dup3(r4, r5, 0x0) ioctl$TCSETXW(0xffffffffffffffff, 0x5435, &(0x7f00000000c0)={0x0, 0x0, [0x0, 0x0, 0x6, 0x2], 0x8}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) setsockopt$netlink_NETLINK_LISTEN_ALL_NSID(0xffffffffffffffff, 0x10e, 0x8, 0x0, 0x0) r6 = syz_open_dev$evdev(&(0x7f000004a000)='/dev/input/event#\x00', 0x0, 0x0) ioctl$EVIOCGMASK(r6, 0x80104592, 0x0) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000480)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x0, 0x0) 11:38:33 executing program 2: r0 = getpid() r1 = openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) lseek(r1, 0x1, 0x0) sched_setscheduler(r0, 0x5, &(0x7f0000000380)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, &(0x7f0000000200)='/dev/vsock\x00', 0x0, 0x0) poll(0x0, 0x0, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000380)={[0x0, 0xf0, 0xfffffffffffffffc, 0x1, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) 11:38:33 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) getpid() sched_setattr(0x0, 0x0, 0x0) r0 = open(&(0x7f0000000040)='./bus\x00', 0x8001141042, 0x0) write(r0, &(0x7f0000000000), 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000480)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x0, 0x0) 11:38:33 executing program 0: r0 = getpid() r1 = openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) lseek(r1, 0x1, 0x0) sched_setscheduler(r0, 0x5, &(0x7f0000000380)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, &(0x7f0000000200)='/dev/vsock\x00', 0x0, 0x0) poll(0x0, 0x0, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000380)={[0x0, 0xf0, 0xfffffffffffffffc, 0x1, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) 11:38:33 executing program 1: socket$nl_xfrm(0x10, 0x3, 0x6) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x20}, 0x0) write(0xffffffffffffffff, &(0x7f0000000000)="b6", 0xfffffe7e) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000480)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x0, 0x0) 11:38:33 executing program 3: socket$nl_xfrm(0x10, 0x3, 0x6) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x20}, 0x0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x8001141042, 0x0) add_key$user(0x0, &(0x7f0000000040)={'syz', 0x0}, &(0x7f0000000280)='f', 0x1, 0xfffffffffffffffd) keyctl$clear(0x7, 0x0) request_key(0x0, &(0x7f0000000180)={'syz', 0x0}, 0x0, 0x0) write(r1, &(0x7f0000000000)="b6", 0xfffffe7e) pipe(&(0x7f00000001c0)={0xffffffffffffffff}) r3 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$TCSETXW(0xffffffffffffffff, 0x5435, &(0x7f00000000c0)={0x0, 0x0, [0x0, 0x0, 0x6, 0x2], 0x8}) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000480)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x0, 0x0) 11:38:33 executing program 4: socket$nl_xfrm(0x10, 0x3, 0x6) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x20}, 0x0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x8001141042, 0x0) add_key$user(0x0, &(0x7f0000000040)={'syz', 0x0}, &(0x7f0000000280)='f', 0x1, 0xfffffffffffffffd) keyctl$clear(0x7, 0x0) request_key(0x0, &(0x7f0000000180)={'syz', 0x0}, 0x0, 0x0) write(r1, &(0x7f0000000000)="b6", 0xfffffe7e) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0) dup3(r4, r5, 0x0) ioctl$TCSETXW(0xffffffffffffffff, 0x5435, &(0x7f00000000c0)={0x0, 0x0, [0x0, 0x0, 0x6, 0x2], 0x8}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) setsockopt$netlink_NETLINK_LISTEN_ALL_NSID(0xffffffffffffffff, 0x10e, 0x8, 0x0, 0x0) r6 = syz_open_dev$evdev(&(0x7f000004a000)='/dev/input/event#\x00', 0x0, 0x0) ioctl$EVIOCGMASK(r6, 0x80104592, 0x0) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000480)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x0, 0x0) 11:38:33 executing program 1: socket$nl_xfrm(0x10, 0x3, 0x6) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) getpid() write(0xffffffffffffffff, &(0x7f0000000000)="b6", 0xfffffe7e) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000000340), 0x41395527) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000480)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x0, 0x0) 11:38:33 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) getpid() sched_setattr(0x0, 0x0, 0x0) r0 = open(&(0x7f0000000040)='./bus\x00', 0x8001141042, 0x0) write(r0, &(0x7f0000000000)="b6", 0xfffffe7e) pipe(0x0) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000480)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x0, 0x0) 11:38:34 executing program 3: socket$nl_xfrm(0x10, 0x3, 0x6) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x20}, 0x0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x8001141042, 0x0) add_key$user(0x0, &(0x7f0000000040)={'syz', 0x0}, &(0x7f0000000280)='f', 0x1, 0xfffffffffffffffd) keyctl$clear(0x7, 0x0) request_key(0x0, &(0x7f0000000180)={'syz', 0x0}, 0x0, 0x0) write(r1, &(0x7f0000000000)="b6", 0xfffffe7e) pipe(&(0x7f00000001c0)={0xffffffffffffffff}) r3 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$TCSETXW(0xffffffffffffffff, 0x5435, &(0x7f00000000c0)={0x0, 0x0, [0x0, 0x0, 0x6, 0x2], 0x8}) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000480)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x0, 0x0) 11:38:34 executing program 1: socket$nl_xfrm(0x10, 0x3, 0x6) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) getpid() write(0xffffffffffffffff, &(0x7f0000000000)="b6", 0xfffffe7e) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000000340), 0x41395527) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000480)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x0, 0x0) 11:38:34 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) getpid() sched_setattr(0x0, 0x0, 0x0) r0 = open(&(0x7f0000000040)='./bus\x00', 0x8001141042, 0x0) write(r0, &(0x7f0000000000), 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000480)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x0, 0x0) 11:38:34 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) getpid() sched_setattr(0x0, 0x0, 0x0) r0 = open(&(0x7f0000000040)='./bus\x00', 0x8001141042, 0x0) write(r0, &(0x7f0000000000)="b6", 0xfffffe7e) pipe(0x0) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000480)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x0, 0x0) 11:38:35 executing program 2: r0 = getpid() r1 = openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) lseek(r1, 0x1, 0x0) sched_setscheduler(r0, 0x5, &(0x7f0000000380)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, &(0x7f0000000200)='/dev/vsock\x00', 0x0, 0x0) poll(0x0, 0x0, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000380)={[0x0, 0xf0, 0xfffffffffffffffc, 0x1, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) 11:38:35 executing program 1: socket$nl_xfrm(0x10, 0x3, 0x6) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) getpid() write(0xffffffffffffffff, &(0x7f0000000000)="b6", 0xfffffe7e) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000000340), 0x41395527) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000480)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x0, 0x0) 11:38:35 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) getpid() sched_setattr(0x0, 0x0, 0x0) r0 = open(&(0x7f0000000040)='./bus\x00', 0x8001141042, 0x0) write(r0, &(0x7f0000000000)="b6", 0xfffffe7e) pipe(0x0) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000480)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x0, 0x0) 11:38:35 executing program 0: r0 = getpid() r1 = openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) lseek(r1, 0x1, 0x0) sched_setscheduler(r0, 0x5, &(0x7f0000000380)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, &(0x7f0000000200)='/dev/vsock\x00', 0x0, 0x0) poll(0x0, 0x0, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000380)={[0x0, 0xf0, 0xfffffffffffffffc, 0x1, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) 11:38:35 executing program 4: r0 = getpid() r1 = openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) lseek(r1, 0x1, 0x0) sched_setscheduler(r0, 0x5, &(0x7f0000000380)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, &(0x7f0000000200)='/dev/vsock\x00', 0x0, 0x0) poll(0x0, 0x0, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000380)={[0x0, 0xf0, 0xfffffffffffffffc, 0x1, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) 11:38:35 executing program 3: socket$nl_xfrm(0x10, 0x3, 0x6) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x20}, 0x0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x8001141042, 0x0) add_key$user(0x0, &(0x7f0000000040)={'syz', 0x0}, &(0x7f0000000280)='f', 0x1, 0xfffffffffffffffd) keyctl$clear(0x7, 0x0) request_key(0x0, &(0x7f0000000180)={'syz', 0x0}, 0x0, 0x0) write(r1, &(0x7f0000000000)="b6", 0xfffffe7e) pipe(&(0x7f00000001c0)={0xffffffffffffffff}) r3 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$TCSETXW(0xffffffffffffffff, 0x5435, &(0x7f00000000c0)={0x0, 0x0, [0x0, 0x0, 0x6, 0x2], 0x8}) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000480)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x0, 0x0) 11:38:36 executing program 1: socket$nl_xfrm(0x10, 0x3, 0x6) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x20}, 0x0) write(0xffffffffffffffff, &(0x7f0000000000)="b6", 0xfffffe7e) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000000340), 0x41395527) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000480)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x0, 0x0) 11:38:36 executing program 3: socket$nl_xfrm(0x10, 0x3, 0x6) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x20}, 0x0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x8001141042, 0x0) add_key$user(0x0, &(0x7f0000000040)={'syz', 0x0}, &(0x7f0000000280)='f', 0x1, 0xfffffffffffffffd) keyctl$clear(0x7, 0x0) request_key(0x0, &(0x7f0000000180)={'syz', 0x0}, 0x0, 0x0) write(r1, &(0x7f0000000000)="b6", 0xfffffe7e) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$TCSETXW(0xffffffffffffffff, 0x5435, &(0x7f00000000c0)={0x0, 0x0, [0x0, 0x0, 0x6, 0x2], 0x8}) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000480)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x0, 0x0) 11:38:36 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) getpid() sched_setattr(0x0, 0x0, 0x0) r0 = open(&(0x7f0000000040)='./bus\x00', 0x8001141042, 0x0) write(r0, &(0x7f0000000000)="b6", 0xfffffe7e) pipe(&(0x7f00000001c0)={0xffffffffffffffff}) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000480)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x0, 0x0) 11:38:36 executing program 1: socket$nl_xfrm(0x10, 0x3, 0x6) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x20}, 0x0) write(0xffffffffffffffff, &(0x7f0000000000)="b6", 0xfffffe7e) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000000340), 0x41395527) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000480)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x0, 0x0) 11:38:37 executing program 1: socket$nl_xfrm(0x10, 0x3, 0x6) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x20}, 0x0) write(0xffffffffffffffff, &(0x7f0000000000)="b6", 0xfffffe7e) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000000340), 0x41395527) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000480)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x0, 0x0) 11:38:37 executing program 0: r0 = getpid() r1 = openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) lseek(r1, 0x1, 0x0) sched_setscheduler(r0, 0x5, &(0x7f0000000380)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, &(0x7f0000000200)='/dev/vsock\x00', 0x0, 0x0) poll(0x0, 0x0, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000380)={[0x0, 0xf0, 0xfffffffffffffffc, 0x1, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) 11:38:37 executing program 2: socket$nl_xfrm(0x10, 0x3, 0x6) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x20}, 0x0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x8001141042, 0x0) add_key$user(0x0, &(0x7f0000000040)={'syz', 0x0}, &(0x7f0000000280)='f', 0x1, 0xfffffffffffffffd) keyctl$clear(0x7, 0x0) request_key(0x0, &(0x7f0000000180)={'syz', 0x0}, 0x0, 0x0) write(r1, &(0x7f0000000000)="b6", 0xfffffe7e) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0) dup3(r4, r5, 0x0) ioctl$TCSETXW(0xffffffffffffffff, 0x5435, &(0x7f00000000c0)={0x0, 0x0, [0x0, 0x0, 0x6, 0x2], 0x8}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) setsockopt$netlink_NETLINK_LISTEN_ALL_NSID(0xffffffffffffffff, 0x10e, 0x8, 0x0, 0x0) r6 = syz_open_dev$evdev(&(0x7f000004a000)='/dev/input/event#\x00', 0x0, 0x0) ioctl$EVIOCGMASK(r6, 0x80104592, 0x0) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000480)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x0, 0x0) 11:38:37 executing program 3: socket$nl_xfrm(0x10, 0x3, 0x6) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x20}, 0x0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x8001141042, 0x0) add_key$user(0x0, &(0x7f0000000040)={'syz', 0x0}, &(0x7f0000000280)='f', 0x1, 0xfffffffffffffffd) keyctl$clear(0x7, 0x0) request_key(0x0, &(0x7f0000000180)={'syz', 0x0}, 0x0, 0x0) write(r1, &(0x7f0000000000)="b6", 0xfffffe7e) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$TCSETXW(0xffffffffffffffff, 0x5435, &(0x7f00000000c0)={0x0, 0x0, [0x0, 0x0, 0x6, 0x2], 0x8}) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000480)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x0, 0x0) 11:38:37 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) getpid() sched_setattr(0x0, 0x0, 0x0) r0 = open(&(0x7f0000000040)='./bus\x00', 0x8001141042, 0x0) write(r0, &(0x7f0000000000)="b6", 0xfffffe7e) pipe(&(0x7f00000001c0)={0xffffffffffffffff}) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000480)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x0, 0x0) 11:38:37 executing program 1: socket$nl_xfrm(0x10, 0x3, 0x6) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x20}, 0x0) write(0xffffffffffffffff, &(0x7f0000000000)="b6", 0xfffffe7e) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000480)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x0, 0x0) 11:38:37 executing program 4: r0 = getpid() r1 = openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) lseek(r1, 0x1, 0x0) sched_setscheduler(r0, 0x5, &(0x7f0000000380)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, &(0x7f0000000200)='/dev/vsock\x00', 0x0, 0x0) poll(0x0, 0x0, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000380)={[0x0, 0xf0, 0xfffffffffffffffc, 0x1, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) 11:38:38 executing program 3: socket$nl_xfrm(0x10, 0x3, 0x6) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x20}, 0x0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x8001141042, 0x0) add_key$user(0x0, &(0x7f0000000040)={'syz', 0x0}, &(0x7f0000000280)='f', 0x1, 0xfffffffffffffffd) keyctl$clear(0x7, 0x0) request_key(0x0, &(0x7f0000000180)={'syz', 0x0}, 0x0, 0x0) write(r1, &(0x7f0000000000)="b6", 0xfffffe7e) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$TCSETXW(0xffffffffffffffff, 0x5435, &(0x7f00000000c0)={0x0, 0x0, [0x0, 0x0, 0x6, 0x2], 0x8}) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000480)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x0, 0x0) 11:38:38 executing program 1: socket$nl_xfrm(0x10, 0x3, 0x6) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x20}, 0x0) write(0xffffffffffffffff, &(0x7f0000000000)="b6", 0xfffffe7e) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000480)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x0, 0x0) 11:38:38 executing program 0: r0 = getpid() r1 = openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) lseek(r1, 0x1, 0x0) sched_setscheduler(r0, 0x5, &(0x7f0000000380)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, &(0x7f0000000200)='/dev/vsock\x00', 0x0, 0x0) poll(0x0, 0x0, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000380)={[0x0, 0xf0, 0xfffffffffffffffc, 0x1, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) 11:38:38 executing program 4: r0 = getpid() r1 = openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) lseek(r1, 0x1, 0x0) sched_setscheduler(r0, 0x5, &(0x7f0000000380)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, &(0x7f0000000200)='/dev/vsock\x00', 0x0, 0x0) poll(0x0, 0x0, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000380)={[0x0, 0xf0, 0xfffffffffffffffc, 0x1, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) 11:38:38 executing program 1: socket$nl_xfrm(0x10, 0x3, 0x6) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x20}, 0x0) write(0xffffffffffffffff, &(0x7f0000000000)="b6", 0xfffffe7e) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000480)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x0, 0x0) 11:38:39 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) getpid() sched_setattr(0x0, 0x0, 0x0) r0 = open(&(0x7f0000000040)='./bus\x00', 0x8001141042, 0x0) write(r0, &(0x7f0000000000)="b6", 0xfffffe7e) pipe(&(0x7f00000001c0)={0xffffffffffffffff}) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000480)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x0, 0x0) 11:38:39 executing program 3: socket$nl_xfrm(0x10, 0x3, 0x6) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x20}, 0x0) open(&(0x7f0000000040)='./bus\x00', 0x8001141042, 0x0) add_key$user(0x0, &(0x7f0000000040)={'syz', 0x0}, &(0x7f0000000280)='f', 0x1, 0xfffffffffffffffd) keyctl$clear(0x7, 0x0) request_key(0x0, &(0x7f0000000180)={'syz', 0x0}, 0x0, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff}) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$TCSETXW(0xffffffffffffffff, 0x5435, &(0x7f00000000c0)={0x0, 0x0, [0x0, 0x0, 0x6, 0x2], 0x8}) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000480)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x0, 0x0) 11:38:39 executing program 2: r0 = getpid() r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/schedstat\x00', 0x0, 0x0) lseek(r1, 0x1, 0x0) sendmsg$NFNL_MSG_CTHELPER_NEW(r1, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000080)={&(0x7f0000000240)={0x4c, 0x0, 0x9, 0x3, 0x0, 0x0, {0x0, 0x0, 0x8}, [@NFCTH_NAME={0x9, 0x1, 'syz0\x00'}, @NFCTH_NAME={0x9, 0x1, 'syz0\x00'}, @NFCTH_STATUS={0x8}, @NFCTH_TUPLE={0xc, 0x2, [@CTA_TUPLE_ZONE={0x6}]}, @NFCTH_NAME={0x9, 0x1, 'syz0\x00'}]}, 0x4c}}, 0x8011) sched_setscheduler(r0, 0x5, &(0x7f0000000380)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, &(0x7f0000000200)='/dev/vsock\x00', 0x0, 0x0) socket$pptp(0x18, 0x1, 0x2) openat$sequencer(0xffffffffffffff9c, 0x0, 0x801, 0x0) inotify_init1(0x0) poll(0x0, 0x0, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer\x00', 0x801, 0x0) syz_open_dev$vivid(&(0x7f0000000540)='/dev/video#\x00', 0x0, 0x2) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000380)={[0x0, 0xf0, 0xfffffffffffffffc, 0x1, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) 11:38:39 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x20}, 0x0) write(0xffffffffffffffff, &(0x7f0000000000)="b6", 0xfffffe7e) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000480)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x0, 0x0) 11:38:39 executing program 0: r0 = getpid() r1 = openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) lseek(r1, 0x1, 0x0) sched_setscheduler(r0, 0x5, &(0x7f0000000380)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, &(0x7f0000000200)='/dev/vsock\x00', 0x0, 0x0) poll(0x0, 0x0, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) r4 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000380)={[0x0, 0xf0, 0xfffffffffffffffc, 0x1, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) 11:38:39 executing program 4: r0 = getpid() lseek(0xffffffffffffffff, 0x0, 0x0) sched_setscheduler(r0, 0x5, &(0x7f0000000380)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0xf0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 11:38:40 executing program 0: r0 = getpid() r1 = openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) lseek(r1, 0x1, 0x0) sched_setscheduler(r0, 0x5, &(0x7f0000000380)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, &(0x7f0000000200)='/dev/vsock\x00', 0x0, 0x0) poll(0x0, 0x0, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) r4 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000380)={[0x0, 0xf0, 0xfffffffffffffffc, 0x1, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) 11:38:40 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x20}, 0x0) write(0xffffffffffffffff, &(0x7f0000000000)="b6", 0xfffffe7e) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000480)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x0, 0x0) 11:38:40 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) getpid() sched_setattr(0x0, 0x0, 0x0) r0 = open(&(0x7f0000000040)='./bus\x00', 0x8001141042, 0x0) write(r0, &(0x7f0000000000)="b6", 0xfffffe7e) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, 0x0, 0x0) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000480)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x0, 0x0) 11:38:40 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x20}, 0x0) write(0xffffffffffffffff, &(0x7f0000000000)="b6", 0xfffffe7e) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000480)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x0, 0x0) 11:38:40 executing program 3: socket$nl_xfrm(0x10, 0x3, 0x6) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x20}, 0x0) open(&(0x7f0000000040)='./bus\x00', 0x8001141042, 0x0) add_key$user(0x0, &(0x7f0000000040)={'syz', 0x0}, &(0x7f0000000280)='f', 0x1, 0xfffffffffffffffd) keyctl$clear(0x7, 0x0) request_key(0x0, &(0x7f0000000180)={'syz', 0x0}, 0x0, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff}) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$TCSETXW(0xffffffffffffffff, 0x5435, &(0x7f00000000c0)={0x0, 0x0, [0x0, 0x0, 0x6, 0x2], 0x8}) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000480)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x0, 0x0) 11:38:40 executing program 1: socket$nl_xfrm(0x10, 0x3, 0x6) prlimit64(0x0, 0x0, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x20}, 0x0) write(0xffffffffffffffff, &(0x7f0000000000)="b6", 0xfffffe7e) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000480)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x0, 0x0) 11:38:40 executing program 0: r0 = getpid() r1 = openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) lseek(r1, 0x1, 0x0) sched_setscheduler(r0, 0x5, &(0x7f0000000380)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, &(0x7f0000000200)='/dev/vsock\x00', 0x0, 0x0) poll(0x0, 0x0, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) r4 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000380)={[0x0, 0xf0, 0xfffffffffffffffc, 0x1, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) 11:38:40 executing program 4: socket$nl_xfrm(0x10, 0x3, 0x6) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x20}, 0x0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x8001141042, 0x0) add_key$user(0x0, &(0x7f0000000040)={'syz', 0x0}, &(0x7f0000000280)='f', 0x1, 0xfffffffffffffffd) keyctl$clear(0x7, 0x0) request_key(0x0, &(0x7f0000000180)={'syz', 0x0}, 0x0, 0x0) write(r1, &(0x7f0000000000)="b6", 0xfffffe7e) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0) dup3(r4, r5, 0x0) ioctl$TCSETXW(0xffffffffffffffff, 0x5435, &(0x7f00000000c0)={0x0, 0x0, [0x0, 0x0, 0x6, 0x2], 0x8}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) setsockopt$netlink_NETLINK_LISTEN_ALL_NSID(0xffffffffffffffff, 0x10e, 0x8, 0x0, 0x0) r6 = syz_open_dev$evdev(&(0x7f000004a000)='/dev/input/event#\x00', 0x0, 0x0) ioctl$EVIOCGMASK(r6, 0x80104592, 0x0) syz_open_dev$evdev(&(0x7f000004a000)='/dev/input/event#\x00', 0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000480)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x0, 0x0) 11:38:41 executing program 2: r0 = getpid() r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/schedstat\x00', 0x0, 0x0) lseek(r1, 0x1, 0x0) sendmsg$NFNL_MSG_CTHELPER_NEW(r1, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000080)={&(0x7f0000000240)={0x4c, 0x0, 0x9, 0x3, 0x0, 0x0, {0x0, 0x0, 0x8}, [@NFCTH_NAME={0x9, 0x1, 'syz0\x00'}, @NFCTH_NAME={0x9, 0x1, 'syz0\x00'}, @NFCTH_STATUS={0x8}, @NFCTH_TUPLE={0xc, 0x2, [@CTA_TUPLE_ZONE={0x6}]}, @NFCTH_NAME={0x9, 0x1, 'syz0\x00'}]}, 0x4c}}, 0x8011) sched_setscheduler(r0, 0x5, &(0x7f0000000380)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, &(0x7f0000000200)='/dev/vsock\x00', 0x0, 0x0) socket$pptp(0x18, 0x1, 0x2) openat$sequencer(0xffffffffffffff9c, 0x0, 0x801, 0x0) inotify_init1(0x0) poll(0x0, 0x0, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer\x00', 0x801, 0x0) syz_open_dev$vivid(&(0x7f0000000540)='/dev/video#\x00', 0x0, 0x2) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000380)={[0x0, 0xf0, 0xfffffffffffffffc, 0x1, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) 11:38:41 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) getpid() sched_setattr(0x0, 0x0, 0x0) r0 = open(&(0x7f0000000040)='./bus\x00', 0x8001141042, 0x0) write(r0, &(0x7f0000000000)="b6", 0xfffffe7e) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, 0x0, 0x0) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000480)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x0, 0x0) 11:38:41 executing program 3: socket$nl_xfrm(0x10, 0x3, 0x6) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x20}, 0x0) open(&(0x7f0000000040)='./bus\x00', 0x8001141042, 0x0) add_key$user(0x0, &(0x7f0000000040)={'syz', 0x0}, &(0x7f0000000280)='f', 0x1, 0xfffffffffffffffd) keyctl$clear(0x7, 0x0) request_key(0x0, &(0x7f0000000180)={'syz', 0x0}, 0x0, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff}) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$TCSETXW(0xffffffffffffffff, 0x5435, &(0x7f00000000c0)={0x0, 0x0, [0x0, 0x0, 0x6, 0x2], 0x8}) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000480)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x0, 0x0) 11:38:41 executing program 1: socket$nl_xfrm(0x10, 0x3, 0x6) prlimit64(0x0, 0x0, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x20}, 0x0) write(0xffffffffffffffff, &(0x7f0000000000)="b6", 0xfffffe7e) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000480)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x0, 0x0) 11:38:41 executing program 4: socket$nl_xfrm(0x10, 0x3, 0x6) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x20}, 0x0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x8001141042, 0x0) add_key$user(0x0, &(0x7f0000000040)={'syz', 0x0}, &(0x7f0000000280)='f', 0x1, 0xfffffffffffffffd) keyctl$clear(0x7, 0x0) request_key(0x0, &(0x7f0000000180)={'syz', 0x0}, 0x0, 0x0) write(r1, &(0x7f0000000000)="b6", 0xfffffe7e) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0) dup3(r4, r5, 0x0) ioctl$TCSETXW(0xffffffffffffffff, 0x5435, &(0x7f00000000c0)={0x0, 0x0, [0x0, 0x0, 0x6, 0x2], 0x8}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) setsockopt$netlink_NETLINK_LISTEN_ALL_NSID(0xffffffffffffffff, 0x10e, 0x8, 0x0, 0x0) r6 = syz_open_dev$evdev(&(0x7f000004a000)='/dev/input/event#\x00', 0x0, 0x0) ioctl$EVIOCGMASK(r6, 0x80104592, 0x0) syz_open_dev$evdev(&(0x7f000004a000)='/dev/input/event#\x00', 0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000480)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x0, 0x0) 11:38:42 executing program 0: r0 = getpid() r1 = openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) lseek(r1, 0x1, 0x0) sched_setscheduler(r0, 0x5, &(0x7f0000000380)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, &(0x7f0000000200)='/dev/vsock\x00', 0x0, 0x0) poll(0x0, 0x0, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000380)={[0x0, 0xf0, 0xfffffffffffffffc, 0x1, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) 11:38:42 executing program 1: socket$nl_xfrm(0x10, 0x3, 0x6) prlimit64(0x0, 0x0, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x20}, 0x0) write(0xffffffffffffffff, &(0x7f0000000000)="b6", 0xfffffe7e) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000480)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x0, 0x0) 11:38:42 executing program 3: socket$nl_xfrm(0x10, 0x3, 0x6) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x20}, 0x0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x8001141042, 0x0) add_key$user(0x0, &(0x7f0000000040)={'syz', 0x0}, &(0x7f0000000280)='f', 0x1, 0xfffffffffffffffd) keyctl$clear(0x7, 0x0) write(r1, &(0x7f0000000000)="b6", 0xfffffe7e) pipe(&(0x7f00000001c0)={0xffffffffffffffff}) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) ioctl$TCSETXW(0xffffffffffffffff, 0x5435, &(0x7f00000000c0)={0x0, 0x0, [0x0, 0x0, 0x6, 0x2], 0x8}) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000480)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x0, 0x0) 11:38:42 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) getpid() sched_setattr(0x0, 0x0, 0x0) r0 = open(&(0x7f0000000040)='./bus\x00', 0x8001141042, 0x0) write(r0, &(0x7f0000000000)="b6", 0xfffffe7e) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, 0x0, 0x0) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000480)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x0, 0x0) 11:38:43 executing program 1: socket$nl_xfrm(0x10, 0x3, 0x6) prlimit64(0x0, 0xe, 0x0, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x20}, 0x0) write(0xffffffffffffffff, &(0x7f0000000000)="b6", 0xfffffe7e) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000480)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x0, 0x0) 11:38:43 executing program 4: r0 = getpid() r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/schedstat\x00', 0x0, 0x0) lseek(r1, 0x1, 0x0) sendmsg$NFNL_MSG_CTHELPER_NEW(r1, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000080)={&(0x7f0000000240)={0x4c, 0x0, 0x9, 0x3, 0x0, 0x0, {0x0, 0x0, 0x8}, [@NFCTH_NAME={0x9, 0x1, 'syz0\x00'}, @NFCTH_NAME={0x9, 0x1, 'syz0\x00'}, @NFCTH_STATUS={0x8}, @NFCTH_TUPLE={0xc, 0x2, [@CTA_TUPLE_ZONE={0x6}]}, @NFCTH_NAME={0x9, 0x1, 'syz0\x00'}]}, 0x4c}}, 0x8011) sched_setscheduler(r0, 0x5, &(0x7f0000000380)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, &(0x7f0000000200)='/dev/vsock\x00', 0x0, 0x0) socket$pptp(0x18, 0x1, 0x2) openat$sequencer(0xffffffffffffff9c, 0x0, 0x801, 0x0) inotify_init1(0x0) poll(0x0, 0x0, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer\x00', 0x801, 0x0) syz_open_dev$vivid(&(0x7f0000000540)='/dev/video#\x00', 0x0, 0x2) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000380)={[0x0, 0xf0, 0xfffffffffffffffc, 0x1, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) 11:38:43 executing program 2: r0 = getpid() r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/schedstat\x00', 0x0, 0x0) lseek(r1, 0x1, 0x0) sendmsg$NFNL_MSG_CTHELPER_NEW(r1, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000080)={&(0x7f0000000240)={0x4c, 0x0, 0x9, 0x3, 0x0, 0x0, {0x0, 0x0, 0x8}, [@NFCTH_NAME={0x9, 0x1, 'syz0\x00'}, @NFCTH_NAME={0x9, 0x1, 'syz0\x00'}, @NFCTH_STATUS={0x8}, @NFCTH_TUPLE={0xc, 0x2, [@CTA_TUPLE_ZONE={0x6}]}, @NFCTH_NAME={0x9, 0x1, 'syz0\x00'}]}, 0x4c}}, 0x8011) sched_setscheduler(r0, 0x5, &(0x7f0000000380)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, &(0x7f0000000200)='/dev/vsock\x00', 0x0, 0x0) socket$pptp(0x18, 0x1, 0x2) openat$sequencer(0xffffffffffffff9c, 0x0, 0x801, 0x0) inotify_init1(0x0) poll(0x0, 0x0, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer\x00', 0x801, 0x0) syz_open_dev$vivid(&(0x7f0000000540)='/dev/video#\x00', 0x0, 0x2) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000380)={[0x0, 0xf0, 0xfffffffffffffffc, 0x1, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) 11:38:43 executing program 3: socket$nl_xfrm(0x10, 0x3, 0x6) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x20}, 0x0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x8001141042, 0x0) add_key$user(0x0, &(0x7f0000000040)={'syz', 0x0}, &(0x7f0000000280)='f', 0x1, 0xfffffffffffffffd) keyctl$clear(0x7, 0x0) write(r1, &(0x7f0000000000)="b6", 0xfffffe7e) pipe(&(0x7f00000001c0)={0xffffffffffffffff}) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) ioctl$TCSETXW(0xffffffffffffffff, 0x5435, &(0x7f00000000c0)={0x0, 0x0, [0x0, 0x0, 0x6, 0x2], 0x8}) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000480)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x0, 0x0) 11:38:43 executing program 0: r0 = getpid() r1 = openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) lseek(r1, 0x1, 0x0) sched_setscheduler(r0, 0x5, &(0x7f0000000380)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, &(0x7f0000000200)='/dev/vsock\x00', 0x0, 0x0) poll(0x0, 0x0, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000380)={[0x0, 0xf0, 0xfffffffffffffffc, 0x1, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) 11:38:43 executing program 1: socket$nl_xfrm(0x10, 0x3, 0x6) prlimit64(0x0, 0xe, 0x0, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x20}, 0x0) write(0xffffffffffffffff, &(0x7f0000000000)="b6", 0xfffffe7e) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000480)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x0, 0x0) 11:38:43 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) getpid() sched_setattr(0x0, 0x0, 0x0) r0 = open(&(0x7f0000000040)='./bus\x00', 0x8001141042, 0x0) write(r0, &(0x7f0000000000)="b6", 0xfffffe7e) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000000340), 0x41395527) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000480)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x0, 0x0) 11:38:44 executing program 1: socket$nl_xfrm(0x10, 0x3, 0x6) prlimit64(0x0, 0xe, 0x0, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x20}, 0x0) write(0xffffffffffffffff, &(0x7f0000000000)="b6", 0xfffffe7e) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000480)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x0, 0x0) 11:38:44 executing program 0: r0 = getpid() r1 = openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) lseek(r1, 0x1, 0x0) sched_setscheduler(r0, 0x5, &(0x7f0000000380)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, &(0x7f0000000200)='/dev/vsock\x00', 0x0, 0x0) poll(0x0, 0x0, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000380)={[0x0, 0xf0, 0xfffffffffffffffc, 0x1, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) 11:38:44 executing program 1: socket$nl_xfrm(0x10, 0x3, 0x6) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x0, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x20}, 0x0) write(0xffffffffffffffff, &(0x7f0000000000)="b6", 0xfffffe7e) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000480)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x0, 0x0) 11:38:44 executing program 3: socket$nl_xfrm(0x10, 0x3, 0x6) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x20}, 0x0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x8001141042, 0x0) add_key$user(0x0, &(0x7f0000000040)={'syz', 0x0}, &(0x7f0000000280)='f', 0x1, 0xfffffffffffffffd) keyctl$clear(0x7, 0x0) write(r1, &(0x7f0000000000)="b6", 0xfffffe7e) pipe(&(0x7f00000001c0)={0xffffffffffffffff}) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) ioctl$TCSETXW(0xffffffffffffffff, 0x5435, &(0x7f00000000c0)={0x0, 0x0, [0x0, 0x0, 0x6, 0x2], 0x8}) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000480)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x0, 0x0) 11:38:44 executing program 0: r0 = getpid() r1 = openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) lseek(r1, 0x1, 0x0) sched_setscheduler(r0, 0x5, &(0x7f0000000380)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, &(0x7f0000000200)='/dev/vsock\x00', 0x0, 0x0) poll(0x0, 0x0, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, 0x0) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000380)={[0x0, 0xf0, 0xfffffffffffffffc, 0x1, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) 11:38:44 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) getpid() sched_setattr(0x0, 0x0, 0x0) r0 = open(&(0x7f0000000040)='./bus\x00', 0x8001141042, 0x0) write(r0, &(0x7f0000000000)="b6", 0xfffffe7e) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000000340), 0x41395527) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000480)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x0, 0x0) 11:38:45 executing program 4: r0 = getpid() r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/schedstat\x00', 0x0, 0x0) lseek(r1, 0x1, 0x0) sendmsg$NFNL_MSG_CTHELPER_NEW(r1, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000080)={&(0x7f0000000240)={0x4c, 0x0, 0x9, 0x3, 0x0, 0x0, {0x0, 0x0, 0x8}, [@NFCTH_NAME={0x9, 0x1, 'syz0\x00'}, @NFCTH_NAME={0x9, 0x1, 'syz0\x00'}, @NFCTH_STATUS={0x8}, @NFCTH_TUPLE={0xc, 0x2, [@CTA_TUPLE_ZONE={0x6}]}, @NFCTH_NAME={0x9, 0x1, 'syz0\x00'}]}, 0x4c}}, 0x8011) sched_setscheduler(r0, 0x5, &(0x7f0000000380)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, &(0x7f0000000200)='/dev/vsock\x00', 0x0, 0x0) socket$pptp(0x18, 0x1, 0x2) openat$sequencer(0xffffffffffffff9c, 0x0, 0x801, 0x0) inotify_init1(0x0) poll(0x0, 0x0, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer\x00', 0x801, 0x0) syz_open_dev$vivid(&(0x7f0000000540)='/dev/video#\x00', 0x0, 0x2) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000380)={[0x0, 0xf0, 0xfffffffffffffffc, 0x1, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) 11:38:46 executing program 1: socket$nl_xfrm(0x10, 0x3, 0x6) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x0, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x20}, 0x0) write(0xffffffffffffffff, &(0x7f0000000000)="b6", 0xfffffe7e) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000480)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x0, 0x0) 11:38:46 executing program 0: r0 = getpid() r1 = openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) lseek(r1, 0x1, 0x0) sched_setscheduler(r0, 0x5, &(0x7f0000000380)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, &(0x7f0000000200)='/dev/vsock\x00', 0x0, 0x0) poll(0x0, 0x0, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, 0x0) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000380)={[0x0, 0xf0, 0xfffffffffffffffc, 0x1, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) 11:38:46 executing program 2: r0 = getpid() r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/schedstat\x00', 0x0, 0x0) lseek(r1, 0x1, 0x0) sendmsg$NFNL_MSG_CTHELPER_NEW(r1, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000080)={&(0x7f0000000240)={0x4c, 0x0, 0x9, 0x3, 0x0, 0x0, {0x0, 0x0, 0x8}, [@NFCTH_NAME={0x9, 0x1, 'syz0\x00'}, @NFCTH_NAME={0x9, 0x1, 'syz0\x00'}, @NFCTH_STATUS={0x8}, @NFCTH_TUPLE={0xc, 0x2, [@CTA_TUPLE_ZONE={0x6}]}, @NFCTH_NAME={0x9, 0x1, 'syz0\x00'}]}, 0x4c}}, 0x8011) sched_setscheduler(r0, 0x5, &(0x7f0000000380)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, &(0x7f0000000200)='/dev/vsock\x00', 0x0, 0x0) socket$pptp(0x18, 0x1, 0x2) openat$sequencer(0xffffffffffffff9c, 0x0, 0x801, 0x0) inotify_init1(0x0) poll(0x0, 0x0, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer\x00', 0x801, 0x0) syz_open_dev$vivid(&(0x7f0000000540)='/dev/video#\x00', 0x0, 0x2) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000380)={[0x0, 0xf0, 0xfffffffffffffffc, 0x1, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r4, 0xae80, 0x0) 11:38:46 executing program 3: socket$nl_xfrm(0x10, 0x3, 0x6) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x20}, 0x0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x8001141042, 0x0) add_key$user(0x0, &(0x7f0000000040)={'syz', 0x0}, &(0x7f0000000280)='f', 0x1, 0xfffffffffffffffd) request_key(0x0, &(0x7f0000000180)={'syz', 0x0}, 0x0, 0x0) write(r1, &(0x7f0000000000)="b6", 0xfffffe7e) pipe(&(0x7f00000001c0)={0xffffffffffffffff}) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) ioctl$TCSETXW(0xffffffffffffffff, 0x5435, &(0x7f00000000c0)={0x0, 0x0, [0x0, 0x0, 0x6, 0x2], 0x8}) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000480)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x0, 0x0) 11:38:46 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) getpid() sched_setattr(0x0, 0x0, 0x0) r0 = open(&(0x7f0000000040)='./bus\x00', 0x8001141042, 0x0) write(r0, &(0x7f0000000000)="b6", 0xfffffe7e) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000000340), 0x41395527) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000480)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x0, 0x0) 11:38:46 executing program 1: socket$nl_xfrm(0x10, 0x3, 0x6) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x0, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x20}, 0x0) write(0xffffffffffffffff, &(0x7f0000000000)="b6", 0xfffffe7e) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000480)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x0, 0x0) 11:38:46 executing program 1: socket$nl_xfrm(0x10, 0x3, 0x6) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x20}, 0x0) write(0xffffffffffffffff, &(0x7f0000000000)="b6", 0xfffffe7e) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000480)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x0, 0x0) 11:38:46 executing program 0: r0 = getpid() r1 = openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) lseek(r1, 0x1, 0x0) sched_setscheduler(r0, 0x5, &(0x7f0000000380)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, &(0x7f0000000200)='/dev/vsock\x00', 0x0, 0x0) poll(0x0, 0x0, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, 0x0) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000380)={[0x0, 0xf0, 0xfffffffffffffffc, 0x1, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) 11:38:47 executing program 3: socket$nl_xfrm(0x10, 0x3, 0x6) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x20}, 0x0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x8001141042, 0x0) add_key$user(0x0, &(0x7f0000000040)={'syz', 0x0}, &(0x7f0000000280)='f', 0x1, 0xfffffffffffffffd) request_key(0x0, &(0x7f0000000180)={'syz', 0x0}, 0x0, 0x0) write(r1, &(0x7f0000000000)="b6", 0xfffffe7e) pipe(&(0x7f00000001c0)={0xffffffffffffffff}) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) ioctl$TCSETXW(0xffffffffffffffff, 0x5435, &(0x7f00000000c0)={0x0, 0x0, [0x0, 0x0, 0x6, 0x2], 0x8}) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000480)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x0, 0x0) 11:38:47 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) getpid() sched_setattr(0x0, 0x0, 0x0) r0 = open(&(0x7f0000000040)='./bus\x00', 0x8001141042, 0x0) write(r0, &(0x7f0000000000)="b6", 0xfffffe7e) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, 0x0, 0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000480)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x0, 0x0) 11:38:47 executing program 0: r0 = getpid() r1 = openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) lseek(r1, 0x1, 0x0) sched_setscheduler(r0, 0x5, &(0x7f0000000380)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, &(0x7f0000000200)='/dev/vsock\x00', 0x0, 0x0) poll(0x0, 0x0, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f0000000380)={[0x0, 0xf0, 0xfffffffffffffffc, 0x1, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) 11:38:47 executing program 4: lseek(0xffffffffffffffff, 0x1, 0x0) sched_setscheduler(0x0, 0x5, &(0x7f0000000380)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0x0, 0xf0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 11:38:47 executing program 1: socket$nl_xfrm(0x10, 0x3, 0x6) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x20}, 0x0) write(0xffffffffffffffff, &(0x7f0000000000)="b6", 0xfffffe7e) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000480)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x0, 0x0) 11:38:47 executing program 2: r0 = getpid() r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/schedstat\x00', 0x0, 0x0) lseek(r1, 0x1, 0x0) sendmsg$NFNL_MSG_CTHELPER_NEW(r1, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000080)={&(0x7f0000000240)={0x4c, 0x0, 0x9, 0x3, 0x0, 0x0, {0x0, 0x0, 0x8}, [@NFCTH_NAME={0x9, 0x1, 'syz0\x00'}, @NFCTH_NAME={0x9, 0x1, 'syz0\x00'}, @NFCTH_STATUS={0x8}, @NFCTH_TUPLE={0xc, 0x2, [@CTA_TUPLE_ZONE={0x6}]}, @NFCTH_NAME={0x9, 0x1, 'syz0\x00'}]}, 0x4c}}, 0x8011) sched_setscheduler(r0, 0x5, &(0x7f0000000380)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, &(0x7f0000000200)='/dev/vsock\x00', 0x0, 0x0) socket$pptp(0x18, 0x1, 0x2) openat$sequencer(0xffffffffffffff9c, 0x0, 0x801, 0x0) inotify_init1(0x0) poll(0x0, 0x0, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer\x00', 0x801, 0x0) syz_open_dev$vivid(&(0x7f0000000540)='/dev/video#\x00', 0x0, 0x2) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000380)={[0x0, 0xf0, 0xfffffffffffffffc, 0x1, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r4, 0xae80, 0x0) 11:38:48 executing program 0: r0 = getpid() r1 = openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) lseek(r1, 0x1, 0x0) sched_setscheduler(r0, 0x5, &(0x7f0000000380)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, &(0x7f0000000200)='/dev/vsock\x00', 0x0, 0x0) poll(0x0, 0x0, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f0000000380)={[0x0, 0xf0, 0xfffffffffffffffc, 0x1, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) 11:38:48 executing program 1: socket$nl_xfrm(0x10, 0x3, 0x6) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x20}, 0x0) write(0xffffffffffffffff, &(0x7f0000000000)="b6", 0xfffffe7e) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000480)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x0, 0x0) 11:38:48 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) getpid() sched_setattr(0x0, 0x0, 0x0) r0 = open(&(0x7f0000000040)='./bus\x00', 0x8001141042, 0x0) write(r0, &(0x7f0000000000)="b6", 0xfffffe7e) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, 0x0, 0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000480)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x0, 0x0) 11:38:48 executing program 3: socket$nl_xfrm(0x10, 0x3, 0x6) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x20}, 0x0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x8001141042, 0x0) add_key$user(0x0, &(0x7f0000000040)={'syz', 0x0}, &(0x7f0000000280)='f', 0x1, 0xfffffffffffffffd) request_key(0x0, &(0x7f0000000180)={'syz', 0x0}, 0x0, 0x0) write(r1, &(0x7f0000000000)="b6", 0xfffffe7e) pipe(&(0x7f00000001c0)={0xffffffffffffffff}) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) ioctl$TCSETXW(0xffffffffffffffff, 0x5435, &(0x7f00000000c0)={0x0, 0x0, [0x0, 0x0, 0x6, 0x2], 0x8}) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000480)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x0, 0x0) 11:38:48 executing program 0: r0 = getpid() r1 = openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) lseek(r1, 0x1, 0x0) sched_setscheduler(r0, 0x5, &(0x7f0000000380)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, &(0x7f0000000200)='/dev/vsock\x00', 0x0, 0x0) poll(0x0, 0x0, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f0000000380)={[0x0, 0xf0, 0xfffffffffffffffc, 0x1, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) 11:38:48 executing program 4: socket$nl_xfrm(0x10, 0x3, 0x6) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x20}, 0x0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x8001141042, 0x0) add_key$user(0x0, &(0x7f0000000040)={'syz', 0x0}, &(0x7f0000000280)='f', 0x1, 0xfffffffffffffffd) keyctl$clear(0x7, 0x0) request_key(0x0, &(0x7f0000000180)={'syz', 0x0}, 0x0, 0x0) write(r1, &(0x7f0000000000)="b6", 0xfffffe7e) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0) dup3(r4, r5, 0x0) ioctl$TCSETXW(0xffffffffffffffff, 0x5435, &(0x7f00000000c0)={0x0, 0x0, [0x0, 0x0, 0x6, 0x2], 0x8}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) setsockopt$netlink_NETLINK_LISTEN_ALL_NSID(0xffffffffffffffff, 0x10e, 0x8, 0x0, 0x0) r6 = syz_open_dev$evdev(&(0x7f000004a000)='/dev/input/event#\x00', 0x0, 0x0) ioctl$EVIOCGMASK(r6, 0x80104592, 0x0) r7 = syz_open_dev$evdev(&(0x7f000004a000)='/dev/input/event#\x00', 0x0, 0x0) dup3(r6, r7, 0x0) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000480)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x0, 0x0) 11:38:49 executing program 1: socket$nl_xfrm(0x10, 0x3, 0x6) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) getpid() sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x20}, 0x0) write(0xffffffffffffffff, &(0x7f0000000000)="b6", 0xfffffe7e) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000000340), 0x41395527) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000480)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x0, 0x0) 11:38:49 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) getpid() sched_setattr(0x0, 0x0, 0x0) r0 = open(&(0x7f0000000040)='./bus\x00', 0x8001141042, 0x0) write(r0, &(0x7f0000000000)="b6", 0xfffffe7e) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, 0x0, 0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000480)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x0, 0x0) 11:38:49 executing program 4: r0 = getpid() r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/schedstat\x00', 0x0, 0x0) lseek(r1, 0x1, 0x0) sendmsg$NFNL_MSG_CTHELPER_NEW(r1, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000080)={&(0x7f0000000240)={0x4c, 0x0, 0x9, 0x3, 0x0, 0x0, {0x0, 0x0, 0x8}, [@NFCTH_NAME={0x9, 0x1, 'syz0\x00'}, @NFCTH_NAME={0x9, 0x1, 'syz0\x00'}, @NFCTH_STATUS={0x8}, @NFCTH_TUPLE={0xc, 0x2, [@CTA_TUPLE_ZONE={0x6}]}, @NFCTH_NAME={0x9, 0x1, 'syz0\x00'}]}, 0x4c}}, 0x8011) sched_setscheduler(r0, 0x5, &(0x7f0000000380)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, &(0x7f0000000200)='/dev/vsock\x00', 0x0, 0x0) socket$pptp(0x18, 0x1, 0x2) openat$sequencer(0xffffffffffffff9c, 0x0, 0x801, 0x0) inotify_init1(0x0) poll(0x0, 0x0, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer\x00', 0x801, 0x0) syz_open_dev$vivid(&(0x7f0000000540)='/dev/video#\x00', 0x0, 0x2) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000380)={[0x0, 0xf0, 0xfffffffffffffffc, 0x1, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) 11:38:49 executing program 2: r0 = getpid() r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/schedstat\x00', 0x0, 0x0) lseek(r1, 0x1, 0x0) sendmsg$NFNL_MSG_CTHELPER_NEW(r1, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000080)={&(0x7f0000000240)={0x4c, 0x0, 0x9, 0x3, 0x0, 0x0, {0x0, 0x0, 0x8}, [@NFCTH_NAME={0x9, 0x1, 'syz0\x00'}, @NFCTH_NAME={0x9, 0x1, 'syz0\x00'}, @NFCTH_STATUS={0x8}, @NFCTH_TUPLE={0xc, 0x2, [@CTA_TUPLE_ZONE={0x6}]}, @NFCTH_NAME={0x9, 0x1, 'syz0\x00'}]}, 0x4c}}, 0x8011) sched_setscheduler(r0, 0x5, &(0x7f0000000380)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, &(0x7f0000000200)='/dev/vsock\x00', 0x0, 0x0) socket$pptp(0x18, 0x1, 0x2) openat$sequencer(0xffffffffffffff9c, 0x0, 0x801, 0x0) inotify_init1(0x0) poll(0x0, 0x0, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer\x00', 0x801, 0x0) syz_open_dev$vivid(&(0x7f0000000540)='/dev/video#\x00', 0x0, 0x2) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000380)={[0x0, 0xf0, 0xfffffffffffffffc, 0x1, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r4, 0xae80, 0x0) 11:38:49 executing program 3: socket$nl_xfrm(0x10, 0x3, 0x6) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x20}, 0x0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x8001141042, 0x0) keyctl$clear(0x7, 0x0) request_key(0x0, &(0x7f0000000180)={'syz', 0x0}, 0x0, 0x0) write(r1, &(0x7f0000000000)="b6", 0xfffffe7e) pipe(&(0x7f00000001c0)={0xffffffffffffffff}) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) ioctl$TCSETXW(0xffffffffffffffff, 0x5435, &(0x7f00000000c0)={0x0, 0x0, [0x0, 0x0, 0x6, 0x2], 0x8}) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000480)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x0, 0x0) 11:38:49 executing program 1: socket$nl_xfrm(0x10, 0x3, 0x6) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) getpid() sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x20}, 0x0) write(0xffffffffffffffff, &(0x7f0000000000)="b6", 0xfffffe7e) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000000340), 0x41395527) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000480)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x0, 0x0) 11:38:50 executing program 1: socket$nl_xfrm(0x10, 0x3, 0x6) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) getpid() sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x20}, 0x0) write(0xffffffffffffffff, &(0x7f0000000000)="b6", 0xfffffe7e) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000000340), 0x41395527) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000480)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x0, 0x0) 11:38:50 executing program 0: r0 = getpid() r1 = openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) lseek(r1, 0x1, 0x0) sched_setscheduler(r0, 0x5, &(0x7f0000000380)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, &(0x7f0000000200)='/dev/vsock\x00', 0x0, 0x0) poll(0x0, 0x0, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) 11:38:50 executing program 2: r0 = getpid() r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/schedstat\x00', 0x0, 0x0) lseek(r1, 0x1, 0x0) sendmsg$NFNL_MSG_CTHELPER_NEW(r1, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000080)={&(0x7f0000000240)={0x4c, 0x0, 0x9, 0x3, 0x0, 0x0, {0x0, 0x0, 0x8}, [@NFCTH_NAME={0x9, 0x1, 'syz0\x00'}, @NFCTH_NAME={0x9, 0x1, 'syz0\x00'}, @NFCTH_STATUS={0x8}, @NFCTH_TUPLE={0xc, 0x2, [@CTA_TUPLE_ZONE={0x6}]}, @NFCTH_NAME={0x9, 0x1, 'syz0\x00'}]}, 0x4c}}, 0x8011) sched_setscheduler(r0, 0x5, &(0x7f0000000380)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, &(0x7f0000000200)='/dev/vsock\x00', 0x0, 0x0) socket$pptp(0x18, 0x1, 0x2) openat$sequencer(0xffffffffffffff9c, 0x0, 0x801, 0x0) inotify_init1(0x0) poll(0x0, 0x0, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer\x00', 0x801, 0x0) syz_open_dev$vivid(&(0x7f0000000540)='/dev/video#\x00', 0x0, 0x2) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) 11:38:50 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) getpid() sched_setattr(0x0, 0x0, 0x0) r0 = open(&(0x7f0000000040)='./bus\x00', 0x8001141042, 0x0) write(r0, &(0x7f0000000000)="b6", 0xfffffe7e) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000), 0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000480)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x0, 0x0) 11:38:51 executing program 1: socket$nl_xfrm(0x10, 0x3, 0x6) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, 0x0, 0x0) write(0xffffffffffffffff, &(0x7f0000000000)="b6", 0xfffffe7e) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000480)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x0, 0x0) 11:38:51 executing program 3: socket$nl_xfrm(0x10, 0x3, 0x6) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x20}, 0x0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x8001141042, 0x0) keyctl$clear(0x7, 0x0) request_key(0x0, &(0x7f0000000180)={'syz', 0x0}, 0x0, 0x0) write(r1, &(0x7f0000000000)="b6", 0xfffffe7e) pipe(&(0x7f00000001c0)={0xffffffffffffffff}) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) ioctl$TCSETXW(0xffffffffffffffff, 0x5435, &(0x7f00000000c0)={0x0, 0x0, [0x0, 0x0, 0x6, 0x2], 0x8}) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000480)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x0, 0x0) 11:38:51 executing program 0: r0 = getpid() r1 = openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) lseek(r1, 0x1, 0x0) sched_setscheduler(r0, 0x5, &(0x7f0000000380)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, &(0x7f0000000200)='/dev/vsock\x00', 0x0, 0x0) poll(0x0, 0x0, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) 11:38:51 executing program 1: socket$nl_xfrm(0x10, 0x3, 0x6) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, 0x0, 0x0) write(0xffffffffffffffff, &(0x7f0000000000)="b6", 0xfffffe7e) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000480)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x0, 0x0) 11:38:52 executing program 4: socket$nl_xfrm(0x10, 0x3, 0x6) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x20}, 0x0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x8001141042, 0x0) add_key$user(0x0, &(0x7f0000000040)={'syz', 0x0}, &(0x7f0000000280)='f', 0x1, 0xfffffffffffffffd) keyctl$clear(0x7, 0x0) request_key(0x0, &(0x7f0000000180)={'syz', 0x0}, 0x0, 0x0) write(r1, &(0x7f0000000000)="b6", 0xfffffe7e) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0) dup3(r4, r5, 0x0) ioctl$TCSETXW(0xffffffffffffffff, 0x5435, &(0x7f00000000c0)={0x0, 0x0, [0x0, 0x0, 0x6, 0x2], 0x8}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) setsockopt$netlink_NETLINK_LISTEN_ALL_NSID(0xffffffffffffffff, 0x10e, 0x8, 0x0, 0x0) r6 = syz_open_dev$evdev(&(0x7f000004a000)='/dev/input/event#\x00', 0x0, 0x0) ioctl$EVIOCGMASK(r6, 0x80104592, 0x0) r7 = syz_open_dev$evdev(&(0x7f000004a000)='/dev/input/event#\x00', 0x0, 0x0) dup3(r6, r7, 0x0) timer_create(0x2, &(0x7f0000000140)={0x0, 0x40, 0x4, @thr={&(0x7f0000000580)="40e8f4d944f7e1c1b2c4bdc97f652bb2dcf1673c6c9ba8eab8691f554c97198fcc104508eca9abf3fcd24578c5d93cec3acc8ece8ae818d8bd0a0a86c44aa0bd8ca6306afdabf2e503851b3e5ac7be555cf44b6d0cfeffa4ab9545007ba62022748a8728e8d27102b3882f39228b71b2380c68ae57e6d673d27e974e810a16a5c553e3af5a919e98a6a40be53a46eb6cb710f48237a8a415768454bee036e81272420b3d5acc92fcf005569e7245cdeaad5b49eba76819455c1b737d06e6c067904de37d0d235746cce497aab8ebe8302a533562d10a3c802bbc5209825d2f31aaa15d12a379ef1012bacb4ba58961e903b7553a54b09bb425a64116e3bc8b9fc622bf45b5baadb939c36cb288f85e62d177292c6f716473681e4ec1edec12cc615f3e62ffefc23dc7842e5966771af7d7eb73cbf6429e40987b99e1ca8e085edbc1364264b25872e952932083b9f0e6528d7fda4ed4f227255873016bd1df08cc71c4679023bf02ecf9f2431ca55d94d73dcdd1abc0df2c67cf78fecf1a72c027037719d1e2ae311ce75c9b0815bb0d5a727b8fc92e6684451cabef4b8417c83b13a73733f79644c2aaab8d30f7a0b2bad37f8f65557f947c862fed8c3622b57e537851116611907387aa533e85fcfadd88cc7ac85a1504f6e7a562a1d35a4ae4d4a06eb7c0f7f96fc7a256f7088da5dbfc6bb472750511928ff1496808b64baec9e4fcee20bfead008548c912a871c7e6483b271b46f323d212cd94f9c58fbd0ba0ea4a8d98f0a4bfc69cee96a474953dbfbc9bc67693c733a26d5c5773f5b941feca32adb1d8c9786d1ec30d188e3c582e94c41d2492eb055de51bd11d231ce4666c3d13095a4ece221f3669683bcf933ad3002380e786b0c4f3fda353529a41c45ba7b57b3dcfeac483dd80c06ac8cb5d20201eabb6c3b276e21e6a9d247b48bdc793bbb136a0a605b06b60ad973bd8781b335329b42d907aa27345019143c41fb6762d658331cacc05178fee85ac1e702cf37e7d9e30f0ad62c5e542ac24ec037270c67f2bba801cde0a98d40115bd957d8175cd66e7ec385828ce01affe7e73ac6800472f516e92e648f35f363a7f7b48c6507661c0644855a725292176a62e190d6c8fb3b16d4cce5c537cc834f051ddfaee55abbc79e05ec2b189cf1eab1ee9f42ab777cf63f86cc5e26604213e95a4153c68f4333d99db5a9bb704f0584c89f06ef8b82f21c0766491c73a3a9f873d53535a3fec33aa30fe07863e51b3796ad1fc475d5fc9a65b5b6f42d0c1517e83cfd19974b58988e12cce06be26ec3f737b4595da5becf48f1dad78f24d434652b4e2de338c37d62c6d79612a5e581ee11d7f534883ccc4ac6cd91e5f1520a12a7274203c00394aa906cebbe0f5e3900d3b2e519f5cb6ba6de4119628534c950005572ec38d853f11965c0557b2502118ad0aea098182951b67a2d92d5d266779f1c0098ee7c46d6bb9ab1ea71b71f48c6f27698d9a3b197c3df6e4c70a037ddaaeaebcdf123bc376eb81f82b158f074d4a0a6dec98369f4fdf4b9be77ee5565601448bc0a0ce888efd514710e0cf8e6496213b0604b87652fe030d8efb3883739547621c9a41ef65702a217445eb89c1bafc540effa2d088d7a27c1b6c0170052148901e910236f2a2df650c22c02bb12181ba62fd22a84bee455c3306557103809fd870dfa9c200502ad085e6b3bf7375be3d1cf1be471c85d5b520bd993b1f04ae56da0948b0c24fc02bb890e97c58dfedb1f016d4bd2829c73974bc5303b01be6e51551d398d8c871461171011438cbc69ddf6993359a7243e331203a6b646bc6cf17aa0c35185069442cf16ceced9767533b59b3c974fb9830cab58b9ef7fadcc5aa7e47addf6180a309a31d75fe911dda675f3f19ce0fbf831de8bafc98b3077145c8c08ec81dd0fb8a55f281ce664873dd3f43b4c1824c8781806c0854b51c82fb7a4d0e1d8817348435194180d024fb1389e7103bc8ecf2667497b974a000980078e001934a61619ac68aeb643fe8c06f82896efcd508d3864ac87440fd9a85ed90970e02e7a55a4c8b52df716289580792a020269227651b256de112d6dffe1950abff45141c0406d436f40d1b5c0ba6a3af941c2192a0fd0a1f6d4c2a79627779afb5e9f630755060fbc67ef5b1b131024652a68631738364b763c91b99fa2a074fbf9313e36e41993f2b88d3cf0f42d47ea891e16eb8594d92975f61c7935364a45cc033a78936ae5598da265c7c226138a581e0f7b8f656482d8b45bfd157fc9e40b01a0517457e09c39993ad1102d86ddbf67af70e48b0cd6c838e6fd76ba19cbf6e7ca0f392f384e8677c2e9a1d3683c94c146cee4e87a2e3e03f9cf41d5f4d5dfbcdc11817e57bd5038f0ded2037183fd0eee648e0802cd0fcb8bba9712e0b186c5e2c29b445c92d0a6228908a9606f9fc05e53445851ec674b8c495e24982059040c39baaf6af3fac0f3adefdcc2134c6f790376018443c2555bb7a9cb8da9236eb869ec3cd25c09ecdd4ec5faa11fba42f42638ba5e1ff571ede3280dac456b2d156c75a47142ad98758b6fbd85e5c3568c9042beac45e30273a99188b8530e8621d275932c9eb774d13b7ba2821dc86976d2c4589b205b4b11b71cdf5fa016e0327092a076a70e941e39f4aeb2238c2f40d46378fd97e3f6052b4cb0f0d763c5fbf23ffb5adab03fad1ab311f7b11ab06ad6bb92e928ce34441d91854d4532accc776915c0d91750e09f4535c791b6dab40eef0c2d204981af053b5f0c5e04db1da70aed301eb47352c98e8b4d2cc9aa8d5adaa105e1dd216f5240ad7a42472134a79796ec6af96a9b3e81fc969bdde8d432a1042b023dfaca73b57ddcdb47f38593afdfb03b87c0e261afd1617d7774fbf1cd98c3176be2943c27cf6a824d359798efede855351e066d5c5310aeae8da4661fcc8383701a985720797d7a370516ccfe852eed1798c22e13cb82fa1627b030a2168a01615f0af9b2159ee0bc2b70ccd8d3150210b66624c740448a087af86ba7dd16b239c834c0da68aaab54ca6525edf76ab6251fe7fa58939a7af57ab181861924d0d1ccb8e351fd56c3b45529fe41a0ec76cb34fc0643a410a66442275cddcd98988e734ef61e0e19d293562b2965d0a867b98352c032c13dcbc5b44b023216c4f9579a71c983a857441393bac78a13f08c59a00b1126a9ea0f048eef189012c42b6df339dc1475d27557b9f956b0f8c27b3a2ed99d772700d9ea3657149bb1adbf06127b79748f82e842593697362a2a94bd8e6c9de6883e0a42ac89dcf141d94fa1c2676592f57369b3bbc75f1689bf7d4463c88733e28cc9e9b0088dce83c9f042734f6cf9a175a668ce919d6d757394ee3fadd0f354345823b052a98636f20b74fd998f327485afb81de66d101820c44bae54a37e5f4d6d02e05ba8e49a3d4db998c8788211e6a900164c2614b3b7dc44a2073485d31a1f2d2b28ed56dcc147c1dceb18e6a345268797b3bafc5375a62cadad42a5d131a601d32b8fa162678b5dbfae9f702399a091c1a68afd8cf1743805b524da7a5a72f47e6a755a733cbfc09ebd9c9674ee1dbcd105592e50ecdc7c4e937e11db0788500cc7e862de180bfdea3415fd848505b507dd6102cccf613359dc0a05c2bc4b92d0b411393b0b08b52de0ad4b60cb852b77532072ddabd3b93c01e9622890515188ed6863418cfd780ed77e050fbed4bd6f43b76c7ebe50b124d5fe3d5b1eed1a64c05e35308cdf76837bd59f5ed6828ebb4941966e8c28297a6bf6e24222343c5c84063a939b90dee305751dfcd9857318ad592d128755e67cc7dc44050bfcd1b147ee3d9fb4193b4f9cba4a23b4d74a9ef701c16cdfd1fd2801b3592b2d4da17f035a971306ae6f606e87aa4f7c867167f918870b198dab44b906320b9d8e1a43422da3215cc240f1e80622313e0fc71d7cab1646e907f3bca40041a71a535fe32de226c6e97a50ca45b18d2bad9adf7b362db80b45d28e50aa67d63a504bba00090f78c6c527fca42260b35d06cfdf4d973e242ac765a8c13e06563570d0131b90e432370919c6f319165f349de80b4ade9d6025bdc62c52ac4fa506e9a80a1483de691a3dc5632c9e498ebf43604650fbf68960c44a6de320615dde68192e17973a8370be2eeb91dffdeb56acd6ef03bb9a8ff910dff3a76b3858a9c5c3357ba67bddf603c9c835e8c07eb9ab73cb624eb464b133a258e91f8f0e7e7cd7889c477e37b37853cf96b73327dfdae56b88ed1373b7d7525dc404ece7f8bd7f67cc0fddb3c459d22674bd3c1818b49ea5666957e05bfea16547256dd93d506b3af00bd388d78dabe4dfd58ba486cda2ea129d29369c6d1528fd0dea83bfd1af6e0a0bd7902097a3923def1b8a6fdae20c608b069c693afe2cb1c9fddb0dcffb4e49c2f2b261e98803665dd57a45522ca11974be341e14856859722af166bdedf5d333407c7931bab16067a9d32b0b9eb0e77686ab397b711f3f36a40c4a0bd631fa62343194687a784e906bc229639491823709182e43776aed7b42267ca7fd5edd6c1fdc1bf789eeca257048177e8332793313fa9b46b4ee9d34251c9ca6c5d78bc184e5f191aa25d4bfbfede5010a92d1deddecc4dca2ce3a8c99764a131742f08e27a70e47b535623921e8c17d309814263cf03a193f4eed50014123148550ed55a7f695753af001016f918d149b0a32f1cc3f67a98bd3e6922eb6d2d46f21ee6d353c3d4bdc769685b83a00454316672392e3a9ad42e84c44212628fef5254e8e2f28f92c7aef14b7eb2e191c9719caf5d8399b69dc45a8679e7c9598b210cefc9b841d996450ad0bff559f009c692b00eb4cc14cc00a5cc83de32476c59ebaf7ee4c7060771542a0e901131aea23c839875ef9fa113bb655e7a132f977af2166694122470a6a8303da76c465b2473c7bcc4599e223db9a19cb7631bf8897b6589c2d3861aae18ce7c3e55ffded16d3814ae4aa3cfe8d46351d9e56fe2f212a0c624daaf2c734ae3878f02220031bfe8a1d21b8ee3b5ca09b91cbae84b3ac3e900333f304e27437aecebbed97dfe89fa2ba592a37cd24109110ee0e659c3751b02880b8bb78228a1aba0d91b740f70e02e0ec138fa8a07b836cb1f77fac0f2544d6573c7cd3b6a5885c39dac7a45b8fa56f8b279a92c2158291297e855787249e7eb0c7474ebb1a330b25493783c4adf83237f133c1625d988ebe274f6fa67503900ce365defdf97753adbe0783262ac19358876f8c28df3f7bf7d00e6834e6bbebe84881fe77998bd02cf45e9a9124df9b8855a7b063ddaef54133b25b857a7df746775493844244edf682cf70700e3c03d6a9a980e91830f30df1362ee87808b3df4d25b44d1eb2f84602ea8fb25933259091225db5aff05ef497207fe1871e67391841dc068211e3a84932b72cdf528b9f79a8f37fa95dca6b61b36e6ba92388abead45da2e3d07ff5ef18f76e162e9ded5c5a89b3ae24900521a9fa308536a9ee34c9c50bda9c6c2d2f2817c135623410717bcac106a6ca7f4e601791b1379c0400618b94c485141e3e198f8978f1dee659521a344e49eaddf9b8597231e3357083ceaa57e715d28e036b65d6c907e739b9254d2a411a9d7bacb32cd2b559e98d85015fa1e0cb6d95136728332abff4875224c6a6df380765c5a66e688dbf63b921baf85d6fdc049542cf1b878566c9b992375ef04c8027126d486e2a67fc89743621bec38a02310627dc59f7210067acda", &(0x7f0000000200)="a305532a3f7999b119c37547d89b8de1b9896622594a68bb5c5463001c3c1d77204d881568d2c96d847c80c30024897f676c422a684fc941edf40832e8e962a3d7006ed5f41f3a217b787c48e0248f37eb2614b32525c5f8bba35762dd6f2665a66b671bb1e2d4565239"}}, &(0x7f00000002c0)) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000480)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x0, 0x0) 11:38:52 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) getpid() sched_setattr(0x0, 0x0, 0x0) r0 = open(&(0x7f0000000040)='./bus\x00', 0x8001141042, 0x0) write(r0, &(0x7f0000000000)="b6", 0xfffffe7e) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000), 0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000480)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x0, 0x0) 11:38:52 executing program 0: r0 = getpid() r1 = openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) lseek(r1, 0x1, 0x0) sched_setscheduler(r0, 0x5, &(0x7f0000000380)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, &(0x7f0000000200)='/dev/vsock\x00', 0x0, 0x0) poll(0x0, 0x0, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) 11:38:52 executing program 2: r0 = getpid() r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/schedstat\x00', 0x0, 0x0) lseek(r1, 0x1, 0x0) sendmsg$NFNL_MSG_CTHELPER_NEW(r1, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000080)={&(0x7f0000000240)={0x4c, 0x0, 0x9, 0x3, 0x0, 0x0, {0x0, 0x0, 0x8}, [@NFCTH_NAME={0x9, 0x1, 'syz0\x00'}, @NFCTH_NAME={0x9, 0x1, 'syz0\x00'}, @NFCTH_STATUS={0x8}, @NFCTH_TUPLE={0xc, 0x2, [@CTA_TUPLE_ZONE={0x6}]}, @NFCTH_NAME={0x9, 0x1, 'syz0\x00'}]}, 0x4c}}, 0x8011) sched_setscheduler(r0, 0x5, &(0x7f0000000380)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, &(0x7f0000000200)='/dev/vsock\x00', 0x0, 0x0) socket$pptp(0x18, 0x1, 0x2) openat$sequencer(0xffffffffffffff9c, 0x0, 0x801, 0x0) inotify_init1(0x0) poll(0x0, 0x0, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer\x00', 0x801, 0x0) syz_open_dev$vivid(&(0x7f0000000540)='/dev/video#\x00', 0x0, 0x2) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) 11:38:52 executing program 1: socket$nl_xfrm(0x10, 0x3, 0x6) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, 0x0, 0x0) write(0xffffffffffffffff, &(0x7f0000000000)="b6", 0xfffffe7e) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000480)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x0, 0x0) 11:38:52 executing program 3: socket$nl_xfrm(0x10, 0x3, 0x6) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x20}, 0x0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x8001141042, 0x0) keyctl$clear(0x7, 0x0) request_key(0x0, &(0x7f0000000180)={'syz', 0x0}, 0x0, 0x0) write(r1, &(0x7f0000000000)="b6", 0xfffffe7e) pipe(&(0x7f00000001c0)={0xffffffffffffffff}) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) ioctl$TCSETXW(0xffffffffffffffff, 0x5435, &(0x7f00000000c0)={0x0, 0x0, [0x0, 0x0, 0x6, 0x2], 0x8}) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000480)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x0, 0x0) 11:38:53 executing program 1: socket$nl_xfrm(0x10, 0x3, 0x6) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x20}, 0x0) write(0xffffffffffffffff, &(0x7f0000000000)="b6", 0xfffffe7e) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000480)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x0, 0x0) 11:38:53 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) getpid() sched_setattr(0x0, 0x0, 0x0) r0 = open(&(0x7f0000000040)='./bus\x00', 0x8001141042, 0x0) write(r0, &(0x7f0000000000)="b6", 0xfffffe7e) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000), 0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000480)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x0, 0x0) 11:38:53 executing program 4: socket$nl_xfrm(0x10, 0x3, 0x6) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x20}, 0x0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x8001141042, 0x0) add_key$user(0x0, &(0x7f0000000040)={'syz', 0x0}, &(0x7f0000000280)='f', 0x1, 0xfffffffffffffffd) keyctl$clear(0x7, 0x0) request_key(0x0, &(0x7f0000000180)={'syz', 0x0}, 0x0, 0x0) write(r1, &(0x7f0000000000)="b6", 0xfffffe7e) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0) dup3(r4, r5, 0x0) ioctl$TCSETXW(0xffffffffffffffff, 0x5435, &(0x7f00000000c0)={0x0, 0x0, [0x0, 0x0, 0x6, 0x2], 0x8}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) setsockopt$netlink_NETLINK_LISTEN_ALL_NSID(0xffffffffffffffff, 0x10e, 0x8, 0x0, 0x0) r6 = syz_open_dev$evdev(&(0x7f000004a000)='/dev/input/event#\x00', 0x0, 0x0) ioctl$EVIOCGMASK(r6, 0x80104592, 0x0) r7 = syz_open_dev$evdev(&(0x7f000004a000)='/dev/input/event#\x00', 0x0, 0x0) dup3(r6, r7, 0x0) timer_create(0x2, &(0x7f0000000140)={0x0, 0x40, 0x4, @thr={&(0x7f0000000580)="40e8f4d944f7e1c1b2c4bdc97f652bb2dcf1673c6c9ba8eab8691f554c97198fcc104508eca9abf3fcd24578c5d93cec3acc8ece8ae818d8bd0a0a86c44aa0bd8ca6306afdabf2e503851b3e5ac7be555cf44b6d0cfeffa4ab9545007ba62022748a8728e8d27102b3882f39228b71b2380c68ae57e6d673d27e974e810a16a5c553e3af5a919e98a6a40be53a46eb6cb710f48237a8a415768454bee036e81272420b3d5acc92fcf005569e7245cdeaad5b49eba76819455c1b737d06e6c067904de37d0d235746cce497aab8ebe8302a533562d10a3c802bbc5209825d2f31aaa15d12a379ef1012bacb4ba58961e903b7553a54b09bb425a64116e3bc8b9fc622bf45b5baadb939c36cb288f85e62d177292c6f716473681e4ec1edec12cc615f3e62ffefc23dc7842e5966771af7d7eb73cbf6429e40987b99e1ca8e085edbc1364264b25872e952932083b9f0e6528d7fda4ed4f227255873016bd1df08cc71c4679023bf02ecf9f2431ca55d94d73dcdd1abc0df2c67cf78fecf1a72c027037719d1e2ae311ce75c9b0815bb0d5a727b8fc92e6684451cabef4b8417c83b13a73733f79644c2aaab8d30f7a0b2bad37f8f65557f947c862fed8c3622b57e537851116611907387aa533e85fcfadd88cc7ac85a1504f6e7a562a1d35a4ae4d4a06eb7c0f7f96fc7a256f7088da5dbfc6bb472750511928ff1496808b64baec9e4fcee20bfead008548c912a871c7e6483b271b46f323d212cd94f9c58fbd0ba0ea4a8d98f0a4bfc69cee96a474953dbfbc9bc67693c733a26d5c5773f5b941feca32adb1d8c9786d1ec30d188e3c582e94c41d2492eb055de51bd11d231ce4666c3d13095a4ece221f3669683bcf933ad3002380e786b0c4f3fda353529a41c45ba7b57b3dcfeac483dd80c06ac8cb5d20201eabb6c3b276e21e6a9d247b48bdc793bbb136a0a605b06b60ad973bd8781b335329b42d907aa27345019143c41fb6762d658331cacc05178fee85ac1e702cf37e7d9e30f0ad62c5e542ac24ec037270c67f2bba801cde0a98d40115bd957d8175cd66e7ec385828ce01affe7e73ac6800472f516e92e648f35f363a7f7b48c6507661c0644855a725292176a62e190d6c8fb3b16d4cce5c537cc834f051ddfaee55abbc79e05ec2b189cf1eab1ee9f42ab777cf63f86cc5e26604213e95a4153c68f4333d99db5a9bb704f0584c89f06ef8b82f21c0766491c73a3a9f873d53535a3fec33aa30fe07863e51b3796ad1fc475d5fc9a65b5b6f42d0c1517e83cfd19974b58988e12cce06be26ec3f737b4595da5becf48f1dad78f24d434652b4e2de338c37d62c6d79612a5e581ee11d7f534883ccc4ac6cd91e5f1520a12a7274203c00394aa906cebbe0f5e3900d3b2e519f5cb6ba6de4119628534c950005572ec38d853f11965c0557b2502118ad0aea098182951b67a2d92d5d266779f1c0098ee7c46d6bb9ab1ea71b71f48c6f27698d9a3b197c3df6e4c70a037ddaaeaebcdf123bc376eb81f82b158f074d4a0a6dec98369f4fdf4b9be77ee5565601448bc0a0ce888efd514710e0cf8e6496213b0604b87652fe030d8efb3883739547621c9a41ef65702a217445eb89c1bafc540effa2d088d7a27c1b6c0170052148901e910236f2a2df650c22c02bb12181ba62fd22a84bee455c3306557103809fd870dfa9c200502ad085e6b3bf7375be3d1cf1be471c85d5b520bd993b1f04ae56da0948b0c24fc02bb890e97c58dfedb1f016d4bd2829c73974bc5303b01be6e51551d398d8c871461171011438cbc69ddf6993359a7243e331203a6b646bc6cf17aa0c35185069442cf16ceced9767533b59b3c974fb9830cab58b9ef7fadcc5aa7e47addf6180a309a31d75fe911dda675f3f19ce0fbf831de8bafc98b3077145c8c08ec81dd0fb8a55f281ce664873dd3f43b4c1824c8781806c0854b51c82fb7a4d0e1d8817348435194180d024fb1389e7103bc8ecf2667497b974a000980078e001934a61619ac68aeb643fe8c06f82896efcd508d3864ac87440fd9a85ed90970e02e7a55a4c8b52df716289580792a020269227651b256de112d6dffe1950abff45141c0406d436f40d1b5c0ba6a3af941c2192a0fd0a1f6d4c2a79627779afb5e9f630755060fbc67ef5b1b131024652a68631738364b763c91b99fa2a074fbf9313e36e41993f2b88d3cf0f42d47ea891e16eb8594d92975f61c7935364a45cc033a78936ae5598da265c7c226138a581e0f7b8f656482d8b45bfd157fc9e40b01a0517457e09c39993ad1102d86ddbf67af70e48b0cd6c838e6fd76ba19cbf6e7ca0f392f384e8677c2e9a1d3683c94c146cee4e87a2e3e03f9cf41d5f4d5dfbcdc11817e57bd5038f0ded2037183fd0eee648e0802cd0fcb8bba9712e0b186c5e2c29b445c92d0a6228908a9606f9fc05e53445851ec674b8c495e24982059040c39baaf6af3fac0f3adefdcc2134c6f790376018443c2555bb7a9cb8da9236eb869ec3cd25c09ecdd4ec5faa11fba42f42638ba5e1ff571ede3280dac456b2d156c75a47142ad98758b6fbd85e5c3568c9042beac45e30273a99188b8530e8621d275932c9eb774d13b7ba2821dc86976d2c4589b205b4b11b71cdf5fa016e0327092a076a70e941e39f4aeb2238c2f40d46378fd97e3f6052b4cb0f0d763c5fbf23ffb5adab03fad1ab311f7b11ab06ad6bb92e928ce34441d91854d4532accc776915c0d91750e09f4535c791b6dab40eef0c2d204981af053b5f0c5e04db1da70aed301eb47352c98e8b4d2cc9aa8d5adaa105e1dd216f5240ad7a42472134a79796ec6af96a9b3e81fc969bdde8d432a1042b023dfaca73b57ddcdb47f38593afdfb03b87c0e261afd1617d7774fbf1cd98c3176be2943c27cf6a824d359798efede855351e066d5c5310aeae8da4661fcc8383701a985720797d7a370516ccfe852eed1798c22e13cb82fa1627b030a2168a01615f0af9b2159ee0bc2b70ccd8d3150210b66624c740448a087af86ba7dd16b239c834c0da68aaab54ca6525edf76ab6251fe7fa58939a7af57ab181861924d0d1ccb8e351fd56c3b45529fe41a0ec76cb34fc0643a410a66442275cddcd98988e734ef61e0e19d293562b2965d0a867b98352c032c13dcbc5b44b023216c4f9579a71c983a857441393bac78a13f08c59a00b1126a9ea0f048eef189012c42b6df339dc1475d27557b9f956b0f8c27b3a2ed99d772700d9ea3657149bb1adbf06127b79748f82e842593697362a2a94bd8e6c9de6883e0a42ac89dcf141d94fa1c2676592f57369b3bbc75f1689bf7d4463c88733e28cc9e9b0088dce83c9f042734f6cf9a175a668ce919d6d757394ee3fadd0f354345823b052a98636f20b74fd998f327485afb81de66d101820c44bae54a37e5f4d6d02e05ba8e49a3d4db998c8788211e6a900164c2614b3b7dc44a2073485d31a1f2d2b28ed56dcc147c1dceb18e6a345268797b3bafc5375a62cadad42a5d131a601d32b8fa162678b5dbfae9f702399a091c1a68afd8cf1743805b524da7a5a72f47e6a755a733cbfc09ebd9c9674ee1dbcd105592e50ecdc7c4e937e11db0788500cc7e862de180bfdea3415fd848505b507dd6102cccf613359dc0a05c2bc4b92d0b411393b0b08b52de0ad4b60cb852b77532072ddabd3b93c01e9622890515188ed6863418cfd780ed77e050fbed4bd6f43b76c7ebe50b124d5fe3d5b1eed1a64c05e35308cdf76837bd59f5ed6828ebb4941966e8c28297a6bf6e24222343c5c84063a939b90dee305751dfcd9857318ad592d128755e67cc7dc44050bfcd1b147ee3d9fb4193b4f9cba4a23b4d74a9ef701c16cdfd1fd2801b3592b2d4da17f035a971306ae6f606e87aa4f7c867167f918870b198dab44b906320b9d8e1a43422da3215cc240f1e80622313e0fc71d7cab1646e907f3bca40041a71a535fe32de226c6e97a50ca45b18d2bad9adf7b362db80b45d28e50aa67d63a504bba00090f78c6c527fca42260b35d06cfdf4d973e242ac765a8c13e06563570d0131b90e432370919c6f319165f349de80b4ade9d6025bdc62c52ac4fa506e9a80a1483de691a3dc5632c9e498ebf43604650fbf68960c44a6de320615dde68192e17973a8370be2eeb91dffdeb56acd6ef03bb9a8ff910dff3a76b3858a9c5c3357ba67bddf603c9c835e8c07eb9ab73cb624eb464b133a258e91f8f0e7e7cd7889c477e37b37853cf96b73327dfdae56b88ed1373b7d7525dc404ece7f8bd7f67cc0fddb3c459d22674bd3c1818b49ea5666957e05bfea16547256dd93d506b3af00bd388d78dabe4dfd58ba486cda2ea129d29369c6d1528fd0dea83bfd1af6e0a0bd7902097a3923def1b8a6fdae20c608b069c693afe2cb1c9fddb0dcffb4e49c2f2b261e98803665dd57a45522ca11974be341e14856859722af166bdedf5d333407c7931bab16067a9d32b0b9eb0e77686ab397b711f3f36a40c4a0bd631fa62343194687a784e906bc229639491823709182e43776aed7b42267ca7fd5edd6c1fdc1bf789eeca257048177e8332793313fa9b46b4ee9d34251c9ca6c5d78bc184e5f191aa25d4bfbfede5010a92d1deddecc4dca2ce3a8c99764a131742f08e27a70e47b535623921e8c17d309814263cf03a193f4eed50014123148550ed55a7f695753af001016f918d149b0a32f1cc3f67a98bd3e6922eb6d2d46f21ee6d353c3d4bdc769685b83a00454316672392e3a9ad42e84c44212628fef5254e8e2f28f92c7aef14b7eb2e191c9719caf5d8399b69dc45a8679e7c9598b210cefc9b841d996450ad0bff559f009c692b00eb4cc14cc00a5cc83de32476c59ebaf7ee4c7060771542a0e901131aea23c839875ef9fa113bb655e7a132f977af2166694122470a6a8303da76c465b2473c7bcc4599e223db9a19cb7631bf8897b6589c2d3861aae18ce7c3e55ffded16d3814ae4aa3cfe8d46351d9e56fe2f212a0c624daaf2c734ae3878f02220031bfe8a1d21b8ee3b5ca09b91cbae84b3ac3e900333f304e27437aecebbed97dfe89fa2ba592a37cd24109110ee0e659c3751b02880b8bb78228a1aba0d91b740f70e02e0ec138fa8a07b836cb1f77fac0f2544d6573c7cd3b6a5885c39dac7a45b8fa56f8b279a92c2158291297e855787249e7eb0c7474ebb1a330b25493783c4adf83237f133c1625d988ebe274f6fa67503900ce365defdf97753adbe0783262ac19358876f8c28df3f7bf7d00e6834e6bbebe84881fe77998bd02cf45e9a9124df9b8855a7b063ddaef54133b25b857a7df746775493844244edf682cf70700e3c03d6a9a980e91830f30df1362ee87808b3df4d25b44d1eb2f84602ea8fb25933259091225db5aff05ef497207fe1871e67391841dc068211e3a84932b72cdf528b9f79a8f37fa95dca6b61b36e6ba92388abead45da2e3d07ff5ef18f76e162e9ded5c5a89b3ae24900521a9fa308536a9ee34c9c50bda9c6c2d2f2817c135623410717bcac106a6ca7f4e601791b1379c0400618b94c485141e3e198f8978f1dee659521a344e49eaddf9b8597231e3357083ceaa57e715d28e036b65d6c907e739b9254d2a411a9d7bacb32cd2b559e98d85015fa1e0cb6d95136728332abff4875224c6a6df380765c5a66e688dbf63b921baf85d6fdc049542cf1b878566c9b992375ef04c8027126d486e2a67fc89743621bec38a02310627dc59f7210067acda", &(0x7f0000000200)="a305532a3f7999b119c37547d89b8de1b9896622594a68bb5c5463001c3c1d77204d881568d2c96d847c80c30024897f676c422a684fc941edf40832e8e962a3d7006ed5f41f3a217b787c48e0248f37eb2614b32525c5f8bba35762dd6f2665a66b671bb1e2d4565239"}}, &(0x7f00000002c0)) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000480)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x0, 0x0) 11:38:53 executing program 3: socket$nl_xfrm(0x10, 0x3, 0x6) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x20}, 0x0) add_key$user(0x0, &(0x7f0000000040)={'syz', 0x0}, &(0x7f0000000280)='f', 0x1, 0xfffffffffffffffd) keyctl$clear(0x7, 0x0) request_key(0x0, &(0x7f0000000180)={'syz', 0x0}, 0x0, 0x0) write(0xffffffffffffffff, &(0x7f0000000000)="b6", 0xfffffe7e) pipe(&(0x7f00000001c0)={0xffffffffffffffff}) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$TCSETXW(0xffffffffffffffff, 0x5435, &(0x7f00000000c0)={0x0, 0x0, [0x0, 0x0, 0x6, 0x2], 0x8}) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000480)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x0, 0x0) 11:38:54 executing program 1: socket$nl_xfrm(0x10, 0x3, 0x6) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x20}, 0x0) write(0xffffffffffffffff, &(0x7f0000000000)="b6", 0xfffffe7e) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000480)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x0, 0x0) 11:38:54 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) getpid() sched_setattr(0x0, 0x0, 0x0) r0 = open(&(0x7f0000000040)='./bus\x00', 0x8001141042, 0x0) write(r0, &(0x7f0000000000)="b6", 0xfffffe7e) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{0x0}], 0x1, 0x0) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000480)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x0, 0x0) 11:38:54 executing program 4: socket$nl_xfrm(0x10, 0x3, 0x6) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, 0x0, 0x0) write(0xffffffffffffffff, &(0x7f0000000000)="b6", 0xfffffe7e) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000480)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x0, 0x0) 11:38:54 executing program 1: socket$nl_xfrm(0x10, 0x3, 0x6) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x20}, 0x0) write(0xffffffffffffffff, &(0x7f0000000000)="b6", 0xfffffe7e) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000480)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x0, 0x0) 11:38:54 executing program 0: r0 = getpid() r1 = openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) lseek(r1, 0x1, 0x0) sched_setscheduler(r0, 0x5, &(0x7f0000000380)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, &(0x7f0000000200)='/dev/vsock\x00', 0x0, 0x0) poll(0x0, 0x0, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000380)={[0x0, 0xf0, 0xfffffffffffffffc, 0x1]}) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) 11:38:54 executing program 2: r0 = getpid() r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/schedstat\x00', 0x0, 0x0) lseek(r1, 0x1, 0x0) sendmsg$NFNL_MSG_CTHELPER_NEW(r1, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000080)={&(0x7f0000000240)={0x4c, 0x0, 0x9, 0x3, 0x0, 0x0, {0x0, 0x0, 0x8}, [@NFCTH_NAME={0x9, 0x1, 'syz0\x00'}, @NFCTH_NAME={0x9, 0x1, 'syz0\x00'}, @NFCTH_STATUS={0x8}, @NFCTH_TUPLE={0xc, 0x2, [@CTA_TUPLE_ZONE={0x6}]}, @NFCTH_NAME={0x9, 0x1, 'syz0\x00'}]}, 0x4c}}, 0x8011) sched_setscheduler(r0, 0x5, &(0x7f0000000380)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, &(0x7f0000000200)='/dev/vsock\x00', 0x0, 0x0) socket$pptp(0x18, 0x1, 0x2) openat$sequencer(0xffffffffffffff9c, 0x0, 0x801, 0x0) inotify_init1(0x0) poll(0x0, 0x0, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer\x00', 0x801, 0x0) syz_open_dev$vivid(&(0x7f0000000540)='/dev/video#\x00', 0x0, 0x2) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) 11:38:55 executing program 3: socket$nl_xfrm(0x10, 0x3, 0x6) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x20}, 0x0) add_key$user(0x0, &(0x7f0000000040)={'syz', 0x0}, &(0x7f0000000280)='f', 0x1, 0xfffffffffffffffd) keyctl$clear(0x7, 0x0) request_key(0x0, &(0x7f0000000180)={'syz', 0x0}, 0x0, 0x0) write(0xffffffffffffffff, &(0x7f0000000000)="b6", 0xfffffe7e) pipe(&(0x7f00000001c0)={0xffffffffffffffff}) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$TCSETXW(0xffffffffffffffff, 0x5435, &(0x7f00000000c0)={0x0, 0x0, [0x0, 0x0, 0x6, 0x2], 0x8}) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000480)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x0, 0x0) 11:38:55 executing program 1: socket$nl_xfrm(0x10, 0x3, 0x6) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20}, 0x0) write(0xffffffffffffffff, &(0x7f0000000000)="b6", 0xfffffe7e) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000480)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x0, 0x0) 11:38:55 executing program 0: r0 = getpid() r1 = openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) lseek(r1, 0x1, 0x0) sched_setscheduler(r0, 0x5, &(0x7f0000000380)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, &(0x7f0000000200)='/dev/vsock\x00', 0x0, 0x0) poll(0x0, 0x0, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000380)={[0x0, 0xf0, 0xfffffffffffffffc, 0x1]}) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) 11:38:55 executing program 4: r0 = getpid() r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/schedstat\x00', 0x0, 0x0) lseek(r1, 0x1, 0x0) sendmsg$NFNL_MSG_CTHELPER_NEW(r1, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000080)={&(0x7f0000000240)={0x4c, 0x0, 0x9, 0x3, 0x0, 0x0, {0x0, 0x0, 0x8}, [@NFCTH_NAME={0x9, 0x1, 'syz0\x00'}, @NFCTH_NAME={0x9, 0x1, 'syz0\x00'}, @NFCTH_STATUS={0x8}, @NFCTH_TUPLE={0xc, 0x2, [@CTA_TUPLE_ZONE={0x6}]}, @NFCTH_NAME={0x9, 0x1, 'syz0\x00'}]}, 0x4c}}, 0x8011) sched_setscheduler(r0, 0x5, &(0x7f0000000380)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, &(0x7f0000000200)='/dev/vsock\x00', 0x0, 0x0) socket$pptp(0x18, 0x1, 0x2) openat$sequencer(0xffffffffffffff9c, 0x0, 0x801, 0x0) inotify_init1(0x0) poll(0x0, 0x0, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer\x00', 0x801, 0x0) syz_open_dev$vivid(&(0x7f0000000540)='/dev/video#\x00', 0x0, 0x2) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) 11:38:55 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) getpid() sched_setattr(0x0, 0x0, 0x0) r0 = open(&(0x7f0000000040)='./bus\x00', 0x8001141042, 0x0) write(r0, &(0x7f0000000000)="b6", 0xfffffe7e) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{0x0}], 0x1, 0x0) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000480)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x0, 0x0) 11:38:55 executing program 1: socket$nl_xfrm(0x10, 0x3, 0x6) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20}, 0x0) write(0xffffffffffffffff, &(0x7f0000000000)="b6", 0xfffffe7e) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000480)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x0, 0x0) 11:38:56 executing program 0: r0 = getpid() r1 = openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) lseek(r1, 0x1, 0x0) sched_setscheduler(r0, 0x5, &(0x7f0000000380)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, &(0x7f0000000200)='/dev/vsock\x00', 0x0, 0x0) poll(0x0, 0x0, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000380)={[0x0, 0xf0, 0xfffffffffffffffc, 0x1]}) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) 11:38:56 executing program 3: socket$nl_xfrm(0x10, 0x3, 0x6) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x20}, 0x0) add_key$user(0x0, &(0x7f0000000040)={'syz', 0x0}, &(0x7f0000000280)='f', 0x1, 0xfffffffffffffffd) keyctl$clear(0x7, 0x0) request_key(0x0, &(0x7f0000000180)={'syz', 0x0}, 0x0, 0x0) write(0xffffffffffffffff, &(0x7f0000000000)="b6", 0xfffffe7e) pipe(&(0x7f00000001c0)={0xffffffffffffffff}) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$TCSETXW(0xffffffffffffffff, 0x5435, &(0x7f00000000c0)={0x0, 0x0, [0x0, 0x0, 0x6, 0x2], 0x8}) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000480)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x0, 0x0) 11:38:56 executing program 1: socket$nl_xfrm(0x10, 0x3, 0x6) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20}, 0x0) write(0xffffffffffffffff, &(0x7f0000000000)="b6", 0xfffffe7e) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000480)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x0, 0x0) 11:38:56 executing program 2: r0 = getpid() r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/schedstat\x00', 0x0, 0x0) lseek(r1, 0x1, 0x0) sendmsg$NFNL_MSG_CTHELPER_NEW(r1, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000080)={&(0x7f0000000240)={0x4c, 0x0, 0x9, 0x3, 0x0, 0x0, {0x0, 0x0, 0x8}, [@NFCTH_NAME={0x9, 0x1, 'syz0\x00'}, @NFCTH_NAME={0x9, 0x1, 'syz0\x00'}, @NFCTH_STATUS={0x8}, @NFCTH_TUPLE={0xc, 0x2, [@CTA_TUPLE_ZONE={0x6}]}, @NFCTH_NAME={0x9, 0x1, 'syz0\x00'}]}, 0x4c}}, 0x8011) sched_setscheduler(r0, 0x5, &(0x7f0000000380)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, &(0x7f0000000200)='/dev/vsock\x00', 0x0, 0x0) socket$pptp(0x18, 0x1, 0x2) openat$sequencer(0xffffffffffffff9c, 0x0, 0x801, 0x0) inotify_init1(0x0) poll(0x0, 0x0, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer\x00', 0x801, 0x0) syz_open_dev$vivid(&(0x7f0000000540)='/dev/video#\x00', 0x0, 0x2) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000380)={[0x0, 0xf0, 0xfffffffffffffffc, 0x1, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) 11:38:56 executing program 0: r0 = getpid() r1 = openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) lseek(r1, 0x1, 0x0) sched_setscheduler(r0, 0x5, &(0x7f0000000380)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, &(0x7f0000000200)='/dev/vsock\x00', 0x0, 0x0) poll(0x0, 0x0, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000380)={[0x0, 0xf0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) 11:38:56 executing program 4: r0 = getpid() r1 = openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) lseek(r1, 0x1, 0x0) sched_setscheduler(r0, 0x5, &(0x7f0000000380)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, &(0x7f0000000200)='/dev/vsock\x00', 0x0, 0x0) poll(0x0, 0x0, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) 11:38:56 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) getpid() sched_setattr(0x0, 0x0, 0x0) r0 = open(&(0x7f0000000040)='./bus\x00', 0x8001141042, 0x0) write(r0, &(0x7f0000000000)="b6", 0xfffffe7e) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{0x0}], 0x1, 0x0) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000480)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x0, 0x0) 11:38:56 executing program 1: socket$nl_xfrm(0x10, 0x3, 0x6) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) write(0xffffffffffffffff, &(0x7f0000000000)="b6", 0xfffffe7e) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000480)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x0, 0x0) 11:38:57 executing program 3: socket$nl_xfrm(0x10, 0x3, 0x6) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) getpid() r0 = open(&(0x7f0000000040)='./bus\x00', 0x8001141042, 0x0) add_key$user(0x0, &(0x7f0000000040)={'syz', 0x0}, &(0x7f0000000280)='f', 0x1, 0xfffffffffffffffd) keyctl$clear(0x7, 0x0) request_key(0x0, &(0x7f0000000180)={'syz', 0x0}, 0x0, 0x0) write(r0, &(0x7f0000000000)="b6", 0xfffffe7e) pipe(&(0x7f00000001c0)={0xffffffffffffffff}) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$TCSETXW(0xffffffffffffffff, 0x5435, &(0x7f00000000c0)={0x0, 0x0, [0x0, 0x0, 0x6, 0x2], 0x8}) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000480)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x0, 0x0) 11:38:57 executing program 4: r0 = getpid() r1 = openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) lseek(r1, 0x1, 0x0) sched_setscheduler(r0, 0x5, &(0x7f0000000380)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, &(0x7f0000000200)='/dev/vsock\x00', 0x0, 0x0) poll(0x0, 0x0, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) 11:38:57 executing program 2: r0 = getpid() r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/schedstat\x00', 0x0, 0x0) lseek(r1, 0x1, 0x0) sendmsg$NFNL_MSG_CTHELPER_NEW(r1, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000080)={&(0x7f0000000240)={0x4c, 0x0, 0x9, 0x3, 0x0, 0x0, {0x0, 0x0, 0x8}, [@NFCTH_NAME={0x9, 0x1, 'syz0\x00'}, @NFCTH_NAME={0x9, 0x1, 'syz0\x00'}, @NFCTH_STATUS={0x8}, @NFCTH_TUPLE={0xc, 0x2, [@CTA_TUPLE_ZONE={0x6}]}, @NFCTH_NAME={0x9, 0x1, 'syz0\x00'}]}, 0x4c}}, 0x8011) sched_setscheduler(r0, 0x5, &(0x7f0000000380)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, &(0x7f0000000200)='/dev/vsock\x00', 0x0, 0x0) socket$pptp(0x18, 0x1, 0x2) openat$sequencer(0xffffffffffffff9c, 0x0, 0x801, 0x0) inotify_init1(0x0) poll(0x0, 0x0, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer\x00', 0x801, 0x0) syz_open_dev$vivid(&(0x7f0000000540)='/dev/video#\x00', 0x0, 0x2) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000380)={[0x0, 0xf0, 0xfffffffffffffffc, 0x1, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) 11:38:57 executing program 1: socket$nl_xfrm(0x10, 0x3, 0x6) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) write(0xffffffffffffffff, &(0x7f0000000000)="b6", 0xfffffe7e) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000480)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x0, 0x0) 11:38:57 executing program 0: r0 = getpid() r1 = openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) lseek(r1, 0x1, 0x0) sched_setscheduler(r0, 0x5, &(0x7f0000000380)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, &(0x7f0000000200)='/dev/vsock\x00', 0x0, 0x0) poll(0x0, 0x0, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000380)={[0x0, 0xf0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) 11:38:57 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) getpid() sched_setattr(0x0, 0x0, 0x0) r0 = open(&(0x7f0000000040)='./bus\x00', 0x8001141042, 0x0) write(r0, &(0x7f0000000000)="b6", 0xfffffe7e) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) syz_mount_image$vfat(0x0, &(0x7f0000000480)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x0, 0x0) 11:38:57 executing program 4: socket$nl_xfrm(0x10, 0x3, 0x6) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x20}, 0x0) write(0xffffffffffffffff, &(0x7f0000000000)="b6", 0xfffffe7e) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000480)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x0, 0x0) 11:38:57 executing program 1: socket$nl_xfrm(0x10, 0x3, 0x6) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) write(0xffffffffffffffff, &(0x7f0000000000)="b6", 0xfffffe7e) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000480)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x0, 0x0) 11:38:58 executing program 3: socket$nl_xfrm(0x10, 0x3, 0x6) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) getpid() r0 = open(&(0x7f0000000040)='./bus\x00', 0x8001141042, 0x0) add_key$user(0x0, &(0x7f0000000040)={'syz', 0x0}, &(0x7f0000000280)='f', 0x1, 0xfffffffffffffffd) keyctl$clear(0x7, 0x0) request_key(0x0, &(0x7f0000000180)={'syz', 0x0}, 0x0, 0x0) write(r0, &(0x7f0000000000)="b6", 0xfffffe7e) pipe(&(0x7f00000001c0)={0xffffffffffffffff}) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$TCSETXW(0xffffffffffffffff, 0x5435, &(0x7f00000000c0)={0x0, 0x0, [0x0, 0x0, 0x6, 0x2], 0x8}) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000480)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x0, 0x0) 11:38:58 executing program 1: socket$nl_xfrm(0x10, 0x3, 0x6) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x20}, 0x0) write(0xffffffffffffffff, 0x0, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000480)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x0, 0x0) 11:38:58 executing program 4: socket$nl_xfrm(0x10, 0x3, 0x6) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x20}, 0x0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x8001141042, 0x0) add_key$user(0x0, &(0x7f0000000040)={'syz', 0x0}, &(0x7f0000000280)='f', 0x1, 0xfffffffffffffffd) keyctl$clear(0x7, 0x0) request_key(0x0, &(0x7f0000000180)={'syz', 0x0}, 0x0, 0x0) write(r1, &(0x7f0000000000)="b6", 0xfffffe7e) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0) dup3(r4, r5, 0x0) ioctl$TCSETXW(0xffffffffffffffff, 0x5435, &(0x7f00000000c0)={0x0, 0x0, [0x0, 0x0, 0x6, 0x2], 0x8}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) setsockopt$netlink_NETLINK_LISTEN_ALL_NSID(0xffffffffffffffff, 0x10e, 0x8, 0x0, 0x0) r6 = syz_open_dev$evdev(&(0x7f000004a000)='/dev/input/event#\x00', 0x0, 0x0) ioctl$EVIOCGMASK(r6, 0x80104592, 0x0) r7 = syz_open_dev$evdev(&(0x7f000004a000)='/dev/input/event#\x00', 0x0, 0x0) dup3(r6, r7, 0x0) timer_create(0x2, &(0x7f0000000140)={0x0, 0x40, 0x4, @thr={&(0x7f0000000580)="40e8f4d944f7e1c1b2c4bdc97f652bb2dcf1673c6c9ba8eab8691f554c97198fcc104508eca9abf3fcd24578c5d93cec3acc8ece8ae818d8bd0a0a86c44aa0bd8ca6306afdabf2e503851b3e5ac7be555cf44b6d0cfeffa4ab9545007ba62022748a8728e8d27102b3882f39228b71b2380c68ae57e6d673d27e974e810a16a5c553e3af5a919e98a6a40be53a46eb6cb710f48237a8a415768454bee036e81272420b3d5acc92fcf005569e7245cdeaad5b49eba76819455c1b737d06e6c067904de37d0d235746cce497aab8ebe8302a533562d10a3c802bbc5209825d2f31aaa15d12a379ef1012bacb4ba58961e903b7553a54b09bb425a64116e3bc8b9fc622bf45b5baadb939c36cb288f85e62d177292c6f716473681e4ec1edec12cc615f3e62ffefc23dc7842e5966771af7d7eb73cbf6429e40987b99e1ca8e085edbc1364264b25872e952932083b9f0e6528d7fda4ed4f227255873016bd1df08cc71c4679023bf02ecf9f2431ca55d94d73dcdd1abc0df2c67cf78fecf1a72c027037719d1e2ae311ce75c9b0815bb0d5a727b8fc92e6684451cabef4b8417c83b13a73733f79644c2aaab8d30f7a0b2bad37f8f65557f947c862fed8c3622b57e537851116611907387aa533e85fcfadd88cc7ac85a1504f6e7a562a1d35a4ae4d4a06eb7c0f7f96fc7a256f7088da5dbfc6bb472750511928ff1496808b64baec9e4fcee20bfead008548c912a871c7e6483b271b46f323d212cd94f9c58fbd0ba0ea4a8d98f0a4bfc69cee96a474953dbfbc9bc67693c733a26d5c5773f5b941feca32adb1d8c9786d1ec30d188e3c582e94c41d2492eb055de51bd11d231ce4666c3d13095a4ece221f3669683bcf933ad3002380e786b0c4f3fda353529a41c45ba7b57b3dcfeac483dd80c06ac8cb5d20201eabb6c3b276e21e6a9d247b48bdc793bbb136a0a605b06b60ad973bd8781b335329b42d907aa27345019143c41fb6762d658331cacc05178fee85ac1e702cf37e7d9e30f0ad62c5e542ac24ec037270c67f2bba801cde0a98d40115bd957d8175cd66e7ec385828ce01affe7e73ac6800472f516e92e648f35f363a7f7b48c6507661c0644855a725292176a62e190d6c8fb3b16d4cce5c537cc834f051ddfaee55abbc79e05ec2b189cf1eab1ee9f42ab777cf63f86cc5e26604213e95a4153c68f4333d99db5a9bb704f0584c89f06ef8b82f21c0766491c73a3a9f873d53535a3fec33aa30fe07863e51b3796ad1fc475d5fc9a65b5b6f42d0c1517e83cfd19974b58988e12cce06be26ec3f737b4595da5becf48f1dad78f24d434652b4e2de338c37d62c6d79612a5e581ee11d7f534883ccc4ac6cd91e5f1520a12a7274203c00394aa906cebbe0f5e3900d3b2e519f5cb6ba6de4119628534c950005572ec38d853f11965c0557b2502118ad0aea098182951b67a2d92d5d266779f1c0098ee7c46d6bb9ab1ea71b71f48c6f27698d9a3b197c3df6e4c70a037ddaaeaebcdf123bc376eb81f82b158f074d4a0a6dec98369f4fdf4b9be77ee5565601448bc0a0ce888efd514710e0cf8e6496213b0604b87652fe030d8efb3883739547621c9a41ef65702a217445eb89c1bafc540effa2d088d7a27c1b6c0170052148901e910236f2a2df650c22c02bb12181ba62fd22a84bee455c3306557103809fd870dfa9c200502ad085e6b3bf7375be3d1cf1be471c85d5b520bd993b1f04ae56da0948b0c24fc02bb890e97c58dfedb1f016d4bd2829c73974bc5303b01be6e51551d398d8c871461171011438cbc69ddf6993359a7243e331203a6b646bc6cf17aa0c35185069442cf16ceced9767533b59b3c974fb9830cab58b9ef7fadcc5aa7e47addf6180a309a31d75fe911dda675f3f19ce0fbf831de8bafc98b3077145c8c08ec81dd0fb8a55f281ce664873dd3f43b4c1824c8781806c0854b51c82fb7a4d0e1d8817348435194180d024fb1389e7103bc8ecf2667497b974a000980078e001934a61619ac68aeb643fe8c06f82896efcd508d3864ac87440fd9a85ed90970e02e7a55a4c8b52df716289580792a020269227651b256de112d6dffe1950abff45141c0406d436f40d1b5c0ba6a3af941c2192a0fd0a1f6d4c2a79627779afb5e9f630755060fbc67ef5b1b131024652a68631738364b763c91b99fa2a074fbf9313e36e41993f2b88d3cf0f42d47ea891e16eb8594d92975f61c7935364a45cc033a78936ae5598da265c7c226138a581e0f7b8f656482d8b45bfd157fc9e40b01a0517457e09c39993ad1102d86ddbf67af70e48b0cd6c838e6fd76ba19cbf6e7ca0f392f384e8677c2e9a1d3683c94c146cee4e87a2e3e03f9cf41d5f4d5dfbcdc11817e57bd5038f0ded2037183fd0eee648e0802cd0fcb8bba9712e0b186c5e2c29b445c92d0a6228908a9606f9fc05e53445851ec674b8c495e24982059040c39baaf6af3fac0f3adefdcc2134c6f790376018443c2555bb7a9cb8da9236eb869ec3cd25c09ecdd4ec5faa11fba42f42638ba5e1ff571ede3280dac456b2d156c75a47142ad98758b6fbd85e5c3568c9042beac45e30273a99188b8530e8621d275932c9eb774d13b7ba2821dc86976d2c4589b205b4b11b71cdf5fa016e0327092a076a70e941e39f4aeb2238c2f40d46378fd97e3f6052b4cb0f0d763c5fbf23ffb5adab03fad1ab311f7b11ab06ad6bb92e928ce34441d91854d4532accc776915c0d91750e09f4535c791b6dab40eef0c2d204981af053b5f0c5e04db1da70aed301eb47352c98e8b4d2cc9aa8d5adaa105e1dd216f5240ad7a42472134a79796ec6af96a9b3e81fc969bdde8d432a1042b023dfaca73b57ddcdb47f38593afdfb03b87c0e261afd1617d7774fbf1cd98c3176be2943c27cf6a824d359798efede855351e066d5c5310aeae8da4661fcc8383701a985720797d7a370516ccfe852eed1798c22e13cb82fa1627b030a2168a01615f0af9b2159ee0bc2b70ccd8d3150210b66624c740448a087af86ba7dd16b239c834c0da68aaab54ca6525edf76ab6251fe7fa58939a7af57ab181861924d0d1ccb8e351fd56c3b45529fe41a0ec76cb34fc0643a410a66442275cddcd98988e734ef61e0e19d293562b2965d0a867b98352c032c13dcbc5b44b023216c4f9579a71c983a857441393bac78a13f08c59a00b1126a9ea0f048eef189012c42b6df339dc1475d27557b9f956b0f8c27b3a2ed99d772700d9ea3657149bb1adbf06127b79748f82e842593697362a2a94bd8e6c9de6883e0a42ac89dcf141d94fa1c2676592f57369b3bbc75f1689bf7d4463c88733e28cc9e9b0088dce83c9f042734f6cf9a175a668ce919d6d757394ee3fadd0f354345823b052a98636f20b74fd998f327485afb81de66d101820c44bae54a37e5f4d6d02e05ba8e49a3d4db998c8788211e6a900164c2614b3b7dc44a2073485d31a1f2d2b28ed56dcc147c1dceb18e6a345268797b3bafc5375a62cadad42a5d131a601d32b8fa162678b5dbfae9f702399a091c1a68afd8cf1743805b524da7a5a72f47e6a755a733cbfc09ebd9c9674ee1dbcd105592e50ecdc7c4e937e11db0788500cc7e862de180bfdea3415fd848505b507dd6102cccf613359dc0a05c2bc4b92d0b411393b0b08b52de0ad4b60cb852b77532072ddabd3b93c01e9622890515188ed6863418cfd780ed77e050fbed4bd6f43b76c7ebe50b124d5fe3d5b1eed1a64c05e35308cdf76837bd59f5ed6828ebb4941966e8c28297a6bf6e24222343c5c84063a939b90dee305751dfcd9857318ad592d128755e67cc7dc44050bfcd1b147ee3d9fb4193b4f9cba4a23b4d74a9ef701c16cdfd1fd2801b3592b2d4da17f035a971306ae6f606e87aa4f7c867167f918870b198dab44b906320b9d8e1a43422da3215cc240f1e80622313e0fc71d7cab1646e907f3bca40041a71a535fe32de226c6e97a50ca45b18d2bad9adf7b362db80b45d28e50aa67d63a504bba00090f78c6c527fca42260b35d06cfdf4d973e242ac765a8c13e06563570d0131b90e432370919c6f319165f349de80b4ade9d6025bdc62c52ac4fa506e9a80a1483de691a3dc5632c9e498ebf43604650fbf68960c44a6de320615dde68192e17973a8370be2eeb91dffdeb56acd6ef03bb9a8ff910dff3a76b3858a9c5c3357ba67bddf603c9c835e8c07eb9ab73cb624eb464b133a258e91f8f0e7e7cd7889c477e37b37853cf96b73327dfdae56b88ed1373b7d7525dc404ece7f8bd7f67cc0fddb3c459d22674bd3c1818b49ea5666957e05bfea16547256dd93d506b3af00bd388d78dabe4dfd58ba486cda2ea129d29369c6d1528fd0dea83bfd1af6e0a0bd7902097a3923def1b8a6fdae20c608b069c693afe2cb1c9fddb0dcffb4e49c2f2b261e98803665dd57a45522ca11974be341e14856859722af166bdedf5d333407c7931bab16067a9d32b0b9eb0e77686ab397b711f3f36a40c4a0bd631fa62343194687a784e906bc229639491823709182e43776aed7b42267ca7fd5edd6c1fdc1bf789eeca257048177e8332793313fa9b46b4ee9d34251c9ca6c5d78bc184e5f191aa25d4bfbfede5010a92d1deddecc4dca2ce3a8c99764a131742f08e27a70e47b535623921e8c17d309814263cf03a193f4eed50014123148550ed55a7f695753af001016f918d149b0a32f1cc3f67a98bd3e6922eb6d2d46f21ee6d353c3d4bdc769685b83a00454316672392e3a9ad42e84c44212628fef5254e8e2f28f92c7aef14b7eb2e191c9719caf5d8399b69dc45a8679e7c9598b210cefc9b841d996450ad0bff559f009c692b00eb4cc14cc00a5cc83de32476c59ebaf7ee4c7060771542a0e901131aea23c839875ef9fa113bb655e7a132f977af2166694122470a6a8303da76c465b2473c7bcc4599e223db9a19cb7631bf8897b6589c2d3861aae18ce7c3e55ffded16d3814ae4aa3cfe8d46351d9e56fe2f212a0c624daaf2c734ae3878f02220031bfe8a1d21b8ee3b5ca09b91cbae84b3ac3e900333f304e27437aecebbed97dfe89fa2ba592a37cd24109110ee0e659c3751b02880b8bb78228a1aba0d91b740f70e02e0ec138fa8a07b836cb1f77fac0f2544d6573c7cd3b6a5885c39dac7a45b8fa56f8b279a92c2158291297e855787249e7eb0c7474ebb1a330b25493783c4adf83237f133c1625d988ebe274f6fa67503900ce365defdf97753adbe0783262ac19358876f8c28df3f7bf7d00e6834e6bbebe84881fe77998bd02cf45e9a9124df9b8855a7b063ddaef54133b25b857a7df746775493844244edf682cf70700e3c03d6a9a980e91830f30df1362ee87808b3df4d25b44d1eb2f84602ea8fb25933259091225db5aff05ef497207fe1871e67391841dc068211e3a84932b72cdf528b9f79a8f37fa95dca6b61b36e6ba92388abead45da2e3d07ff5ef18f76e162e9ded5c5a89b3ae24900521a9fa308536a9ee34c9c50bda9c6c2d2f2817c135623410717bcac106a6ca7f4e601791b1379c0400618b94c485141e3e198f8978f1dee659521a344e49eaddf9b8597231e3357083ceaa57e715d28e036b65d6c907e739b9254d2a411a9d7bacb32cd2b559e98d85015fa1e0cb6d95136728332abff4875224c6a6df380765c5a66e688dbf63b921baf85d6fdc049542cf1b878566c9b992375ef04c8027126d486e2a67fc89743621bec38a02310627dc59f7210067acda", &(0x7f0000000200)="a305532a3f7999b119c37547d89b8de1b9896622594a68bb5c5463001c3c1d77204d881568d2c96d847c80c30024897f676c422a684fc941edf40832e8e962a3d7006ed5f41f3a217b787c48e0248f37eb2614b32525c5f8bba35762dd6f2665a66b671bb1e2d4565239"}}, &(0x7f00000002c0)) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000480)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x0, 0x0) 11:38:58 executing program 1: socket$nl_xfrm(0x10, 0x3, 0x6) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x20}, 0x0) write(0xffffffffffffffff, 0x0, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000480)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x0, 0x0) 11:38:59 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) getpid() sched_setattr(0x0, 0x0, 0x0) r0 = open(&(0x7f0000000040)='./bus\x00', 0x8001141042, 0x0) write(r0, &(0x7f0000000000)="b6", 0xfffffe7e) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) syz_mount_image$vfat(0x0, &(0x7f0000000480)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x0, 0x0) 11:38:59 executing program 3: socket$nl_xfrm(0x10, 0x3, 0x6) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) getpid() r0 = open(&(0x7f0000000040)='./bus\x00', 0x8001141042, 0x0) add_key$user(0x0, &(0x7f0000000040)={'syz', 0x0}, &(0x7f0000000280)='f', 0x1, 0xfffffffffffffffd) keyctl$clear(0x7, 0x0) request_key(0x0, &(0x7f0000000180)={'syz', 0x0}, 0x0, 0x0) write(r0, &(0x7f0000000000)="b6", 0xfffffe7e) pipe(&(0x7f00000001c0)={0xffffffffffffffff}) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$TCSETXW(0xffffffffffffffff, 0x5435, &(0x7f00000000c0)={0x0, 0x0, [0x0, 0x0, 0x6, 0x2], 0x8}) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000480)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x0, 0x0) 11:38:59 executing program 1: socket$nl_xfrm(0x10, 0x3, 0x6) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x20}, 0x0) write(0xffffffffffffffff, 0x0, 0x0) pipe(0x0) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000480)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x0, 0x0) 11:38:59 executing program 2: r0 = getpid() r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/schedstat\x00', 0x0, 0x0) lseek(r1, 0x1, 0x0) sendmsg$NFNL_MSG_CTHELPER_NEW(r1, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000080)={&(0x7f0000000240)={0x4c, 0x0, 0x9, 0x3, 0x0, 0x0, {0x0, 0x0, 0x8}, [@NFCTH_NAME={0x9, 0x1, 'syz0\x00'}, @NFCTH_NAME={0x9, 0x1, 'syz0\x00'}, @NFCTH_STATUS={0x8}, @NFCTH_TUPLE={0xc, 0x2, [@CTA_TUPLE_ZONE={0x6}]}, @NFCTH_NAME={0x9, 0x1, 'syz0\x00'}]}, 0x4c}}, 0x8011) sched_setscheduler(r0, 0x5, &(0x7f0000000380)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, &(0x7f0000000200)='/dev/vsock\x00', 0x0, 0x0) socket$pptp(0x18, 0x1, 0x2) openat$sequencer(0xffffffffffffff9c, 0x0, 0x801, 0x0) inotify_init1(0x0) poll(0x0, 0x0, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer\x00', 0x801, 0x0) syz_open_dev$vivid(&(0x7f0000000540)='/dev/video#\x00', 0x0, 0x2) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000380)={[0x0, 0xf0, 0xfffffffffffffffc, 0x1, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) 11:38:59 executing program 0: r0 = getpid() r1 = openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) lseek(r1, 0x1, 0x0) sched_setscheduler(r0, 0x5, &(0x7f0000000380)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, &(0x7f0000000200)='/dev/vsock\x00', 0x0, 0x0) poll(0x0, 0x0, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000380)={[0x0, 0xf0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) 11:38:59 executing program 1: socket$nl_xfrm(0x10, 0x3, 0x6) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x20}, 0x0) write(0xffffffffffffffff, 0x0, 0x0) pipe(0x0) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000480)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x0, 0x0) 11:38:59 executing program 4: socket$nl_xfrm(0x10, 0x3, 0x6) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x20}, 0x0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x8001141042, 0x0) add_key$user(0x0, &(0x7f0000000040)={'syz', 0x0}, &(0x7f0000000280)='f', 0x1, 0xfffffffffffffffd) keyctl$clear(0x7, 0x0) request_key(0x0, &(0x7f0000000180)={'syz', 0x0}, 0x0, 0x0) write(r1, &(0x7f0000000000)="b6", 0xfffffe7e) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0) dup3(r4, r5, 0x0) ioctl$TCSETXW(0xffffffffffffffff, 0x5435, &(0x7f00000000c0)={0x0, 0x0, [0x0, 0x0, 0x6, 0x2], 0x8}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) setsockopt$netlink_NETLINK_LISTEN_ALL_NSID(0xffffffffffffffff, 0x10e, 0x8, 0x0, 0x0) r6 = syz_open_dev$evdev(&(0x7f000004a000)='/dev/input/event#\x00', 0x0, 0x0) ioctl$EVIOCGMASK(r6, 0x80104592, 0x0) r7 = syz_open_dev$evdev(&(0x7f000004a000)='/dev/input/event#\x00', 0x0, 0x0) dup3(r6, r7, 0x0) timer_create(0x2, &(0x7f0000000140)={0x0, 0x40, 0x4, @thr={&(0x7f0000000580)="40e8f4d944f7e1c1b2c4bdc97f652bb2dcf1673c6c9ba8eab8691f554c97198fcc104508eca9abf3fcd24578c5d93cec3acc8ece8ae818d8bd0a0a86c44aa0bd8ca6306afdabf2e503851b3e5ac7be555cf44b6d0cfeffa4ab9545007ba62022748a8728e8d27102b3882f39228b71b2380c68ae57e6d673d27e974e810a16a5c553e3af5a919e98a6a40be53a46eb6cb710f48237a8a415768454bee036e81272420b3d5acc92fcf005569e7245cdeaad5b49eba76819455c1b737d06e6c067904de37d0d235746cce497aab8ebe8302a533562d10a3c802bbc5209825d2f31aaa15d12a379ef1012bacb4ba58961e903b7553a54b09bb425a64116e3bc8b9fc622bf45b5baadb939c36cb288f85e62d177292c6f716473681e4ec1edec12cc615f3e62ffefc23dc7842e5966771af7d7eb73cbf6429e40987b99e1ca8e085edbc1364264b25872e952932083b9f0e6528d7fda4ed4f227255873016bd1df08cc71c4679023bf02ecf9f2431ca55d94d73dcdd1abc0df2c67cf78fecf1a72c027037719d1e2ae311ce75c9b0815bb0d5a727b8fc92e6684451cabef4b8417c83b13a73733f79644c2aaab8d30f7a0b2bad37f8f65557f947c862fed8c3622b57e537851116611907387aa533e85fcfadd88cc7ac85a1504f6e7a562a1d35a4ae4d4a06eb7c0f7f96fc7a256f7088da5dbfc6bb472750511928ff1496808b64baec9e4fcee20bfead008548c912a871c7e6483b271b46f323d212cd94f9c58fbd0ba0ea4a8d98f0a4bfc69cee96a474953dbfbc9bc67693c733a26d5c5773f5b941feca32adb1d8c9786d1ec30d188e3c582e94c41d2492eb055de51bd11d231ce4666c3d13095a4ece221f3669683bcf933ad3002380e786b0c4f3fda353529a41c45ba7b57b3dcfeac483dd80c06ac8cb5d20201eabb6c3b276e21e6a9d247b48bdc793bbb136a0a605b06b60ad973bd8781b335329b42d907aa27345019143c41fb6762d658331cacc05178fee85ac1e702cf37e7d9e30f0ad62c5e542ac24ec037270c67f2bba801cde0a98d40115bd957d8175cd66e7ec385828ce01affe7e73ac6800472f516e92e648f35f363a7f7b48c6507661c0644855a725292176a62e190d6c8fb3b16d4cce5c537cc834f051ddfaee55abbc79e05ec2b189cf1eab1ee9f42ab777cf63f86cc5e26604213e95a4153c68f4333d99db5a9bb704f0584c89f06ef8b82f21c0766491c73a3a9f873d53535a3fec33aa30fe07863e51b3796ad1fc475d5fc9a65b5b6f42d0c1517e83cfd19974b58988e12cce06be26ec3f737b4595da5becf48f1dad78f24d434652b4e2de338c37d62c6d79612a5e581ee11d7f534883ccc4ac6cd91e5f1520a12a7274203c00394aa906cebbe0f5e3900d3b2e519f5cb6ba6de4119628534c950005572ec38d853f11965c0557b2502118ad0aea098182951b67a2d92d5d266779f1c0098ee7c46d6bb9ab1ea71b71f48c6f27698d9a3b197c3df6e4c70a037ddaaeaebcdf123bc376eb81f82b158f074d4a0a6dec98369f4fdf4b9be77ee5565601448bc0a0ce888efd514710e0cf8e6496213b0604b87652fe030d8efb3883739547621c9a41ef65702a217445eb89c1bafc540effa2d088d7a27c1b6c0170052148901e910236f2a2df650c22c02bb12181ba62fd22a84bee455c3306557103809fd870dfa9c200502ad085e6b3bf7375be3d1cf1be471c85d5b520bd993b1f04ae56da0948b0c24fc02bb890e97c58dfedb1f016d4bd2829c73974bc5303b01be6e51551d398d8c871461171011438cbc69ddf6993359a7243e331203a6b646bc6cf17aa0c35185069442cf16ceced9767533b59b3c974fb9830cab58b9ef7fadcc5aa7e47addf6180a309a31d75fe911dda675f3f19ce0fbf831de8bafc98b3077145c8c08ec81dd0fb8a55f281ce664873dd3f43b4c1824c8781806c0854b51c82fb7a4d0e1d8817348435194180d024fb1389e7103bc8ecf2667497b974a000980078e001934a61619ac68aeb643fe8c06f82896efcd508d3864ac87440fd9a85ed90970e02e7a55a4c8b52df716289580792a020269227651b256de112d6dffe1950abff45141c0406d436f40d1b5c0ba6a3af941c2192a0fd0a1f6d4c2a79627779afb5e9f630755060fbc67ef5b1b131024652a68631738364b763c91b99fa2a074fbf9313e36e41993f2b88d3cf0f42d47ea891e16eb8594d92975f61c7935364a45cc033a78936ae5598da265c7c226138a581e0f7b8f656482d8b45bfd157fc9e40b01a0517457e09c39993ad1102d86ddbf67af70e48b0cd6c838e6fd76ba19cbf6e7ca0f392f384e8677c2e9a1d3683c94c146cee4e87a2e3e03f9cf41d5f4d5dfbcdc11817e57bd5038f0ded2037183fd0eee648e0802cd0fcb8bba9712e0b186c5e2c29b445c92d0a6228908a9606f9fc05e53445851ec674b8c495e24982059040c39baaf6af3fac0f3adefdcc2134c6f790376018443c2555bb7a9cb8da9236eb869ec3cd25c09ecdd4ec5faa11fba42f42638ba5e1ff571ede3280dac456b2d156c75a47142ad98758b6fbd85e5c3568c9042beac45e30273a99188b8530e8621d275932c9eb774d13b7ba2821dc86976d2c4589b205b4b11b71cdf5fa016e0327092a076a70e941e39f4aeb2238c2f40d46378fd97e3f6052b4cb0f0d763c5fbf23ffb5adab03fad1ab311f7b11ab06ad6bb92e928ce34441d91854d4532accc776915c0d91750e09f4535c791b6dab40eef0c2d204981af053b5f0c5e04db1da70aed301eb47352c98e8b4d2cc9aa8d5adaa105e1dd216f5240ad7a42472134a79796ec6af96a9b3e81fc969bdde8d432a1042b023dfaca73b57ddcdb47f38593afdfb03b87c0e261afd1617d7774fbf1cd98c3176be2943c27cf6a824d359798efede855351e066d5c5310aeae8da4661fcc8383701a985720797d7a370516ccfe852eed1798c22e13cb82fa1627b030a2168a01615f0af9b2159ee0bc2b70ccd8d3150210b66624c740448a087af86ba7dd16b239c834c0da68aaab54ca6525edf76ab6251fe7fa58939a7af57ab181861924d0d1ccb8e351fd56c3b45529fe41a0ec76cb34fc0643a410a66442275cddcd98988e734ef61e0e19d293562b2965d0a867b98352c032c13dcbc5b44b023216c4f9579a71c983a857441393bac78a13f08c59a00b1126a9ea0f048eef189012c42b6df339dc1475d27557b9f956b0f8c27b3a2ed99d772700d9ea3657149bb1adbf06127b79748f82e842593697362a2a94bd8e6c9de6883e0a42ac89dcf141d94fa1c2676592f57369b3bbc75f1689bf7d4463c88733e28cc9e9b0088dce83c9f042734f6cf9a175a668ce919d6d757394ee3fadd0f354345823b052a98636f20b74fd998f327485afb81de66d101820c44bae54a37e5f4d6d02e05ba8e49a3d4db998c8788211e6a900164c2614b3b7dc44a2073485d31a1f2d2b28ed56dcc147c1dceb18e6a345268797b3bafc5375a62cadad42a5d131a601d32b8fa162678b5dbfae9f702399a091c1a68afd8cf1743805b524da7a5a72f47e6a755a733cbfc09ebd9c9674ee1dbcd105592e50ecdc7c4e937e11db0788500cc7e862de180bfdea3415fd848505b507dd6102cccf613359dc0a05c2bc4b92d0b411393b0b08b52de0ad4b60cb852b77532072ddabd3b93c01e9622890515188ed6863418cfd780ed77e050fbed4bd6f43b76c7ebe50b124d5fe3d5b1eed1a64c05e35308cdf76837bd59f5ed6828ebb4941966e8c28297a6bf6e24222343c5c84063a939b90dee305751dfcd9857318ad592d128755e67cc7dc44050bfcd1b147ee3d9fb4193b4f9cba4a23b4d74a9ef701c16cdfd1fd2801b3592b2d4da17f035a971306ae6f606e87aa4f7c867167f918870b198dab44b906320b9d8e1a43422da3215cc240f1e80622313e0fc71d7cab1646e907f3bca40041a71a535fe32de226c6e97a50ca45b18d2bad9adf7b362db80b45d28e50aa67d63a504bba00090f78c6c527fca42260b35d06cfdf4d973e242ac765a8c13e06563570d0131b90e432370919c6f319165f349de80b4ade9d6025bdc62c52ac4fa506e9a80a1483de691a3dc5632c9e498ebf43604650fbf68960c44a6de320615dde68192e17973a8370be2eeb91dffdeb56acd6ef03bb9a8ff910dff3a76b3858a9c5c3357ba67bddf603c9c835e8c07eb9ab73cb624eb464b133a258e91f8f0e7e7cd7889c477e37b37853cf96b73327dfdae56b88ed1373b7d7525dc404ece7f8bd7f67cc0fddb3c459d22674bd3c1818b49ea5666957e05bfea16547256dd93d506b3af00bd388d78dabe4dfd58ba486cda2ea129d29369c6d1528fd0dea83bfd1af6e0a0bd7902097a3923def1b8a6fdae20c608b069c693afe2cb1c9fddb0dcffb4e49c2f2b261e98803665dd57a45522ca11974be341e14856859722af166bdedf5d333407c7931bab16067a9d32b0b9eb0e77686ab397b711f3f36a40c4a0bd631fa62343194687a784e906bc229639491823709182e43776aed7b42267ca7fd5edd6c1fdc1bf789eeca257048177e8332793313fa9b46b4ee9d34251c9ca6c5d78bc184e5f191aa25d4bfbfede5010a92d1deddecc4dca2ce3a8c99764a131742f08e27a70e47b535623921e8c17d309814263cf03a193f4eed50014123148550ed55a7f695753af001016f918d149b0a32f1cc3f67a98bd3e6922eb6d2d46f21ee6d353c3d4bdc769685b83a00454316672392e3a9ad42e84c44212628fef5254e8e2f28f92c7aef14b7eb2e191c9719caf5d8399b69dc45a8679e7c9598b210cefc9b841d996450ad0bff559f009c692b00eb4cc14cc00a5cc83de32476c59ebaf7ee4c7060771542a0e901131aea23c839875ef9fa113bb655e7a132f977af2166694122470a6a8303da76c465b2473c7bcc4599e223db9a19cb7631bf8897b6589c2d3861aae18ce7c3e55ffded16d3814ae4aa3cfe8d46351d9e56fe2f212a0c624daaf2c734ae3878f02220031bfe8a1d21b8ee3b5ca09b91cbae84b3ac3e900333f304e27437aecebbed97dfe89fa2ba592a37cd24109110ee0e659c3751b02880b8bb78228a1aba0d91b740f70e02e0ec138fa8a07b836cb1f77fac0f2544d6573c7cd3b6a5885c39dac7a45b8fa56f8b279a92c2158291297e855787249e7eb0c7474ebb1a330b25493783c4adf83237f133c1625d988ebe274f6fa67503900ce365defdf97753adbe0783262ac19358876f8c28df3f7bf7d00e6834e6bbebe84881fe77998bd02cf45e9a9124df9b8855a7b063ddaef54133b25b857a7df746775493844244edf682cf70700e3c03d6a9a980e91830f30df1362ee87808b3df4d25b44d1eb2f84602ea8fb25933259091225db5aff05ef497207fe1871e67391841dc068211e3a84932b72cdf528b9f79a8f37fa95dca6b61b36e6ba92388abead45da2e3d07ff5ef18f76e162e9ded5c5a89b3ae24900521a9fa308536a9ee34c9c50bda9c6c2d2f2817c135623410717bcac106a6ca7f4e601791b1379c0400618b94c485141e3e198f8978f1dee659521a344e49eaddf9b8597231e3357083ceaa57e715d28e036b65d6c907e739b9254d2a411a9d7bacb32cd2b559e98d85015fa1e0cb6d95136728332abff4875224c6a6df380765c5a66e688dbf63b921baf85d6fdc049542cf1b878566c9b992375ef04c8027126d486e2a67fc89743621bec38a02310627dc59f7210067acda", &(0x7f0000000200)="a305532a3f7999b119c37547d89b8de1b9896622594a68bb5c5463001c3c1d77204d881568d2c96d847c80c30024897f676c422a684fc941edf40832e8e962a3d7006ed5f41f3a217b787c48e0248f37eb2614b32525c5f8bba35762dd6f2665a66b671bb1e2d4565239"}}, &(0x7f00000002c0)) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000480)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x0, 0x0) 11:39:00 executing program 1: socket$nl_xfrm(0x10, 0x3, 0x6) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x20}, 0x0) write(0xffffffffffffffff, 0x0, 0x0) pipe(0x0) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000480)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x0, 0x0) 11:39:00 executing program 1: socket$nl_xfrm(0x10, 0x3, 0x6) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x20}, 0x0) write(0xffffffffffffffff, 0x0, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff}) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000480)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x0, 0x0) 11:39:00 executing program 3: socket$nl_xfrm(0x10, 0x3, 0x6) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x20}, 0x0) r0 = open(&(0x7f0000000040)='./bus\x00', 0x8001141042, 0x0) add_key$user(0x0, &(0x7f0000000040)={'syz', 0x0}, &(0x7f0000000280)='f', 0x1, 0xfffffffffffffffd) keyctl$clear(0x7, 0x0) request_key(0x0, &(0x7f0000000180)={'syz', 0x0}, 0x0, 0x0) write(r0, &(0x7f0000000000)="b6", 0xfffffe7e) pipe(&(0x7f00000001c0)={0xffffffffffffffff}) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$TCSETXW(0xffffffffffffffff, 0x5435, &(0x7f00000000c0)={0x0, 0x0, [0x0, 0x0, 0x6, 0x2], 0x8}) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000480)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x0, 0x0) 11:39:00 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) getpid() sched_setattr(0x0, 0x0, 0x0) r0 = open(&(0x7f0000000040)='./bus\x00', 0x8001141042, 0x0) write(r0, &(0x7f0000000000)="b6", 0xfffffe7e) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) syz_mount_image$vfat(0x0, &(0x7f0000000480)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x0, 0x0) 11:39:01 executing program 4: socket$nl_xfrm(0x10, 0x3, 0x6) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x20}, 0x0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x8001141042, 0x0) add_key$user(0x0, &(0x7f0000000040)={'syz', 0x0}, &(0x7f0000000280)='f', 0x1, 0xfffffffffffffffd) keyctl$clear(0x7, 0x0) request_key(0x0, &(0x7f0000000180)={'syz', 0x0}, 0x0, 0x0) write(r1, &(0x7f0000000000)="b6", 0xfffffe7e) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0) dup3(r4, r5, 0x0) ioctl$TCSETXW(0xffffffffffffffff, 0x5435, &(0x7f00000000c0)={0x0, 0x0, [0x0, 0x0, 0x6, 0x2], 0x8}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) setsockopt$netlink_NETLINK_LISTEN_ALL_NSID(0xffffffffffffffff, 0x10e, 0x8, 0x0, 0x0) r6 = syz_open_dev$evdev(&(0x7f000004a000)='/dev/input/event#\x00', 0x0, 0x0) ioctl$EVIOCGMASK(r6, 0x80104592, 0x0) r7 = syz_open_dev$evdev(&(0x7f000004a000)='/dev/input/event#\x00', 0x0, 0x0) dup3(r6, r7, 0x0) timer_create(0x2, &(0x7f0000000140)={0x0, 0x40, 0x4, @thr={&(0x7f0000000580)="40e8f4d944f7e1c1b2c4bdc97f652bb2dcf1673c6c9ba8eab8691f554c97198fcc104508eca9abf3fcd24578c5d93cec3acc8ece8ae818d8bd0a0a86c44aa0bd8ca6306afdabf2e503851b3e5ac7be555cf44b6d0cfeffa4ab9545007ba62022748a8728e8d27102b3882f39228b71b2380c68ae57e6d673d27e974e810a16a5c553e3af5a919e98a6a40be53a46eb6cb710f48237a8a415768454bee036e81272420b3d5acc92fcf005569e7245cdeaad5b49eba76819455c1b737d06e6c067904de37d0d235746cce497aab8ebe8302a533562d10a3c802bbc5209825d2f31aaa15d12a379ef1012bacb4ba58961e903b7553a54b09bb425a64116e3bc8b9fc622bf45b5baadb939c36cb288f85e62d177292c6f716473681e4ec1edec12cc615f3e62ffefc23dc7842e5966771af7d7eb73cbf6429e40987b99e1ca8e085edbc1364264b25872e952932083b9f0e6528d7fda4ed4f227255873016bd1df08cc71c4679023bf02ecf9f2431ca55d94d73dcdd1abc0df2c67cf78fecf1a72c027037719d1e2ae311ce75c9b0815bb0d5a727b8fc92e6684451cabef4b8417c83b13a73733f79644c2aaab8d30f7a0b2bad37f8f65557f947c862fed8c3622b57e537851116611907387aa533e85fcfadd88cc7ac85a1504f6e7a562a1d35a4ae4d4a06eb7c0f7f96fc7a256f7088da5dbfc6bb472750511928ff1496808b64baec9e4fcee20bfead008548c912a871c7e6483b271b46f323d212cd94f9c58fbd0ba0ea4a8d98f0a4bfc69cee96a474953dbfbc9bc67693c733a26d5c5773f5b941feca32adb1d8c9786d1ec30d188e3c582e94c41d2492eb055de51bd11d231ce4666c3d13095a4ece221f3669683bcf933ad3002380e786b0c4f3fda353529a41c45ba7b57b3dcfeac483dd80c06ac8cb5d20201eabb6c3b276e21e6a9d247b48bdc793bbb136a0a605b06b60ad973bd8781b335329b42d907aa27345019143c41fb6762d658331cacc05178fee85ac1e702cf37e7d9e30f0ad62c5e542ac24ec037270c67f2bba801cde0a98d40115bd957d8175cd66e7ec385828ce01affe7e73ac6800472f516e92e648f35f363a7f7b48c6507661c0644855a725292176a62e190d6c8fb3b16d4cce5c537cc834f051ddfaee55abbc79e05ec2b189cf1eab1ee9f42ab777cf63f86cc5e26604213e95a4153c68f4333d99db5a9bb704f0584c89f06ef8b82f21c0766491c73a3a9f873d53535a3fec33aa30fe07863e51b3796ad1fc475d5fc9a65b5b6f42d0c1517e83cfd19974b58988e12cce06be26ec3f737b4595da5becf48f1dad78f24d434652b4e2de338c37d62c6d79612a5e581ee11d7f534883ccc4ac6cd91e5f1520a12a7274203c00394aa906cebbe0f5e3900d3b2e519f5cb6ba6de4119628534c950005572ec38d853f11965c0557b2502118ad0aea098182951b67a2d92d5d266779f1c0098ee7c46d6bb9ab1ea71b71f48c6f27698d9a3b197c3df6e4c70a037ddaaeaebcdf123bc376eb81f82b158f074d4a0a6dec98369f4fdf4b9be77ee5565601448bc0a0ce888efd514710e0cf8e6496213b0604b87652fe030d8efb3883739547621c9a41ef65702a217445eb89c1bafc540effa2d088d7a27c1b6c0170052148901e910236f2a2df650c22c02bb12181ba62fd22a84bee455c3306557103809fd870dfa9c200502ad085e6b3bf7375be3d1cf1be471c85d5b520bd993b1f04ae56da0948b0c24fc02bb890e97c58dfedb1f016d4bd2829c73974bc5303b01be6e51551d398d8c871461171011438cbc69ddf6993359a7243e331203a6b646bc6cf17aa0c35185069442cf16ceced9767533b59b3c974fb9830cab58b9ef7fadcc5aa7e47addf6180a309a31d75fe911dda675f3f19ce0fbf831de8bafc98b3077145c8c08ec81dd0fb8a55f281ce664873dd3f43b4c1824c8781806c0854b51c82fb7a4d0e1d8817348435194180d024fb1389e7103bc8ecf2667497b974a000980078e001934a61619ac68aeb643fe8c06f82896efcd508d3864ac87440fd9a85ed90970e02e7a55a4c8b52df716289580792a020269227651b256de112d6dffe1950abff45141c0406d436f40d1b5c0ba6a3af941c2192a0fd0a1f6d4c2a79627779afb5e9f630755060fbc67ef5b1b131024652a68631738364b763c91b99fa2a074fbf9313e36e41993f2b88d3cf0f42d47ea891e16eb8594d92975f61c7935364a45cc033a78936ae5598da265c7c226138a581e0f7b8f656482d8b45bfd157fc9e40b01a0517457e09c39993ad1102d86ddbf67af70e48b0cd6c838e6fd76ba19cbf6e7ca0f392f384e8677c2e9a1d3683c94c146cee4e87a2e3e03f9cf41d5f4d5dfbcdc11817e57bd5038f0ded2037183fd0eee648e0802cd0fcb8bba9712e0b186c5e2c29b445c92d0a6228908a9606f9fc05e53445851ec674b8c495e24982059040c39baaf6af3fac0f3adefdcc2134c6f790376018443c2555bb7a9cb8da9236eb869ec3cd25c09ecdd4ec5faa11fba42f42638ba5e1ff571ede3280dac456b2d156c75a47142ad98758b6fbd85e5c3568c9042beac45e30273a99188b8530e8621d275932c9eb774d13b7ba2821dc86976d2c4589b205b4b11b71cdf5fa016e0327092a076a70e941e39f4aeb2238c2f40d46378fd97e3f6052b4cb0f0d763c5fbf23ffb5adab03fad1ab311f7b11ab06ad6bb92e928ce34441d91854d4532accc776915c0d91750e09f4535c791b6dab40eef0c2d204981af053b5f0c5e04db1da70aed301eb47352c98e8b4d2cc9aa8d5adaa105e1dd216f5240ad7a42472134a79796ec6af96a9b3e81fc969bdde8d432a1042b023dfaca73b57ddcdb47f38593afdfb03b87c0e261afd1617d7774fbf1cd98c3176be2943c27cf6a824d359798efede855351e066d5c5310aeae8da4661fcc8383701a985720797d7a370516ccfe852eed1798c22e13cb82fa1627b030a2168a01615f0af9b2159ee0bc2b70ccd8d3150210b66624c740448a087af86ba7dd16b239c834c0da68aaab54ca6525edf76ab6251fe7fa58939a7af57ab181861924d0d1ccb8e351fd56c3b45529fe41a0ec76cb34fc0643a410a66442275cddcd98988e734ef61e0e19d293562b2965d0a867b98352c032c13dcbc5b44b023216c4f9579a71c983a857441393bac78a13f08c59a00b1126a9ea0f048eef189012c42b6df339dc1475d27557b9f956b0f8c27b3a2ed99d772700d9ea3657149bb1adbf06127b79748f82e842593697362a2a94bd8e6c9de6883e0a42ac89dcf141d94fa1c2676592f57369b3bbc75f1689bf7d4463c88733e28cc9e9b0088dce83c9f042734f6cf9a175a668ce919d6d757394ee3fadd0f354345823b052a98636f20b74fd998f327485afb81de66d101820c44bae54a37e5f4d6d02e05ba8e49a3d4db998c8788211e6a900164c2614b3b7dc44a2073485d31a1f2d2b28ed56dcc147c1dceb18e6a345268797b3bafc5375a62cadad42a5d131a601d32b8fa162678b5dbfae9f702399a091c1a68afd8cf1743805b524da7a5a72f47e6a755a733cbfc09ebd9c9674ee1dbcd105592e50ecdc7c4e937e11db0788500cc7e862de180bfdea3415fd848505b507dd6102cccf613359dc0a05c2bc4b92d0b411393b0b08b52de0ad4b60cb852b77532072ddabd3b93c01e9622890515188ed6863418cfd780ed77e050fbed4bd6f43b76c7ebe50b124d5fe3d5b1eed1a64c05e35308cdf76837bd59f5ed6828ebb4941966e8c28297a6bf6e24222343c5c84063a939b90dee305751dfcd9857318ad592d128755e67cc7dc44050bfcd1b147ee3d9fb4193b4f9cba4a23b4d74a9ef701c16cdfd1fd2801b3592b2d4da17f035a971306ae6f606e87aa4f7c867167f918870b198dab44b906320b9d8e1a43422da3215cc240f1e80622313e0fc71d7cab1646e907f3bca40041a71a535fe32de226c6e97a50ca45b18d2bad9adf7b362db80b45d28e50aa67d63a504bba00090f78c6c527fca42260b35d06cfdf4d973e242ac765a8c13e06563570d0131b90e432370919c6f319165f349de80b4ade9d6025bdc62c52ac4fa506e9a80a1483de691a3dc5632c9e498ebf43604650fbf68960c44a6de320615dde68192e17973a8370be2eeb91dffdeb56acd6ef03bb9a8ff910dff3a76b3858a9c5c3357ba67bddf603c9c835e8c07eb9ab73cb624eb464b133a258e91f8f0e7e7cd7889c477e37b37853cf96b73327dfdae56b88ed1373b7d7525dc404ece7f8bd7f67cc0fddb3c459d22674bd3c1818b49ea5666957e05bfea16547256dd93d506b3af00bd388d78dabe4dfd58ba486cda2ea129d29369c6d1528fd0dea83bfd1af6e0a0bd7902097a3923def1b8a6fdae20c608b069c693afe2cb1c9fddb0dcffb4e49c2f2b261e98803665dd57a45522ca11974be341e14856859722af166bdedf5d333407c7931bab16067a9d32b0b9eb0e77686ab397b711f3f36a40c4a0bd631fa62343194687a784e906bc229639491823709182e43776aed7b42267ca7fd5edd6c1fdc1bf789eeca257048177e8332793313fa9b46b4ee9d34251c9ca6c5d78bc184e5f191aa25d4bfbfede5010a92d1deddecc4dca2ce3a8c99764a131742f08e27a70e47b535623921e8c17d309814263cf03a193f4eed50014123148550ed55a7f695753af001016f918d149b0a32f1cc3f67a98bd3e6922eb6d2d46f21ee6d353c3d4bdc769685b83a00454316672392e3a9ad42e84c44212628fef5254e8e2f28f92c7aef14b7eb2e191c9719caf5d8399b69dc45a8679e7c9598b210cefc9b841d996450ad0bff559f009c692b00eb4cc14cc00a5cc83de32476c59ebaf7ee4c7060771542a0e901131aea23c839875ef9fa113bb655e7a132f977af2166694122470a6a8303da76c465b2473c7bcc4599e223db9a19cb7631bf8897b6589c2d3861aae18ce7c3e55ffded16d3814ae4aa3cfe8d46351d9e56fe2f212a0c624daaf2c734ae3878f02220031bfe8a1d21b8ee3b5ca09b91cbae84b3ac3e900333f304e27437aecebbed97dfe89fa2ba592a37cd24109110ee0e659c3751b02880b8bb78228a1aba0d91b740f70e02e0ec138fa8a07b836cb1f77fac0f2544d6573c7cd3b6a5885c39dac7a45b8fa56f8b279a92c2158291297e855787249e7eb0c7474ebb1a330b25493783c4adf83237f133c1625d988ebe274f6fa67503900ce365defdf97753adbe0783262ac19358876f8c28df3f7bf7d00e6834e6bbebe84881fe77998bd02cf45e9a9124df9b8855a7b063ddaef54133b25b857a7df746775493844244edf682cf70700e3c03d6a9a980e91830f30df1362ee87808b3df4d25b44d1eb2f84602ea8fb25933259091225db5aff05ef497207fe1871e67391841dc068211e3a84932b72cdf528b9f79a8f37fa95dca6b61b36e6ba92388abead45da2e3d07ff5ef18f76e162e9ded5c5a89b3ae24900521a9fa308536a9ee34c9c50bda9c6c2d2f2817c135623410717bcac106a6ca7f4e601791b1379c0400618b94c485141e3e198f8978f1dee659521a344e49eaddf9b8597231e3357083ceaa57e715d28e036b65d6c907e739b9254d2a411a9d7bacb32cd2b559e98d85015fa1e0cb6d95136728332abff4875224c6a6df380765c5a66e688dbf63b921baf85d6fdc049542cf1b878566c9b992375ef04c8027126d486e2a67fc89743621bec38a02310627dc59f7210067acda", &(0x7f0000000200)="a305532a3f7999b119c37547d89b8de1b9896622594a68bb5c5463001c3c1d77204d881568d2c96d847c80c30024897f676c422a684fc941edf40832e8e962a3d7006ed5f41f3a217b787c48e0248f37eb2614b32525c5f8bba35762dd6f2665a66b671bb1e2d4565239"}}, &(0x7f00000002c0)) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000480)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x0, 0x0) 11:39:01 executing program 0: r0 = getpid() r1 = openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) lseek(r1, 0x1, 0x0) sched_setscheduler(r0, 0x5, &(0x7f0000000380)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, &(0x7f0000000200)='/dev/vsock\x00', 0x0, 0x0) poll(0x0, 0x0, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000380)={[0x0, 0xf0, 0x0, 0x1, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) 11:39:01 executing program 1: socket$nl_xfrm(0x10, 0x3, 0x6) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x20}, 0x0) write(0xffffffffffffffff, 0x0, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff}) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000480)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x0, 0x0) 11:39:02 executing program 2: r0 = getpid() r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/schedstat\x00', 0x0, 0x0) lseek(r1, 0x1, 0x0) sendmsg$NFNL_MSG_CTHELPER_NEW(r1, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000080)={&(0x7f0000000240)={0x4c, 0x0, 0x9, 0x3, 0x0, 0x0, {0x0, 0x0, 0x8}, [@NFCTH_NAME={0x9, 0x1, 'syz0\x00'}, @NFCTH_NAME={0x9, 0x1, 'syz0\x00'}, @NFCTH_STATUS={0x8}, @NFCTH_TUPLE={0xc, 0x2, [@CTA_TUPLE_ZONE={0x6}]}, @NFCTH_NAME={0x9, 0x1, 'syz0\x00'}]}, 0x4c}}, 0x8011) sched_setscheduler(r0, 0x5, &(0x7f0000000380)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, &(0x7f0000000200)='/dev/vsock\x00', 0x0, 0x0) socket$pptp(0x18, 0x1, 0x2) openat$sequencer(0xffffffffffffff9c, 0x0, 0x801, 0x0) inotify_init1(0x0) poll(0x0, 0x0, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer\x00', 0x801, 0x0) syz_open_dev$vivid(&(0x7f0000000540)='/dev/video#\x00', 0x0, 0x2) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f0000000380)={[0x0, 0xf0, 0xfffffffffffffffc, 0x1, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) 11:39:02 executing program 3: socket$nl_xfrm(0x10, 0x3, 0x6) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x20}, 0x0) r0 = open(&(0x7f0000000040)='./bus\x00', 0x8001141042, 0x0) add_key$user(0x0, &(0x7f0000000040)={'syz', 0x0}, &(0x7f0000000280)='f', 0x1, 0xfffffffffffffffd) keyctl$clear(0x7, 0x0) request_key(0x0, &(0x7f0000000180)={'syz', 0x0}, 0x0, 0x0) write(r0, &(0x7f0000000000)="b6", 0xfffffe7e) pipe(&(0x7f00000001c0)={0xffffffffffffffff}) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$TCSETXW(0xffffffffffffffff, 0x5435, &(0x7f00000000c0)={0x0, 0x0, [0x0, 0x0, 0x6, 0x2], 0x8}) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000480)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x0, 0x0) 11:39:02 executing program 0: r0 = getpid() r1 = openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) lseek(r1, 0x1, 0x0) sched_setscheduler(r0, 0x5, &(0x7f0000000380)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, &(0x7f0000000200)='/dev/vsock\x00', 0x0, 0x0) poll(0x0, 0x0, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000380)={[0x0, 0xf0, 0x0, 0x1, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) 11:39:02 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) getpid() sched_setattr(0x0, 0x0, 0x0) r0 = open(&(0x7f0000000040)='./bus\x00', 0x8001141042, 0x0) write(r0, &(0x7f0000000000)="b6", 0xfffffe7e) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', 0x0, 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x0, 0x0) 11:39:02 executing program 4: r0 = getpid() r1 = openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) lseek(r1, 0x1, 0x0) sched_setscheduler(r0, 0x5, &(0x7f0000000380)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, &(0x7f0000000200)='/dev/vsock\x00', 0x0, 0x0) poll(0x0, 0x0, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000380)={[0x0, 0xf0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) 11:39:02 executing program 1: socket$nl_xfrm(0x10, 0x3, 0x6) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x20}, 0x0) write(0xffffffffffffffff, 0x0, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff}) write(0xffffffffffffffff, 0x0, 0x0) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000480)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x0, 0x0) 11:39:03 executing program 0: r0 = getpid() r1 = openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) lseek(r1, 0x1, 0x0) sched_setscheduler(r0, 0x5, &(0x7f0000000380)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, &(0x7f0000000200)='/dev/vsock\x00', 0x0, 0x0) poll(0x0, 0x0, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000380)={[0x0, 0xf0, 0x0, 0x1, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) 11:39:03 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) getpid() sched_setattr(0x0, 0x0, 0x0) r0 = open(&(0x7f0000000040)='./bus\x00', 0x8001141042, 0x0) write(r0, &(0x7f0000000000)="b6", 0xfffffe7e) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', 0x0, 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x0, 0x0) 11:39:03 executing program 3: socket$nl_xfrm(0x10, 0x3, 0x6) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x20}, 0x0) r0 = open(&(0x7f0000000040)='./bus\x00', 0x8001141042, 0x0) add_key$user(0x0, &(0x7f0000000040)={'syz', 0x0}, &(0x7f0000000280)='f', 0x1, 0xfffffffffffffffd) keyctl$clear(0x7, 0x0) request_key(0x0, &(0x7f0000000180)={'syz', 0x0}, 0x0, 0x0) write(r0, &(0x7f0000000000)="b6", 0xfffffe7e) pipe(&(0x7f00000001c0)={0xffffffffffffffff}) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$TCSETXW(0xffffffffffffffff, 0x5435, &(0x7f00000000c0)={0x0, 0x0, [0x0, 0x0, 0x6, 0x2], 0x8}) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000480)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x0, 0x0) 11:39:04 executing program 1: socket$nl_xfrm(0x10, 0x3, 0x6) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x20}, 0x0) write(0xffffffffffffffff, 0x0, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff}) write(0xffffffffffffffff, 0x0, 0x0) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000480)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x0, 0x0) 11:39:04 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) getpid() sched_setattr(0x0, 0x0, 0x0) r0 = open(&(0x7f0000000040)='./bus\x00', 0x8001141042, 0x0) write(r0, &(0x7f0000000000)="b6", 0xfffffe7e) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', 0x0, 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x0, 0x0) 11:39:04 executing program 2: r0 = getpid() r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/schedstat\x00', 0x0, 0x0) lseek(r1, 0x1, 0x0) sendmsg$NFNL_MSG_CTHELPER_NEW(r1, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000080)={&(0x7f0000000240)={0x4c, 0x0, 0x9, 0x3, 0x0, 0x0, {0x0, 0x0, 0x8}, [@NFCTH_NAME={0x9, 0x1, 'syz0\x00'}, @NFCTH_NAME={0x9, 0x1, 'syz0\x00'}, @NFCTH_STATUS={0x8}, @NFCTH_TUPLE={0xc, 0x2, [@CTA_TUPLE_ZONE={0x6}]}, @NFCTH_NAME={0x9, 0x1, 'syz0\x00'}]}, 0x4c}}, 0x8011) sched_setscheduler(r0, 0x5, &(0x7f0000000380)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, &(0x7f0000000200)='/dev/vsock\x00', 0x0, 0x0) socket$pptp(0x18, 0x1, 0x2) openat$sequencer(0xffffffffffffff9c, 0x0, 0x801, 0x0) inotify_init1(0x0) poll(0x0, 0x0, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer\x00', 0x801, 0x0) syz_open_dev$vivid(&(0x7f0000000540)='/dev/video#\x00', 0x0, 0x2) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f0000000380)={[0x0, 0xf0, 0xfffffffffffffffc, 0x1, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) 11:39:04 executing program 0: r0 = getpid() r1 = openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) lseek(r1, 0x1, 0x0) sched_setscheduler(r0, 0x5, &(0x7f0000000380)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, &(0x7f0000000200)='/dev/vsock\x00', 0x0, 0x0) poll(0x0, 0x0, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0xfffffffffffffffc, 0x1, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) 11:39:04 executing program 3: socket$nl_xfrm(0x10, 0x3, 0x6) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x20}, 0x0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x8001141042, 0x0) add_key$user(0x0, &(0x7f0000000040)={'syz', 0x0}, &(0x7f0000000280)='f', 0x1, 0xfffffffffffffffd) keyctl$clear(0x7, 0x0) request_key(0x0, &(0x7f0000000180)={'syz', 0x0}, 0x0, 0x0) write(r1, &(0x7f0000000000)="b6", 0xfffffe7e) pipe(&(0x7f00000001c0)={0xffffffffffffffff}) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) ioctl$TCSETXW(0xffffffffffffffff, 0x5435, &(0x7f00000000c0)={0x0, 0x0, [0x0, 0x0, 0x6, 0x2], 0x8}) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000480)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x0, 0x0) 11:39:04 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) getpid() sched_setattr(0x0, 0x0, 0x0) r0 = open(&(0x7f0000000040)='./bus\x00', 0x8001141042, 0x0) write(r0, &(0x7f0000000000)="b6", 0xfffffe7e) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000480)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x0, 0x0) 11:39:04 executing program 1: socket$nl_xfrm(0x10, 0x3, 0x6) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x20}, 0x0) write(0xffffffffffffffff, 0x0, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff}) write(0xffffffffffffffff, 0x0, 0x0) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000480)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x0, 0x0) [ 1835.837397] FAT-fs (loop5): bogus number of reserved sectors [ 1835.874695] FAT-fs (loop5): Can't find a valid FAT filesystem 11:39:05 executing program 4: r0 = getpid() r1 = openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) lseek(r1, 0x1, 0x0) sched_setscheduler(r0, 0x5, &(0x7f0000000380)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, &(0x7f0000000200)='/dev/vsock\x00', 0x0, 0x0) poll(0x0, 0x0, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000380)={[0x0, 0xf0, 0x0, 0x1, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) 11:39:05 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) getpid() sched_setattr(0x0, 0x0, 0x0) r0 = open(&(0x7f0000000040)='./bus\x00', 0x8001141042, 0x0) write(r0, &(0x7f0000000000)="b6", 0xfffffe7e) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000480)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x0, 0x0) 11:39:05 executing program 3: socket$nl_xfrm(0x10, 0x3, 0x6) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x20}, 0x0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x8001141042, 0x0) add_key$user(0x0, &(0x7f0000000040)={'syz', 0x0}, &(0x7f0000000280)='f', 0x1, 0xfffffffffffffffd) keyctl$clear(0x7, 0x0) request_key(0x0, &(0x7f0000000180)={'syz', 0x0}, 0x0, 0x0) write(r1, &(0x7f0000000000)="b6", 0xfffffe7e) pipe(&(0x7f00000001c0)={0xffffffffffffffff}) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) ioctl$TCSETXW(0xffffffffffffffff, 0x5435, &(0x7f00000000c0)={0x0, 0x0, [0x0, 0x0, 0x6, 0x2], 0x8}) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000480)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x0, 0x0) [ 1836.545151] FAT-fs (loop5): bogus number of reserved sectors [ 1836.555290] FAT-fs (loop5): Can't find a valid FAT filesystem 11:39:05 executing program 1: socket$nl_xfrm(0x10, 0x3, 0x6) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x20}, 0x0) write(0xffffffffffffffff, 0x0, 0x0) pipe(&(0x7f00000001c0)) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000480)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x0, 0x0) 11:39:06 executing program 0: r0 = getpid() r1 = openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) lseek(r1, 0x1, 0x0) sched_setscheduler(r0, 0x5, &(0x7f0000000380)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, &(0x7f0000000200)='/dev/vsock\x00', 0x0, 0x0) poll(0x0, 0x0, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0xfffffffffffffffc, 0x1, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) 11:39:06 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) getpid() sched_setattr(0x0, 0x0, 0x0) r0 = open(&(0x7f0000000040)='./bus\x00', 0x8001141042, 0x0) write(r0, &(0x7f0000000000)="b6", 0xfffffe7e) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000480)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x0, 0x0) 11:39:06 executing program 1: socket$nl_xfrm(0x10, 0x3, 0x6) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x20}, 0x0) write(0xffffffffffffffff, 0x0, 0x0) pipe(&(0x7f00000001c0)) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000480)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x0, 0x0) 11:39:06 executing program 2: r0 = getpid() r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/schedstat\x00', 0x0, 0x0) lseek(r1, 0x1, 0x0) sendmsg$NFNL_MSG_CTHELPER_NEW(r1, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000080)={&(0x7f0000000240)={0x4c, 0x0, 0x9, 0x3, 0x0, 0x0, {0x0, 0x0, 0x8}, [@NFCTH_NAME={0x9, 0x1, 'syz0\x00'}, @NFCTH_NAME={0x9, 0x1, 'syz0\x00'}, @NFCTH_STATUS={0x8}, @NFCTH_TUPLE={0xc, 0x2, [@CTA_TUPLE_ZONE={0x6}]}, @NFCTH_NAME={0x9, 0x1, 'syz0\x00'}]}, 0x4c}}, 0x8011) sched_setscheduler(r0, 0x5, &(0x7f0000000380)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, &(0x7f0000000200)='/dev/vsock\x00', 0x0, 0x0) socket$pptp(0x18, 0x1, 0x2) openat$sequencer(0xffffffffffffff9c, 0x0, 0x801, 0x0) inotify_init1(0x0) poll(0x0, 0x0, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer\x00', 0x801, 0x0) syz_open_dev$vivid(&(0x7f0000000540)='/dev/video#\x00', 0x0, 0x2) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f0000000380)={[0x0, 0xf0, 0xfffffffffffffffc, 0x1, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) 11:39:06 executing program 1: socket$nl_xfrm(0x10, 0x3, 0x6) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x20}, 0x0) write(0xffffffffffffffff, 0x0, 0x0) pipe(&(0x7f00000001c0)) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000480)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x0, 0x0) [ 1837.246238] FAT-fs (loop5): bogus number of reserved sectors [ 1837.272773] FAT-fs (loop5): Can't find a valid FAT filesystem 11:39:06 executing program 1: socket$nl_xfrm(0x10, 0x3, 0x6) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x20}, 0x0) write(0xffffffffffffffff, 0x0, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff}) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) vmsplice(r1, 0x0, 0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000480)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x0, 0x0) 11:39:06 executing program 1: socket$nl_xfrm(0x10, 0x3, 0x6) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x20}, 0x0) write(0xffffffffffffffff, 0x0, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff}) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) vmsplice(r1, 0x0, 0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000480)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x0, 0x0) 11:39:06 executing program 3: socket$nl_xfrm(0x10, 0x3, 0x6) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x20}, 0x0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x8001141042, 0x0) add_key$user(0x0, &(0x7f0000000040)={'syz', 0x0}, &(0x7f0000000280)='f', 0x1, 0xfffffffffffffffd) keyctl$clear(0x7, 0x0) request_key(0x0, &(0x7f0000000180)={'syz', 0x0}, 0x0, 0x0) write(r1, &(0x7f0000000000)="b6", 0xfffffe7e) pipe(&(0x7f00000001c0)={0xffffffffffffffff}) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) ioctl$TCSETXW(0xffffffffffffffff, 0x5435, &(0x7f00000000c0)={0x0, 0x0, [0x0, 0x0, 0x6, 0x2], 0x8}) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000480)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x0, 0x0) 11:39:07 executing program 4: r0 = getpid() r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/schedstat\x00', 0x0, 0x0) lseek(r1, 0x1, 0x0) sendmsg$NFNL_MSG_CTHELPER_NEW(r1, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000080)={&(0x7f0000000240)={0x4c, 0x0, 0x9, 0x3, 0x0, 0x0, {0x0, 0x0, 0x8}, [@NFCTH_NAME={0x9, 0x1, 'syz0\x00'}, @NFCTH_NAME={0x9, 0x1, 'syz0\x00'}, @NFCTH_STATUS={0x8}, @NFCTH_TUPLE={0xc, 0x2, [@CTA_TUPLE_ZONE={0x6}]}, @NFCTH_NAME={0x9, 0x1, 'syz0\x00'}]}, 0x4c}}, 0x8011) sched_setscheduler(r0, 0x5, &(0x7f0000000380)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, &(0x7f0000000200)='/dev/vsock\x00', 0x0, 0x0) socket$pptp(0x18, 0x1, 0x2) openat$sequencer(0xffffffffffffff9c, 0x0, 0x801, 0x0) inotify_init1(0x0) poll(0x0, 0x0, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer\x00', 0x801, 0x0) poll(0x0, 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000380)={[0x0, 0xf0, 0xfffffffffffffffc, 0x1, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) 11:39:07 executing program 1: socket$nl_xfrm(0x10, 0x3, 0x6) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x20}, 0x0) write(0xffffffffffffffff, 0x0, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff}) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) vmsplice(r1, 0x0, 0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000480)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x0, 0x0) 11:39:07 executing program 0: r0 = getpid() r1 = openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) lseek(r1, 0x1, 0x0) sched_setscheduler(r0, 0x5, &(0x7f0000000380)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, &(0x7f0000000200)='/dev/vsock\x00', 0x0, 0x0) poll(0x0, 0x0, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0xfffffffffffffffc, 0x1, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) 11:39:07 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) getpid() sched_setattr(0x0, 0x0, 0x0) r0 = open(&(0x7f0000000040)='./bus\x00', 0x8001141042, 0x0) write(r0, &(0x7f0000000000)="b6", 0xfffffe7e) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000480)='./file0\x00', 0xe000, 0x0, 0x0, 0x0, 0x0) 11:39:07 executing program 1: socket$nl_xfrm(0x10, 0x3, 0x6) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x20}, 0x0) write(0xffffffffffffffff, 0x0, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff}) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000), 0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000480)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x0, 0x0) [ 1838.258860] FAT-fs (loop5): bogus number of reserved sectors [ 1838.273664] FAT-fs (loop5): Can't find a valid FAT filesystem 11:39:07 executing program 1: socket$nl_xfrm(0x10, 0x3, 0x6) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x20}, 0x0) write(0xffffffffffffffff, 0x0, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff}) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000), 0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000480)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x0, 0x0) 11:39:07 executing program 1: socket$nl_xfrm(0x10, 0x3, 0x6) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x20}, 0x0) write(0xffffffffffffffff, 0x0, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff}) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000), 0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000480)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x0, 0x0) 11:39:07 executing program 2: r0 = getpid() r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/schedstat\x00', 0x0, 0x0) lseek(r1, 0x1, 0x0) sendmsg$NFNL_MSG_CTHELPER_NEW(r1, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000080)={&(0x7f0000000240)={0x4c, 0x0, 0x9, 0x3, 0x0, 0x0, {0x0, 0x0, 0x8}, [@NFCTH_NAME={0x9, 0x1, 'syz0\x00'}, @NFCTH_NAME={0x9, 0x1, 'syz0\x00'}, @NFCTH_STATUS={0x8}, @NFCTH_TUPLE={0xc, 0x2, [@CTA_TUPLE_ZONE={0x6}]}, @NFCTH_NAME={0x9, 0x1, 'syz0\x00'}]}, 0x4c}}, 0x8011) sched_setscheduler(r0, 0x5, &(0x7f0000000380)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, &(0x7f0000000200)='/dev/vsock\x00', 0x0, 0x0) socket$pptp(0x18, 0x1, 0x2) openat$sequencer(0xffffffffffffff9c, 0x0, 0x801, 0x0) inotify_init1(0x0) poll(0x0, 0x0, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer\x00', 0x801, 0x0) syz_open_dev$vivid(&(0x7f0000000540)='/dev/video#\x00', 0x0, 0x2) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000380)={[0x0, 0xf0, 0xfffffffffffffffc, 0x1, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) 11:39:07 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) getpid() sched_setattr(0x0, 0x0, 0x0) r0 = open(&(0x7f0000000040)='./bus\x00', 0x8001141042, 0x0) write(r0, &(0x7f0000000000)="b6", 0xfffffe7e) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000480)='./file0\x00', 0xe000, 0x0, 0x0, 0x0, 0x0) 11:39:08 executing program 3: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x20}, 0x0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x8001141042, 0x0) add_key$user(0x0, &(0x7f0000000040)={'syz', 0x0}, &(0x7f0000000280)='f', 0x1, 0xfffffffffffffffd) keyctl$clear(0x7, 0x0) request_key(0x0, &(0x7f0000000180)={'syz', 0x0}, 0x0, 0x0) write(r1, &(0x7f0000000000)="b6", 0xfffffe7e) pipe(&(0x7f00000001c0)={0xffffffffffffffff}) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) ioctl$TCSETXW(0xffffffffffffffff, 0x5435, &(0x7f00000000c0)={0x0, 0x0, [0x0, 0x0, 0x6, 0x2], 0x8}) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000480)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x0, 0x0) 11:39:08 executing program 1: socket$nl_xfrm(0x10, 0x3, 0x6) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x20}, 0x0) write(0xffffffffffffffff, 0x0, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff}) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{0x0}], 0x1, 0x0) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000480)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x0, 0x0) 11:39:08 executing program 1: socket$nl_xfrm(0x10, 0x3, 0x6) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x20}, 0x0) write(0xffffffffffffffff, 0x0, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff}) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{0x0}], 0x1, 0x0) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000480)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x0, 0x0) [ 1839.150849] FAT-fs (loop5): bogus number of reserved sectors [ 1839.162273] FAT-fs (loop5): Can't find a valid FAT filesystem 11:39:09 executing program 4: r0 = getpid() r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/schedstat\x00', 0x0, 0x0) lseek(r1, 0x1, 0x0) sendmsg$NFNL_MSG_CTHELPER_NEW(r1, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000080)={&(0x7f0000000240)={0x4c, 0x0, 0x9, 0x3, 0x0, 0x0, {0x0, 0x0, 0x8}, [@NFCTH_NAME={0x9, 0x1, 'syz0\x00'}, @NFCTH_NAME={0x9, 0x1, 'syz0\x00'}, @NFCTH_STATUS={0x8}, @NFCTH_TUPLE={0xc, 0x2, [@CTA_TUPLE_ZONE={0x6}]}, @NFCTH_NAME={0x9, 0x1, 'syz0\x00'}]}, 0x4c}}, 0x8011) sched_setscheduler(r0, 0x5, &(0x7f0000000380)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, &(0x7f0000000200)='/dev/vsock\x00', 0x0, 0x0) socket$pptp(0x18, 0x1, 0x2) openat$sequencer(0xffffffffffffff9c, 0x0, 0x801, 0x0) inotify_init1(0x0) poll(0x0, 0x0, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer\x00', 0x801, 0x0) poll(0x0, 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000380)={[0x0, 0xf0, 0xfffffffffffffffc, 0x1, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) 11:39:09 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) getpid() sched_setattr(0x0, 0x0, 0x0) r0 = open(&(0x7f0000000040)='./bus\x00', 0x8001141042, 0x0) write(r0, &(0x7f0000000000)="b6", 0xfffffe7e) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000480)='./file0\x00', 0xe000, 0x0, 0x0, 0x0, 0x0) 11:39:09 executing program 1: socket$nl_xfrm(0x10, 0x3, 0x6) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x20}, 0x0) write(0xffffffffffffffff, 0x0, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff}) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{0x0}], 0x1, 0x0) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000480)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x0, 0x0) 11:39:09 executing program 0: r0 = getpid() r1 = openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) lseek(r1, 0x1, 0x0) sched_setscheduler(r0, 0x5, &(0x7f0000000380)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, &(0x7f0000000200)='/dev/vsock\x00', 0x0, 0x0) poll(0x0, 0x0, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000380)={[0x0, 0xf0, 0xfffffffffffffffc, 0x1, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) 11:39:09 executing program 2: r0 = getpid() r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/schedstat\x00', 0x0, 0x0) lseek(r1, 0x1, 0x0) sendmsg$NFNL_MSG_CTHELPER_NEW(r1, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000080)={&(0x7f0000000240)={0x4c, 0x0, 0x9, 0x3, 0x0, 0x0, {0x0, 0x0, 0x8}, [@NFCTH_NAME={0x9, 0x1, 'syz0\x00'}, @NFCTH_NAME={0x9, 0x1, 'syz0\x00'}, @NFCTH_STATUS={0x8}, @NFCTH_TUPLE={0xc, 0x2, [@CTA_TUPLE_ZONE={0x6}]}, @NFCTH_NAME={0x9, 0x1, 'syz0\x00'}]}, 0x4c}}, 0x8011) sched_setscheduler(r0, 0x5, &(0x7f0000000380)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, &(0x7f0000000200)='/dev/vsock\x00', 0x0, 0x0) socket$pptp(0x18, 0x1, 0x2) openat$sequencer(0xffffffffffffff9c, 0x0, 0x801, 0x0) inotify_init1(0x0) poll(0x0, 0x0, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer\x00', 0x801, 0x0) syz_open_dev$vivid(&(0x7f0000000540)='/dev/video#\x00', 0x0, 0x2) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000380)={[0x0, 0xf0, 0xfffffffffffffffc, 0x1, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) 11:39:09 executing program 1: socket$nl_xfrm(0x10, 0x3, 0x6) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x20}, 0x0) write(0xffffffffffffffff, 0x0, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff}) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) syz_mount_image$vfat(0x0, &(0x7f0000000480)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x0, 0x0) 11:39:09 executing program 3: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x20}, 0x0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x8001141042, 0x0) add_key$user(0x0, &(0x7f0000000040)={'syz', 0x0}, &(0x7f0000000280)='f', 0x1, 0xfffffffffffffffd) keyctl$clear(0x7, 0x0) request_key(0x0, &(0x7f0000000180)={'syz', 0x0}, 0x0, 0x0) write(r1, &(0x7f0000000000)="b6", 0xfffffe7e) pipe(&(0x7f00000001c0)={0xffffffffffffffff}) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) ioctl$TCSETXW(0xffffffffffffffff, 0x5435, &(0x7f00000000c0)={0x0, 0x0, [0x0, 0x0, 0x6, 0x2], 0x8}) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000480)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x0, 0x0) [ 1839.969372] FAT-fs (loop5): bogus number of reserved sectors [ 1839.984206] FAT-fs (loop5): Can't find a valid FAT filesystem 11:39:09 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) getpid() sched_setattr(0x0, 0x0, 0x0) r0 = open(&(0x7f0000000040)='./bus\x00', 0x8001141042, 0x0) write(r0, &(0x7f0000000000)="b6", 0xfffffe7e) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000480)='./file0\x00', 0xe000, 0x0, &(0x7f0000000040), 0x0, 0x0) 11:39:10 executing program 1: socket$nl_xfrm(0x10, 0x3, 0x6) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x20}, 0x0) write(0xffffffffffffffff, 0x0, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff}) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) syz_mount_image$vfat(0x0, &(0x7f0000000480)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x0, 0x0) [ 1840.818259] FAT-fs (loop5): bogus number of reserved sectors [ 1840.832131] FAT-fs (loop5): Can't find a valid FAT filesystem 11:39:10 executing program 3: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x20}, 0x0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x8001141042, 0x0) add_key$user(0x0, &(0x7f0000000040)={'syz', 0x0}, &(0x7f0000000280)='f', 0x1, 0xfffffffffffffffd) keyctl$clear(0x7, 0x0) request_key(0x0, &(0x7f0000000180)={'syz', 0x0}, 0x0, 0x0) write(r1, &(0x7f0000000000)="b6", 0xfffffe7e) pipe(&(0x7f00000001c0)={0xffffffffffffffff}) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) ioctl$TCSETXW(0xffffffffffffffff, 0x5435, &(0x7f00000000c0)={0x0, 0x0, [0x0, 0x0, 0x6, 0x2], 0x8}) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000480)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x0, 0x0) 11:39:10 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) getpid() sched_setattr(0x0, 0x0, 0x0) r0 = open(&(0x7f0000000040)='./bus\x00', 0x8001141042, 0x0) write(r0, &(0x7f0000000000)="b6", 0xfffffe7e) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000480)='./file0\x00', 0xe000, 0x0, &(0x7f0000000040), 0x0, 0x0) [ 1841.587085] FAT-fs (loop5): bogus number of reserved sectors [ 1841.621337] FAT-fs (loop5): Can't find a valid FAT filesystem 11:39:11 executing program 1: socket$nl_xfrm(0x10, 0x3, 0x6) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x20}, 0x0) write(0xffffffffffffffff, 0x0, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff}) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) syz_mount_image$vfat(0x0, &(0x7f0000000480)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x0, 0x0) 11:39:11 executing program 4: r0 = getpid() r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/schedstat\x00', 0x0, 0x0) lseek(r1, 0x1, 0x0) sendmsg$NFNL_MSG_CTHELPER_NEW(r1, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000080)={&(0x7f0000000240)={0x4c, 0x0, 0x9, 0x3, 0x0, 0x0, {0x0, 0x0, 0x8}, [@NFCTH_NAME={0x9, 0x1, 'syz0\x00'}, @NFCTH_NAME={0x9, 0x1, 'syz0\x00'}, @NFCTH_STATUS={0x8}, @NFCTH_TUPLE={0xc, 0x2, [@CTA_TUPLE_ZONE={0x6}]}, @NFCTH_NAME={0x9, 0x1, 'syz0\x00'}]}, 0x4c}}, 0x8011) sched_setscheduler(r0, 0x5, &(0x7f0000000380)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, &(0x7f0000000200)='/dev/vsock\x00', 0x0, 0x0) socket$pptp(0x18, 0x1, 0x2) openat$sequencer(0xffffffffffffff9c, 0x0, 0x801, 0x0) inotify_init1(0x0) poll(0x0, 0x0, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer\x00', 0x801, 0x0) poll(0x0, 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000380)={[0x0, 0xf0, 0xfffffffffffffffc, 0x1, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) 11:39:11 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) getpid() sched_setattr(0x0, 0x0, 0x0) r0 = open(&(0x7f0000000040)='./bus\x00', 0x8001141042, 0x0) write(r0, &(0x7f0000000000)="b6", 0xfffffe7e) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000480)='./file0\x00', 0xe000, 0x0, &(0x7f0000000040), 0x0, 0x0) 11:39:11 executing program 0: r0 = getpid() r1 = openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) lseek(r1, 0x1, 0x0) sched_setscheduler(r0, 0x5, &(0x7f0000000380)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, &(0x7f0000000200)='/dev/vsock\x00', 0x0, 0x0) poll(0x0, 0x0, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000380)={[0x0, 0xf0, 0xfffffffffffffffc, 0x1, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) 11:39:11 executing program 3: socket$nl_xfrm(0x10, 0x3, 0x6) prlimit64(0x0, 0x0, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x20}, 0x0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x8001141042, 0x0) add_key$user(0x0, &(0x7f0000000040)={'syz', 0x0}, &(0x7f0000000280)='f', 0x1, 0xfffffffffffffffd) keyctl$clear(0x7, 0x0) request_key(0x0, &(0x7f0000000180)={'syz', 0x0}, 0x0, 0x0) write(r1, &(0x7f0000000000)="b6", 0xfffffe7e) pipe(&(0x7f00000001c0)={0xffffffffffffffff}) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) ioctl$TCSETXW(0xffffffffffffffff, 0x5435, &(0x7f00000000c0)={0x0, 0x0, [0x0, 0x0, 0x6, 0x2], 0x8}) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000480)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x0, 0x0) 11:39:11 executing program 2: r0 = getpid() r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/schedstat\x00', 0x0, 0x0) lseek(r1, 0x1, 0x0) sendmsg$NFNL_MSG_CTHELPER_NEW(r1, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000080)={&(0x7f0000000240)={0x4c, 0x0, 0x9, 0x3, 0x0, 0x0, {0x0, 0x0, 0x8}, [@NFCTH_NAME={0x9, 0x1, 'syz0\x00'}, @NFCTH_NAME={0x9, 0x1, 'syz0\x00'}, @NFCTH_STATUS={0x8}, @NFCTH_TUPLE={0xc, 0x2, [@CTA_TUPLE_ZONE={0x6}]}, @NFCTH_NAME={0x9, 0x1, 'syz0\x00'}]}, 0x4c}}, 0x8011) sched_setscheduler(r0, 0x5, &(0x7f0000000380)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, &(0x7f0000000200)='/dev/vsock\x00', 0x0, 0x0) socket$pptp(0x18, 0x1, 0x2) openat$sequencer(0xffffffffffffff9c, 0x0, 0x801, 0x0) inotify_init1(0x0) poll(0x0, 0x0, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer\x00', 0x801, 0x0) syz_open_dev$vivid(&(0x7f0000000540)='/dev/video#\x00', 0x0, 0x2) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000380)={[0x0, 0xf0, 0xfffffffffffffffc, 0x1, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) [ 1842.514081] FAT-fs (loop5): bogus number of reserved sectors [ 1842.527153] FAT-fs (loop5): Can't find a valid FAT filesystem 11:39:11 executing program 1: socket$nl_xfrm(0x10, 0x3, 0x6) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x20}, 0x0) write(0xffffffffffffffff, 0x0, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff}) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', 0x0, 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x0, 0x0) 11:39:12 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) getpid() sched_setattr(0x0, 0x0, 0x0) r0 = open(&(0x7f0000000040)='./bus\x00', 0x8001141042, 0x0) write(r0, &(0x7f0000000000)="b6", 0xfffffe7e) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000480)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{0x0}], 0x0, 0x0) 11:39:12 executing program 0: r0 = getpid() r1 = openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) lseek(r1, 0x1, 0x0) sched_setscheduler(r0, 0x5, &(0x7f0000000380)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, &(0x7f0000000200)='/dev/vsock\x00', 0x0, 0x0) poll(0x0, 0x0, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000380)={[0x0, 0xf0, 0xfffffffffffffffc, 0x1, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) 11:39:12 executing program 3: socket$nl_xfrm(0x10, 0x3, 0x6) prlimit64(0x0, 0x0, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x20}, 0x0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x8001141042, 0x0) add_key$user(0x0, &(0x7f0000000040)={'syz', 0x0}, &(0x7f0000000280)='f', 0x1, 0xfffffffffffffffd) keyctl$clear(0x7, 0x0) request_key(0x0, &(0x7f0000000180)={'syz', 0x0}, 0x0, 0x0) write(r1, &(0x7f0000000000)="b6", 0xfffffe7e) pipe(&(0x7f00000001c0)={0xffffffffffffffff}) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) ioctl$TCSETXW(0xffffffffffffffff, 0x5435, &(0x7f00000000c0)={0x0, 0x0, [0x0, 0x0, 0x6, 0x2], 0x8}) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000480)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x0, 0x0) [ 1843.287097] FAT-fs (loop5): bogus number of reserved sectors [ 1843.297573] FAT-fs (loop5): Can't find a valid FAT filesystem 11:39:12 executing program 1: socket$nl_xfrm(0x10, 0x3, 0x6) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x20}, 0x0) write(0xffffffffffffffff, 0x0, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff}) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', 0x0, 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x0, 0x0) 11:39:13 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) getpid() sched_setattr(0x0, 0x0, 0x0) r0 = open(&(0x7f0000000040)='./bus\x00', 0x8001141042, 0x0) write(r0, &(0x7f0000000000)="b6", 0xfffffe7e) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000480)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{0x0}], 0x0, 0x0) 11:39:13 executing program 0: r0 = getpid() r1 = openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) lseek(r1, 0x1, 0x0) sched_setscheduler(r0, 0x5, &(0x7f0000000380)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, &(0x7f0000000200)='/dev/vsock\x00', 0x0, 0x0) poll(0x0, 0x0, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000380)={[0x0, 0xf0, 0xfffffffffffffffc, 0x1, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) [ 1844.198554] FAT-fs (loop5): bogus number of reserved sectors [ 1844.204678] FAT-fs (loop5): Can't find a valid FAT filesystem 11:39:13 executing program 4: r0 = getpid() r1 = openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) lseek(r1, 0x1, 0x0) sched_setscheduler(r0, 0x5, &(0x7f0000000380)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, &(0x7f0000000200)='/dev/vsock\x00', 0x0, 0x0) poll(0x0, 0x0, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000380)={[0x0, 0xf0, 0xfffffffffffffffc, 0x1, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) 11:39:13 executing program 2: r0 = getpid() r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/schedstat\x00', 0x0, 0x0) lseek(r1, 0x1, 0x0) sendmsg$NFNL_MSG_CTHELPER_NEW(r1, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000080)={&(0x7f0000000240)={0x4c, 0x0, 0x9, 0x3, 0x0, 0x0, {0x0, 0x0, 0x8}, [@NFCTH_NAME={0x9, 0x1, 'syz0\x00'}, @NFCTH_NAME={0x9, 0x1, 'syz0\x00'}, @NFCTH_STATUS={0x8}, @NFCTH_TUPLE={0xc, 0x2, [@CTA_TUPLE_ZONE={0x6}]}, @NFCTH_NAME={0x9, 0x1, 'syz0\x00'}]}, 0x4c}}, 0x8011) sched_setscheduler(r0, 0x5, &(0x7f0000000380)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, &(0x7f0000000200)='/dev/vsock\x00', 0x0, 0x0) socket$pptp(0x18, 0x1, 0x2) openat$sequencer(0xffffffffffffff9c, 0x0, 0x801, 0x0) inotify_init1(0x0) poll(0x0, 0x0, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer\x00', 0x801, 0x0) syz_open_dev$vivid(&(0x7f0000000540)='/dev/video#\x00', 0x0, 0x2) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000380)={[0x0, 0xf0, 0xfffffffffffffffc, 0x1, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) 11:39:13 executing program 1: socket$nl_xfrm(0x10, 0x3, 0x6) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x20}, 0x0) write(0xffffffffffffffff, 0x0, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff}) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', 0x0, 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x0, 0x0) 11:39:13 executing program 3: socket$nl_xfrm(0x10, 0x3, 0x6) prlimit64(0x0, 0x0, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x20}, 0x0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x8001141042, 0x0) add_key$user(0x0, &(0x7f0000000040)={'syz', 0x0}, &(0x7f0000000280)='f', 0x1, 0xfffffffffffffffd) keyctl$clear(0x7, 0x0) request_key(0x0, &(0x7f0000000180)={'syz', 0x0}, 0x0, 0x0) write(r1, &(0x7f0000000000)="b6", 0xfffffe7e) pipe(&(0x7f00000001c0)={0xffffffffffffffff}) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) ioctl$TCSETXW(0xffffffffffffffff, 0x5435, &(0x7f00000000c0)={0x0, 0x0, [0x0, 0x0, 0x6, 0x2], 0x8}) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000480)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x0, 0x0) 11:39:13 executing program 0: r0 = getpid() r1 = openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) lseek(r1, 0x1, 0x0) sched_setscheduler(r0, 0x5, &(0x7f0000000380)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, &(0x7f0000000200)='/dev/vsock\x00', 0x0, 0x0) poll(0x0, 0x0, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000380)={[0x0, 0xf0, 0xfffffffffffffffc, 0x1, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) 11:39:13 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) getpid() sched_setattr(0x0, 0x0, 0x0) r0 = open(&(0x7f0000000040)='./bus\x00', 0x8001141042, 0x0) write(r0, &(0x7f0000000000)="b6", 0xfffffe7e) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000480)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{0x0}], 0x0, 0x0) [ 1844.908454] FAT-fs (loop5): bogus number of reserved sectors [ 1844.936935] FAT-fs (loop5): Can't find a valid FAT filesystem 11:39:14 executing program 2: r0 = getpid() r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/schedstat\x00', 0x0, 0x0) lseek(r1, 0x1, 0x0) sendmsg$NFNL_MSG_CTHELPER_NEW(r1, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000080)={&(0x7f0000000240)={0x4c, 0x0, 0x9, 0x3, 0x0, 0x0, {0x0, 0x0, 0x8}, [@NFCTH_NAME={0x9, 0x1, 'syz0\x00'}, @NFCTH_NAME={0x9, 0x1, 'syz0\x00'}, @NFCTH_STATUS={0x8}, @NFCTH_TUPLE={0xc, 0x2, [@CTA_TUPLE_ZONE={0x6}]}, @NFCTH_NAME={0x9, 0x1, 'syz0\x00'}]}, 0x4c}}, 0x8011) sched_setscheduler(r0, 0x5, &(0x7f0000000380)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, &(0x7f0000000200)='/dev/vsock\x00', 0x0, 0x0) socket$pptp(0x18, 0x1, 0x2) openat$sequencer(0xffffffffffffff9c, 0x0, 0x801, 0x0) inotify_init1(0x0) poll(0x0, 0x0, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer\x00', 0x801, 0x0) syz_open_dev$vivid(&(0x7f0000000540)='/dev/video#\x00', 0x0, 0x2) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000380)={[0x0, 0xf0, 0xfffffffffffffffc, 0x1, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) 11:39:14 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) getpid() sched_setattr(0x0, 0x0, 0x0) r0 = open(&(0x7f0000000040)='./bus\x00', 0x8001141042, 0x0) write(r0, &(0x7f0000000000)="b6", 0xfffffe7e) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000480)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)}], 0x0, 0x0) 11:39:14 executing program 0: r0 = getpid() r1 = openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) lseek(r1, 0x1, 0x0) sched_setscheduler(r0, 0x5, &(0x7f0000000380)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, &(0x7f0000000200)='/dev/vsock\x00', 0x0, 0x0) poll(0x0, 0x0, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000380)={[0x0, 0xf0, 0xfffffffffffffffc, 0x1, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) 11:39:14 executing program 1: socket$nl_xfrm(0x10, 0x3, 0x6) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x20}, 0x0) write(0xffffffffffffffff, 0x0, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff}) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000480)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x0, 0x0) 11:39:14 executing program 3: socket$nl_xfrm(0x10, 0x3, 0x6) prlimit64(0x0, 0xe, 0x0, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x20}, 0x0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x8001141042, 0x0) add_key$user(0x0, &(0x7f0000000040)={'syz', 0x0}, &(0x7f0000000280)='f', 0x1, 0xfffffffffffffffd) keyctl$clear(0x7, 0x0) request_key(0x0, &(0x7f0000000180)={'syz', 0x0}, 0x0, 0x0) write(r1, &(0x7f0000000000)="b6", 0xfffffe7e) pipe(&(0x7f00000001c0)={0xffffffffffffffff}) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) ioctl$TCSETXW(0xffffffffffffffff, 0x5435, &(0x7f00000000c0)={0x0, 0x0, [0x0, 0x0, 0x6, 0x2], 0x8}) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000480)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x0, 0x0) [ 1845.715899] FAT-fs (loop1): bogus number of reserved sectors [ 1845.721937] FAT-fs (loop1): Can't find a valid FAT filesystem [ 1845.909024] FAT-fs (loop5): bogus number of reserved sectors [ 1845.923180] FAT-fs (loop5): Can't find a valid FAT filesystem 11:39:15 executing program 4: r0 = getpid() r1 = openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) lseek(r1, 0x1, 0x0) sched_setscheduler(r0, 0x5, &(0x7f0000000380)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, &(0x7f0000000200)='/dev/vsock\x00', 0x0, 0x0) poll(0x0, 0x0, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000380)={[0x0, 0xf0, 0xfffffffffffffffc, 0x1, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) 11:39:15 executing program 1: socket$nl_xfrm(0x10, 0x3, 0x6) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x20}, 0x0) write(0xffffffffffffffff, 0x0, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff}) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000480)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x0, 0x0) 11:39:15 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) getpid() sched_setattr(0x0, 0x0, 0x0) r0 = open(&(0x7f0000000040)='./bus\x00', 0x8001141042, 0x0) write(r0, &(0x7f0000000000)="b6", 0xfffffe7e) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000480)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)}], 0x0, 0x0) [ 1846.519850] FAT-fs (loop1): bogus number of reserved sectors [ 1846.525808] FAT-fs (loop1): Can't find a valid FAT filesystem 11:39:15 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x20}, 0x0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x8001141042, 0x0) add_key$user(0x0, &(0x7f0000000040)={'syz', 0x0}, &(0x7f0000000280)='f', 0x1, 0xfffffffffffffffd) keyctl$clear(0x7, 0x0) request_key(0x0, &(0x7f0000000180)={'syz', 0x0}, 0x0, 0x0) write(r1, &(0x7f0000000000)="b6", 0xfffffe7e) pipe(&(0x7f00000001c0)={0xffffffffffffffff}) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) ioctl$TCSETXW(0xffffffffffffffff, 0x5435, &(0x7f00000000c0)={0x0, 0x0, [0x0, 0x0, 0x6, 0x2], 0x8}) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000480)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x0, 0x0) 11:39:16 executing program 3: socket$nl_xfrm(0x10, 0x3, 0x6) prlimit64(0x0, 0xe, 0x0, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x20}, 0x0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x8001141042, 0x0) add_key$user(0x0, &(0x7f0000000040)={'syz', 0x0}, &(0x7f0000000280)='f', 0x1, 0xfffffffffffffffd) keyctl$clear(0x7, 0x0) request_key(0x0, &(0x7f0000000180)={'syz', 0x0}, 0x0, 0x0) write(r1, &(0x7f0000000000)="b6", 0xfffffe7e) pipe(&(0x7f00000001c0)={0xffffffffffffffff}) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) ioctl$TCSETXW(0xffffffffffffffff, 0x5435, &(0x7f00000000c0)={0x0, 0x0, [0x0, 0x0, 0x6, 0x2], 0x8}) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000480)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x0, 0x0) [ 1846.906558] FAT-fs (loop5): bogus number of reserved sectors [ 1846.927104] FAT-fs (loop5): Can't find a valid FAT filesystem 11:39:16 executing program 1: socket$nl_xfrm(0x10, 0x3, 0x6) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x20}, 0x0) write(0xffffffffffffffff, 0x0, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff}) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000480)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x0, 0x0) 11:39:16 executing program 2: r0 = getpid() r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/schedstat\x00', 0x0, 0x0) lseek(r1, 0x1, 0x0) sendmsg$NFNL_MSG_CTHELPER_NEW(r1, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000080)={&(0x7f0000000240)={0x4c, 0x0, 0x9, 0x3, 0x0, 0x0, {0x0, 0x0, 0x8}, [@NFCTH_NAME={0x9, 0x1, 'syz0\x00'}, @NFCTH_NAME={0x9, 0x1, 'syz0\x00'}, @NFCTH_STATUS={0x8}, @NFCTH_TUPLE={0xc, 0x2, [@CTA_TUPLE_ZONE={0x6}]}, @NFCTH_NAME={0x9, 0x1, 'syz0\x00'}]}, 0x4c}}, 0x8011) sched_setscheduler(r0, 0x5, &(0x7f0000000380)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, &(0x7f0000000200)='/dev/vsock\x00', 0x0, 0x0) socket$pptp(0x18, 0x1, 0x2) openat$sequencer(0xffffffffffffff9c, 0x0, 0x801, 0x0) inotify_init1(0x0) poll(0x0, 0x0, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer\x00', 0x801, 0x0) syz_open_dev$vivid(&(0x7f0000000540)='/dev/video#\x00', 0x0, 0x2) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000380)={[0x0, 0xf0, 0xfffffffffffffffc, 0x1, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) [ 1847.415563] FAT-fs (loop1): bogus number of reserved sectors [ 1847.421672] FAT-fs (loop1): Can't find a valid FAT filesystem 11:39:16 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) getpid() sched_setattr(0x0, 0x0, 0x0) r0 = open(&(0x7f0000000040)='./bus\x00', 0x8001141042, 0x0) write(r0, &(0x7f0000000000)="b6", 0xfffffe7e) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000480)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)}], 0x0, 0x0) 11:39:16 executing program 0: r0 = getpid() sched_setscheduler(r0, 0x5, &(0x7f0000000380)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0xf0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) [ 1847.882572] FAT-fs (loop5): bogus number of reserved sectors [ 1847.888613] FAT-fs (loop5): Can't find a valid FAT filesystem 11:39:17 executing program 3: socket$nl_xfrm(0x10, 0x3, 0x6) prlimit64(0x0, 0xe, 0x0, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x20}, 0x0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x8001141042, 0x0) add_key$user(0x0, &(0x7f0000000040)={'syz', 0x0}, &(0x7f0000000280)='f', 0x1, 0xfffffffffffffffd) keyctl$clear(0x7, 0x0) request_key(0x0, &(0x7f0000000180)={'syz', 0x0}, 0x0, 0x0) write(r1, &(0x7f0000000000)="b6", 0xfffffe7e) pipe(&(0x7f00000001c0)={0xffffffffffffffff}) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) ioctl$TCSETXW(0xffffffffffffffff, 0x5435, &(0x7f00000000c0)={0x0, 0x0, [0x0, 0x0, 0x6, 0x2], 0x8}) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000480)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x0, 0x0) 11:39:17 executing program 1: socket$nl_xfrm(0x10, 0x3, 0x6) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x20}, 0x0) write(0xffffffffffffffff, 0x0, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff}) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000480)='./file0\x00', 0xe000, 0x0, 0x0, 0x0, 0x0) [ 1848.286462] FAT-fs (loop1): bogus number of reserved sectors [ 1848.292489] FAT-fs (loop1): Can't find a valid FAT filesystem 11:39:17 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) getpid() sched_setattr(0x0, 0x0, 0x0) r0 = open(&(0x7f0000000040)='./bus\x00', 0x8001141042, 0x0) write(r0, &(0x7f0000000000)="b6", 0xfffffe7e) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000480)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174", 0xb}], 0x0, 0x0) [ 1848.689459] FAT-fs (loop5): bogus number of reserved sectors [ 1848.706017] FAT-fs (loop5): Can't find a valid FAT filesystem 11:39:18 executing program 4: perf_event_open(&(0x7f0000000240)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$sock_inet_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f00000002c0)={0x750, {0x2, 0x0, @dev}, {0x2, 0x0, @dev}, {}, 0x0, 0x4000000000, 0x80000000000, 0xfffffffffffffffe, 0x4785, 0x0, 0x1798}) r0 = memfd_create(&(0x7f0000000340)='q\x05\x00\x00\x00\xdd\x035I\xa6\xc0\x10$\xabb\x00\x00\x00\x00\x00\x00\x01\xcb/S\xdc\xdd\x0e\a\x00\x005+\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xcc\xbf}\xdd\x00\x00\x00\x00\x00\x00\x00\a\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x8aC\x96\x8c\xd0\xe6\x83\xaaw\xaa\x93\xea\xa6\xcf \x8e\xa3]\xfe\x91u\x1d\x90\xa0Z\\Y\xc4dl\xfd|o\xde\x9e\xa5\x93h\x84\x8a\xd0\xce\xff\x80\xf3/\x16u\x15\x03\xfb\xc1$\x0f\xa6[d\xd9EC\xd6~-\xcd\tey\xa0\xa8\xd7\x88\xd2{vf5\xeaX\r\xea\xb1\x1d(xb\xe80\xa5\x8e\x97Mc\x17\xb4f\xb2\xeej)\xb4\xb5\xa8\x05\\f9v\x9e\xd8\x9fT\xf4\xafD\xbb\x96\xfe\xd2\f\xb1\x12\xe6\xa5n\x1e\x90r1G\x110\x99\x18\xee@\xb1F', 0x0) openat$bsg(0xffffffffffffff9c, &(0x7f0000000040)='/dev/bsg\x00', 0x0, 0x0) r1 = syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x1) r2 = dup2(r1, r0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000140)={0x0, 0x0, 0x0, 'queue1\x00'}) getsockopt$SO_TIMESTAMP(0xffffffffffffffff, 0x1, 0x0, 0x0, &(0x7f0000000480)) write$sndseq(r2, 0x0, 0x0) 11:39:18 executing program 2: r0 = getpid() r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/schedstat\x00', 0x0, 0x0) lseek(r1, 0x1, 0x0) sendmsg$NFNL_MSG_CTHELPER_NEW(r1, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000080)={&(0x7f0000000240)={0x4c, 0x0, 0x9, 0x3, 0x0, 0x0, {0x0, 0x0, 0x8}, [@NFCTH_NAME={0x9, 0x1, 'syz0\x00'}, @NFCTH_NAME={0x9, 0x1, 'syz0\x00'}, @NFCTH_STATUS={0x8}, @NFCTH_TUPLE={0xc, 0x2, [@CTA_TUPLE_ZONE={0x6}]}, @NFCTH_NAME={0x9, 0x1, 'syz0\x00'}]}, 0x4c}}, 0x8011) sched_setscheduler(r0, 0x5, &(0x7f0000000380)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, &(0x7f0000000200)='/dev/vsock\x00', 0x0, 0x0) socket$pptp(0x18, 0x1, 0x2) openat$sequencer(0xffffffffffffff9c, 0x0, 0x801, 0x0) inotify_init1(0x0) poll(0x0, 0x0, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer\x00', 0x801, 0x0) syz_open_dev$vivid(&(0x7f0000000540)='/dev/video#\x00', 0x0, 0x2) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0x0, 0xf0, 0xfffffffffffffffc, 0x1, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 11:39:18 executing program 1: socket$nl_xfrm(0x10, 0x3, 0x6) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x20}, 0x0) write(0xffffffffffffffff, 0x0, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff}) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000480)='./file0\x00', 0xe000, 0x0, 0x0, 0x0, 0x0) 11:39:18 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) getpid() sched_setattr(0x0, 0x0, 0x0) r0 = open(&(0x7f0000000040)='./bus\x00', 0x8001141042, 0x0) write(r0, &(0x7f0000000000)="b6", 0xfffffe7e) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000480)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174", 0xb}], 0x0, 0x0) 11:39:18 executing program 3: socket$nl_xfrm(0x10, 0x3, 0x6) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x0, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x20}, 0x0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x8001141042, 0x0) add_key$user(0x0, &(0x7f0000000040)={'syz', 0x0}, &(0x7f0000000280)='f', 0x1, 0xfffffffffffffffd) keyctl$clear(0x7, 0x0) request_key(0x0, &(0x7f0000000180)={'syz', 0x0}, 0x0, 0x0) write(r1, &(0x7f0000000000)="b6", 0xfffffe7e) pipe(&(0x7f00000001c0)={0xffffffffffffffff}) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) ioctl$TCSETXW(0xffffffffffffffff, 0x5435, &(0x7f00000000c0)={0x0, 0x0, [0x0, 0x0, 0x6, 0x2], 0x8}) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000480)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x0, 0x0) 11:39:18 executing program 4: perf_event_open(&(0x7f0000000240)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$sock_inet_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f00000002c0)={0x750, {0x2, 0x0, @dev}, {0x2, 0x0, @dev}, {}, 0x0, 0x4000000000, 0x80000000000, 0xfffffffffffffffe, 0x4785, 0x0, 0x1798}) r0 = memfd_create(&(0x7f0000000340)='q\x05\x00\x00\x00\xdd\x035I\xa6\xc0\x10$\xabb\x00\x00\x00\x00\x00\x00\x01\xcb/S\xdc\xdd\x0e\a\x00\x005+\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xcc\xbf}\xdd\x00\x00\x00\x00\x00\x00\x00\a\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x8aC\x96\x8c\xd0\xe6\x83\xaaw\xaa\x93\xea\xa6\xcf \x8e\xa3]\xfe\x91u\x1d\x90\xa0Z\\Y\xc4dl\xfd|o\xde\x9e\xa5\x93h\x84\x8a\xd0\xce\xff\x80\xf3/\x16u\x15\x03\xfb\xc1$\x0f\xa6[d\xd9EC\xd6~-\xcd\tey\xa0\xa8\xd7\x88\xd2{vf5\xeaX\r\xea\xb1\x1d(xb\xe80\xa5\x8e\x97Mc\x17\xb4f\xb2\xeej)\xb4\xb5\xa8\x05\\f9v\x9e\xd8\x9fT\xf4\xafD\xbb\x96\xfe\xd2\f\xb1\x12\xe6\xa5n\x1e\x90r1G\x110\x99\x18\xee@\xb1F', 0x0) openat$bsg(0xffffffffffffff9c, &(0x7f0000000040)='/dev/bsg\x00', 0x0, 0x0) r1 = syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x1) r2 = dup2(r1, r0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000140)={0x0, 0x0, 0x0, 'queue1\x00'}) getsockopt$SO_TIMESTAMP(0xffffffffffffffff, 0x1, 0x0, 0x0, &(0x7f0000000480)) write$sndseq(r2, 0x0, 0x0) [ 1849.154361] FAT-fs (loop1): bogus number of reserved sectors [ 1849.160291] FAT-fs (loop1): Can't find a valid FAT filesystem 11:39:18 executing program 4: socket$nl_xfrm(0x10, 0x3, 0x6) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x20}, 0x0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x8001141042, 0x0) add_key$user(0x0, &(0x7f0000000040)={'syz', 0x0}, &(0x7f0000000280)='f', 0x1, 0xfffffffffffffffd) keyctl$clear(0x7, 0x0) request_key(0x0, &(0x7f0000000180)={'syz', 0x0}, 0x0, 0x0) write(r1, &(0x7f0000000000)="b6", 0xfffffe7e) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0) dup3(r4, r5, 0x0) ioctl$TCSETXW(0xffffffffffffffff, 0x5435, &(0x7f00000000c0)={0x0, 0x0, [0x0, 0x0, 0x6, 0x2], 0x8}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) setsockopt$netlink_NETLINK_LISTEN_ALL_NSID(0xffffffffffffffff, 0x10e, 0x8, 0x0, 0x0) r6 = syz_open_dev$evdev(&(0x7f000004a000)='/dev/input/event#\x00', 0x0, 0x0) ioctl$EVIOCGMASK(r6, 0x80104592, 0x0) r7 = syz_open_dev$evdev(&(0x7f000004a000)='/dev/input/event#\x00', 0x0, 0x0) dup3(r6, r7, 0x0) timer_create(0x2, &(0x7f0000000140)={0x0, 0x40, 0x4, @thr={&(0x7f0000000580)="40e8f4d944f7e1c1b2c4bdc97f652bb2dcf1673c6c9ba8eab8691f554c97198fcc104508eca9abf3fcd24578c5d93cec3acc8ece8ae818d8bd0a0a86c44aa0bd8ca6306afdabf2e503851b3e5ac7be555cf44b6d0cfeffa4ab9545007ba62022748a8728e8d27102b3882f39228b71b2380c68ae57e6d673d27e974e810a16a5c553e3af5a919e98a6a40be53a46eb6cb710f48237a8a415768454bee036e81272420b3d5acc92fcf005569e7245cdeaad5b49eba76819455c1b737d06e6c067904de37d0d235746cce497aab8ebe8302a533562d10a3c802bbc5209825d2f31aaa15d12a379ef1012bacb4ba58961e903b7553a54b09bb425a64116e3bc8b9fc622bf45b5baadb939c36cb288f85e62d177292c6f716473681e4ec1edec12cc615f3e62ffefc23dc7842e5966771af7d7eb73cbf6429e40987b99e1ca8e085edbc1364264b25872e952932083b9f0e6528d7fda4ed4f227255873016bd1df08cc71c4679023bf02ecf9f2431ca55d94d73dcdd1abc0df2c67cf78fecf1a72c027037719d1e2ae311ce75c9b0815bb0d5a727b8fc92e6684451cabef4b8417c83b13a73733f79644c2aaab8d30f7a0b2bad37f8f65557f947c862fed8c3622b57e537851116611907387aa533e85fcfadd88cc7ac85a1504f6e7a562a1d35a4ae4d4a06eb7c0f7f96fc7a256f7088da5dbfc6bb472750511928ff1496808b64baec9e4fcee20bfead008548c912a871c7e6483b271b46f323d212cd94f9c58fbd0ba0ea4a8d98f0a4bfc69cee96a474953dbfbc9bc67693c733a26d5c5773f5b941feca32adb1d8c9786d1ec30d188e3c582e94c41d2492eb055de51bd11d231ce4666c3d13095a4ece221f3669683bcf933ad3002380e786b0c4f3fda353529a41c45ba7b57b3dcfeac483dd80c06ac8cb5d20201eabb6c3b276e21e6a9d247b48bdc793bbb136a0a605b06b60ad973bd8781b335329b42d907aa27345019143c41fb6762d658331cacc05178fee85ac1e702cf37e7d9e30f0ad62c5e542ac24ec037270c67f2bba801cde0a98d40115bd957d8175cd66e7ec385828ce01affe7e73ac6800472f516e92e648f35f363a7f7b48c6507661c0644855a725292176a62e190d6c8fb3b16d4cce5c537cc834f051ddfaee55abbc79e05ec2b189cf1eab1ee9f42ab777cf63f86cc5e26604213e95a4153c68f4333d99db5a9bb704f0584c89f06ef8b82f21c0766491c73a3a9f873d53535a3fec33aa30fe07863e51b3796ad1fc475d5fc9a65b5b6f42d0c1517e83cfd19974b58988e12cce06be26ec3f737b4595da5becf48f1dad78f24d434652b4e2de338c37d62c6d79612a5e581ee11d7f534883ccc4ac6cd91e5f1520a12a7274203c00394aa906cebbe0f5e3900d3b2e519f5cb6ba6de4119628534c950005572ec38d853f11965c0557b2502118ad0aea098182951b67a2d92d5d266779f1c0098ee7c46d6bb9ab1ea71b71f48c6f27698d9a3b197c3df6e4c70a037ddaaeaebcdf123bc376eb81f82b158f074d4a0a6dec98369f4fdf4b9be77ee5565601448bc0a0ce888efd514710e0cf8e6496213b0604b87652fe030d8efb3883739547621c9a41ef65702a217445eb89c1bafc540effa2d088d7a27c1b6c0170052148901e910236f2a2df650c22c02bb12181ba62fd22a84bee455c3306557103809fd870dfa9c200502ad085e6b3bf7375be3d1cf1be471c85d5b520bd993b1f04ae56da0948b0c24fc02bb890e97c58dfedb1f016d4bd2829c73974bc5303b01be6e51551d398d8c871461171011438cbc69ddf6993359a7243e331203a6b646bc6cf17aa0c35185069442cf16ceced9767533b59b3c974fb9830cab58b9ef7fadcc5aa7e47addf6180a309a31d75fe911dda675f3f19ce0fbf831de8bafc98b3077145c8c08ec81dd0fb8a55f281ce664873dd3f43b4c1824c8781806c0854b51c82fb7a4d0e1d8817348435194180d024fb1389e7103bc8ecf2667497b974a000980078e001934a61619ac68aeb643fe8c06f82896efcd508d3864ac87440fd9a85ed90970e02e7a55a4c8b52df716289580792a020269227651b256de112d6dffe1950abff45141c0406d436f40d1b5c0ba6a3af941c2192a0fd0a1f6d4c2a79627779afb5e9f630755060fbc67ef5b1b131024652a68631738364b763c91b99fa2a074fbf9313e36e41993f2b88d3cf0f42d47ea891e16eb8594d92975f61c7935364a45cc033a78936ae5598da265c7c226138a581e0f7b8f656482d8b45bfd157fc9e40b01a0517457e09c39993ad1102d86ddbf67af70e48b0cd6c838e6fd76ba19cbf6e7ca0f392f384e8677c2e9a1d3683c94c146cee4e87a2e3e03f9cf41d5f4d5dfbcdc11817e57bd5038f0ded2037183fd0eee648e0802cd0fcb8bba9712e0b186c5e2c29b445c92d0a6228908a9606f9fc05e53445851ec674b8c495e24982059040c39baaf6af3fac0f3adefdcc2134c6f790376018443c2555bb7a9cb8da9236eb869ec3cd25c09ecdd4ec5faa11fba42f42638ba5e1ff571ede3280dac456b2d156c75a47142ad98758b6fbd85e5c3568c9042beac45e30273a99188b8530e8621d275932c9eb774d13b7ba2821dc86976d2c4589b205b4b11b71cdf5fa016e0327092a076a70e941e39f4aeb2238c2f40d46378fd97e3f6052b4cb0f0d763c5fbf23ffb5adab03fad1ab311f7b11ab06ad6bb92e928ce34441d91854d4532accc776915c0d91750e09f4535c791b6dab40eef0c2d204981af053b5f0c5e04db1da70aed301eb47352c98e8b4d2cc9aa8d5adaa105e1dd216f5240ad7a42472134a79796ec6af96a9b3e81fc969bdde8d432a1042b023dfaca73b57ddcdb47f38593afdfb03b87c0e261afd1617d7774fbf1cd98c3176be2943c27cf6a824d359798efede855351e066d5c5310aeae8da4661fcc8383701a985720797d7a370516ccfe852eed1798c22e13cb82fa1627b030a2168a01615f0af9b2159ee0bc2b70ccd8d3150210b66624c740448a087af86ba7dd16b239c834c0da68aaab54ca6525edf76ab6251fe7fa58939a7af57ab181861924d0d1ccb8e351fd56c3b45529fe41a0ec76cb34fc0643a410a66442275cddcd98988e734ef61e0e19d293562b2965d0a867b98352c032c13dcbc5b44b023216c4f9579a71c983a857441393bac78a13f08c59a00b1126a9ea0f048eef189012c42b6df339dc1475d27557b9f956b0f8c27b3a2ed99d772700d9ea3657149bb1adbf06127b79748f82e842593697362a2a94bd8e6c9de6883e0a42ac89dcf141d94fa1c2676592f57369b3bbc75f1689bf7d4463c88733e28cc9e9b0088dce83c9f042734f6cf9a175a668ce919d6d757394ee3fadd0f354345823b052a98636f20b74fd998f327485afb81de66d101820c44bae54a37e5f4d6d02e05ba8e49a3d4db998c8788211e6a900164c2614b3b7dc44a2073485d31a1f2d2b28ed56dcc147c1dceb18e6a345268797b3bafc5375a62cadad42a5d131a601d32b8fa162678b5dbfae9f702399a091c1a68afd8cf1743805b524da7a5a72f47e6a755a733cbfc09ebd9c9674ee1dbcd105592e50ecdc7c4e937e11db0788500cc7e862de180bfdea3415fd848505b507dd6102cccf613359dc0a05c2bc4b92d0b411393b0b08b52de0ad4b60cb852b77532072ddabd3b93c01e9622890515188ed6863418cfd780ed77e050fbed4bd6f43b76c7ebe50b124d5fe3d5b1eed1a64c05e35308cdf76837bd59f5ed6828ebb4941966e8c28297a6bf6e24222343c5c84063a939b90dee305751dfcd9857318ad592d128755e67cc7dc44050bfcd1b147ee3d9fb4193b4f9cba4a23b4d74a9ef701c16cdfd1fd2801b3592b2d4da17f035a971306ae6f606e87aa4f7c867167f918870b198dab44b906320b9d8e1a43422da3215cc240f1e80622313e0fc71d7cab1646e907f3bca40041a71a535fe32de226c6e97a50ca45b18d2bad9adf7b362db80b45d28e50aa67d63a504bba00090f78c6c527fca42260b35d06cfdf4d973e242ac765a8c13e06563570d0131b90e432370919c6f319165f349de80b4ade9d6025bdc62c52ac4fa506e9a80a1483de691a3dc5632c9e498ebf43604650fbf68960c44a6de320615dde68192e17973a8370be2eeb91dffdeb56acd6ef03bb9a8ff910dff3a76b3858a9c5c3357ba67bddf603c9c835e8c07eb9ab73cb624eb464b133a258e91f8f0e7e7cd7889c477e37b37853cf96b73327dfdae56b88ed1373b7d7525dc404ece7f8bd7f67cc0fddb3c459d22674bd3c1818b49ea5666957e05bfea16547256dd93d506b3af00bd388d78dabe4dfd58ba486cda2ea129d29369c6d1528fd0dea83bfd1af6e0a0bd7902097a3923def1b8a6fdae20c608b069c693afe2cb1c9fddb0dcffb4e49c2f2b261e98803665dd57a45522ca11974be341e14856859722af166bdedf5d333407c7931bab16067a9d32b0b9eb0e77686ab397b711f3f36a40c4a0bd631fa62343194687a784e906bc229639491823709182e43776aed7b42267ca7fd5edd6c1fdc1bf789eeca257048177e8332793313fa9b46b4ee9d34251c9ca6c5d78bc184e5f191aa25d4bfbfede5010a92d1deddecc4dca2ce3a8c99764a131742f08e27a70e47b535623921e8c17d309814263cf03a193f4eed50014123148550ed55a7f695753af001016f918d149b0a32f1cc3f67a98bd3e6922eb6d2d46f21ee6d353c3d4bdc769685b83a00454316672392e3a9ad42e84c44212628fef5254e8e2f28f92c7aef14b7eb2e191c9719caf5d8399b69dc45a8679e7c9598b210cefc9b841d996450ad0bff559f009c692b00eb4cc14cc00a5cc83de32476c59ebaf7ee4c7060771542a0e901131aea23c839875ef9fa113bb655e7a132f977af2166694122470a6a8303da76c465b2473c7bcc4599e223db9a19cb7631bf8897b6589c2d3861aae18ce7c3e55ffded16d3814ae4aa3cfe8d46351d9e56fe2f212a0c624daaf2c734ae3878f02220031bfe8a1d21b8ee3b5ca09b91cbae84b3ac3e900333f304e27437aecebbed97dfe89fa2ba592a37cd24109110ee0e659c3751b02880b8bb78228a1aba0d91b740f70e02e0ec138fa8a07b836cb1f77fac0f2544d6573c7cd3b6a5885c39dac7a45b8fa56f8b279a92c2158291297e855787249e7eb0c7474ebb1a330b25493783c4adf83237f133c1625d988ebe274f6fa67503900ce365defdf97753adbe0783262ac19358876f8c28df3f7bf7d00e6834e6bbebe84881fe77998bd02cf45e9a9124df9b8855a7b063ddaef54133b25b857a7df746775493844244edf682cf70700e3c03d6a9a980e91830f30df1362ee87808b3df4d25b44d1eb2f84602ea8fb25933259091225db5aff05ef497207fe1871e67391841dc068211e3a84932b72cdf528b9f79a8f37fa95dca6b61b36e6ba92388abead45da2e3d07ff5ef18f76e162e9ded5c5a89b3ae24900521a9fa308536a9ee34c9c50bda9c6c2d2f2817c135623410717bcac106a6ca7f4e601791b1379c0400618b94c485141e3e198f8978f1dee659521a344e49eaddf9b8597231e3357083ceaa57e715d28e036b65d6c907e739b9254d2a411a9d7bacb32cd2b559e98d85015fa1e0cb6d95136728332abff4875224c6a6df380765c5a66e688dbf63b921baf85d6fdc049542cf1b878566c9b992375ef04c8027126d486e2a67fc89743621bec38a02310627dc59f7210067acda", &(0x7f0000000200)="a305532a3f7999b119c37547d89b8de1b9896622594a68bb5c5463001c3c1d77204d881568d2c96d847c80c30024897f676c422a684fc941edf40832e8e962a3d7006ed5f41f3a217b787c48e0248f37eb2614b32525c5f8bba35762dd6f2665a66b671bb1e2d4565239"}}, &(0x7f00000002c0)=0x0) timer_getoverrun(r8) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000480)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x0, 0x0) [ 1849.629965] FAT-fs (loop5): bogus number of reserved sectors [ 1849.783079] FAT-fs (loop5): Can't find a valid FAT filesystem 11:39:19 executing program 1: socket$nl_xfrm(0x10, 0x3, 0x6) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x20}, 0x0) write(0xffffffffffffffff, 0x0, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff}) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000480)='./file0\x00', 0xe000, 0x0, 0x0, 0x0, 0x0) [ 1850.042721] FAT-fs (loop1): bogus number of reserved sectors [ 1850.048615] FAT-fs (loop1): Can't find a valid FAT filesystem 11:39:19 executing program 0: socket$nl_xfrm(0x10, 0x3, 0x6) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x20}, 0x0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x8001141042, 0x0) add_key$user(0x0, &(0x7f0000000040)={'syz', 0x0}, &(0x7f0000000280)='f', 0x1, 0xfffffffffffffffd) keyctl$clear(0x7, 0x0) request_key(0x0, &(0x7f0000000180)={'syz', 0x0}, 0x0, 0x0) write(r1, &(0x7f0000000000)="b6", 0xfffffe7e) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0) dup3(r4, r5, 0x0) ioctl$TCSETXW(0xffffffffffffffff, 0x5435, &(0x7f00000000c0)={0x0, 0x0, [0x0, 0x0, 0x6, 0x2], 0x8}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) setsockopt$netlink_NETLINK_LISTEN_ALL_NSID(0xffffffffffffffff, 0x10e, 0x8, 0x0, 0x0) r6 = syz_open_dev$evdev(&(0x7f000004a000)='/dev/input/event#\x00', 0x0, 0x0) ioctl$EVIOCGMASK(r6, 0x80104592, 0x0) r7 = syz_open_dev$evdev(&(0x7f000004a000)='/dev/input/event#\x00', 0x0, 0x0) dup3(r6, r7, 0x0) timer_create(0x2, &(0x7f0000000140)={0x0, 0x40, 0x4, @thr={&(0x7f0000000580)="40e8f4d944f7e1c1b2c4bdc97f652bb2dcf1673c6c9ba8eab8691f554c97198fcc104508eca9abf3fcd24578c5d93cec3acc8ece8ae818d8bd0a0a86c44aa0bd8ca6306afdabf2e503851b3e5ac7be555cf44b6d0cfeffa4ab9545007ba62022748a8728e8d27102b3882f39228b71b2380c68ae57e6d673d27e974e810a16a5c553e3af5a919e98a6a40be53a46eb6cb710f48237a8a415768454bee036e81272420b3d5acc92fcf005569e7245cdeaad5b49eba76819455c1b737d06e6c067904de37d0d235746cce497aab8ebe8302a533562d10a3c802bbc5209825d2f31aaa15d12a379ef1012bacb4ba58961e903b7553a54b09bb425a64116e3bc8b9fc622bf45b5baadb939c36cb288f85e62d177292c6f716473681e4ec1edec12cc615f3e62ffefc23dc7842e5966771af7d7eb73cbf6429e40987b99e1ca8e085edbc1364264b25872e952932083b9f0e6528d7fda4ed4f227255873016bd1df08cc71c4679023bf02ecf9f2431ca55d94d73dcdd1abc0df2c67cf78fecf1a72c027037719d1e2ae311ce75c9b0815bb0d5a727b8fc92e6684451cabef4b8417c83b13a73733f79644c2aaab8d30f7a0b2bad37f8f65557f947c862fed8c3622b57e537851116611907387aa533e85fcfadd88cc7ac85a1504f6e7a562a1d35a4ae4d4a06eb7c0f7f96fc7a256f7088da5dbfc6bb472750511928ff1496808b64baec9e4fcee20bfead008548c912a871c7e6483b271b46f323d212cd94f9c58fbd0ba0ea4a8d98f0a4bfc69cee96a474953dbfbc9bc67693c733a26d5c5773f5b941feca32adb1d8c9786d1ec30d188e3c582e94c41d2492eb055de51bd11d231ce4666c3d13095a4ece221f3669683bcf933ad3002380e786b0c4f3fda353529a41c45ba7b57b3dcfeac483dd80c06ac8cb5d20201eabb6c3b276e21e6a9d247b48bdc793bbb136a0a605b06b60ad973bd8781b335329b42d907aa27345019143c41fb6762d658331cacc05178fee85ac1e702cf37e7d9e30f0ad62c5e542ac24ec037270c67f2bba801cde0a98d40115bd957d8175cd66e7ec385828ce01affe7e73ac6800472f516e92e648f35f363a7f7b48c6507661c0644855a725292176a62e190d6c8fb3b16d4cce5c537cc834f051ddfaee55abbc79e05ec2b189cf1eab1ee9f42ab777cf63f86cc5e26604213e95a4153c68f4333d99db5a9bb704f0584c89f06ef8b82f21c0766491c73a3a9f873d53535a3fec33aa30fe07863e51b3796ad1fc475d5fc9a65b5b6f42d0c1517e83cfd19974b58988e12cce06be26ec3f737b4595da5becf48f1dad78f24d434652b4e2de338c37d62c6d79612a5e581ee11d7f534883ccc4ac6cd91e5f1520a12a7274203c00394aa906cebbe0f5e3900d3b2e519f5cb6ba6de4119628534c950005572ec38d853f11965c0557b2502118ad0aea098182951b67a2d92d5d266779f1c0098ee7c46d6bb9ab1ea71b71f48c6f27698d9a3b197c3df6e4c70a037ddaaeaebcdf123bc376eb81f82b158f074d4a0a6dec98369f4fdf4b9be77ee5565601448bc0a0ce888efd514710e0cf8e6496213b0604b87652fe030d8efb3883739547621c9a41ef65702a217445eb89c1bafc540effa2d088d7a27c1b6c0170052148901e910236f2a2df650c22c02bb12181ba62fd22a84bee455c3306557103809fd870dfa9c200502ad085e6b3bf7375be3d1cf1be471c85d5b520bd993b1f04ae56da0948b0c24fc02bb890e97c58dfedb1f016d4bd2829c73974bc5303b01be6e51551d398d8c871461171011438cbc69ddf6993359a7243e331203a6b646bc6cf17aa0c35185069442cf16ceced9767533b59b3c974fb9830cab58b9ef7fadcc5aa7e47addf6180a309a31d75fe911dda675f3f19ce0fbf831de8bafc98b3077145c8c08ec81dd0fb8a55f281ce664873dd3f43b4c1824c8781806c0854b51c82fb7a4d0e1d8817348435194180d024fb1389e7103bc8ecf2667497b974a000980078e001934a61619ac68aeb643fe8c06f82896efcd508d3864ac87440fd9a85ed90970e02e7a55a4c8b52df716289580792a020269227651b256de112d6dffe1950abff45141c0406d436f40d1b5c0ba6a3af941c2192a0fd0a1f6d4c2a79627779afb5e9f630755060fbc67ef5b1b131024652a68631738364b763c91b99fa2a074fbf9313e36e41993f2b88d3cf0f42d47ea891e16eb8594d92975f61c7935364a45cc033a78936ae5598da265c7c226138a581e0f7b8f656482d8b45bfd157fc9e40b01a0517457e09c39993ad1102d86ddbf67af70e48b0cd6c838e6fd76ba19cbf6e7ca0f392f384e8677c2e9a1d3683c94c146cee4e87a2e3e03f9cf41d5f4d5dfbcdc11817e57bd5038f0ded2037183fd0eee648e0802cd0fcb8bba9712e0b186c5e2c29b445c92d0a6228908a9606f9fc05e53445851ec674b8c495e24982059040c39baaf6af3fac0f3adefdcc2134c6f790376018443c2555bb7a9cb8da9236eb869ec3cd25c09ecdd4ec5faa11fba42f42638ba5e1ff571ede3280dac456b2d156c75a47142ad98758b6fbd85e5c3568c9042beac45e30273a99188b8530e8621d275932c9eb774d13b7ba2821dc86976d2c4589b205b4b11b71cdf5fa016e0327092a076a70e941e39f4aeb2238c2f40d46378fd97e3f6052b4cb0f0d763c5fbf23ffb5adab03fad1ab311f7b11ab06ad6bb92e928ce34441d91854d4532accc776915c0d91750e09f4535c791b6dab40eef0c2d204981af053b5f0c5e04db1da70aed301eb47352c98e8b4d2cc9aa8d5adaa105e1dd216f5240ad7a42472134a79796ec6af96a9b3e81fc969bdde8d432a1042b023dfaca73b57ddcdb47f38593afdfb03b87c0e261afd1617d7774fbf1cd98c3176be2943c27cf6a824d359798efede855351e066d5c5310aeae8da4661fcc8383701a985720797d7a370516ccfe852eed1798c22e13cb82fa1627b030a2168a01615f0af9b2159ee0bc2b70ccd8d3150210b66624c740448a087af86ba7dd16b239c834c0da68aaab54ca6525edf76ab6251fe7fa58939a7af57ab181861924d0d1ccb8e351fd56c3b45529fe41a0ec76cb34fc0643a410a66442275cddcd98988e734ef61e0e19d293562b2965d0a867b98352c032c13dcbc5b44b023216c4f9579a71c983a857441393bac78a13f08c59a00b1126a9ea0f048eef189012c42b6df339dc1475d27557b9f956b0f8c27b3a2ed99d772700d9ea3657149bb1adbf06127b79748f82e842593697362a2a94bd8e6c9de6883e0a42ac89dcf141d94fa1c2676592f57369b3bbc75f1689bf7d4463c88733e28cc9e9b0088dce83c9f042734f6cf9a175a668ce919d6d757394ee3fadd0f354345823b052a98636f20b74fd998f327485afb81de66d101820c44bae54a37e5f4d6d02e05ba8e49a3d4db998c8788211e6a900164c2614b3b7dc44a2073485d31a1f2d2b28ed56dcc147c1dceb18e6a345268797b3bafc5375a62cadad42a5d131a601d32b8fa162678b5dbfae9f702399a091c1a68afd8cf1743805b524da7a5a72f47e6a755a733cbfc09ebd9c9674ee1dbcd105592e50ecdc7c4e937e11db0788500cc7e862de180bfdea3415fd848505b507dd6102cccf613359dc0a05c2bc4b92d0b411393b0b08b52de0ad4b60cb852b77532072ddabd3b93c01e9622890515188ed6863418cfd780ed77e050fbed4bd6f43b76c7ebe50b124d5fe3d5b1eed1a64c05e35308cdf76837bd59f5ed6828ebb4941966e8c28297a6bf6e24222343c5c84063a939b90dee305751dfcd9857318ad592d128755e67cc7dc44050bfcd1b147ee3d9fb4193b4f9cba4a23b4d74a9ef701c16cdfd1fd2801b3592b2d4da17f035a971306ae6f606e87aa4f7c867167f918870b198dab44b906320b9d8e1a43422da3215cc240f1e80622313e0fc71d7cab1646e907f3bca40041a71a535fe32de226c6e97a50ca45b18d2bad9adf7b362db80b45d28e50aa67d63a504bba00090f78c6c527fca42260b35d06cfdf4d973e242ac765a8c13e06563570d0131b90e432370919c6f319165f349de80b4ade9d6025bdc62c52ac4fa506e9a80a1483de691a3dc5632c9e498ebf43604650fbf68960c44a6de320615dde68192e17973a8370be2eeb91dffdeb56acd6ef03bb9a8ff910dff3a76b3858a9c5c3357ba67bddf603c9c835e8c07eb9ab73cb624eb464b133a258e91f8f0e7e7cd7889c477e37b37853cf96b73327dfdae56b88ed1373b7d7525dc404ece7f8bd7f67cc0fddb3c459d22674bd3c1818b49ea5666957e05bfea16547256dd93d506b3af00bd388d78dabe4dfd58ba486cda2ea129d29369c6d1528fd0dea83bfd1af6e0a0bd7902097a3923def1b8a6fdae20c608b069c693afe2cb1c9fddb0dcffb4e49c2f2b261e98803665dd57a45522ca11974be341e14856859722af166bdedf5d333407c7931bab16067a9d32b0b9eb0e77686ab397b711f3f36a40c4a0bd631fa62343194687a784e906bc229639491823709182e43776aed7b42267ca7fd5edd6c1fdc1bf789eeca257048177e8332793313fa9b46b4ee9d34251c9ca6c5d78bc184e5f191aa25d4bfbfede5010a92d1deddecc4dca2ce3a8c99764a131742f08e27a70e47b535623921e8c17d309814263cf03a193f4eed50014123148550ed55a7f695753af001016f918d149b0a32f1cc3f67a98bd3e6922eb6d2d46f21ee6d353c3d4bdc769685b83a00454316672392e3a9ad42e84c44212628fef5254e8e2f28f92c7aef14b7eb2e191c9719caf5d8399b69dc45a8679e7c9598b210cefc9b841d996450ad0bff559f009c692b00eb4cc14cc00a5cc83de32476c59ebaf7ee4c7060771542a0e901131aea23c839875ef9fa113bb655e7a132f977af2166694122470a6a8303da76c465b2473c7bcc4599e223db9a19cb7631bf8897b6589c2d3861aae18ce7c3e55ffded16d3814ae4aa3cfe8d46351d9e56fe2f212a0c624daaf2c734ae3878f02220031bfe8a1d21b8ee3b5ca09b91cbae84b3ac3e900333f304e27437aecebbed97dfe89fa2ba592a37cd24109110ee0e659c3751b02880b8bb78228a1aba0d91b740f70e02e0ec138fa8a07b836cb1f77fac0f2544d6573c7cd3b6a5885c39dac7a45b8fa56f8b279a92c2158291297e855787249e7eb0c7474ebb1a330b25493783c4adf83237f133c1625d988ebe274f6fa67503900ce365defdf97753adbe0783262ac19358876f8c28df3f7bf7d00e6834e6bbebe84881fe77998bd02cf45e9a9124df9b8855a7b063ddaef54133b25b857a7df746775493844244edf682cf70700e3c03d6a9a980e91830f30df1362ee87808b3df4d25b44d1eb2f84602ea8fb25933259091225db5aff05ef497207fe1871e67391841dc068211e3a84932b72cdf528b9f79a8f37fa95dca6b61b36e6ba92388abead45da2e3d07ff5ef18f76e162e9ded5c5a89b3ae24900521a9fa308536a9ee34c9c50bda9c6c2d2f2817c135623410717bcac106a6ca7f4e601791b1379c0400618b94c485141e3e198f8978f1dee659521a344e49eaddf9b8597231e3357083ceaa57e715d28e036b65d6c907e739b9254d2a411a9d7bacb32cd2b559e98d85015fa1e0cb6d95136728332abff4875224c6a6df380765c5a66e688dbf63b921baf85d6fdc049542cf1b878566c9b992375ef04c8027126d486e2a67fc89743621bec38a02310627dc59f7210067acda", &(0x7f0000000200)="a305532a3f7999b119c37547d89b8de1b9896622594a68bb5c5463001c3c1d77204d881568d2c96d847c80c30024897f676c422a684fc941edf40832e8e962a3d7006ed5f41f3a217b787c48e0248f37eb2614b32525c5f8bba35762dd6f2665a66b671bb1e2d4565239"}}, &(0x7f00000002c0)=0x0) timer_getoverrun(r8) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000480)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x0, 0x0) 11:39:19 executing program 3: socket$nl_xfrm(0x10, 0x3, 0x6) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x0, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x20}, 0x0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x8001141042, 0x0) add_key$user(0x0, &(0x7f0000000040)={'syz', 0x0}, &(0x7f0000000280)='f', 0x1, 0xfffffffffffffffd) keyctl$clear(0x7, 0x0) request_key(0x0, &(0x7f0000000180)={'syz', 0x0}, 0x0, 0x0) write(r1, &(0x7f0000000000)="b6", 0xfffffe7e) pipe(&(0x7f00000001c0)={0xffffffffffffffff}) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) ioctl$TCSETXW(0xffffffffffffffff, 0x5435, &(0x7f00000000c0)={0x0, 0x0, [0x0, 0x0, 0x6, 0x2], 0x8}) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000480)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x0, 0x0) 11:39:19 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) getpid() sched_setattr(0x0, 0x0, 0x0) r0 = open(&(0x7f0000000040)='./bus\x00', 0x8001141042, 0x0) write(r0, &(0x7f0000000000)="b6", 0xfffffe7e) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000480)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174", 0xb}], 0x0, 0x0) 11:39:19 executing program 4: socket$nl_xfrm(0x10, 0x3, 0x6) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x20}, 0x0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x8001141042, 0x0) add_key$user(0x0, &(0x7f0000000040)={'syz', 0x0}, &(0x7f0000000280)='f', 0x1, 0xfffffffffffffffd) keyctl$clear(0x7, 0x0) request_key(0x0, &(0x7f0000000180)={'syz', 0x0}, 0x0, 0x0) write(r1, &(0x7f0000000000)="b6", 0xfffffe7e) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0) dup3(r4, r5, 0x0) ioctl$TCSETXW(0xffffffffffffffff, 0x5435, &(0x7f00000000c0)={0x0, 0x0, [0x0, 0x0, 0x6, 0x2], 0x8}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) setsockopt$netlink_NETLINK_LISTEN_ALL_NSID(0xffffffffffffffff, 0x10e, 0x8, 0x0, 0x0) r6 = syz_open_dev$evdev(&(0x7f000004a000)='/dev/input/event#\x00', 0x0, 0x0) ioctl$EVIOCGMASK(r6, 0x80104592, 0x0) r7 = syz_open_dev$evdev(&(0x7f000004a000)='/dev/input/event#\x00', 0x0, 0x0) dup3(r6, r7, 0x0) timer_create(0x2, &(0x7f0000000140)={0x0, 0x40, 0x4, @thr={&(0x7f0000000580)="40e8f4d944f7e1c1b2c4bdc97f652bb2dcf1673c6c9ba8eab8691f554c97198fcc104508eca9abf3fcd24578c5d93cec3acc8ece8ae818d8bd0a0a86c44aa0bd8ca6306afdabf2e503851b3e5ac7be555cf44b6d0cfeffa4ab9545007ba62022748a8728e8d27102b3882f39228b71b2380c68ae57e6d673d27e974e810a16a5c553e3af5a919e98a6a40be53a46eb6cb710f48237a8a415768454bee036e81272420b3d5acc92fcf005569e7245cdeaad5b49eba76819455c1b737d06e6c067904de37d0d235746cce497aab8ebe8302a533562d10a3c802bbc5209825d2f31aaa15d12a379ef1012bacb4ba58961e903b7553a54b09bb425a64116e3bc8b9fc622bf45b5baadb939c36cb288f85e62d177292c6f716473681e4ec1edec12cc615f3e62ffefc23dc7842e5966771af7d7eb73cbf6429e40987b99e1ca8e085edbc1364264b25872e952932083b9f0e6528d7fda4ed4f227255873016bd1df08cc71c4679023bf02ecf9f2431ca55d94d73dcdd1abc0df2c67cf78fecf1a72c027037719d1e2ae311ce75c9b0815bb0d5a727b8fc92e6684451cabef4b8417c83b13a73733f79644c2aaab8d30f7a0b2bad37f8f65557f947c862fed8c3622b57e537851116611907387aa533e85fcfadd88cc7ac85a1504f6e7a562a1d35a4ae4d4a06eb7c0f7f96fc7a256f7088da5dbfc6bb472750511928ff1496808b64baec9e4fcee20bfead008548c912a871c7e6483b271b46f323d212cd94f9c58fbd0ba0ea4a8d98f0a4bfc69cee96a474953dbfbc9bc67693c733a26d5c5773f5b941feca32adb1d8c9786d1ec30d188e3c582e94c41d2492eb055de51bd11d231ce4666c3d13095a4ece221f3669683bcf933ad3002380e786b0c4f3fda353529a41c45ba7b57b3dcfeac483dd80c06ac8cb5d20201eabb6c3b276e21e6a9d247b48bdc793bbb136a0a605b06b60ad973bd8781b335329b42d907aa27345019143c41fb6762d658331cacc05178fee85ac1e702cf37e7d9e30f0ad62c5e542ac24ec037270c67f2bba801cde0a98d40115bd957d8175cd66e7ec385828ce01affe7e73ac6800472f516e92e648f35f363a7f7b48c6507661c0644855a725292176a62e190d6c8fb3b16d4cce5c537cc834f051ddfaee55abbc79e05ec2b189cf1eab1ee9f42ab777cf63f86cc5e26604213e95a4153c68f4333d99db5a9bb704f0584c89f06ef8b82f21c0766491c73a3a9f873d53535a3fec33aa30fe07863e51b3796ad1fc475d5fc9a65b5b6f42d0c1517e83cfd19974b58988e12cce06be26ec3f737b4595da5becf48f1dad78f24d434652b4e2de338c37d62c6d79612a5e581ee11d7f534883ccc4ac6cd91e5f1520a12a7274203c00394aa906cebbe0f5e3900d3b2e519f5cb6ba6de4119628534c950005572ec38d853f11965c0557b2502118ad0aea098182951b67a2d92d5d266779f1c0098ee7c46d6bb9ab1ea71b71f48c6f27698d9a3b197c3df6e4c70a037ddaaeaebcdf123bc376eb81f82b158f074d4a0a6dec98369f4fdf4b9be77ee5565601448bc0a0ce888efd514710e0cf8e6496213b0604b87652fe030d8efb3883739547621c9a41ef65702a217445eb89c1bafc540effa2d088d7a27c1b6c0170052148901e910236f2a2df650c22c02bb12181ba62fd22a84bee455c3306557103809fd870dfa9c200502ad085e6b3bf7375be3d1cf1be471c85d5b520bd993b1f04ae56da0948b0c24fc02bb890e97c58dfedb1f016d4bd2829c73974bc5303b01be6e51551d398d8c871461171011438cbc69ddf6993359a7243e331203a6b646bc6cf17aa0c35185069442cf16ceced9767533b59b3c974fb9830cab58b9ef7fadcc5aa7e47addf6180a309a31d75fe911dda675f3f19ce0fbf831de8bafc98b3077145c8c08ec81dd0fb8a55f281ce664873dd3f43b4c1824c8781806c0854b51c82fb7a4d0e1d8817348435194180d024fb1389e7103bc8ecf2667497b974a000980078e001934a61619ac68aeb643fe8c06f82896efcd508d3864ac87440fd9a85ed90970e02e7a55a4c8b52df716289580792a020269227651b256de112d6dffe1950abff45141c0406d436f40d1b5c0ba6a3af941c2192a0fd0a1f6d4c2a79627779afb5e9f630755060fbc67ef5b1b131024652a68631738364b763c91b99fa2a074fbf9313e36e41993f2b88d3cf0f42d47ea891e16eb8594d92975f61c7935364a45cc033a78936ae5598da265c7c226138a581e0f7b8f656482d8b45bfd157fc9e40b01a0517457e09c39993ad1102d86ddbf67af70e48b0cd6c838e6fd76ba19cbf6e7ca0f392f384e8677c2e9a1d3683c94c146cee4e87a2e3e03f9cf41d5f4d5dfbcdc11817e57bd5038f0ded2037183fd0eee648e0802cd0fcb8bba9712e0b186c5e2c29b445c92d0a6228908a9606f9fc05e53445851ec674b8c495e24982059040c39baaf6af3fac0f3adefdcc2134c6f790376018443c2555bb7a9cb8da9236eb869ec3cd25c09ecdd4ec5faa11fba42f42638ba5e1ff571ede3280dac456b2d156c75a47142ad98758b6fbd85e5c3568c9042beac45e30273a99188b8530e8621d275932c9eb774d13b7ba2821dc86976d2c4589b205b4b11b71cdf5fa016e0327092a076a70e941e39f4aeb2238c2f40d46378fd97e3f6052b4cb0f0d763c5fbf23ffb5adab03fad1ab311f7b11ab06ad6bb92e928ce34441d91854d4532accc776915c0d91750e09f4535c791b6dab40eef0c2d204981af053b5f0c5e04db1da70aed301eb47352c98e8b4d2cc9aa8d5adaa105e1dd216f5240ad7a42472134a79796ec6af96a9b3e81fc969bdde8d432a1042b023dfaca73b57ddcdb47f38593afdfb03b87c0e261afd1617d7774fbf1cd98c3176be2943c27cf6a824d359798efede855351e066d5c5310aeae8da4661fcc8383701a985720797d7a370516ccfe852eed1798c22e13cb82fa1627b030a2168a01615f0af9b2159ee0bc2b70ccd8d3150210b66624c740448a087af86ba7dd16b239c834c0da68aaab54ca6525edf76ab6251fe7fa58939a7af57ab181861924d0d1ccb8e351fd56c3b45529fe41a0ec76cb34fc0643a410a66442275cddcd98988e734ef61e0e19d293562b2965d0a867b98352c032c13dcbc5b44b023216c4f9579a71c983a857441393bac78a13f08c59a00b1126a9ea0f048eef189012c42b6df339dc1475d27557b9f956b0f8c27b3a2ed99d772700d9ea3657149bb1adbf06127b79748f82e842593697362a2a94bd8e6c9de6883e0a42ac89dcf141d94fa1c2676592f57369b3bbc75f1689bf7d4463c88733e28cc9e9b0088dce83c9f042734f6cf9a175a668ce919d6d757394ee3fadd0f354345823b052a98636f20b74fd998f327485afb81de66d101820c44bae54a37e5f4d6d02e05ba8e49a3d4db998c8788211e6a900164c2614b3b7dc44a2073485d31a1f2d2b28ed56dcc147c1dceb18e6a345268797b3bafc5375a62cadad42a5d131a601d32b8fa162678b5dbfae9f702399a091c1a68afd8cf1743805b524da7a5a72f47e6a755a733cbfc09ebd9c9674ee1dbcd105592e50ecdc7c4e937e11db0788500cc7e862de180bfdea3415fd848505b507dd6102cccf613359dc0a05c2bc4b92d0b411393b0b08b52de0ad4b60cb852b77532072ddabd3b93c01e9622890515188ed6863418cfd780ed77e050fbed4bd6f43b76c7ebe50b124d5fe3d5b1eed1a64c05e35308cdf76837bd59f5ed6828ebb4941966e8c28297a6bf6e24222343c5c84063a939b90dee305751dfcd9857318ad592d128755e67cc7dc44050bfcd1b147ee3d9fb4193b4f9cba4a23b4d74a9ef701c16cdfd1fd2801b3592b2d4da17f035a971306ae6f606e87aa4f7c867167f918870b198dab44b906320b9d8e1a43422da3215cc240f1e80622313e0fc71d7cab1646e907f3bca40041a71a535fe32de226c6e97a50ca45b18d2bad9adf7b362db80b45d28e50aa67d63a504bba00090f78c6c527fca42260b35d06cfdf4d973e242ac765a8c13e06563570d0131b90e432370919c6f319165f349de80b4ade9d6025bdc62c52ac4fa506e9a80a1483de691a3dc5632c9e498ebf43604650fbf68960c44a6de320615dde68192e17973a8370be2eeb91dffdeb56acd6ef03bb9a8ff910dff3a76b3858a9c5c3357ba67bddf603c9c835e8c07eb9ab73cb624eb464b133a258e91f8f0e7e7cd7889c477e37b37853cf96b73327dfdae56b88ed1373b7d7525dc404ece7f8bd7f67cc0fddb3c459d22674bd3c1818b49ea5666957e05bfea16547256dd93d506b3af00bd388d78dabe4dfd58ba486cda2ea129d29369c6d1528fd0dea83bfd1af6e0a0bd7902097a3923def1b8a6fdae20c608b069c693afe2cb1c9fddb0dcffb4e49c2f2b261e98803665dd57a45522ca11974be341e14856859722af166bdedf5d333407c7931bab16067a9d32b0b9eb0e77686ab397b711f3f36a40c4a0bd631fa62343194687a784e906bc229639491823709182e43776aed7b42267ca7fd5edd6c1fdc1bf789eeca257048177e8332793313fa9b46b4ee9d34251c9ca6c5d78bc184e5f191aa25d4bfbfede5010a92d1deddecc4dca2ce3a8c99764a131742f08e27a70e47b535623921e8c17d309814263cf03a193f4eed50014123148550ed55a7f695753af001016f918d149b0a32f1cc3f67a98bd3e6922eb6d2d46f21ee6d353c3d4bdc769685b83a00454316672392e3a9ad42e84c44212628fef5254e8e2f28f92c7aef14b7eb2e191c9719caf5d8399b69dc45a8679e7c9598b210cefc9b841d996450ad0bff559f009c692b00eb4cc14cc00a5cc83de32476c59ebaf7ee4c7060771542a0e901131aea23c839875ef9fa113bb655e7a132f977af2166694122470a6a8303da76c465b2473c7bcc4599e223db9a19cb7631bf8897b6589c2d3861aae18ce7c3e55ffded16d3814ae4aa3cfe8d46351d9e56fe2f212a0c624daaf2c734ae3878f02220031bfe8a1d21b8ee3b5ca09b91cbae84b3ac3e900333f304e27437aecebbed97dfe89fa2ba592a37cd24109110ee0e659c3751b02880b8bb78228a1aba0d91b740f70e02e0ec138fa8a07b836cb1f77fac0f2544d6573c7cd3b6a5885c39dac7a45b8fa56f8b279a92c2158291297e855787249e7eb0c7474ebb1a330b25493783c4adf83237f133c1625d988ebe274f6fa67503900ce365defdf97753adbe0783262ac19358876f8c28df3f7bf7d00e6834e6bbebe84881fe77998bd02cf45e9a9124df9b8855a7b063ddaef54133b25b857a7df746775493844244edf682cf70700e3c03d6a9a980e91830f30df1362ee87808b3df4d25b44d1eb2f84602ea8fb25933259091225db5aff05ef497207fe1871e67391841dc068211e3a84932b72cdf528b9f79a8f37fa95dca6b61b36e6ba92388abead45da2e3d07ff5ef18f76e162e9ded5c5a89b3ae24900521a9fa308536a9ee34c9c50bda9c6c2d2f2817c135623410717bcac106a6ca7f4e601791b1379c0400618b94c485141e3e198f8978f1dee659521a344e49eaddf9b8597231e3357083ceaa57e715d28e036b65d6c907e739b9254d2a411a9d7bacb32cd2b559e98d85015fa1e0cb6d95136728332abff4875224c6a6df380765c5a66e688dbf63b921baf85d6fdc049542cf1b878566c9b992375ef04c8027126d486e2a67fc89743621bec38a02310627dc59f7210067acda", &(0x7f0000000200)="a305532a3f7999b119c37547d89b8de1b9896622594a68bb5c5463001c3c1d77204d881568d2c96d847c80c30024897f676c422a684fc941edf40832e8e962a3d7006ed5f41f3a217b787c48e0248f37eb2614b32525c5f8bba35762dd6f2665a66b671bb1e2d4565239"}}, &(0x7f00000002c0)=0x0) timer_getoverrun(r8) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000480)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x0, 0x0) 11:39:19 executing program 2: r0 = getpid() r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/schedstat\x00', 0x0, 0x0) lseek(r1, 0x1, 0x0) sendmsg$NFNL_MSG_CTHELPER_NEW(r1, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000080)={&(0x7f0000000240)={0x4c, 0x0, 0x9, 0x3, 0x0, 0x0, {0x0, 0x0, 0x8}, [@NFCTH_NAME={0x9, 0x1, 'syz0\x00'}, @NFCTH_NAME={0x9, 0x1, 'syz0\x00'}, @NFCTH_STATUS={0x8}, @NFCTH_TUPLE={0xc, 0x2, [@CTA_TUPLE_ZONE={0x6}]}, @NFCTH_NAME={0x9, 0x1, 'syz0\x00'}]}, 0x4c}}, 0x8011) sched_setscheduler(r0, 0x5, &(0x7f0000000380)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, &(0x7f0000000200)='/dev/vsock\x00', 0x0, 0x0) socket$pptp(0x18, 0x1, 0x2) openat$sequencer(0xffffffffffffff9c, 0x0, 0x801, 0x0) inotify_init1(0x0) poll(0x0, 0x0, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer\x00', 0x801, 0x0) syz_open_dev$vivid(&(0x7f0000000540)='/dev/video#\x00', 0x0, 0x2) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0x0, 0xf0, 0xfffffffffffffffc, 0x1, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 11:39:20 executing program 1: socket$nl_xfrm(0x10, 0x3, 0x6) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x20}, 0x0) write(0xffffffffffffffff, 0x0, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff}) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000480)='./file0\x00', 0xe000, 0x0, &(0x7f0000000040), 0x0, 0x0) [ 1850.866112] FAT-fs (loop5): bogus number of reserved sectors [ 1850.908852] FAT-fs (loop5): Can't find a valid FAT filesystem [ 1851.034725] FAT-fs (loop1): bogus number of reserved sectors [ 1851.040717] FAT-fs (loop1): Can't find a valid FAT filesystem 11:39:20 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) getpid() sched_setattr(0x0, 0x0, 0x0) r0 = open(&(0x7f0000000040)='./bus\x00', 0x8001141042, 0x0) write(r0, &(0x7f0000000000)="b6", 0xfffffe7e) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000480)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002", 0x11}], 0x0, 0x0) 11:39:20 executing program 0: socket$nl_xfrm(0x10, 0x3, 0x6) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x20}, 0x0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x8001141042, 0x0) add_key$user(0x0, &(0x7f0000000040)={'syz', 0x0}, &(0x7f0000000280)='f', 0x1, 0xfffffffffffffffd) keyctl$clear(0x7, 0x0) request_key(0x0, &(0x7f0000000180)={'syz', 0x0}, 0x0, 0x0) write(r1, &(0x7f0000000000)="b6", 0xfffffe7e) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0) dup3(r4, r5, 0x0) ioctl$TCSETXW(0xffffffffffffffff, 0x5435, &(0x7f00000000c0)={0x0, 0x0, [0x0, 0x0, 0x6, 0x2], 0x8}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) setsockopt$netlink_NETLINK_LISTEN_ALL_NSID(0xffffffffffffffff, 0x10e, 0x8, 0x0, 0x0) r6 = syz_open_dev$evdev(&(0x7f000004a000)='/dev/input/event#\x00', 0x0, 0x0) ioctl$EVIOCGMASK(r6, 0x80104592, 0x0) r7 = syz_open_dev$evdev(&(0x7f000004a000)='/dev/input/event#\x00', 0x0, 0x0) dup3(r6, r7, 0x0) timer_create(0x2, &(0x7f0000000140)={0x0, 0x40, 0x4, @thr={&(0x7f0000000580)="40e8f4d944f7e1c1b2c4bdc97f652bb2dcf1673c6c9ba8eab8691f554c97198fcc104508eca9abf3fcd24578c5d93cec3acc8ece8ae818d8bd0a0a86c44aa0bd8ca6306afdabf2e503851b3e5ac7be555cf44b6d0cfeffa4ab9545007ba62022748a8728e8d27102b3882f39228b71b2380c68ae57e6d673d27e974e810a16a5c553e3af5a919e98a6a40be53a46eb6cb710f48237a8a415768454bee036e81272420b3d5acc92fcf005569e7245cdeaad5b49eba76819455c1b737d06e6c067904de37d0d235746cce497aab8ebe8302a533562d10a3c802bbc5209825d2f31aaa15d12a379ef1012bacb4ba58961e903b7553a54b09bb425a64116e3bc8b9fc622bf45b5baadb939c36cb288f85e62d177292c6f716473681e4ec1edec12cc615f3e62ffefc23dc7842e5966771af7d7eb73cbf6429e40987b99e1ca8e085edbc1364264b25872e952932083b9f0e6528d7fda4ed4f227255873016bd1df08cc71c4679023bf02ecf9f2431ca55d94d73dcdd1abc0df2c67cf78fecf1a72c027037719d1e2ae311ce75c9b0815bb0d5a727b8fc92e6684451cabef4b8417c83b13a73733f79644c2aaab8d30f7a0b2bad37f8f65557f947c862fed8c3622b57e537851116611907387aa533e85fcfadd88cc7ac85a1504f6e7a562a1d35a4ae4d4a06eb7c0f7f96fc7a256f7088da5dbfc6bb472750511928ff1496808b64baec9e4fcee20bfead008548c912a871c7e6483b271b46f323d212cd94f9c58fbd0ba0ea4a8d98f0a4bfc69cee96a474953dbfbc9bc67693c733a26d5c5773f5b941feca32adb1d8c9786d1ec30d188e3c582e94c41d2492eb055de51bd11d231ce4666c3d13095a4ece221f3669683bcf933ad3002380e786b0c4f3fda353529a41c45ba7b57b3dcfeac483dd80c06ac8cb5d20201eabb6c3b276e21e6a9d247b48bdc793bbb136a0a605b06b60ad973bd8781b335329b42d907aa27345019143c41fb6762d658331cacc05178fee85ac1e702cf37e7d9e30f0ad62c5e542ac24ec037270c67f2bba801cde0a98d40115bd957d8175cd66e7ec385828ce01affe7e73ac6800472f516e92e648f35f363a7f7b48c6507661c0644855a725292176a62e190d6c8fb3b16d4cce5c537cc834f051ddfaee55abbc79e05ec2b189cf1eab1ee9f42ab777cf63f86cc5e26604213e95a4153c68f4333d99db5a9bb704f0584c89f06ef8b82f21c0766491c73a3a9f873d53535a3fec33aa30fe07863e51b3796ad1fc475d5fc9a65b5b6f42d0c1517e83cfd19974b58988e12cce06be26ec3f737b4595da5becf48f1dad78f24d434652b4e2de338c37d62c6d79612a5e581ee11d7f534883ccc4ac6cd91e5f1520a12a7274203c00394aa906cebbe0f5e3900d3b2e519f5cb6ba6de4119628534c950005572ec38d853f11965c0557b2502118ad0aea098182951b67a2d92d5d266779f1c0098ee7c46d6bb9ab1ea71b71f48c6f27698d9a3b197c3df6e4c70a037ddaaeaebcdf123bc376eb81f82b158f074d4a0a6dec98369f4fdf4b9be77ee5565601448bc0a0ce888efd514710e0cf8e6496213b0604b87652fe030d8efb3883739547621c9a41ef65702a217445eb89c1bafc540effa2d088d7a27c1b6c0170052148901e910236f2a2df650c22c02bb12181ba62fd22a84bee455c3306557103809fd870dfa9c200502ad085e6b3bf7375be3d1cf1be471c85d5b520bd993b1f04ae56da0948b0c24fc02bb890e97c58dfedb1f016d4bd2829c73974bc5303b01be6e51551d398d8c871461171011438cbc69ddf6993359a7243e331203a6b646bc6cf17aa0c35185069442cf16ceced9767533b59b3c974fb9830cab58b9ef7fadcc5aa7e47addf6180a309a31d75fe911dda675f3f19ce0fbf831de8bafc98b3077145c8c08ec81dd0fb8a55f281ce664873dd3f43b4c1824c8781806c0854b51c82fb7a4d0e1d8817348435194180d024fb1389e7103bc8ecf2667497b974a000980078e001934a61619ac68aeb643fe8c06f82896efcd508d3864ac87440fd9a85ed90970e02e7a55a4c8b52df716289580792a020269227651b256de112d6dffe1950abff45141c0406d436f40d1b5c0ba6a3af941c2192a0fd0a1f6d4c2a79627779afb5e9f630755060fbc67ef5b1b131024652a68631738364b763c91b99fa2a074fbf9313e36e41993f2b88d3cf0f42d47ea891e16eb8594d92975f61c7935364a45cc033a78936ae5598da265c7c226138a581e0f7b8f656482d8b45bfd157fc9e40b01a0517457e09c39993ad1102d86ddbf67af70e48b0cd6c838e6fd76ba19cbf6e7ca0f392f384e8677c2e9a1d3683c94c146cee4e87a2e3e03f9cf41d5f4d5dfbcdc11817e57bd5038f0ded2037183fd0eee648e0802cd0fcb8bba9712e0b186c5e2c29b445c92d0a6228908a9606f9fc05e53445851ec674b8c495e24982059040c39baaf6af3fac0f3adefdcc2134c6f790376018443c2555bb7a9cb8da9236eb869ec3cd25c09ecdd4ec5faa11fba42f42638ba5e1ff571ede3280dac456b2d156c75a47142ad98758b6fbd85e5c3568c9042beac45e30273a99188b8530e8621d275932c9eb774d13b7ba2821dc86976d2c4589b205b4b11b71cdf5fa016e0327092a076a70e941e39f4aeb2238c2f40d46378fd97e3f6052b4cb0f0d763c5fbf23ffb5adab03fad1ab311f7b11ab06ad6bb92e928ce34441d91854d4532accc776915c0d91750e09f4535c791b6dab40eef0c2d204981af053b5f0c5e04db1da70aed301eb47352c98e8b4d2cc9aa8d5adaa105e1dd216f5240ad7a42472134a79796ec6af96a9b3e81fc969bdde8d432a1042b023dfaca73b57ddcdb47f38593afdfb03b87c0e261afd1617d7774fbf1cd98c3176be2943c27cf6a824d359798efede855351e066d5c5310aeae8da4661fcc8383701a985720797d7a370516ccfe852eed1798c22e13cb82fa1627b030a2168a01615f0af9b2159ee0bc2b70ccd8d3150210b66624c740448a087af86ba7dd16b239c834c0da68aaab54ca6525edf76ab6251fe7fa58939a7af57ab181861924d0d1ccb8e351fd56c3b45529fe41a0ec76cb34fc0643a410a66442275cddcd98988e734ef61e0e19d293562b2965d0a867b98352c032c13dcbc5b44b023216c4f9579a71c983a857441393bac78a13f08c59a00b1126a9ea0f048eef189012c42b6df339dc1475d27557b9f956b0f8c27b3a2ed99d772700d9ea3657149bb1adbf06127b79748f82e842593697362a2a94bd8e6c9de6883e0a42ac89dcf141d94fa1c2676592f57369b3bbc75f1689bf7d4463c88733e28cc9e9b0088dce83c9f042734f6cf9a175a668ce919d6d757394ee3fadd0f354345823b052a98636f20b74fd998f327485afb81de66d101820c44bae54a37e5f4d6d02e05ba8e49a3d4db998c8788211e6a900164c2614b3b7dc44a2073485d31a1f2d2b28ed56dcc147c1dceb18e6a345268797b3bafc5375a62cadad42a5d131a601d32b8fa162678b5dbfae9f702399a091c1a68afd8cf1743805b524da7a5a72f47e6a755a733cbfc09ebd9c9674ee1dbcd105592e50ecdc7c4e937e11db0788500cc7e862de180bfdea3415fd848505b507dd6102cccf613359dc0a05c2bc4b92d0b411393b0b08b52de0ad4b60cb852b77532072ddabd3b93c01e9622890515188ed6863418cfd780ed77e050fbed4bd6f43b76c7ebe50b124d5fe3d5b1eed1a64c05e35308cdf76837bd59f5ed6828ebb4941966e8c28297a6bf6e24222343c5c84063a939b90dee305751dfcd9857318ad592d128755e67cc7dc44050bfcd1b147ee3d9fb4193b4f9cba4a23b4d74a9ef701c16cdfd1fd2801b3592b2d4da17f035a971306ae6f606e87aa4f7c867167f918870b198dab44b906320b9d8e1a43422da3215cc240f1e80622313e0fc71d7cab1646e907f3bca40041a71a535fe32de226c6e97a50ca45b18d2bad9adf7b362db80b45d28e50aa67d63a504bba00090f78c6c527fca42260b35d06cfdf4d973e242ac765a8c13e06563570d0131b90e432370919c6f319165f349de80b4ade9d6025bdc62c52ac4fa506e9a80a1483de691a3dc5632c9e498ebf43604650fbf68960c44a6de320615dde68192e17973a8370be2eeb91dffdeb56acd6ef03bb9a8ff910dff3a76b3858a9c5c3357ba67bddf603c9c835e8c07eb9ab73cb624eb464b133a258e91f8f0e7e7cd7889c477e37b37853cf96b73327dfdae56b88ed1373b7d7525dc404ece7f8bd7f67cc0fddb3c459d22674bd3c1818b49ea5666957e05bfea16547256dd93d506b3af00bd388d78dabe4dfd58ba486cda2ea129d29369c6d1528fd0dea83bfd1af6e0a0bd7902097a3923def1b8a6fdae20c608b069c693afe2cb1c9fddb0dcffb4e49c2f2b261e98803665dd57a45522ca11974be341e14856859722af166bdedf5d333407c7931bab16067a9d32b0b9eb0e77686ab397b711f3f36a40c4a0bd631fa62343194687a784e906bc229639491823709182e43776aed7b42267ca7fd5edd6c1fdc1bf789eeca257048177e8332793313fa9b46b4ee9d34251c9ca6c5d78bc184e5f191aa25d4bfbfede5010a92d1deddecc4dca2ce3a8c99764a131742f08e27a70e47b535623921e8c17d309814263cf03a193f4eed50014123148550ed55a7f695753af001016f918d149b0a32f1cc3f67a98bd3e6922eb6d2d46f21ee6d353c3d4bdc769685b83a00454316672392e3a9ad42e84c44212628fef5254e8e2f28f92c7aef14b7eb2e191c9719caf5d8399b69dc45a8679e7c9598b210cefc9b841d996450ad0bff559f009c692b00eb4cc14cc00a5cc83de32476c59ebaf7ee4c7060771542a0e901131aea23c839875ef9fa113bb655e7a132f977af2166694122470a6a8303da76c465b2473c7bcc4599e223db9a19cb7631bf8897b6589c2d3861aae18ce7c3e55ffded16d3814ae4aa3cfe8d46351d9e56fe2f212a0c624daaf2c734ae3878f02220031bfe8a1d21b8ee3b5ca09b91cbae84b3ac3e900333f304e27437aecebbed97dfe89fa2ba592a37cd24109110ee0e659c3751b02880b8bb78228a1aba0d91b740f70e02e0ec138fa8a07b836cb1f77fac0f2544d6573c7cd3b6a5885c39dac7a45b8fa56f8b279a92c2158291297e855787249e7eb0c7474ebb1a330b25493783c4adf83237f133c1625d988ebe274f6fa67503900ce365defdf97753adbe0783262ac19358876f8c28df3f7bf7d00e6834e6bbebe84881fe77998bd02cf45e9a9124df9b8855a7b063ddaef54133b25b857a7df746775493844244edf682cf70700e3c03d6a9a980e91830f30df1362ee87808b3df4d25b44d1eb2f84602ea8fb25933259091225db5aff05ef497207fe1871e67391841dc068211e3a84932b72cdf528b9f79a8f37fa95dca6b61b36e6ba92388abead45da2e3d07ff5ef18f76e162e9ded5c5a89b3ae24900521a9fa308536a9ee34c9c50bda9c6c2d2f2817c135623410717bcac106a6ca7f4e601791b1379c0400618b94c485141e3e198f8978f1dee659521a344e49eaddf9b8597231e3357083ceaa57e715d28e036b65d6c907e739b9254d2a411a9d7bacb32cd2b559e98d85015fa1e0cb6d95136728332abff4875224c6a6df380765c5a66e688dbf63b921baf85d6fdc049542cf1b878566c9b992375ef04c8027126d486e2a67fc89743621bec38a02310627dc59f7210067acda", &(0x7f0000000200)="a305532a3f7999b119c37547d89b8de1b9896622594a68bb5c5463001c3c1d77204d881568d2c96d847c80c30024897f676c422a684fc941edf40832e8e962a3d7006ed5f41f3a217b787c48e0248f37eb2614b32525c5f8bba35762dd6f2665a66b671bb1e2d4565239"}}, &(0x7f00000002c0)=0x0) timer_getoverrun(r8) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000480)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x0, 0x0) 11:39:20 executing program 3: socket$nl_xfrm(0x10, 0x3, 0x6) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x0, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x20}, 0x0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x8001141042, 0x0) add_key$user(0x0, &(0x7f0000000040)={'syz', 0x0}, &(0x7f0000000280)='f', 0x1, 0xfffffffffffffffd) keyctl$clear(0x7, 0x0) request_key(0x0, &(0x7f0000000180)={'syz', 0x0}, 0x0, 0x0) write(r1, &(0x7f0000000000)="b6", 0xfffffe7e) pipe(&(0x7f00000001c0)={0xffffffffffffffff}) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) ioctl$TCSETXW(0xffffffffffffffff, 0x5435, &(0x7f00000000c0)={0x0, 0x0, [0x0, 0x0, 0x6, 0x2], 0x8}) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000480)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x0, 0x0) 11:39:21 executing program 1: socket$nl_xfrm(0x10, 0x3, 0x6) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x20}, 0x0) write(0xffffffffffffffff, 0x0, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff}) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000480)='./file0\x00', 0xe000, 0x0, &(0x7f0000000040), 0x0, 0x0) [ 1851.868713] FAT-fs (loop5): invalid media value (0x00) [ 1851.891981] FAT-fs (loop5): Can't find a valid FAT filesystem [ 1851.963315] FAT-fs (loop1): bogus number of reserved sectors [ 1851.969171] FAT-fs (loop1): Can't find a valid FAT filesystem 11:39:21 executing program 4: socket$nl_xfrm(0x10, 0x3, 0x6) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x20}, 0x0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x8001141042, 0x0) add_key$user(0x0, &(0x7f0000000040)={'syz', 0x0}, &(0x7f0000000280)='f', 0x1, 0xfffffffffffffffd) keyctl$clear(0x7, 0x0) request_key(0x0, &(0x7f0000000180)={'syz', 0x0}, 0x0, 0x0) write(r1, &(0x7f0000000000)="b6", 0xfffffe7e) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0) dup3(r4, r5, 0x0) ioctl$TCSETXW(0xffffffffffffffff, 0x5435, &(0x7f00000000c0)={0x0, 0x0, [0x0, 0x0, 0x6, 0x2], 0x8}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) setsockopt$netlink_NETLINK_LISTEN_ALL_NSID(0xffffffffffffffff, 0x10e, 0x8, 0x0, 0x0) r6 = syz_open_dev$evdev(&(0x7f000004a000)='/dev/input/event#\x00', 0x0, 0x0) ioctl$EVIOCGMASK(r6, 0x80104592, 0x0) r7 = syz_open_dev$evdev(&(0x7f000004a000)='/dev/input/event#\x00', 0x0, 0x0) dup3(r6, r7, 0x0) timer_create(0x2, &(0x7f0000000140)={0x0, 0x40, 0x4, @thr={&(0x7f0000000580)="40e8f4d944f7e1c1b2c4bdc97f652bb2dcf1673c6c9ba8eab8691f554c97198fcc104508eca9abf3fcd24578c5d93cec3acc8ece8ae818d8bd0a0a86c44aa0bd8ca6306afdabf2e503851b3e5ac7be555cf44b6d0cfeffa4ab9545007ba62022748a8728e8d27102b3882f39228b71b2380c68ae57e6d673d27e974e810a16a5c553e3af5a919e98a6a40be53a46eb6cb710f48237a8a415768454bee036e81272420b3d5acc92fcf005569e7245cdeaad5b49eba76819455c1b737d06e6c067904de37d0d235746cce497aab8ebe8302a533562d10a3c802bbc5209825d2f31aaa15d12a379ef1012bacb4ba58961e903b7553a54b09bb425a64116e3bc8b9fc622bf45b5baadb939c36cb288f85e62d177292c6f716473681e4ec1edec12cc615f3e62ffefc23dc7842e5966771af7d7eb73cbf6429e40987b99e1ca8e085edbc1364264b25872e952932083b9f0e6528d7fda4ed4f227255873016bd1df08cc71c4679023bf02ecf9f2431ca55d94d73dcdd1abc0df2c67cf78fecf1a72c027037719d1e2ae311ce75c9b0815bb0d5a727b8fc92e6684451cabef4b8417c83b13a73733f79644c2aaab8d30f7a0b2bad37f8f65557f947c862fed8c3622b57e537851116611907387aa533e85fcfadd88cc7ac85a1504f6e7a562a1d35a4ae4d4a06eb7c0f7f96fc7a256f7088da5dbfc6bb472750511928ff1496808b64baec9e4fcee20bfead008548c912a871c7e6483b271b46f323d212cd94f9c58fbd0ba0ea4a8d98f0a4bfc69cee96a474953dbfbc9bc67693c733a26d5c5773f5b941feca32adb1d8c9786d1ec30d188e3c582e94c41d2492eb055de51bd11d231ce4666c3d13095a4ece221f3669683bcf933ad3002380e786b0c4f3fda353529a41c45ba7b57b3dcfeac483dd80c06ac8cb5d20201eabb6c3b276e21e6a9d247b48bdc793bbb136a0a605b06b60ad973bd8781b335329b42d907aa27345019143c41fb6762d658331cacc05178fee85ac1e702cf37e7d9e30f0ad62c5e542ac24ec037270c67f2bba801cde0a98d40115bd957d8175cd66e7ec385828ce01affe7e73ac6800472f516e92e648f35f363a7f7b48c6507661c0644855a725292176a62e190d6c8fb3b16d4cce5c537cc834f051ddfaee55abbc79e05ec2b189cf1eab1ee9f42ab777cf63f86cc5e26604213e95a4153c68f4333d99db5a9bb704f0584c89f06ef8b82f21c0766491c73a3a9f873d53535a3fec33aa30fe07863e51b3796ad1fc475d5fc9a65b5b6f42d0c1517e83cfd19974b58988e12cce06be26ec3f737b4595da5becf48f1dad78f24d434652b4e2de338c37d62c6d79612a5e581ee11d7f534883ccc4ac6cd91e5f1520a12a7274203c00394aa906cebbe0f5e3900d3b2e519f5cb6ba6de4119628534c950005572ec38d853f11965c0557b2502118ad0aea098182951b67a2d92d5d266779f1c0098ee7c46d6bb9ab1ea71b71f48c6f27698d9a3b197c3df6e4c70a037ddaaeaebcdf123bc376eb81f82b158f074d4a0a6dec98369f4fdf4b9be77ee5565601448bc0a0ce888efd514710e0cf8e6496213b0604b87652fe030d8efb3883739547621c9a41ef65702a217445eb89c1bafc540effa2d088d7a27c1b6c0170052148901e910236f2a2df650c22c02bb12181ba62fd22a84bee455c3306557103809fd870dfa9c200502ad085e6b3bf7375be3d1cf1be471c85d5b520bd993b1f04ae56da0948b0c24fc02bb890e97c58dfedb1f016d4bd2829c73974bc5303b01be6e51551d398d8c871461171011438cbc69ddf6993359a7243e331203a6b646bc6cf17aa0c35185069442cf16ceced9767533b59b3c974fb9830cab58b9ef7fadcc5aa7e47addf6180a309a31d75fe911dda675f3f19ce0fbf831de8bafc98b3077145c8c08ec81dd0fb8a55f281ce664873dd3f43b4c1824c8781806c0854b51c82fb7a4d0e1d8817348435194180d024fb1389e7103bc8ecf2667497b974a000980078e001934a61619ac68aeb643fe8c06f82896efcd508d3864ac87440fd9a85ed90970e02e7a55a4c8b52df716289580792a020269227651b256de112d6dffe1950abff45141c0406d436f40d1b5c0ba6a3af941c2192a0fd0a1f6d4c2a79627779afb5e9f630755060fbc67ef5b1b131024652a68631738364b763c91b99fa2a074fbf9313e36e41993f2b88d3cf0f42d47ea891e16eb8594d92975f61c7935364a45cc033a78936ae5598da265c7c226138a581e0f7b8f656482d8b45bfd157fc9e40b01a0517457e09c39993ad1102d86ddbf67af70e48b0cd6c838e6fd76ba19cbf6e7ca0f392f384e8677c2e9a1d3683c94c146cee4e87a2e3e03f9cf41d5f4d5dfbcdc11817e57bd5038f0ded2037183fd0eee648e0802cd0fcb8bba9712e0b186c5e2c29b445c92d0a6228908a9606f9fc05e53445851ec674b8c495e24982059040c39baaf6af3fac0f3adefdcc2134c6f790376018443c2555bb7a9cb8da9236eb869ec3cd25c09ecdd4ec5faa11fba42f42638ba5e1ff571ede3280dac456b2d156c75a47142ad98758b6fbd85e5c3568c9042beac45e30273a99188b8530e8621d275932c9eb774d13b7ba2821dc86976d2c4589b205b4b11b71cdf5fa016e0327092a076a70e941e39f4aeb2238c2f40d46378fd97e3f6052b4cb0f0d763c5fbf23ffb5adab03fad1ab311f7b11ab06ad6bb92e928ce34441d91854d4532accc776915c0d91750e09f4535c791b6dab40eef0c2d204981af053b5f0c5e04db1da70aed301eb47352c98e8b4d2cc9aa8d5adaa105e1dd216f5240ad7a42472134a79796ec6af96a9b3e81fc969bdde8d432a1042b023dfaca73b57ddcdb47f38593afdfb03b87c0e261afd1617d7774fbf1cd98c3176be2943c27cf6a824d359798efede855351e066d5c5310aeae8da4661fcc8383701a985720797d7a370516ccfe852eed1798c22e13cb82fa1627b030a2168a01615f0af9b2159ee0bc2b70ccd8d3150210b66624c740448a087af86ba7dd16b239c834c0da68aaab54ca6525edf76ab6251fe7fa58939a7af57ab181861924d0d1ccb8e351fd56c3b45529fe41a0ec76cb34fc0643a410a66442275cddcd98988e734ef61e0e19d293562b2965d0a867b98352c032c13dcbc5b44b023216c4f9579a71c983a857441393bac78a13f08c59a00b1126a9ea0f048eef189012c42b6df339dc1475d27557b9f956b0f8c27b3a2ed99d772700d9ea3657149bb1adbf06127b79748f82e842593697362a2a94bd8e6c9de6883e0a42ac89dcf141d94fa1c2676592f57369b3bbc75f1689bf7d4463c88733e28cc9e9b0088dce83c9f042734f6cf9a175a668ce919d6d757394ee3fadd0f354345823b052a98636f20b74fd998f327485afb81de66d101820c44bae54a37e5f4d6d02e05ba8e49a3d4db998c8788211e6a900164c2614b3b7dc44a2073485d31a1f2d2b28ed56dcc147c1dceb18e6a345268797b3bafc5375a62cadad42a5d131a601d32b8fa162678b5dbfae9f702399a091c1a68afd8cf1743805b524da7a5a72f47e6a755a733cbfc09ebd9c9674ee1dbcd105592e50ecdc7c4e937e11db0788500cc7e862de180bfdea3415fd848505b507dd6102cccf613359dc0a05c2bc4b92d0b411393b0b08b52de0ad4b60cb852b77532072ddabd3b93c01e9622890515188ed6863418cfd780ed77e050fbed4bd6f43b76c7ebe50b124d5fe3d5b1eed1a64c05e35308cdf76837bd59f5ed6828ebb4941966e8c28297a6bf6e24222343c5c84063a939b90dee305751dfcd9857318ad592d128755e67cc7dc44050bfcd1b147ee3d9fb4193b4f9cba4a23b4d74a9ef701c16cdfd1fd2801b3592b2d4da17f035a971306ae6f606e87aa4f7c867167f918870b198dab44b906320b9d8e1a43422da3215cc240f1e80622313e0fc71d7cab1646e907f3bca40041a71a535fe32de226c6e97a50ca45b18d2bad9adf7b362db80b45d28e50aa67d63a504bba00090f78c6c527fca42260b35d06cfdf4d973e242ac765a8c13e06563570d0131b90e432370919c6f319165f349de80b4ade9d6025bdc62c52ac4fa506e9a80a1483de691a3dc5632c9e498ebf43604650fbf68960c44a6de320615dde68192e17973a8370be2eeb91dffdeb56acd6ef03bb9a8ff910dff3a76b3858a9c5c3357ba67bddf603c9c835e8c07eb9ab73cb624eb464b133a258e91f8f0e7e7cd7889c477e37b37853cf96b73327dfdae56b88ed1373b7d7525dc404ece7f8bd7f67cc0fddb3c459d22674bd3c1818b49ea5666957e05bfea16547256dd93d506b3af00bd388d78dabe4dfd58ba486cda2ea129d29369c6d1528fd0dea83bfd1af6e0a0bd7902097a3923def1b8a6fdae20c608b069c693afe2cb1c9fddb0dcffb4e49c2f2b261e98803665dd57a45522ca11974be341e14856859722af166bdedf5d333407c7931bab16067a9d32b0b9eb0e77686ab397b711f3f36a40c4a0bd631fa62343194687a784e906bc229639491823709182e43776aed7b42267ca7fd5edd6c1fdc1bf789eeca257048177e8332793313fa9b46b4ee9d34251c9ca6c5d78bc184e5f191aa25d4bfbfede5010a92d1deddecc4dca2ce3a8c99764a131742f08e27a70e47b535623921e8c17d309814263cf03a193f4eed50014123148550ed55a7f695753af001016f918d149b0a32f1cc3f67a98bd3e6922eb6d2d46f21ee6d353c3d4bdc769685b83a00454316672392e3a9ad42e84c44212628fef5254e8e2f28f92c7aef14b7eb2e191c9719caf5d8399b69dc45a8679e7c9598b210cefc9b841d996450ad0bff559f009c692b00eb4cc14cc00a5cc83de32476c59ebaf7ee4c7060771542a0e901131aea23c839875ef9fa113bb655e7a132f977af2166694122470a6a8303da76c465b2473c7bcc4599e223db9a19cb7631bf8897b6589c2d3861aae18ce7c3e55ffded16d3814ae4aa3cfe8d46351d9e56fe2f212a0c624daaf2c734ae3878f02220031bfe8a1d21b8ee3b5ca09b91cbae84b3ac3e900333f304e27437aecebbed97dfe89fa2ba592a37cd24109110ee0e659c3751b02880b8bb78228a1aba0d91b740f70e02e0ec138fa8a07b836cb1f77fac0f2544d6573c7cd3b6a5885c39dac7a45b8fa56f8b279a92c2158291297e855787249e7eb0c7474ebb1a330b25493783c4adf83237f133c1625d988ebe274f6fa67503900ce365defdf97753adbe0783262ac19358876f8c28df3f7bf7d00e6834e6bbebe84881fe77998bd02cf45e9a9124df9b8855a7b063ddaef54133b25b857a7df746775493844244edf682cf70700e3c03d6a9a980e91830f30df1362ee87808b3df4d25b44d1eb2f84602ea8fb25933259091225db5aff05ef497207fe1871e67391841dc068211e3a84932b72cdf528b9f79a8f37fa95dca6b61b36e6ba92388abead45da2e3d07ff5ef18f76e162e9ded5c5a89b3ae24900521a9fa308536a9ee34c9c50bda9c6c2d2f2817c135623410717bcac106a6ca7f4e601791b1379c0400618b94c485141e3e198f8978f1dee659521a344e49eaddf9b8597231e3357083ceaa57e715d28e036b65d6c907e739b9254d2a411a9d7bacb32cd2b559e98d85015fa1e0cb6d95136728332abff4875224c6a6df380765c5a66e688dbf63b921baf85d6fdc049542cf1b878566c9b992375ef04c8027126d486e2a67fc89743621bec38a02310627dc59f7210067acda", &(0x7f0000000200)="a305532a3f7999b119c37547d89b8de1b9896622594a68bb5c5463001c3c1d77204d881568d2c96d847c80c30024897f676c422a684fc941edf40832e8e962a3d7006ed5f41f3a217b787c48e0248f37eb2614b32525c5f8bba35762dd6f2665a66b671bb1e2d4565239"}}, &(0x7f00000002c0)=0x0) timer_getoverrun(r8) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000480)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x0, 0x0) 11:39:21 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) getpid() sched_setattr(0x0, 0x0, 0x0) r0 = open(&(0x7f0000000040)='./bus\x00', 0x8001141042, 0x0) write(r0, &(0x7f0000000000)="b6", 0xfffffe7e) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000480)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002", 0x11}], 0x0, 0x0) 11:39:21 executing program 1: socket$nl_xfrm(0x10, 0x3, 0x6) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x20}, 0x0) write(0xffffffffffffffff, 0x0, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff}) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000480)='./file0\x00', 0xe000, 0x0, &(0x7f0000000040), 0x0, 0x0) [ 1852.845747] FAT-fs (loop1): bogus number of reserved sectors [ 1852.851708] FAT-fs (loop1): Can't find a valid FAT filesystem 11:39:22 executing program 3: socket$nl_xfrm(0x10, 0x3, 0x6) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x20}, 0x0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x8001141042, 0x0) add_key$user(0x0, &(0x7f0000000040)={'syz', 0x0}, &(0x7f0000000280)='f', 0x1, 0xfffffffffffffffd) keyctl$clear(0x7, 0x0) request_key(0x0, &(0x7f0000000180)={'syz', 0x0}, 0x0, 0x0) write(r1, &(0x7f0000000000)="b6", 0xfffffe7e) pipe(&(0x7f00000001c0)={0xffffffffffffffff}) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) ioctl$TCSETXW(0xffffffffffffffff, 0x5435, &(0x7f00000000c0)={0x0, 0x0, [0x0, 0x0, 0x6, 0x2], 0x8}) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000480)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x0, 0x0) 11:39:22 executing program 0: socket$nl_xfrm(0x10, 0x3, 0x6) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x20}, 0x0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x8001141042, 0x0) add_key$user(0x0, &(0x7f0000000040)={'syz', 0x0}, &(0x7f0000000280)='f', 0x1, 0xfffffffffffffffd) keyctl$clear(0x7, 0x0) request_key(0x0, &(0x7f0000000180)={'syz', 0x0}, 0x0, 0x0) write(r1, &(0x7f0000000000)="b6", 0xfffffe7e) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0) dup3(r4, r5, 0x0) ioctl$TCSETXW(0xffffffffffffffff, 0x5435, &(0x7f00000000c0)={0x0, 0x0, [0x0, 0x0, 0x6, 0x2], 0x8}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) setsockopt$netlink_NETLINK_LISTEN_ALL_NSID(0xffffffffffffffff, 0x10e, 0x8, 0x0, 0x0) r6 = syz_open_dev$evdev(&(0x7f000004a000)='/dev/input/event#\x00', 0x0, 0x0) ioctl$EVIOCGMASK(r6, 0x80104592, 0x0) r7 = syz_open_dev$evdev(&(0x7f000004a000)='/dev/input/event#\x00', 0x0, 0x0) dup3(r6, r7, 0x0) timer_create(0x2, &(0x7f0000000140)={0x0, 0x40, 0x4, @thr={&(0x7f0000000580)="40e8f4d944f7e1c1b2c4bdc97f652bb2dcf1673c6c9ba8eab8691f554c97198fcc104508eca9abf3fcd24578c5d93cec3acc8ece8ae818d8bd0a0a86c44aa0bd8ca6306afdabf2e503851b3e5ac7be555cf44b6d0cfeffa4ab9545007ba62022748a8728e8d27102b3882f39228b71b2380c68ae57e6d673d27e974e810a16a5c553e3af5a919e98a6a40be53a46eb6cb710f48237a8a415768454bee036e81272420b3d5acc92fcf005569e7245cdeaad5b49eba76819455c1b737d06e6c067904de37d0d235746cce497aab8ebe8302a533562d10a3c802bbc5209825d2f31aaa15d12a379ef1012bacb4ba58961e903b7553a54b09bb425a64116e3bc8b9fc622bf45b5baadb939c36cb288f85e62d177292c6f716473681e4ec1edec12cc615f3e62ffefc23dc7842e5966771af7d7eb73cbf6429e40987b99e1ca8e085edbc1364264b25872e952932083b9f0e6528d7fda4ed4f227255873016bd1df08cc71c4679023bf02ecf9f2431ca55d94d73dcdd1abc0df2c67cf78fecf1a72c027037719d1e2ae311ce75c9b0815bb0d5a727b8fc92e6684451cabef4b8417c83b13a73733f79644c2aaab8d30f7a0b2bad37f8f65557f947c862fed8c3622b57e537851116611907387aa533e85fcfadd88cc7ac85a1504f6e7a562a1d35a4ae4d4a06eb7c0f7f96fc7a256f7088da5dbfc6bb472750511928ff1496808b64baec9e4fcee20bfead008548c912a871c7e6483b271b46f323d212cd94f9c58fbd0ba0ea4a8d98f0a4bfc69cee96a474953dbfbc9bc67693c733a26d5c5773f5b941feca32adb1d8c9786d1ec30d188e3c582e94c41d2492eb055de51bd11d231ce4666c3d13095a4ece221f3669683bcf933ad3002380e786b0c4f3fda353529a41c45ba7b57b3dcfeac483dd80c06ac8cb5d20201eabb6c3b276e21e6a9d247b48bdc793bbb136a0a605b06b60ad973bd8781b335329b42d907aa27345019143c41fb6762d658331cacc05178fee85ac1e702cf37e7d9e30f0ad62c5e542ac24ec037270c67f2bba801cde0a98d40115bd957d8175cd66e7ec385828ce01affe7e73ac6800472f516e92e648f35f363a7f7b48c6507661c0644855a725292176a62e190d6c8fb3b16d4cce5c537cc834f051ddfaee55abbc79e05ec2b189cf1eab1ee9f42ab777cf63f86cc5e26604213e95a4153c68f4333d99db5a9bb704f0584c89f06ef8b82f21c0766491c73a3a9f873d53535a3fec33aa30fe07863e51b3796ad1fc475d5fc9a65b5b6f42d0c1517e83cfd19974b58988e12cce06be26ec3f737b4595da5becf48f1dad78f24d434652b4e2de338c37d62c6d79612a5e581ee11d7f534883ccc4ac6cd91e5f1520a12a7274203c00394aa906cebbe0f5e3900d3b2e519f5cb6ba6de4119628534c950005572ec38d853f11965c0557b2502118ad0aea098182951b67a2d92d5d266779f1c0098ee7c46d6bb9ab1ea71b71f48c6f27698d9a3b197c3df6e4c70a037ddaaeaebcdf123bc376eb81f82b158f074d4a0a6dec98369f4fdf4b9be77ee5565601448bc0a0ce888efd514710e0cf8e6496213b0604b87652fe030d8efb3883739547621c9a41ef65702a217445eb89c1bafc540effa2d088d7a27c1b6c0170052148901e910236f2a2df650c22c02bb12181ba62fd22a84bee455c3306557103809fd870dfa9c200502ad085e6b3bf7375be3d1cf1be471c85d5b520bd993b1f04ae56da0948b0c24fc02bb890e97c58dfedb1f016d4bd2829c73974bc5303b01be6e51551d398d8c871461171011438cbc69ddf6993359a7243e331203a6b646bc6cf17aa0c35185069442cf16ceced9767533b59b3c974fb9830cab58b9ef7fadcc5aa7e47addf6180a309a31d75fe911dda675f3f19ce0fbf831de8bafc98b3077145c8c08ec81dd0fb8a55f281ce664873dd3f43b4c1824c8781806c0854b51c82fb7a4d0e1d8817348435194180d024fb1389e7103bc8ecf2667497b974a000980078e001934a61619ac68aeb643fe8c06f82896efcd508d3864ac87440fd9a85ed90970e02e7a55a4c8b52df716289580792a020269227651b256de112d6dffe1950abff45141c0406d436f40d1b5c0ba6a3af941c2192a0fd0a1f6d4c2a79627779afb5e9f630755060fbc67ef5b1b131024652a68631738364b763c91b99fa2a074fbf9313e36e41993f2b88d3cf0f42d47ea891e16eb8594d92975f61c7935364a45cc033a78936ae5598da265c7c226138a581e0f7b8f656482d8b45bfd157fc9e40b01a0517457e09c39993ad1102d86ddbf67af70e48b0cd6c838e6fd76ba19cbf6e7ca0f392f384e8677c2e9a1d3683c94c146cee4e87a2e3e03f9cf41d5f4d5dfbcdc11817e57bd5038f0ded2037183fd0eee648e0802cd0fcb8bba9712e0b186c5e2c29b445c92d0a6228908a9606f9fc05e53445851ec674b8c495e24982059040c39baaf6af3fac0f3adefdcc2134c6f790376018443c2555bb7a9cb8da9236eb869ec3cd25c09ecdd4ec5faa11fba42f42638ba5e1ff571ede3280dac456b2d156c75a47142ad98758b6fbd85e5c3568c9042beac45e30273a99188b8530e8621d275932c9eb774d13b7ba2821dc86976d2c4589b205b4b11b71cdf5fa016e0327092a076a70e941e39f4aeb2238c2f40d46378fd97e3f6052b4cb0f0d763c5fbf23ffb5adab03fad1ab311f7b11ab06ad6bb92e928ce34441d91854d4532accc776915c0d91750e09f4535c791b6dab40eef0c2d204981af053b5f0c5e04db1da70aed301eb47352c98e8b4d2cc9aa8d5adaa105e1dd216f5240ad7a42472134a79796ec6af96a9b3e81fc969bdde8d432a1042b023dfaca73b57ddcdb47f38593afdfb03b87c0e261afd1617d7774fbf1cd98c3176be2943c27cf6a824d359798efede855351e066d5c5310aeae8da4661fcc8383701a985720797d7a370516ccfe852eed1798c22e13cb82fa1627b030a2168a01615f0af9b2159ee0bc2b70ccd8d3150210b66624c740448a087af86ba7dd16b239c834c0da68aaab54ca6525edf76ab6251fe7fa58939a7af57ab181861924d0d1ccb8e351fd56c3b45529fe41a0ec76cb34fc0643a410a66442275cddcd98988e734ef61e0e19d293562b2965d0a867b98352c032c13dcbc5b44b023216c4f9579a71c983a857441393bac78a13f08c59a00b1126a9ea0f048eef189012c42b6df339dc1475d27557b9f956b0f8c27b3a2ed99d772700d9ea3657149bb1adbf06127b79748f82e842593697362a2a94bd8e6c9de6883e0a42ac89dcf141d94fa1c2676592f57369b3bbc75f1689bf7d4463c88733e28cc9e9b0088dce83c9f042734f6cf9a175a668ce919d6d757394ee3fadd0f354345823b052a98636f20b74fd998f327485afb81de66d101820c44bae54a37e5f4d6d02e05ba8e49a3d4db998c8788211e6a900164c2614b3b7dc44a2073485d31a1f2d2b28ed56dcc147c1dceb18e6a345268797b3bafc5375a62cadad42a5d131a601d32b8fa162678b5dbfae9f702399a091c1a68afd8cf1743805b524da7a5a72f47e6a755a733cbfc09ebd9c9674ee1dbcd105592e50ecdc7c4e937e11db0788500cc7e862de180bfdea3415fd848505b507dd6102cccf613359dc0a05c2bc4b92d0b411393b0b08b52de0ad4b60cb852b77532072ddabd3b93c01e9622890515188ed6863418cfd780ed77e050fbed4bd6f43b76c7ebe50b124d5fe3d5b1eed1a64c05e35308cdf76837bd59f5ed6828ebb4941966e8c28297a6bf6e24222343c5c84063a939b90dee305751dfcd9857318ad592d128755e67cc7dc44050bfcd1b147ee3d9fb4193b4f9cba4a23b4d74a9ef701c16cdfd1fd2801b3592b2d4da17f035a971306ae6f606e87aa4f7c867167f918870b198dab44b906320b9d8e1a43422da3215cc240f1e80622313e0fc71d7cab1646e907f3bca40041a71a535fe32de226c6e97a50ca45b18d2bad9adf7b362db80b45d28e50aa67d63a504bba00090f78c6c527fca42260b35d06cfdf4d973e242ac765a8c13e06563570d0131b90e432370919c6f319165f349de80b4ade9d6025bdc62c52ac4fa506e9a80a1483de691a3dc5632c9e498ebf43604650fbf68960c44a6de320615dde68192e17973a8370be2eeb91dffdeb56acd6ef03bb9a8ff910dff3a76b3858a9c5c3357ba67bddf603c9c835e8c07eb9ab73cb624eb464b133a258e91f8f0e7e7cd7889c477e37b37853cf96b73327dfdae56b88ed1373b7d7525dc404ece7f8bd7f67cc0fddb3c459d22674bd3c1818b49ea5666957e05bfea16547256dd93d506b3af00bd388d78dabe4dfd58ba486cda2ea129d29369c6d1528fd0dea83bfd1af6e0a0bd7902097a3923def1b8a6fdae20c608b069c693afe2cb1c9fddb0dcffb4e49c2f2b261e98803665dd57a45522ca11974be341e14856859722af166bdedf5d333407c7931bab16067a9d32b0b9eb0e77686ab397b711f3f36a40c4a0bd631fa62343194687a784e906bc229639491823709182e43776aed7b42267ca7fd5edd6c1fdc1bf789eeca257048177e8332793313fa9b46b4ee9d34251c9ca6c5d78bc184e5f191aa25d4bfbfede5010a92d1deddecc4dca2ce3a8c99764a131742f08e27a70e47b535623921e8c17d309814263cf03a193f4eed50014123148550ed55a7f695753af001016f918d149b0a32f1cc3f67a98bd3e6922eb6d2d46f21ee6d353c3d4bdc769685b83a00454316672392e3a9ad42e84c44212628fef5254e8e2f28f92c7aef14b7eb2e191c9719caf5d8399b69dc45a8679e7c9598b210cefc9b841d996450ad0bff559f009c692b00eb4cc14cc00a5cc83de32476c59ebaf7ee4c7060771542a0e901131aea23c839875ef9fa113bb655e7a132f977af2166694122470a6a8303da76c465b2473c7bcc4599e223db9a19cb7631bf8897b6589c2d3861aae18ce7c3e55ffded16d3814ae4aa3cfe8d46351d9e56fe2f212a0c624daaf2c734ae3878f02220031bfe8a1d21b8ee3b5ca09b91cbae84b3ac3e900333f304e27437aecebbed97dfe89fa2ba592a37cd24109110ee0e659c3751b02880b8bb78228a1aba0d91b740f70e02e0ec138fa8a07b836cb1f77fac0f2544d6573c7cd3b6a5885c39dac7a45b8fa56f8b279a92c2158291297e855787249e7eb0c7474ebb1a330b25493783c4adf83237f133c1625d988ebe274f6fa67503900ce365defdf97753adbe0783262ac19358876f8c28df3f7bf7d00e6834e6bbebe84881fe77998bd02cf45e9a9124df9b8855a7b063ddaef54133b25b857a7df746775493844244edf682cf70700e3c03d6a9a980e91830f30df1362ee87808b3df4d25b44d1eb2f84602ea8fb25933259091225db5aff05ef497207fe1871e67391841dc068211e3a84932b72cdf528b9f79a8f37fa95dca6b61b36e6ba92388abead45da2e3d07ff5ef18f76e162e9ded5c5a89b3ae24900521a9fa308536a9ee34c9c50bda9c6c2d2f2817c135623410717bcac106a6ca7f4e601791b1379c0400618b94c485141e3e198f8978f1dee659521a344e49eaddf9b8597231e3357083ceaa57e715d28e036b65d6c907e739b9254d2a411a9d7bacb32cd2b559e98d85015fa1e0cb6d95136728332abff4875224c6a6df380765c5a66e688dbf63b921baf85d6fdc049542cf1b878566c9b992375ef04c8027126d486e2a67fc89743621bec38a02310627dc59f7210067acda", &(0x7f0000000200)="a305532a3f7999b119c37547d89b8de1b9896622594a68bb5c5463001c3c1d77204d881568d2c96d847c80c30024897f676c422a684fc941edf40832e8e962a3d7006ed5f41f3a217b787c48e0248f37eb2614b32525c5f8bba35762dd6f2665a66b671bb1e2d4565239"}}, &(0x7f00000002c0)=0x0) timer_getoverrun(r8) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000480)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x0, 0x0) [ 1853.516374] FAT-fs (loop5): invalid media value (0x00) 11:39:22 executing program 1: socket$nl_xfrm(0x10, 0x3, 0x6) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x20}, 0x0) write(0xffffffffffffffff, 0x0, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff}) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000480)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{0x0}], 0x0, 0x0) [ 1853.546616] FAT-fs (loop5): Can't find a valid FAT filesystem [ 1853.750792] FAT-fs (loop1): bogus number of reserved sectors [ 1853.756707] FAT-fs (loop1): Can't find a valid FAT filesystem 11:39:23 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) getpid() sched_setattr(0x0, 0x0, 0x0) r0 = open(&(0x7f0000000040)='./bus\x00', 0x8001141042, 0x0) write(r0, &(0x7f0000000000)="b6", 0xfffffe7e) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000480)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002", 0x11}], 0x0, 0x0) 11:39:23 executing program 3: socket$nl_xfrm(0x10, 0x3, 0x6) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x20}, 0x0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x8001141042, 0x0) add_key$user(0x0, &(0x7f0000000040)={'syz', 0x0}, &(0x7f0000000280)='f', 0x1, 0xfffffffffffffffd) keyctl$clear(0x7, 0x0) request_key(0x0, &(0x7f0000000180)={'syz', 0x0}, 0x0, 0x0) write(r1, &(0x7f0000000000)="b6", 0xfffffe7e) pipe(&(0x7f00000001c0)={0xffffffffffffffff}) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) ioctl$TCSETXW(0xffffffffffffffff, 0x5435, &(0x7f00000000c0)={0x0, 0x0, [0x0, 0x0, 0x6, 0x2], 0x8}) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000480)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x0, 0x0) 11:39:23 executing program 4: socket$nl_xfrm(0x10, 0x3, 0x6) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x20}, 0x0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x8001141042, 0x0) add_key$user(0x0, &(0x7f0000000040)={'syz', 0x0}, &(0x7f0000000280)='f', 0x1, 0xfffffffffffffffd) keyctl$clear(0x7, 0x0) request_key(0x0, &(0x7f0000000180)={'syz', 0x0}, 0x0, 0x0) write(r1, &(0x7f0000000000)="b6", 0xfffffe7e) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0) dup3(r4, r5, 0x0) ioctl$TCSETXW(0xffffffffffffffff, 0x5435, &(0x7f00000000c0)={0x0, 0x0, [0x0, 0x0, 0x6, 0x2], 0x8}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) setsockopt$netlink_NETLINK_LISTEN_ALL_NSID(0xffffffffffffffff, 0x10e, 0x8, 0x0, 0x0) r6 = syz_open_dev$evdev(&(0x7f000004a000)='/dev/input/event#\x00', 0x0, 0x0) ioctl$EVIOCGMASK(r6, 0x80104592, 0x0) r7 = syz_open_dev$evdev(&(0x7f000004a000)='/dev/input/event#\x00', 0x0, 0x0) dup3(r6, r7, 0x0) timer_create(0x2, &(0x7f0000000140)={0x0, 0x40, 0x4, @thr={&(0x7f0000000580)="40e8f4d944f7e1c1b2c4bdc97f652bb2dcf1673c6c9ba8eab8691f554c97198fcc104508eca9abf3fcd24578c5d93cec3acc8ece8ae818d8bd0a0a86c44aa0bd8ca6306afdabf2e503851b3e5ac7be555cf44b6d0cfeffa4ab9545007ba62022748a8728e8d27102b3882f39228b71b2380c68ae57e6d673d27e974e810a16a5c553e3af5a919e98a6a40be53a46eb6cb710f48237a8a415768454bee036e81272420b3d5acc92fcf005569e7245cdeaad5b49eba76819455c1b737d06e6c067904de37d0d235746cce497aab8ebe8302a533562d10a3c802bbc5209825d2f31aaa15d12a379ef1012bacb4ba58961e903b7553a54b09bb425a64116e3bc8b9fc622bf45b5baadb939c36cb288f85e62d177292c6f716473681e4ec1edec12cc615f3e62ffefc23dc7842e5966771af7d7eb73cbf6429e40987b99e1ca8e085edbc1364264b25872e952932083b9f0e6528d7fda4ed4f227255873016bd1df08cc71c4679023bf02ecf9f2431ca55d94d73dcdd1abc0df2c67cf78fecf1a72c027037719d1e2ae311ce75c9b0815bb0d5a727b8fc92e6684451cabef4b8417c83b13a73733f79644c2aaab8d30f7a0b2bad37f8f65557f947c862fed8c3622b57e537851116611907387aa533e85fcfadd88cc7ac85a1504f6e7a562a1d35a4ae4d4a06eb7c0f7f96fc7a256f7088da5dbfc6bb472750511928ff1496808b64baec9e4fcee20bfead008548c912a871c7e6483b271b46f323d212cd94f9c58fbd0ba0ea4a8d98f0a4bfc69cee96a474953dbfbc9bc67693c733a26d5c5773f5b941feca32adb1d8c9786d1ec30d188e3c582e94c41d2492eb055de51bd11d231ce4666c3d13095a4ece221f3669683bcf933ad3002380e786b0c4f3fda353529a41c45ba7b57b3dcfeac483dd80c06ac8cb5d20201eabb6c3b276e21e6a9d247b48bdc793bbb136a0a605b06b60ad973bd8781b335329b42d907aa27345019143c41fb6762d658331cacc05178fee85ac1e702cf37e7d9e30f0ad62c5e542ac24ec037270c67f2bba801cde0a98d40115bd957d8175cd66e7ec385828ce01affe7e73ac6800472f516e92e648f35f363a7f7b48c6507661c0644855a725292176a62e190d6c8fb3b16d4cce5c537cc834f051ddfaee55abbc79e05ec2b189cf1eab1ee9f42ab777cf63f86cc5e26604213e95a4153c68f4333d99db5a9bb704f0584c89f06ef8b82f21c0766491c73a3a9f873d53535a3fec33aa30fe07863e51b3796ad1fc475d5fc9a65b5b6f42d0c1517e83cfd19974b58988e12cce06be26ec3f737b4595da5becf48f1dad78f24d434652b4e2de338c37d62c6d79612a5e581ee11d7f534883ccc4ac6cd91e5f1520a12a7274203c00394aa906cebbe0f5e3900d3b2e519f5cb6ba6de4119628534c950005572ec38d853f11965c0557b2502118ad0aea098182951b67a2d92d5d266779f1c0098ee7c46d6bb9ab1ea71b71f48c6f27698d9a3b197c3df6e4c70a037ddaaeaebcdf123bc376eb81f82b158f074d4a0a6dec98369f4fdf4b9be77ee5565601448bc0a0ce888efd514710e0cf8e6496213b0604b87652fe030d8efb3883739547621c9a41ef65702a217445eb89c1bafc540effa2d088d7a27c1b6c0170052148901e910236f2a2df650c22c02bb12181ba62fd22a84bee455c3306557103809fd870dfa9c200502ad085e6b3bf7375be3d1cf1be471c85d5b520bd993b1f04ae56da0948b0c24fc02bb890e97c58dfedb1f016d4bd2829c73974bc5303b01be6e51551d398d8c871461171011438cbc69ddf6993359a7243e331203a6b646bc6cf17aa0c35185069442cf16ceced9767533b59b3c974fb9830cab58b9ef7fadcc5aa7e47addf6180a309a31d75fe911dda675f3f19ce0fbf831de8bafc98b3077145c8c08ec81dd0fb8a55f281ce664873dd3f43b4c1824c8781806c0854b51c82fb7a4d0e1d8817348435194180d024fb1389e7103bc8ecf2667497b974a000980078e001934a61619ac68aeb643fe8c06f82896efcd508d3864ac87440fd9a85ed90970e02e7a55a4c8b52df716289580792a020269227651b256de112d6dffe1950abff45141c0406d436f40d1b5c0ba6a3af941c2192a0fd0a1f6d4c2a79627779afb5e9f630755060fbc67ef5b1b131024652a68631738364b763c91b99fa2a074fbf9313e36e41993f2b88d3cf0f42d47ea891e16eb8594d92975f61c7935364a45cc033a78936ae5598da265c7c226138a581e0f7b8f656482d8b45bfd157fc9e40b01a0517457e09c39993ad1102d86ddbf67af70e48b0cd6c838e6fd76ba19cbf6e7ca0f392f384e8677c2e9a1d3683c94c146cee4e87a2e3e03f9cf41d5f4d5dfbcdc11817e57bd5038f0ded2037183fd0eee648e0802cd0fcb8bba9712e0b186c5e2c29b445c92d0a6228908a9606f9fc05e53445851ec674b8c495e24982059040c39baaf6af3fac0f3adefdcc2134c6f790376018443c2555bb7a9cb8da9236eb869ec3cd25c09ecdd4ec5faa11fba42f42638ba5e1ff571ede3280dac456b2d156c75a47142ad98758b6fbd85e5c3568c9042beac45e30273a99188b8530e8621d275932c9eb774d13b7ba2821dc86976d2c4589b205b4b11b71cdf5fa016e0327092a076a70e941e39f4aeb2238c2f40d46378fd97e3f6052b4cb0f0d763c5fbf23ffb5adab03fad1ab311f7b11ab06ad6bb92e928ce34441d91854d4532accc776915c0d91750e09f4535c791b6dab40eef0c2d204981af053b5f0c5e04db1da70aed301eb47352c98e8b4d2cc9aa8d5adaa105e1dd216f5240ad7a42472134a79796ec6af96a9b3e81fc969bdde8d432a1042b023dfaca73b57ddcdb47f38593afdfb03b87c0e261afd1617d7774fbf1cd98c3176be2943c27cf6a824d359798efede855351e066d5c5310aeae8da4661fcc8383701a985720797d7a370516ccfe852eed1798c22e13cb82fa1627b030a2168a01615f0af9b2159ee0bc2b70ccd8d3150210b66624c740448a087af86ba7dd16b239c834c0da68aaab54ca6525edf76ab6251fe7fa58939a7af57ab181861924d0d1ccb8e351fd56c3b45529fe41a0ec76cb34fc0643a410a66442275cddcd98988e734ef61e0e19d293562b2965d0a867b98352c032c13dcbc5b44b023216c4f9579a71c983a857441393bac78a13f08c59a00b1126a9ea0f048eef189012c42b6df339dc1475d27557b9f956b0f8c27b3a2ed99d772700d9ea3657149bb1adbf06127b79748f82e842593697362a2a94bd8e6c9de6883e0a42ac89dcf141d94fa1c2676592f57369b3bbc75f1689bf7d4463c88733e28cc9e9b0088dce83c9f042734f6cf9a175a668ce919d6d757394ee3fadd0f354345823b052a98636f20b74fd998f327485afb81de66d101820c44bae54a37e5f4d6d02e05ba8e49a3d4db998c8788211e6a900164c2614b3b7dc44a2073485d31a1f2d2b28ed56dcc147c1dceb18e6a345268797b3bafc5375a62cadad42a5d131a601d32b8fa162678b5dbfae9f702399a091c1a68afd8cf1743805b524da7a5a72f47e6a755a733cbfc09ebd9c9674ee1dbcd105592e50ecdc7c4e937e11db0788500cc7e862de180bfdea3415fd848505b507dd6102cccf613359dc0a05c2bc4b92d0b411393b0b08b52de0ad4b60cb852b77532072ddabd3b93c01e9622890515188ed6863418cfd780ed77e050fbed4bd6f43b76c7ebe50b124d5fe3d5b1eed1a64c05e35308cdf76837bd59f5ed6828ebb4941966e8c28297a6bf6e24222343c5c84063a939b90dee305751dfcd9857318ad592d128755e67cc7dc44050bfcd1b147ee3d9fb4193b4f9cba4a23b4d74a9ef701c16cdfd1fd2801b3592b2d4da17f035a971306ae6f606e87aa4f7c867167f918870b198dab44b906320b9d8e1a43422da3215cc240f1e80622313e0fc71d7cab1646e907f3bca40041a71a535fe32de226c6e97a50ca45b18d2bad9adf7b362db80b45d28e50aa67d63a504bba00090f78c6c527fca42260b35d06cfdf4d973e242ac765a8c13e06563570d0131b90e432370919c6f319165f349de80b4ade9d6025bdc62c52ac4fa506e9a80a1483de691a3dc5632c9e498ebf43604650fbf68960c44a6de320615dde68192e17973a8370be2eeb91dffdeb56acd6ef03bb9a8ff910dff3a76b3858a9c5c3357ba67bddf603c9c835e8c07eb9ab73cb624eb464b133a258e91f8f0e7e7cd7889c477e37b37853cf96b73327dfdae56b88ed1373b7d7525dc404ece7f8bd7f67cc0fddb3c459d22674bd3c1818b49ea5666957e05bfea16547256dd93d506b3af00bd388d78dabe4dfd58ba486cda2ea129d29369c6d1528fd0dea83bfd1af6e0a0bd7902097a3923def1b8a6fdae20c608b069c693afe2cb1c9fddb0dcffb4e49c2f2b261e98803665dd57a45522ca11974be341e14856859722af166bdedf5d333407c7931bab16067a9d32b0b9eb0e77686ab397b711f3f36a40c4a0bd631fa62343194687a784e906bc229639491823709182e43776aed7b42267ca7fd5edd6c1fdc1bf789eeca257048177e8332793313fa9b46b4ee9d34251c9ca6c5d78bc184e5f191aa25d4bfbfede5010a92d1deddecc4dca2ce3a8c99764a131742f08e27a70e47b535623921e8c17d309814263cf03a193f4eed50014123148550ed55a7f695753af001016f918d149b0a32f1cc3f67a98bd3e6922eb6d2d46f21ee6d353c3d4bdc769685b83a00454316672392e3a9ad42e84c44212628fef5254e8e2f28f92c7aef14b7eb2e191c9719caf5d8399b69dc45a8679e7c9598b210cefc9b841d996450ad0bff559f009c692b00eb4cc14cc00a5cc83de32476c59ebaf7ee4c7060771542a0e901131aea23c839875ef9fa113bb655e7a132f977af2166694122470a6a8303da76c465b2473c7bcc4599e223db9a19cb7631bf8897b6589c2d3861aae18ce7c3e55ffded16d3814ae4aa3cfe8d46351d9e56fe2f212a0c624daaf2c734ae3878f02220031bfe8a1d21b8ee3b5ca09b91cbae84b3ac3e900333f304e27437aecebbed97dfe89fa2ba592a37cd24109110ee0e659c3751b02880b8bb78228a1aba0d91b740f70e02e0ec138fa8a07b836cb1f77fac0f2544d6573c7cd3b6a5885c39dac7a45b8fa56f8b279a92c2158291297e855787249e7eb0c7474ebb1a330b25493783c4adf83237f133c1625d988ebe274f6fa67503900ce365defdf97753adbe0783262ac19358876f8c28df3f7bf7d00e6834e6bbebe84881fe77998bd02cf45e9a9124df9b8855a7b063ddaef54133b25b857a7df746775493844244edf682cf70700e3c03d6a9a980e91830f30df1362ee87808b3df4d25b44d1eb2f84602ea8fb25933259091225db5aff05ef497207fe1871e67391841dc068211e3a84932b72cdf528b9f79a8f37fa95dca6b61b36e6ba92388abead45da2e3d07ff5ef18f76e162e9ded5c5a89b3ae24900521a9fa308536a9ee34c9c50bda9c6c2d2f2817c135623410717bcac106a6ca7f4e601791b1379c0400618b94c485141e3e198f8978f1dee659521a344e49eaddf9b8597231e3357083ceaa57e715d28e036b65d6c907e739b9254d2a411a9d7bacb32cd2b559e98d85015fa1e0cb6d95136728332abff4875224c6a6df380765c5a66e688dbf63b921baf85d6fdc049542cf1b878566c9b992375ef04c8027126d486e2a67fc89743621bec38a02310627dc59f7210067acda", &(0x7f0000000200)="a305532a3f7999b119c37547d89b8de1b9896622594a68bb5c5463001c3c1d77204d881568d2c96d847c80c30024897f676c422a684fc941edf40832e8e962a3d7006ed5f41f3a217b787c48e0248f37eb2614b32525c5f8bba35762dd6f2665a66b671bb1e2d4565239"}}, &(0x7f00000002c0)=0x0) timer_getoverrun(r8) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000480)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x0, 0x0) 11:39:23 executing program 1: socket$nl_xfrm(0x10, 0x3, 0x6) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x20}, 0x0) write(0xffffffffffffffff, 0x0, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff}) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000480)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{0x0}], 0x0, 0x0) 11:39:23 executing program 2: r0 = getpid() r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/schedstat\x00', 0x0, 0x0) lseek(r1, 0x1, 0x0) sendmsg$NFNL_MSG_CTHELPER_NEW(r1, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000080)={&(0x7f0000000240)={0x4c, 0x0, 0x9, 0x3, 0x0, 0x0, {0x0, 0x0, 0x8}, [@NFCTH_NAME={0x9, 0x1, 'syz0\x00'}, @NFCTH_NAME={0x9, 0x1, 'syz0\x00'}, @NFCTH_STATUS={0x8}, @NFCTH_TUPLE={0xc, 0x2, [@CTA_TUPLE_ZONE={0x6}]}, @NFCTH_NAME={0x9, 0x1, 'syz0\x00'}]}, 0x4c}}, 0x8011) sched_setscheduler(r0, 0x5, &(0x7f0000000380)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, &(0x7f0000000200)='/dev/vsock\x00', 0x0, 0x0) socket$pptp(0x18, 0x1, 0x2) openat$sequencer(0xffffffffffffff9c, 0x0, 0x801, 0x0) inotify_init1(0x0) poll(0x0, 0x0, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer\x00', 0x801, 0x0) syz_open_dev$vivid(&(0x7f0000000540)='/dev/video#\x00', 0x0, 0x2) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0x0, 0xf0, 0xfffffffffffffffc, 0x1, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 11:39:24 executing program 0: r0 = getpid() r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/schedstat\x00', 0x0, 0x0) lseek(r1, 0x1, 0x0) sendmsg$NFNL_MSG_CTHELPER_NEW(r1, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000080)={&(0x7f0000000240)={0x4c, 0x0, 0x9, 0x3, 0x0, 0x0, {0x0, 0x0, 0x8}, [@NFCTH_NAME={0x9, 0x1, 'syz0\x00'}, @NFCTH_NAME={0x9, 0x1, 'syz0\x00'}, @NFCTH_STATUS={0x8}, @NFCTH_TUPLE={0xc, 0x2, [@CTA_TUPLE_ZONE={0x6}]}, @NFCTH_NAME={0x9, 0x1, 'syz0\x00'}]}, 0x4c}}, 0x8011) sched_setscheduler(r0, 0x5, &(0x7f0000000380)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, &(0x7f0000000200)='/dev/vsock\x00', 0x0, 0x0) socket$pptp(0x18, 0x1, 0x2) openat$sequencer(0xffffffffffffff9c, 0x0, 0x801, 0x0) inotify_init1(0x0) poll(0x0, 0x0, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer\x00', 0x801, 0x0) poll(0x0, 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000380)={[0x0, 0xf0, 0xfffffffffffffffc, 0x1, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) [ 1854.697195] FAT-fs (loop1): bogus number of reserved sectors [ 1854.703264] FAT-fs (loop1): Can't find a valid FAT filesystem [ 1854.921133] FAT-fs (loop5): invalid media value (0x00) [ 1854.935723] FAT-fs (loop5): Can't find a valid FAT filesystem 11:39:24 executing program 1: socket$nl_xfrm(0x10, 0x3, 0x6) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x20}, 0x0) write(0xffffffffffffffff, 0x0, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff}) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000480)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{0x0}], 0x0, 0x0) 11:39:24 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) getpid() sched_setattr(0x0, 0x0, 0x0) r0 = open(&(0x7f0000000040)='./bus\x00', 0x8001141042, 0x0) write(r0, &(0x7f0000000000)="b6", 0xfffffe7e) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000480)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270", 0x14}], 0x0, 0x0) 11:39:24 executing program 4: set_mempolicy(0x2, &(0x7f00000000c0), 0x2) r0 = openat$ion(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/ion\x00', 0x0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup2(r1, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x0) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f00000001c0)={0x10010005, 0xffffffffffffffff}) [ 1855.629210] FAT-fs (loop1): bogus number of reserved sectors [ 1855.635521] FAT-fs (loop1): Can't find a valid FAT filesystem [ 1855.986596] FAT-fs (loop5): invalid media value (0x00) [ 1856.004605] FAT-fs (loop5): Can't find a valid FAT filesystem 11:39:25 executing program 4: set_mempolicy(0x2, &(0x7f00000000c0), 0x2) r0 = openat$ion(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/ion\x00', 0x0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup2(r1, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x0) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f00000001c0)={0x10010005, 0xffffffffffffffff}) 11:39:25 executing program 3: socket$nl_xfrm(0x10, 0x3, 0x6) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x20}, 0x0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x8001141042, 0x0) add_key$user(0x0, &(0x7f0000000040)={'syz', 0x0}, &(0x7f0000000280)='f', 0x1, 0xfffffffffffffffd) keyctl$clear(0x7, 0x0) request_key(0x0, &(0x7f0000000180)={'syz', 0x0}, 0x0, 0x0) write(r1, &(0x7f0000000000)="b6", 0xfffffe7e) pipe(&(0x7f00000001c0)={0xffffffffffffffff}) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) ioctl$TCSETXW(0xffffffffffffffff, 0x5435, &(0x7f00000000c0)={0x0, 0x0, [0x0, 0x0, 0x6, 0x2], 0x8}) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000480)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x0, 0x0) 11:39:25 executing program 1: socket$nl_xfrm(0x10, 0x3, 0x6) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x20}, 0x0) write(0xffffffffffffffff, 0x0, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff}) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000480)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)}], 0x0, 0x0) [ 1856.514818] FAT-fs (loop1): bogus number of reserved sectors [ 1856.520778] FAT-fs (loop1): Can't find a valid FAT filesystem [ 1857.146241] syz-executor.4: page allocation failure: order:4, mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask=(null) [ 1857.170320] syz-executor.4 cpuset=syz4 mems_allowed=0-1 [ 1857.175749] CPU: 1 PID: 23989 Comm: syz-executor.4 Not tainted 4.14.170-syzkaller #0 [ 1857.183733] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1857.193094] Call Trace: [ 1857.195698] dump_stack+0x142/0x197 [ 1857.199337] warn_alloc.cold+0x96/0x1af [ 1857.203411] ? zone_watermark_ok_safe+0x2b0/0x2b0 [ 1857.208285] ? __alloc_pages_direct_compact+0xbc/0x380 [ 1857.213573] __alloc_pages_slowpath+0x23c6/0x2930 [ 1857.218455] ? save_trace+0x290/0x290 [ 1857.222270] ? warn_alloc+0xf0/0xf0 [ 1857.225912] ? __might_sleep+0x93/0xb0 [ 1857.229809] __alloc_pages_nodemask+0x62c/0x7a0 [ 1857.234492] ? lock_downgrade+0x740/0x740 [ 1857.238646] ? __alloc_pages_slowpath+0x2930/0x2930 [ 1857.243675] alloc_pages_current+0xec/0x1e0 [ 1857.248113] ion_page_pool_alloc+0x11f/0x1c0 [ 1857.252531] ion_system_heap_allocate+0x138/0x910 [ 1857.257393] ? ion_alloc+0x19b/0x860 [ 1857.261111] ? rcu_read_lock_sched_held+0x110/0x130 [ 1857.266133] ? ion_system_heap_free+0x250/0x250 [ 1857.270815] ion_alloc+0x222/0x860 [ 1857.274367] ? ion_dma_buf_release+0x50/0x50 [ 1857.278791] ? kasan_check_write+0x14/0x20 [ 1857.283029] ? _copy_from_user+0x99/0x110 [ 1857.287182] ion_ioctl+0x105/0x217 [ 1857.290734] ? ion_alloc.cold+0x40/0x40 [ 1857.294714] ? ion_alloc.cold+0x40/0x40 [ 1857.298697] do_vfs_ioctl+0x7ae/0x1060 [ 1857.302591] ? selinux_file_mprotect+0x5d0/0x5d0 [ 1857.307350] ? lock_downgrade+0x740/0x740 [ 1857.311509] ? ioctl_preallocate+0x1c0/0x1c0 [ 1857.315927] ? __fget+0x237/0x370 [ 1857.319392] ? security_file_ioctl+0x89/0xb0 [ 1857.323809] SyS_ioctl+0x8f/0xc0 [ 1857.327181] ? do_vfs_ioctl+0x1060/0x1060 [ 1857.331334] do_syscall_64+0x1e8/0x640 [ 1857.335226] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1857.340101] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 1857.345293] RIP: 0033:0x45c6c9 [ 1857.348479] RSP: 002b:00007f475dc27c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1857.356328] RAX: ffffffffffffffda RBX: 00007f475dc286d4 RCX: 000000000045c6c9 [ 1857.363600] RDX: 00000000200001c0 RSI: 00000000c0184900 RDI: 0000000000000003 [ 1857.370870] RBP: 000000000076bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1857.378153] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 1857.385450] R13: 0000000000000360 R14: 00000000004c5b9c R15: 000000000076bf2c [ 1857.401169] Mem-Info: [ 1857.403602] active_anon:1158537 inactive_anon:479 isolated_anon:12 [ 1857.403602] active_file:1900 inactive_file:9632 isolated_file:2 [ 1857.403602] unevictable:0 dirty:34 writeback:0 unstable:0 [ 1857.403602] slab_reclaimable:22309 slab_unreclaimable:126576 [ 1857.403602] mapped:58468 shmem:533 pagetables:17961 bounce:0 [ 1857.403602] free:75761 free_pcp:130 free_cma:0 [ 1857.441795] Node 0 active_anon:1569004kB inactive_anon:1916kB active_file:1160kB inactive_file:34752kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:225864kB dirty:60kB writeback:0kB shmem:2132kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 823296kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1857.474620] Node 1 active_anon:3065144kB inactive_anon:0kB active_file:6440kB inactive_file:3776kB unevictable:0kB isolated(anon):48kB isolated(file):8kB mapped:8008kB dirty:176kB writeback:0kB shmem:0kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 151552kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1857.509355] Node 0 DMA free:10508kB min:216kB low:268kB high:320kB active_anon:4556kB inactive_anon:0kB active_file:4kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:32kB pagetables:4kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1857.542866] lowmem_reserve[]: 0 2569 2569 2569 2569 11:39:26 executing program 2: r0 = getpid() r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/schedstat\x00', 0x0, 0x0) lseek(r1, 0x1, 0x0) sendmsg$NFNL_MSG_CTHELPER_NEW(r1, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000080)={&(0x7f0000000240)={0x4c, 0x0, 0x9, 0x3, 0x0, 0x0, {0x0, 0x0, 0x8}, [@NFCTH_NAME={0x9, 0x1, 'syz0\x00'}, @NFCTH_NAME={0x9, 0x1, 'syz0\x00'}, @NFCTH_STATUS={0x8}, @NFCTH_TUPLE={0xc, 0x2, [@CTA_TUPLE_ZONE={0x6}]}, @NFCTH_NAME={0x9, 0x1, 'syz0\x00'}]}, 0x4c}}, 0x8011) sched_setscheduler(r0, 0x5, &(0x7f0000000380)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, &(0x7f0000000200)='/dev/vsock\x00', 0x0, 0x0) socket$pptp(0x18, 0x1, 0x2) openat$sequencer(0xffffffffffffff9c, 0x0, 0x801, 0x0) inotify_init1(0x0) poll(0x0, 0x0, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer\x00', 0x801, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000380)={[0x0, 0xf0, 0xfffffffffffffffc, 0x1, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) 11:39:26 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) getpid() sched_setattr(0x0, 0x0, 0x0) r0 = open(&(0x7f0000000040)='./bus\x00', 0x8001141042, 0x0) write(r0, &(0x7f0000000000)="b6", 0xfffffe7e) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000480)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270", 0x14}], 0x0, 0x0) 11:39:26 executing program 1: socket$nl_xfrm(0x10, 0x3, 0x6) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x20}, 0x0) write(0xffffffffffffffff, 0x0, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff}) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000480)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)}], 0x0, 0x0) 11:39:26 executing program 3: socket$nl_xfrm(0x10, 0x3, 0x6) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) getpid() sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x20}, 0x0) r0 = open(&(0x7f0000000040)='./bus\x00', 0x8001141042, 0x0) add_key$user(0x0, &(0x7f0000000040)={'syz', 0x0}, &(0x7f0000000280)='f', 0x1, 0xfffffffffffffffd) keyctl$clear(0x7, 0x0) request_key(0x0, &(0x7f0000000180)={'syz', 0x0}, 0x0, 0x0) write(r0, &(0x7f0000000000)="b6", 0xfffffe7e) pipe(&(0x7f00000001c0)={0xffffffffffffffff}) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$TCSETXW(0xffffffffffffffff, 0x5435, &(0x7f00000000c0)={0x0, 0x0, [0x0, 0x0, 0x6, 0x2], 0x8}) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000480)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x0, 0x0) [ 1857.548017] Node 0 DMA32 free:105148kB min:36384kB low:45480kB high:54576kB active_anon:1564248kB inactive_anon:1916kB active_file:1256kB inactive_file:34752kB unevictable:0kB writepending:4kB present:3129332kB managed:2634396kB mlocked:0kB kernel_stack:10240kB pagetables:26744kB bounce:0kB free_pcp:644kB local_pcp:264kB free_cma:0kB [ 1857.582133] lowmem_reserve[]: 0 0 0 0 0 [ 1857.586160] Node 0 Normal free:0kB min:0kB low:0kB high:0kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:0kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1857.620356] lowmem_reserve[]: 0 0 0 0 0 [ 1857.624902] Node 1 Normal free:188440kB min:53504kB low:66880kB high:80256kB active_anon:3065144kB inactive_anon:0kB active_file:6712kB inactive_file:3776kB unevictable:0kB writepending:124kB present:3932160kB managed:3870192kB mlocked:0kB kernel_stack:15520kB pagetables:45096kB bounce:0kB free_pcp:112kB local_pcp:56kB free_cma:0kB [ 1857.659563] lowmem_reserve[]: 0 0 0 0 0 [ 1857.664091] Node 0 DMA: 1*4kB (E) 11*8kB (UEH) 7*16kB (UMH) 4*32kB (UM) 5*64kB (UEH) 1*128kB (E) 2*256kB (EH) 4*512kB (UMEH) 3*1024kB (MEH) 2*2048kB (UE) 0*4096kB = 10508kB [ 1857.689174] Node 0 DMA32: 2630*4kB (UM) 1944*8kB (UME) 2266*16kB (UME) 1351*32kB (UME) 3*64kB (UM) 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 105752kB [ 1857.717591] FAT-fs (loop1): bogus number of reserved sectors [ 1857.723823] FAT-fs (loop1): Can't find a valid FAT filesystem [ 1857.727316] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 1857.748410] Node 1 Normal: 5388*4kB (UME) 6162*8kB (UME) 3555*16kB (UME) 1841*32kB (UME) 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 1*2048kB (M) 0*4096kB = 188688kB [ 1857.774596] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1857.802306] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1857.824637] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1857.854911] FAT-fs (loop5): invalid media value (0x00) [ 1857.860694] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1857.876666] FAT-fs (loop5): Can't find a valid FAT filesystem [ 1857.906213] 9636 total pagecache pages [ 1857.915525] 0 pages in swap cache [ 1857.924521] Swap cache stats: add 0, delete 0, find 0/0 [ 1857.955083] Free swap = 0kB [ 1857.961568] Total swap = 0kB [ 1857.964756] 1965979 pages RAM [ 1858.179069] 0 pages HighMem/MovableOnly [ 1858.183302] 335855 pages reserved [ 1858.186759] 0 pages cma reserved 11:39:27 executing program 4: set_mempolicy(0x2, &(0x7f00000000c0), 0x2) r0 = openat$ion(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/ion\x00', 0x0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup2(r1, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x0) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f00000001c0)={0x10010005, 0xffffffffffffffff}) 11:39:28 executing program 0: set_mempolicy(0x2, &(0x7f00000000c0), 0x2) r0 = openat$ion(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/ion\x00', 0x0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) dup2(r1, r1) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f00000001c0)={0x10010005, 0xffffffffffffffff}) 11:39:28 executing program 1: socket$nl_xfrm(0x10, 0x3, 0x6) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x20}, 0x0) write(0xffffffffffffffff, 0x0, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff}) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000480)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)}], 0x0, 0x0) 11:39:28 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) getpid() sched_setattr(0x0, 0x0, 0x0) r0 = open(&(0x7f0000000040)='./bus\x00', 0x8001141042, 0x0) write(r0, &(0x7f0000000000)="b6", 0xfffffe7e) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000480)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270", 0x14}], 0x0, 0x0) 11:39:28 executing program 3: socket$nl_xfrm(0x10, 0x3, 0x6) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) getpid() sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x20}, 0x0) r0 = open(&(0x7f0000000040)='./bus\x00', 0x8001141042, 0x0) add_key$user(0x0, &(0x7f0000000040)={'syz', 0x0}, &(0x7f0000000280)='f', 0x1, 0xfffffffffffffffd) keyctl$clear(0x7, 0x0) request_key(0x0, &(0x7f0000000180)={'syz', 0x0}, 0x0, 0x0) write(r0, &(0x7f0000000000)="b6", 0xfffffe7e) pipe(&(0x7f00000001c0)={0xffffffffffffffff}) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$TCSETXW(0xffffffffffffffff, 0x5435, &(0x7f00000000c0)={0x0, 0x0, [0x0, 0x0, 0x6, 0x2], 0x8}) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000480)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x0, 0x0) [ 1858.922681] FAT-fs (loop1): bogus number of reserved sectors [ 1858.928636] FAT-fs (loop1): Can't find a valid FAT filesystem [ 1859.016758] FAT-fs (loop5): invalid media value (0x00) [ 1859.052753] FAT-fs (loop5): Can't find a valid FAT filesystem [ 1859.241851] syz-executor.4: page allocation failure: order:4, mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask=(null) [ 1859.297026] syz-executor.4 cpuset=syz4 mems_allowed=0-1 [ 1859.316393] CPU: 0 PID: 24040 Comm: syz-executor.4 Not tainted 4.14.170-syzkaller #0 [ 1859.324326] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1859.333688] Call Trace: [ 1859.336289] dump_stack+0x142/0x197 [ 1859.339926] warn_alloc.cold+0x96/0x1af [ 1859.343902] ? zone_watermark_ok_safe+0x2b0/0x2b0 [ 1859.348770] ? __alloc_pages_direct_compact+0xbc/0x380 [ 1859.354053] __alloc_pages_slowpath+0x23c6/0x2930 [ 1859.358905] ? save_trace+0x290/0x290 [ 1859.362716] ? warn_alloc+0xf0/0xf0 [ 1859.366390] ? __might_sleep+0x93/0xb0 [ 1859.370320] __alloc_pages_nodemask+0x62c/0x7a0 [ 1859.375017] ? lock_downgrade+0x740/0x740 [ 1859.379247] ? __alloc_pages_slowpath+0x2930/0x2930 [ 1859.384282] alloc_pages_current+0xec/0x1e0 [ 1859.388609] ion_page_pool_alloc+0x11f/0x1c0 [ 1859.393015] ion_system_heap_allocate+0x138/0x910 [ 1859.397855] ? ion_alloc+0x19b/0x860 [ 1859.401563] ? rcu_read_lock_sched_held+0x110/0x130 [ 1859.406584] ? ion_system_heap_free+0x250/0x250 [ 1859.411246] ion_alloc+0x222/0x860 [ 1859.414798] ? ion_dma_buf_release+0x50/0x50 [ 1859.419214] ? kasan_check_write+0x14/0x20 [ 1859.423448] ? _copy_from_user+0x99/0x110 [ 1859.427599] ion_ioctl+0x105/0x217 [ 1859.431135] ? ion_alloc.cold+0x40/0x40 [ 1859.435219] ? ion_alloc.cold+0x40/0x40 [ 1859.439210] do_vfs_ioctl+0x7ae/0x1060 [ 1859.443089] ? selinux_file_mprotect+0x5d0/0x5d0 [ 1859.447836] ? lock_downgrade+0x740/0x740 [ 1859.451983] ? ioctl_preallocate+0x1c0/0x1c0 [ 1859.456390] ? __fget+0x237/0x370 [ 1859.459836] ? security_file_ioctl+0x89/0xb0 [ 1859.464369] SyS_ioctl+0x8f/0xc0 [ 1859.467745] ? do_vfs_ioctl+0x1060/0x1060 [ 1859.471890] do_syscall_64+0x1e8/0x640 [ 1859.475764] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1859.480612] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 1859.485801] RIP: 0033:0x45c6c9 [ 1859.488997] RSP: 002b:00007f475dc27c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1859.496699] RAX: ffffffffffffffda RBX: 00007f475dc286d4 RCX: 000000000045c6c9 [ 1859.503962] RDX: 00000000200001c0 RSI: 00000000c0184900 RDI: 0000000000000003 [ 1859.511232] RBP: 000000000076bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1859.518500] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 1859.525760] R13: 0000000000000360 R14: 00000000004c5b9c R15: 000000000076bf2c 11:39:29 executing program 1: socket$nl_xfrm(0x10, 0x3, 0x6) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x20}, 0x0) write(0xffffffffffffffff, 0x0, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff}) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000480)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174", 0xb}], 0x0, 0x0) [ 1859.878795] syz-executor.0: page allocation failure: order:4, mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask=(null) [ 1859.890946] syz-executor.0 cpuset=syz0 mems_allowed=0-1 [ 1859.896476] CPU: 0 PID: 24057 Comm: syz-executor.0 Not tainted 4.14.170-syzkaller #0 [ 1859.904563] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1859.913939] Call Trace: [ 1859.916544] dump_stack+0x142/0x197 [ 1859.920183] warn_alloc.cold+0x96/0x1af [ 1859.924162] ? zone_watermark_ok_safe+0x2b0/0x2b0 [ 1859.929127] ? __alloc_pages_direct_compact+0x290/0x380 [ 1859.934511] __alloc_pages_slowpath+0x23c6/0x2930 [ 1859.939368] ? save_trace+0x290/0x290 [ 1859.943183] ? warn_alloc+0xf0/0xf0 [ 1859.946821] ? __might_sleep+0x93/0xb0 [ 1859.950717] __alloc_pages_nodemask+0x62c/0x7a0 [ 1859.955396] ? lock_downgrade+0x740/0x740 [ 1859.959552] ? __alloc_pages_slowpath+0x2930/0x2930 [ 1859.964667] ? save_trace+0x290/0x290 [ 1859.968575] alloc_pages_current+0xec/0x1e0 [ 1859.972903] ion_page_pool_alloc+0x11f/0x1c0 [ 1859.977312] ion_system_heap_allocate+0x138/0x910 [ 1859.982196] ? ion_alloc+0x19b/0x860 [ 1859.985951] ? rcu_read_lock_sched_held+0x110/0x130 [ 1859.991050] ? ion_system_heap_free+0x250/0x250 [ 1859.995735] ion_alloc+0x222/0x860 [ 1859.999291] ? ion_dma_buf_release+0x50/0x50 [ 1860.003827] ? kasan_check_write+0x14/0x20 [ 1860.008070] ? _copy_from_user+0x99/0x110 [ 1860.012223] ion_ioctl+0x105/0x217 [ 1860.015770] ? ion_alloc.cold+0x40/0x40 [ 1860.019755] ? ion_alloc.cold+0x40/0x40 [ 1860.023734] do_vfs_ioctl+0x7ae/0x1060 [ 1860.027635] ? selinux_file_mprotect+0x5d0/0x5d0 [ 1860.032394] ? lock_downgrade+0x740/0x740 [ 1860.036549] ? ioctl_preallocate+0x1c0/0x1c0 [ 1860.041001] ? __fget+0x237/0x370 [ 1860.044500] ? security_file_ioctl+0x89/0xb0 [ 1860.048932] SyS_ioctl+0x8f/0xc0 [ 1860.052315] ? do_vfs_ioctl+0x1060/0x1060 [ 1860.056498] do_syscall_64+0x1e8/0x640 [ 1860.060394] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1860.065250] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 1860.070446] RIP: 0033:0x45c6c9 11:39:29 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) getpid() sched_setattr(0x0, 0x0, 0x0) r0 = open(&(0x7f0000000040)='./bus\x00', 0x8001141042, 0x0) write(r0, &(0x7f0000000000)="b6", 0xfffffe7e) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000480)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270f7", 0x15}], 0x0, 0x0) [ 1860.073639] RSP: 002b:00007f8987cbfc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1860.081352] RAX: ffffffffffffffda RBX: 00007f8987cc06d4 RCX: 000000000045c6c9 [ 1860.088671] RDX: 00000000200001c0 RSI: 00000000c0184900 RDI: 0000000000000003 [ 1860.095950] RBP: 000000000076bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1860.096346] FAT-fs (loop5): invalid media value (0x00) [ 1860.103222] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 1860.103228] R13: 0000000000000360 R14: 00000000004c5b9c R15: 000000000076bf2c [ 1860.118014] Mem-Info: [ 1860.132995] FAT-fs (loop1): bogus number of reserved sectors [ 1860.134876] active_anon:1158616 inactive_anon:471 isolated_anon:0 [ 1860.134876] active_file:1961 inactive_file:10770 isolated_file:0 [ 1860.134876] unevictable:0 dirty:1790 writeback:0 unstable:0 [ 1860.134876] slab_reclaimable:22616 slab_unreclaimable:126262 [ 1860.134876] mapped:58230 shmem:527 pagetables:18040 bounce:0 [ 1860.134876] free:63915 free_pcp:230 free_cma:0 [ 1860.138922] FAT-fs (loop1): Can't find a valid FAT filesystem [ 1860.220896] Node 0 active_anon:1569136kB inactive_anon:1884kB active_file:2788kB inactive_file:37800kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:227184kB dirty:9080kB writeback:0kB shmem:2108kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 823296kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1860.225513] FAT-fs (loop5): Can't find a valid FAT filesystem [ 1860.281194] Node 1 active_anon:3065228kB inactive_anon:0kB active_file:5056kB inactive_file:7480kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:5436kB dirty:180kB writeback:0kB shmem:0kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 151552kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1860.315385] Node 0 DMA free:10636kB min:216kB low:268kB high:320kB active_anon:4556kB inactive_anon:0kB active_file:4kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:32kB pagetables:4kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1860.366468] lowmem_reserve[]: 0 2569 2569 2569 2569 11:39:29 executing program 4: set_mempolicy(0x2, &(0x7f00000000c0), 0x2) r0 = openat$ion(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/ion\x00', 0x0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) dup2(r1, r1) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f00000001c0)={0x10010005, 0xffffffffffffffff}) [ 1860.375288] Node 0 DMA32 free:45296kB min:36384kB low:45480kB high:54576kB active_anon:1564580kB inactive_anon:1884kB active_file:2784kB inactive_file:39500kB unevictable:0kB writepending:6684kB present:3129332kB managed:2634396kB mlocked:0kB kernel_stack:10528kB pagetables:26956kB bounce:0kB free_pcp:1052kB local_pcp:832kB free_cma:0kB [ 1860.500373] lowmem_reserve[]: 0 0 0 0 0 [ 1860.509902] Node 0 Normal free:0kB min:0kB low:0kB high:0kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:0kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1860.543465] lowmem_reserve[]: 0 0 0 0 0 [ 1860.547794] Node 1 Normal free:154276kB min:53504kB low:66880kB high:80256kB active_anon:3065228kB inactive_anon:0kB active_file:5056kB inactive_file:12080kB unevictable:0kB writepending:132kB present:3932160kB managed:3870192kB mlocked:0kB kernel_stack:15744kB pagetables:45052kB bounce:0kB free_pcp:692kB local_pcp:284kB free_cma:0kB [ 1860.589077] lowmem_reserve[]: 0 0 0 0 0 [ 1860.594254] Node 0 DMA: 2*4kB (UE) 4*8kB (UEH) 4*16kB (UMH) 4*32kB (UM) 5*64kB (UEH) 2*128kB (UE) 2*256kB (EH) 4*512kB (UMEH) 3*1024kB (MEH) 2*2048kB (UE) 0*4096kB = 10536kB [ 1860.615356] Node 0 DMA32: 962*4kB (UME) 374*8kB (UME) 190*16kB (UME) 1407*32kB (UME) 11*64kB (ME) 2*128kB (UM) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 55864kB [ 1860.659145] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 1860.685572] Node 1 Normal: 565*4kB (UM) 3585*8kB (UME) 3116*16kB (UME) 1623*32kB (UME) 148*64kB (M) 67*128kB (M) 18*256kB (UM) 4*512kB (M) 0*1024kB 0*2048kB 1*4096kB (U) = 161532kB [ 1860.710447] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1860.728552] syz-executor.4: page allocation failure: order:4, mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask=(null) [ 1860.728844] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1860.763252] syz-executor.4 cpuset=syz4 mems_allowed=0-1 [ 1860.769701] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1860.774315] CPU: 1 PID: 24096 Comm: syz-executor.4 Not tainted 4.14.170-syzkaller #0 [ 1860.783193] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1860.786434] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1860.786439] Call Trace: [ 1860.786459] dump_stack+0x142/0x197 [ 1860.786474] warn_alloc.cold+0x96/0x1af [ 1860.786486] ? zone_watermark_ok_safe+0x2b0/0x2b0 [ 1860.796003] 11600 total pagecache pages [ 1860.804421] ? __alloc_pages_direct_compact+0xbc/0x380 [ 1860.804436] __alloc_pages_slowpath+0x23c6/0x2930 [ 1860.804453] ? save_trace+0x290/0x290 [ 1860.804467] ? warn_alloc+0xf0/0xf0 [ 1860.804486] ? __might_sleep+0x93/0xb0 [ 1860.804497] __alloc_pages_nodemask+0x62c/0x7a0 [ 1860.804507] ? lock_downgrade+0x740/0x740 [ 1860.804519] ? __alloc_pages_slowpath+0x2930/0x2930 [ 1860.804533] ? retint_kernel+0x2d/0x2d [ 1860.804546] alloc_pages_current+0xec/0x1e0 [ 1860.804558] ion_page_pool_alloc+0x11f/0x1c0 [ 1860.804567] ion_system_heap_allocate+0x138/0x910 [ 1860.804580] ? ion_alloc+0x19b/0x860 [ 1860.812783] 0 pages in swap cache [ 1860.814741] ? rcu_read_lock_sched_held+0x110/0x130 [ 1860.814755] ? ion_system_heap_free+0x250/0x250 [ 1860.814772] ion_alloc+0x222/0x860 [ 1860.814787] ? ion_dma_buf_release+0x50/0x50 [ 1860.819759] Swap cache stats: add 0, delete 0, find 0/0 [ 1860.823592] ? kasan_check_write+0x14/0x20 [ 1860.823604] ? _copy_from_user+0x99/0x110 [ 1860.823617] ion_ioctl+0x105/0x217 [ 1860.823628] ? ion_alloc.cold+0x40/0x40 [ 1860.823644] ? ion_alloc.cold+0x40/0x40 [ 1860.823656] do_vfs_ioctl+0x7ae/0x1060 [ 1860.823667] ? selinux_file_mprotect+0x5d0/0x5d0 [ 1860.823677] ? lock_downgrade+0x740/0x740 [ 1860.823688] ? ioctl_preallocate+0x1c0/0x1c0 [ 1860.823700] ? __fget+0x237/0x370 [ 1860.823715] ? security_file_ioctl+0x89/0xb0 [ 1860.823727] SyS_ioctl+0x8f/0xc0 [ 1860.835448] Free swap = 0kB [ 1860.837630] ? do_vfs_ioctl+0x1060/0x1060 [ 1860.837644] do_syscall_64+0x1e8/0x640 [ 1860.837656] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1860.842311] Total swap = 0kB [ 1860.845268] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 1860.845278] RIP: 0033:0x45c6c9 [ 1860.845283] RSP: 002b:00007f475dc27c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1860.845296] RAX: ffffffffffffffda RBX: 00007f475dc286d4 RCX: 000000000045c6c9 [ 1860.853885] 1965979 pages RAM [ 1860.854091] RDX: 00000000200001c0 RSI: 00000000c0184900 RDI: 0000000000000003 [ 1860.859417] 0 pages HighMem/MovableOnly [ 1860.863141] RBP: 000000000076bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1860.863147] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 1860.863152] R13: 0000000000000360 R14: 00000000004c5b9c R15: 000000000076bf2c [ 1861.042727] 335855 pages reserved [ 1861.046233] 0 pages cma reserved 11:39:30 executing program 2: r0 = getpid() r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/schedstat\x00', 0x0, 0x0) lseek(r1, 0x1, 0x0) sendmsg$NFNL_MSG_CTHELPER_NEW(r1, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000080)={&(0x7f0000000240)={0x4c, 0x0, 0x9, 0x3, 0x0, 0x0, {0x0, 0x0, 0x8}, [@NFCTH_NAME={0x9, 0x1, 'syz0\x00'}, @NFCTH_NAME={0x9, 0x1, 'syz0\x00'}, @NFCTH_STATUS={0x8}, @NFCTH_TUPLE={0xc, 0x2, [@CTA_TUPLE_ZONE={0x6}]}, @NFCTH_NAME={0x9, 0x1, 'syz0\x00'}]}, 0x4c}}, 0x8011) sched_setscheduler(r0, 0x5, &(0x7f0000000380)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, &(0x7f0000000200)='/dev/vsock\x00', 0x0, 0x0) socket$pptp(0x18, 0x1, 0x2) openat$sequencer(0xffffffffffffff9c, 0x0, 0x801, 0x0) inotify_init1(0x0) poll(0x0, 0x0, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer\x00', 0x801, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000380)={[0x0, 0xf0, 0xfffffffffffffffc, 0x1, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) 11:39:30 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) getpid() sched_setattr(0x0, 0x0, 0x0) r0 = open(&(0x7f0000000040)='./bus\x00', 0x8001141042, 0x0) write(r0, &(0x7f0000000000)="b6", 0xfffffe7e) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000480)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270f7", 0x15}], 0x0, 0x0) 11:39:30 executing program 3: socket$nl_xfrm(0x10, 0x3, 0x6) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) getpid() sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x20}, 0x0) r0 = open(&(0x7f0000000040)='./bus\x00', 0x8001141042, 0x0) add_key$user(0x0, &(0x7f0000000040)={'syz', 0x0}, &(0x7f0000000280)='f', 0x1, 0xfffffffffffffffd) keyctl$clear(0x7, 0x0) request_key(0x0, &(0x7f0000000180)={'syz', 0x0}, 0x0, 0x0) write(r0, &(0x7f0000000000)="b6", 0xfffffe7e) pipe(&(0x7f00000001c0)={0xffffffffffffffff}) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$TCSETXW(0xffffffffffffffff, 0x5435, &(0x7f00000000c0)={0x0, 0x0, [0x0, 0x0, 0x6, 0x2], 0x8}) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000480)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x0, 0x0) 11:39:30 executing program 1: socket$nl_xfrm(0x10, 0x3, 0x6) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x20}, 0x0) write(0xffffffffffffffff, 0x0, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff}) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000480)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174", 0xb}], 0x0, 0x0) 11:39:30 executing program 4: set_mempolicy(0x2, &(0x7f00000000c0), 0x2) r0 = openat$ion(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/ion\x00', 0x0, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f00000001c0)={0x10010005, 0xffffffffffffffff}) [ 1861.414731] syz-executor.4: page allocation failure: order:4, mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask=(null) [ 1861.495579] syz-executor.4 cpuset=syz4 mems_allowed=0-1 [ 1861.525166] CPU: 0 PID: 24110 Comm: syz-executor.4 Not tainted 4.14.170-syzkaller #0 [ 1861.533095] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1861.542561] Call Trace: [ 1861.545156] dump_stack+0x142/0x197 [ 1861.548802] warn_alloc.cold+0x96/0x1af [ 1861.552787] ? zone_watermark_ok_safe+0x2b0/0x2b0 [ 1861.557768] ? __alloc_pages_direct_compact+0xbc/0x380 [ 1861.563057] __alloc_pages_slowpath+0x23c6/0x2930 [ 1861.568106] ? save_trace+0x290/0x290 [ 1861.571937] ? warn_alloc+0xf0/0xf0 [ 1861.575571] ? __might_sleep+0x93/0xb0 [ 1861.579464] __alloc_pages_nodemask+0x62c/0x7a0 [ 1861.584137] ? lock_downgrade+0x740/0x740 [ 1861.588403] ? __alloc_pages_slowpath+0x2930/0x2930 [ 1861.593425] ? retint_kernel+0x2d/0x2d [ 1861.597319] alloc_pages_current+0xec/0x1e0 [ 1861.601657] ion_page_pool_alloc+0x11f/0x1c0 [ 1861.606068] ion_system_heap_allocate+0x138/0x910 [ 1861.610916] ? ion_alloc+0x19b/0x860 [ 1861.614635] ? rcu_read_lock_sched_held+0x110/0x130 [ 1861.619744] ? ion_system_heap_free+0x250/0x250 [ 1861.624430] ion_alloc+0x222/0x860 [ 1861.627986] ? ion_dma_buf_release+0x50/0x50 [ 1861.632406] ? kasan_check_write+0x14/0x20 [ 1861.636775] ? _copy_from_user+0x99/0x110 [ 1861.640929] ion_ioctl+0x105/0x217 [ 1861.644476] ? ion_alloc.cold+0x40/0x40 [ 1861.648463] ? ion_alloc.cold+0x40/0x40 [ 1861.652446] do_vfs_ioctl+0x7ae/0x1060 [ 1861.656351] ? selinux_file_mprotect+0x5d0/0x5d0 [ 1861.661124] ? lock_downgrade+0x740/0x740 [ 1861.665282] ? ioctl_preallocate+0x1c0/0x1c0 [ 1861.669720] ? __fget+0x237/0x370 [ 1861.673193] ? security_file_ioctl+0x89/0xb0 [ 1861.677614] SyS_ioctl+0x8f/0xc0 [ 1861.680983] ? do_vfs_ioctl+0x1060/0x1060 [ 1861.685142] do_syscall_64+0x1e8/0x640 [ 1861.689033] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1861.693892] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 1861.699091] RIP: 0033:0x45c6c9 [ 1861.702291] RSP: 002b:00007f475dc27c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1861.710003] RAX: ffffffffffffffda RBX: 00007f475dc286d4 RCX: 000000000045c6c9 [ 1861.717287] RDX: 00000000200001c0 RSI: 00000000c0184900 RDI: 0000000000000003 [ 1861.724574] RBP: 000000000076bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1861.731837] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 1861.739101] R13: 0000000000000360 R14: 00000000004c5b9c R15: 000000000076bf2c [ 1861.750423] FAT-fs (loop1): bogus number of reserved sectors [ 1861.756362] FAT-fs (loop1): Can't find a valid FAT filesystem [ 1861.904499] FAT-fs (loop5): invalid media value (0x00) [ 1861.912316] FAT-fs (loop5): Can't find a valid FAT filesystem [ 1861.976946] warn_alloc_show_mem: 2 callbacks suppressed [ 1861.976950] Mem-Info: [ 1862.058638] active_anon:1158526 inactive_anon:477 isolated_anon:0 [ 1862.058638] active_file:940 inactive_file:860 isolated_file:74 [ 1862.058638] unevictable:0 dirty:432 writeback:0 unstable:0 [ 1862.058638] slab_reclaimable:22557 slab_unreclaimable:125757 [ 1862.058638] mapped:53456 shmem:531 pagetables:17985 bounce:0 [ 1862.058638] free:25612 free_pcp:100 free_cma:0 [ 1862.103305] Node 0 active_anon:1568740kB inactive_anon:1864kB active_file:2328kB inactive_file:2324kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:211380kB dirty:1640kB writeback:4kB shmem:2088kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 823296kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1862.224368] Node 1 active_anon:3065416kB inactive_anon:16kB active_file:1372kB inactive_file:1532kB unevictable:0kB isolated(anon):0kB isolated(file):164kB mapped:2192kB dirty:112kB writeback:0kB shmem:24kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 151552kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1862.256435] Node 0 DMA free:10476kB min:216kB low:268kB high:320kB active_anon:4556kB inactive_anon:0kB active_file:0kB inactive_file:4kB unevictable:0kB writepending:4kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:32kB pagetables:4kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1862.329118] lowmem_reserve[]: 0 2569 2569 2569 2569 [ 1862.349336] Node 0 DMA32 free:45444kB min:36384kB low:45480kB high:54576kB active_anon:1564084kB inactive_anon:1864kB active_file:1500kB inactive_file:2064kB unevictable:0kB writepending:12kB present:3129332kB managed:2634396kB mlocked:0kB kernel_stack:10080kB pagetables:26544kB bounce:0kB free_pcp:980kB local_pcp:352kB free_cma:0kB [ 1862.385209] lowmem_reserve[]: 0 0 0 0 0 [ 1862.389298] Node 0 Normal free:0kB min:0kB low:0kB high:0kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:0kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1862.419713] lowmem_reserve[]: 0 0 0 0 0 [ 1862.423969] Node 1 Normal free:209996kB min:53504kB low:66880kB high:80256kB active_anon:3065516kB inactive_anon:16kB active_file:1572kB inactive_file:1852kB unevictable:0kB writepending:212kB present:3932160kB managed:3870192kB mlocked:0kB kernel_stack:15776kB pagetables:45356kB bounce:0kB free_pcp:264kB local_pcp:128kB free_cma:0kB [ 1862.459217] lowmem_reserve[]: 0 0 0 0 0 [ 1862.463345] Node 0 DMA: 1*4kB (E) 3*8kB (EH) 3*16kB (UMH) 3*32kB (UM) 5*64kB (UEH) 2*128kB (UE) 2*256kB (EH) 4*512kB (UMEH) 3*1024kB (MEH) 2*2048kB (UE) 0*4096kB = 10476kB [ 1862.483584] Node 0 DMA32: 1998*4kB (ME) 806*8kB (ME) 203*16kB (ME) 300*32kB (UME) 148*64kB (UME) 50*128kB (UME) 5*256kB (UM) 2*512kB (U) 0*1024kB 0*2048kB 0*4096kB = 45464kB [ 1862.505034] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 1862.536948] Node 1 Normal: 1295*4kB (UME) 236*8kB (UME) 61*16kB (UME) 22*32kB (UME) 194*64kB (UM) 83*128kB (UM) 163*256kB (UM) 126*512kB (UM) 40*1024kB (UM) 6*2048kB (U) 5*4096kB (U) = 211756kB [ 1862.568709] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1862.578053] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1862.587602] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1862.599209] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1862.610072] 2577 total pagecache pages [ 1862.614719] 0 pages in swap cache [ 1862.619016] Swap cache stats: add 0, delete 0, find 0/0 [ 1862.625061] Free swap = 0kB [ 1862.628264] Total swap = 0kB [ 1862.631773] 1965979 pages RAM [ 1862.635091] 0 pages HighMem/MovableOnly [ 1862.639230] 335855 pages reserved [ 1862.643130] 0 pages cma reserved 11:39:31 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) getpid() sched_setattr(0x0, 0x0, 0x0) r0 = open(&(0x7f0000000040)='./bus\x00', 0x8001141042, 0x0) write(r0, &(0x7f0000000000)="b6", 0xfffffe7e) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000480)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270f7", 0x15}], 0x0, 0x0) 11:39:31 executing program 3: socket$nl_xfrm(0x10, 0x3, 0x6) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, 0x0, 0x0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x8001141042, 0x0) add_key$user(0x0, &(0x7f0000000040)={'syz', 0x0}, &(0x7f0000000280)='f', 0x1, 0xfffffffffffffffd) keyctl$clear(0x7, 0x0) request_key(0x0, &(0x7f0000000180)={'syz', 0x0}, 0x0, 0x0) write(r1, &(0x7f0000000000)="b6", 0xfffffe7e) pipe(&(0x7f00000001c0)={0xffffffffffffffff}) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) ioctl$TCSETXW(0xffffffffffffffff, 0x5435, &(0x7f00000000c0)={0x0, 0x0, [0x0, 0x0, 0x6, 0x2], 0x8}) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000480)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x0, 0x0) 11:39:31 executing program 4: set_mempolicy(0x2, &(0x7f00000000c0), 0x2) r0 = openat$ion(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/ion\x00', 0x0, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f00000001c0)={0x10010005, 0xffffffffffffffff}) 11:39:31 executing program 1: socket$nl_xfrm(0x10, 0x3, 0x6) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x20}, 0x0) write(0xffffffffffffffff, 0x0, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff}) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000480)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174", 0xb}], 0x0, 0x0) 11:39:31 executing program 0: set_mempolicy(0x2, &(0x7f00000000c0), 0x2) r0 = openat$ion(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/ion\x00', 0x0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) dup2(r1, r1) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f00000001c0)={0x10010005, 0xffffffffffffffff}) [ 1862.980999] FAT-fs (loop1): bogus number of reserved sectors [ 1862.987092] FAT-fs (loop1): Can't find a valid FAT filesystem [ 1863.043423] FAT-fs (loop5): invalid media value (0x00) [ 1863.075499] FAT-fs (loop5): Can't find a valid FAT filesystem 11:39:32 executing program 4: set_mempolicy(0x2, &(0x7f00000000c0), 0x2) r0 = openat$ion(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/ion\x00', 0x0, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f00000001c0)={0x10010005, 0xffffffffffffffff}) 11:39:32 executing program 1: socket$nl_xfrm(0x10, 0x3, 0x6) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x20}, 0x0) write(0xffffffffffffffff, 0x0, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff}) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000480)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002", 0x11}], 0x0, 0x0) [ 1863.821818] syz-executor.0: page allocation failure: order:4, mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask=(null) [ 1863.856306] syz-executor.4: page allocation failure: order:4, mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask=(null) [ 1863.890162] syz-executor.0 cpuset=syz0 mems_allowed=0-1 [ 1863.895601] CPU: 0 PID: 24146 Comm: syz-executor.0 Not tainted 4.14.170-syzkaller #0 [ 1863.903492] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1863.912854] Call Trace: [ 1863.915459] dump_stack+0x142/0x197 [ 1863.919093] warn_alloc.cold+0x96/0x1af [ 1863.923084] ? zone_watermark_ok_safe+0x2b0/0x2b0 [ 1863.927951] ? __alloc_pages_direct_compact+0xbc/0x380 [ 1863.933400] __alloc_pages_slowpath+0x23c6/0x2930 [ 1863.938281] ? save_trace+0x290/0x290 [ 1863.942097] ? warn_alloc+0xf0/0xf0 [ 1863.945770] ? __might_sleep+0x93/0xb0 [ 1863.949653] __alloc_pages_nodemask+0x62c/0x7a0 [ 1863.954324] ? lock_downgrade+0x740/0x740 [ 1863.958467] ? __alloc_pages_slowpath+0x2930/0x2930 [ 1863.963481] ? retint_kernel+0x2d/0x2d [ 1863.967359] alloc_pages_current+0xec/0x1e0 [ 1863.971678] ion_page_pool_alloc+0x11f/0x1c0 [ 1863.976072] ion_system_heap_allocate+0x138/0x910 [ 1863.980912] ? ion_alloc+0x19b/0x860 [ 1863.984629] ? rcu_read_lock_sched_held+0x110/0x130 [ 1863.989635] ? ion_system_heap_free+0x250/0x250 [ 1863.994405] ion_alloc+0x222/0x860 [ 1863.997947] ? ion_dma_buf_release+0x50/0x50 [ 1864.002349] ? kasan_check_write+0x14/0x20 [ 1864.006583] ? _copy_from_user+0x99/0x110 [ 1864.010727] ion_ioctl+0x105/0x217 [ 1864.014284] ? ion_alloc.cold+0x40/0x40 [ 1864.018261] ? ion_alloc.cold+0x40/0x40 [ 1864.022232] do_vfs_ioctl+0x7ae/0x1060 [ 1864.026131] ? selinux_file_mprotect+0x5d0/0x5d0 [ 1864.030883] ? lock_downgrade+0x740/0x740 [ 1864.035032] ? ioctl_preallocate+0x1c0/0x1c0 [ 1864.039467] ? __fget+0x237/0x370 [ 1864.042916] ? security_file_ioctl+0x89/0xb0 [ 1864.047326] SyS_ioctl+0x8f/0xc0 [ 1864.050688] ? do_vfs_ioctl+0x1060/0x1060 [ 1864.054825] do_syscall_64+0x1e8/0x640 [ 1864.058716] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1864.063567] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 1864.068857] RIP: 0033:0x45c6c9 [ 1864.072037] RSP: 002b:00007f8987cbfc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1864.079746] RAX: ffffffffffffffda RBX: 00007f8987cc06d4 RCX: 000000000045c6c9 [ 1864.087009] RDX: 00000000200001c0 RSI: 00000000c0184900 RDI: 0000000000000003 [ 1864.094270] RBP: 000000000076bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1864.101702] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 1864.108982] R13: 0000000000000360 R14: 00000000004c5b9c R15: 000000000076bf2c [ 1864.122054] FAT-fs (loop1): invalid media value (0x00) [ 1864.127353] FAT-fs (loop1): Can't find a valid FAT filesystem [ 1864.135438] syz-executor.4 cpuset=syz4 mems_allowed=0-1 [ 1864.141049] CPU: 0 PID: 24161 Comm: syz-executor.4 Not tainted 4.14.170-syzkaller #0 [ 1864.148934] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1864.158300] Call Trace: [ 1864.161002] dump_stack+0x142/0x197 [ 1864.164766] warn_alloc.cold+0x96/0x1af [ 1864.168898] ? zone_watermark_ok_safe+0x2b0/0x2b0 [ 1864.174019] ? __alloc_pages_direct_compact+0x290/0x380 [ 1864.179401] __alloc_pages_slowpath+0x23c6/0x2930 [ 1864.184248] ? save_trace+0x290/0x290 [ 1864.188055] ? warn_alloc+0xf0/0xf0 [ 1864.191692] ? __might_sleep+0x93/0xb0 [ 1864.195576] __alloc_pages_nodemask+0x62c/0x7a0 [ 1864.200240] ? lock_downgrade+0x740/0x740 [ 1864.204379] ? __alloc_pages_slowpath+0x2930/0x2930 [ 1864.209389] ? save_trace+0x290/0x290 [ 1864.213188] alloc_pages_current+0xec/0x1e0 [ 1864.217519] ion_page_pool_alloc+0x11f/0x1c0 [ 1864.221941] ion_system_heap_allocate+0x138/0x910 [ 1864.226783] ? ion_alloc+0x19b/0x860 [ 1864.230493] ? rcu_read_lock_sched_held+0x110/0x130 [ 1864.235505] ? ion_system_heap_free+0x250/0x250 [ 1864.240169] ion_alloc+0x222/0x860 [ 1864.243711] ? ion_dma_buf_release+0x50/0x50 [ 1864.248126] ? kasan_check_write+0x14/0x20 [ 1864.252350] ? _copy_from_user+0x99/0x110 [ 1864.256495] ion_ioctl+0x105/0x217 [ 1864.260025] ? ion_alloc.cold+0x40/0x40 [ 1864.264000] ? ion_alloc.cold+0x40/0x40 [ 1864.267976] do_vfs_ioctl+0x7ae/0x1060 [ 1864.272040] ? selinux_file_mprotect+0x5d0/0x5d0 [ 1864.276800] ? lock_downgrade+0x740/0x740 [ 1864.280954] ? ioctl_preallocate+0x1c0/0x1c0 [ 1864.285361] ? __fget+0x237/0x370 [ 1864.288817] ? security_file_ioctl+0x89/0xb0 [ 1864.293237] SyS_ioctl+0x8f/0xc0 [ 1864.296593] ? do_vfs_ioctl+0x1060/0x1060 [ 1864.300728] do_syscall_64+0x1e8/0x640 [ 1864.304612] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1864.309457] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 1864.314643] RIP: 0033:0x45c6c9 [ 1864.317823] RSP: 002b:00007f475dc27c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1864.325525] RAX: ffffffffffffffda RBX: 00007f475dc286d4 RCX: 000000000045c6c9 [ 1864.332788] RDX: 00000000200001c0 RSI: 00000000c0184900 RDI: 0000000000000003 [ 1864.340046] RBP: 000000000076bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1864.347308] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 1864.354575] R13: 0000000000000360 R14: 00000000004c5b9c R15: 000000000076bf2c [ 1864.388216] Mem-Info: [ 1864.397155] active_anon:1158534 inactive_anon:470 isolated_anon:0 [ 1864.397155] active_file:1402 inactive_file:2410 isolated_file:0 [ 1864.397155] unevictable:0 dirty:90 writeback:0 unstable:0 [ 1864.397155] slab_reclaimable:22567 slab_unreclaimable:125499 [ 1864.397155] mapped:54526 shmem:524 pagetables:18000 bounce:0 [ 1864.397155] free:71659 free_pcp:482 free_cma:0 [ 1864.440780] Node 0 active_anon:1569156kB inactive_anon:1880kB active_file:2612kB inactive_file:7948kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:215760kB dirty:280kB writeback:0kB shmem:2096kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 823296kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1864.476165] Node 1 active_anon:3065080kB inactive_anon:0kB active_file:2996kB inactive_file:492kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:2544kB dirty:80kB writeback:0kB shmem:0kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 151552kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1864.528939] Node 0 DMA free:10636kB min:216kB low:268kB high:320kB active_anon:4556kB inactive_anon:0kB active_file:4kB inactive_file:0kB unevictable:0kB writepending:4kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:32kB pagetables:4kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1864.556255] lowmem_reserve[]: 0 2569 2569 2569 2569 [ 1864.562238] Node 0 DMA32 free:96868kB min:36384kB low:45480kB high:54576kB active_anon:1564436kB inactive_anon:1888kB active_file:2608kB inactive_file:7920kB unevictable:0kB writepending:280kB present:3129332kB managed:2634396kB mlocked:0kB kernel_stack:10336kB pagetables:26696kB bounce:0kB free_pcp:1184kB local_pcp:624kB free_cma:0kB [ 1864.592804] lowmem_reserve[]: 0 0 0 0 0 [ 1864.597521] Node 0 Normal free:0kB min:0kB low:0kB high:0kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:0kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1864.626467] lowmem_reserve[]: 0 0 0 0 0 [ 1864.630934] Node 1 Normal free:149992kB min:53504kB low:66880kB high:80256kB active_anon:3065080kB inactive_anon:0kB active_file:2996kB inactive_file:492kB unevictable:0kB writepending:84kB present:3932160kB managed:3870192kB mlocked:0kB kernel_stack:15520kB pagetables:45096kB bounce:0kB free_pcp:620kB local_pcp:0kB free_cma:0kB [ 1864.662222] lowmem_reserve[]: 0 0 0 0 0 [ 1864.666299] Node 0 DMA: 1*4kB (E) 11*8kB (UEH) 7*16kB (UMH) 4*32kB (UM) 5*64kB (UEH) 2*128kB (UE) 2*256kB (EH) 4*512kB (UMEH) 3*1024kB (MEH) 2*2048kB (UE) 0*4096kB = 10636kB [ 1864.682600] Node 0 DMA32: 248*4kB (UME) 1743*8kB (UME) 2309*16kB (UME) 1402*32kB (UME) 3*64kB (U) 2*128kB (U) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 97192kB [ 1864.697627] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 1864.708864] Node 1 Normal: 2306*4kB (UMEH) 4790*8kB (UMEH) 3109*16kB (UMEH) 1609*32kB (UMEH) 5*64kB (H) 7*128kB (H) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 149992kB [ 1864.724358] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1864.733671] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1864.742400] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1864.751619] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1864.760449] 4033 total pagecache pages [ 1864.764420] 0 pages in swap cache [ 1864.768041] Swap cache stats: add 0, delete 0, find 0/0 [ 1864.773788] Free swap = 0kB [ 1864.778326] Total swap = 0kB [ 1864.781508] 1965979 pages RAM [ 1864.784706] 0 pages HighMem/MovableOnly [ 1864.788754] 335855 pages reserved 11:39:34 executing program 5: set_mempolicy(0x2, &(0x7f00000000c0), 0x2) r0 = openat$ion(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/ion\x00', 0x0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) dup2(r1, r1) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f00000001c0)={0x10010005, 0xffffffffffffffff}) 11:39:34 executing program 3: socket$nl_xfrm(0x10, 0x3, 0x6) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, 0x0, 0x0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x8001141042, 0x0) add_key$user(0x0, &(0x7f0000000040)={'syz', 0x0}, &(0x7f0000000280)='f', 0x1, 0xfffffffffffffffd) keyctl$clear(0x7, 0x0) request_key(0x0, &(0x7f0000000180)={'syz', 0x0}, 0x0, 0x0) write(r1, &(0x7f0000000000)="b6", 0xfffffe7e) pipe(&(0x7f00000001c0)={0xffffffffffffffff}) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) ioctl$TCSETXW(0xffffffffffffffff, 0x5435, &(0x7f00000000c0)={0x0, 0x0, [0x0, 0x0, 0x6, 0x2], 0x8}) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000480)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x0, 0x0) 11:39:34 executing program 0: set_mempolicy(0x2, &(0x7f00000000c0), 0x2) r0 = openat$ion(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/ion\x00', 0x0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) dup2(r1, r1) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f00000001c0)={0x10010005, 0xffffffffffffffff}) 11:39:34 executing program 1: socket$nl_xfrm(0x10, 0x3, 0x6) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x20}, 0x0) write(0xffffffffffffffff, 0x0, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff}) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000480)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002", 0x11}], 0x0, 0x0) [ 1864.792617] 0 pages cma reserved 11:39:34 executing program 2: r0 = getpid() r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/schedstat\x00', 0x0, 0x0) lseek(r1, 0x1, 0x0) sendmsg$NFNL_MSG_CTHELPER_NEW(r1, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000080)={&(0x7f0000000240)={0x4c, 0x0, 0x9, 0x3, 0x0, 0x0, {0x0, 0x0, 0x8}, [@NFCTH_NAME={0x9, 0x1, 'syz0\x00'}, @NFCTH_NAME={0x9, 0x1, 'syz0\x00'}, @NFCTH_STATUS={0x8}, @NFCTH_TUPLE={0xc, 0x2, [@CTA_TUPLE_ZONE={0x6}]}, @NFCTH_NAME={0x9, 0x1, 'syz0\x00'}]}, 0x4c}}, 0x8011) sched_setscheduler(r0, 0x5, &(0x7f0000000380)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, &(0x7f0000000200)='/dev/vsock\x00', 0x0, 0x0) socket$pptp(0x18, 0x1, 0x2) openat$sequencer(0xffffffffffffff9c, 0x0, 0x801, 0x0) inotify_init1(0x0) poll(0x0, 0x0, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer\x00', 0x801, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000380)={[0x0, 0xf0, 0xfffffffffffffffc, 0x1, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) 11:39:34 executing program 5: r0 = getpid() lseek(0xffffffffffffffff, 0x1, 0x0) sendmsg$NFNL_MSG_CTHELPER_NEW(0xffffffffffffffff, 0x0, 0x0) sched_setscheduler(r0, 0x5, &(0x7f0000000380)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0x0, 0xf0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 1865.169945] FAT-fs (loop1): invalid media value (0x00) [ 1865.175373] FAT-fs (loop1): Can't find a valid FAT filesystem [ 1865.377188] syz-executor.0: page allocation failure: order:4, mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask=(null) [ 1865.405821] syz-executor.0 cpuset=syz0 mems_allowed=0-1 [ 1865.418496] CPU: 1 PID: 24182 Comm: syz-executor.0 Not tainted 4.14.170-syzkaller #0 [ 1865.426415] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1865.435777] Call Trace: [ 1865.438376] dump_stack+0x142/0x197 [ 1865.442057] warn_alloc.cold+0x96/0x1af [ 1865.446044] ? zone_watermark_ok_safe+0x2b0/0x2b0 [ 1865.450907] ? __alloc_pages_direct_compact+0x290/0x380 [ 1865.456391] __alloc_pages_slowpath+0x23c6/0x2930 [ 1865.461246] ? save_trace+0x290/0x290 [ 1865.465055] ? warn_alloc+0xf0/0xf0 [ 1865.468837] ? __might_sleep+0x93/0xb0 [ 1865.472829] __alloc_pages_nodemask+0x62c/0x7a0 [ 1865.477502] ? lock_downgrade+0x740/0x740 [ 1865.481657] ? __alloc_pages_slowpath+0x2930/0x2930 [ 1865.486686] alloc_pages_current+0xec/0x1e0 [ 1865.491015] ion_page_pool_alloc+0x11f/0x1c0 [ 1865.495432] ion_system_heap_allocate+0x138/0x910 [ 1865.500285] ? ion_alloc+0x19b/0x860 [ 1865.504031] ? rcu_read_lock_sched_held+0x110/0x130 [ 1865.509066] ? ion_system_heap_free+0x250/0x250 [ 1865.513745] ion_alloc+0x222/0x860 [ 1865.517308] ? ion_dma_buf_release+0x50/0x50 [ 1865.521743] ? kasan_check_write+0x14/0x20 [ 1865.525981] ? _copy_from_user+0x99/0x110 [ 1865.530146] ion_ioctl+0x105/0x217 [ 1865.533691] ? ion_alloc.cold+0x40/0x40 [ 1865.537671] ? ion_alloc.cold+0x40/0x40 [ 1865.541777] do_vfs_ioctl+0x7ae/0x1060 [ 1865.545685] ? selinux_file_mprotect+0x5d0/0x5d0 [ 1865.550460] ? lock_downgrade+0x740/0x740 [ 1865.554617] ? ioctl_preallocate+0x1c0/0x1c0 [ 1865.559034] ? __fget+0x237/0x370 [ 1865.562500] ? security_file_ioctl+0x89/0xb0 [ 1865.566921] SyS_ioctl+0x8f/0xc0 [ 1865.570294] ? do_vfs_ioctl+0x1060/0x1060 [ 1865.574555] do_syscall_64+0x1e8/0x640 [ 1865.578449] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1865.583304] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 1865.588530] RIP: 0033:0x45c6c9 [ 1865.591720] RSP: 002b:00007f8987cbfc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1865.599432] RAX: ffffffffffffffda RBX: 00007f8987cc06d4 RCX: 000000000045c6c9 [ 1865.606706] RDX: 00000000200001c0 RSI: 00000000c0184900 RDI: 0000000000000003 [ 1865.613984] RBP: 000000000076bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1865.621302] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 1865.628580] R13: 0000000000000360 R14: 00000000004c5b9c R15: 000000000076bf2c [ 1865.663467] warn_alloc_show_mem: 1 callbacks suppressed [ 1865.663470] Mem-Info: 11:39:34 executing program 1: socket$nl_xfrm(0x10, 0x3, 0x6) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x20}, 0x0) write(0xffffffffffffffff, 0x0, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff}) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000480)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002", 0x11}], 0x0, 0x0) 11:39:35 executing program 3: socket$nl_xfrm(0x10, 0x3, 0x6) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, 0x0, 0x0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x8001141042, 0x0) add_key$user(0x0, &(0x7f0000000040)={'syz', 0x0}, &(0x7f0000000280)='f', 0x1, 0xfffffffffffffffd) keyctl$clear(0x7, 0x0) request_key(0x0, &(0x7f0000000180)={'syz', 0x0}, 0x0, 0x0) write(r1, &(0x7f0000000000)="b6", 0xfffffe7e) pipe(&(0x7f00000001c0)={0xffffffffffffffff}) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) ioctl$TCSETXW(0xffffffffffffffff, 0x5435, &(0x7f00000000c0)={0x0, 0x0, [0x0, 0x0, 0x6, 0x2], 0x8}) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000480)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x0, 0x0) [ 1865.687444] active_anon:1158515 inactive_anon:481 isolated_anon:0 [ 1865.687444] active_file:900 inactive_file:3551 isolated_file:56 [ 1865.687444] unevictable:0 dirty:39 writeback:0 unstable:0 [ 1865.687444] slab_reclaimable:22348 slab_unreclaimable:125547 [ 1865.687444] mapped:54630 shmem:538 pagetables:17969 bounce:0 [ 1865.687444] free:26829 free_pcp:392 free_cma:0 [ 1865.748528] Node 0 active_anon:1568856kB inactive_anon:1896kB active_file:2860kB inactive_file:13308kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:216796kB dirty:104kB writeback:0kB shmem:2116kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 823296kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1865.777569] Node 1 active_anon:3065204kB inactive_anon:28kB active_file:1440kB inactive_file:1020kB unevictable:0kB isolated(anon):0kB isolated(file):224kB mapped:1924kB dirty:52kB writeback:12kB shmem:36kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 151552kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1865.807757] Node 0 DMA free:10476kB min:216kB low:268kB high:320kB active_anon:4556kB inactive_anon:0kB active_file:4kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:32kB pagetables:4kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1865.835019] lowmem_reserve[]: 0 2569 2569 2569 2569 [ 1865.840599] Node 0 DMA32 free:36728kB min:36384kB low:45480kB high:54576kB active_anon:1564300kB inactive_anon:1896kB active_file:2856kB inactive_file:13208kB unevictable:0kB writepending:76kB present:3129332kB managed:2634396kB mlocked:0kB kernel_stack:10144kB pagetables:26624kB bounce:0kB free_pcp:1188kB local_pcp:508kB free_cma:0kB [ 1865.879645] lowmem_reserve[]: 0 0 0 0 0 [ 1865.883907] Node 0 Normal free:0kB min:0kB low:0kB high:0kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:0kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1865.916731] lowmem_reserve[]: 0 0 0 0 0 [ 1865.937036] Node 1 Normal free:53800kB min:53504kB low:66880kB high:80256kB active_anon:3065104kB inactive_anon:28kB active_file:856kB inactive_file:1040kB unevictable:0kB writepending:484kB present:3932160kB managed:3870192kB mlocked:0kB kernel_stack:15520kB pagetables:45100kB bounce:0kB free_pcp:860kB local_pcp:228kB free_cma:0kB [ 1865.974326] lowmem_reserve[]: 0 0 0 0 0 [ 1865.978526] Node 0 DMA: 2*4kB (UE) 4*8kB (UEH) 2*16kB (MH) 3*32kB (UM) 5*64kB (UEH) 2*128kB (UE) 2*256kB (EH) 4*512kB (UMEH) 3*1024kB (MEH) 2*2048kB (UE) 0*4096kB = 10472kB [ 1866.008662] Node 0 DMA32: 456*4kB (UME) 206*8kB (ME) 208*16kB (UME) 471*32kB (UME) 133*64kB (UME) 35*128kB (UM) 2*256kB (M) 2*512kB (U) 0*1024kB 0*2048kB 0*4096kB = 36400kB [ 1866.029327] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 1866.044903] Node 1 Normal: 960*4kB (MEH) 264*8kB (MEH) 72*16kB (MEH) 1348*32kB (UMEH) 10*64kB (UMH) 10*128kB (MH) 1*256kB (M) 2*512kB (M) 0*1024kB 0*2048kB 0*4096kB = 53440kB [ 1866.065852] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1866.075207] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1866.090573] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1866.105082] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1866.138159] udevd invoked oom-killer: gfp_mask=0x14040c0(GFP_KERNEL|__GFP_COMP), nodemask=(null), order=1, oom_score_adj=-1000 [ 1866.151115] 1885 total pagecache pages [ 1866.165337] 0 pages in swap cache [ 1866.184879] Swap cache stats: add 0, delete 0, find 0/0 [ 1866.203932] udevd cpuset=/ mems_allowed=0-1 [ 1866.215369] Free swap = 0kB [ 1866.223639] CPU: 1 PID: 5245 Comm: udevd Not tainted 4.14.170-syzkaller #0 [ 1866.230769] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1866.240113] Call Trace: [ 1866.242690] dump_stack+0x142/0x197 [ 1866.246304] dump_header+0x177/0x6cd [ 1866.250027] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 1866.255154] ? ___ratelimit+0x55/0x537 [ 1866.259044] oom_kill_process.cold+0x10/0xadd [ 1866.263526] ? oom_unkillable_task+0x294/0x390 [ 1866.268094] ? lock_downgrade+0x740/0x740 [ 1866.272258] out_of_memory+0x2ee/0x1180 [ 1866.276231] ? lock_acquire+0x16f/0x430 [ 1866.280215] ? oom_killer_disable+0x1d0/0x1d0 [ 1866.284721] ? __alloc_pages_slowpath+0xca4/0x2930 [ 1866.289639] __alloc_pages_slowpath+0x2251/0x2930 [ 1866.294501] ? warn_alloc+0xf0/0xf0 [ 1866.298138] ? __might_sleep+0x93/0xb0 [ 1866.302034] __alloc_pages_nodemask+0x62c/0x7a0 [ 1866.306707] ? __alloc_pages_slowpath+0x2930/0x2930 [ 1866.311726] ? ____cache_alloc_node+0x1be/0x1d0 [ 1866.316392] ? cache_grow_begin+0x335/0x400 [ 1866.320709] cache_grow_begin+0x80/0x400 [ 1866.324889] ? __cpuset_node_allowed+0xff/0x450 [ 1866.329548] fallback_alloc+0x1fd/0x2c0 [ 1866.333520] ____cache_alloc_node+0x1be/0x1d0 [ 1866.338026] kmem_cache_alloc+0x1f3/0x780 [ 1866.342161] ? __do_page_fault+0x4e9/0xb80 [ 1866.346394] ? find_held_lock+0x35/0x130 [ 1866.350453] getname_flags+0xcb/0x580 [ 1866.354256] user_path_at_empty+0x2f/0x50 [ 1866.358404] SyS_readlink+0xb7/0x290 [ 1866.362110] ? SyS_readlinkat+0x2a0/0x2a0 [ 1866.366267] ? do_syscall_64+0x53/0x640 [ 1866.370227] ? SyS_readlinkat+0x2a0/0x2a0 [ 1866.374373] do_syscall_64+0x1e8/0x640 [ 1866.378248] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1866.383110] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 1866.388302] RIP: 0033:0x7f77f098c577 [ 1866.392000] RSP: 002b:00007fff787a8468 EFLAGS: 00000246 ORIG_RAX: 0000000000000059 [ 1866.399695] RAX: ffffffffffffffda RBX: 00000000018f6030 RCX: 00007f77f098c577 [ 1866.406972] RDX: 0000000000000400 RSI: 00007fff787a8470 RDI: 00007fff787a8950 [ 1866.414237] RBP: 00000000019460c0 R08: 00000000019460c0 R09: 7665642f7379732f [ 1866.421497] R10: 7269762f73656369 R11: 0000000000000246 R12: 00007fff787a8950 [ 1866.428775] R13: 0000000000000400 R14: 00000000018f6030 R15: 000000000000000b [ 1866.441407] Total swap = 0kB [ 1866.454382] 1965979 pages RAM [ 1866.457808] 0 pages HighMem/MovableOnly [ 1866.479323] 335855 pages reserved [ 1866.488569] 0 pages cma reserved [ 1866.534172] Mem-Info: [ 1866.536639] active_anon:1158487 inactive_anon:468 isolated_anon:0 [ 1866.536639] active_file:152 inactive_file:149 isolated_file:18 [ 1866.536639] unevictable:0 dirty:33 writeback:0 unstable:0 [ 1866.536639] slab_reclaimable:22322 slab_unreclaimable:125159 [ 1866.536639] mapped:52471 shmem:523 pagetables:17953 bounce:0 [ 1866.536639] free:25135 free_pcp:0 free_cma:0 [ 1866.582720] Node 0 active_anon:1568792kB inactive_anon:1868kB active_file:408kB inactive_file:452kB unevictable:0kB isolated(anon):0kB isolated(file):72kB mapped:209496kB dirty:96kB writeback:0kB shmem:2084kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 823296kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1866.613347] Node 1 active_anon:3065156kB inactive_anon:4kB active_file:200kB inactive_file:144kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:288kB dirty:36kB writeback:0kB shmem:8kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 151552kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1866.647107] Node 0 DMA free:10472kB min:216kB low:268kB high:320kB active_anon:4556kB inactive_anon:0kB active_file:0kB inactive_file:4kB unevictable:0kB writepending:4kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:32kB pagetables:4kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1866.674383] lowmem_reserve[]: 0 2569 2569 2569 2569 [ 1866.679901] Node 0 DMA32 free:36476kB min:36384kB low:45480kB high:54576kB active_anon:1564236kB inactive_anon:1868kB active_file:396kB inactive_file:432kB unevictable:0kB writepending:44kB present:3129332kB managed:2634396kB mlocked:0kB kernel_stack:10144kB pagetables:26656kB bounce:0kB free_pcp:40kB local_pcp:0kB free_cma:0kB [ 1866.710455] lowmem_reserve[]: 0 0 0 0 0 [ 1866.720105] Node 0 Normal free:0kB min:0kB low:0kB high:0kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:0kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1866.770285] lowmem_reserve[]: 0 0 0 0 0 [ 1866.776333] Node 1 Normal free:53276kB min:53504kB low:66880kB high:80256kB active_anon:3065156kB inactive_anon:4kB active_file:112kB inactive_file:152kB unevictable:0kB writepending:0kB present:3932160kB managed:3870192kB mlocked:0kB kernel_stack:15616kB pagetables:45152kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1866.811327] lowmem_reserve[]: 0 0 0 0 0 [ 1866.815413] Node 0 DMA: 4*4kB (UME) 4*8kB (UEH) 2*16kB (MH) 3*32kB (UM) 5*64kB (UEH) 2*128kB (UE) 2*256kB (EH) 4*512kB (UMEH) 3*1024kB (MEH) 2*2048kB (UE) 0*4096kB = 10480kB [ 1866.831173] Node 0 DMA32: 2429*4kB (UME) 831*8kB (UME) 236*16kB (UME) 92*32kB (UME) 106*64kB (UME) 35*128kB (UM) 4*256kB (M) 2*512kB (U) 0*1024kB 0*2048kB 0*4096kB = 36396kB [ 1866.846977] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 1866.857998] Node 1 Normal: 1021*4kB (UMEH) 290*8kB (MEH) 83*16kB (MEH) 1313*32kB (UMEH) 15*64kB (UMH) 9*128kB (MH) 2*256kB (M) 2*512kB (M) 0*1024kB 0*2048kB 0*4096kB = 53396kB [ 1866.874177] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1866.885557] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1866.894203] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1866.920164] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1866.928902] 582 total pagecache pages [ 1866.970699] 0 pages in swap cache [ 1866.974192] Swap cache stats: add 0, delete 0, find 0/0 [ 1866.979552] Free swap = 0kB [ 1866.987780] Total swap = 0kB [ 1866.991240] 1965979 pages RAM [ 1866.994342] 0 pages HighMem/MovableOnly [ 1866.998307] 335855 pages reserved [ 1867.016076] 0 pages cma reserved [ 1867.019468] Out of memory: Kill process 25213 (syz-executor.1) score 1007 or sacrifice child [ 1867.032118] Killed process 25213 (syz-executor.1) total-vm:75096kB, anon-rss:16568kB, file-rss:34816kB, shmem-rss:0kB 11:39:36 executing program 4: set_mempolicy(0x2, &(0x7f00000000c0), 0x2) r0 = openat$ion(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/ion\x00', 0x0, 0x0) dup2(0xffffffffffffffff, 0xffffffffffffffff) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f00000001c0)={0x10010005, 0xffffffffffffffff}) 11:39:36 executing program 5: set_mempolicy(0x2, &(0x7f00000000c0), 0x2) r0 = openat$ion(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/ion\x00', 0x0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) dup2(r1, r1) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f00000001c0)={0x10010005, 0xffffffffffffffff}) 11:39:36 executing program 0: set_mempolicy(0x2, &(0x7f00000000c0), 0x2) r0 = openat$ion(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/ion\x00', 0x0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) dup2(r1, r1) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f00000001c0)={0x10010005, 0xffffffffffffffff}) [ 1867.487983] syz-executor.5: page allocation failure: order:4, mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask=(null) [ 1867.514304] syz-executor.5 cpuset=syz5 mems_allowed=0-1 [ 1867.528694] CPU: 0 PID: 24209 Comm: syz-executor.5 Not tainted 4.14.170-syzkaller #0 [ 1867.536614] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1867.545972] Call Trace: [ 1867.548571] dump_stack+0x142/0x197 [ 1867.552213] warn_alloc.cold+0x96/0x1af [ 1867.556194] ? zone_watermark_ok_safe+0x2b0/0x2b0 [ 1867.561051] ? __alloc_pages_direct_compact+0x290/0x380 [ 1867.566436] __alloc_pages_slowpath+0x23c6/0x2930 [ 1867.571293] ? save_trace+0x290/0x290 [ 1867.575104] ? warn_alloc+0xf0/0xf0 [ 1867.578740] ? __might_sleep+0x93/0xb0 [ 1867.582631] __alloc_pages_nodemask+0x62c/0x7a0 [ 1867.587302] ? lock_downgrade+0x740/0x740 [ 1867.591451] ? __alloc_pages_slowpath+0x2930/0x2930 [ 1867.596482] alloc_pages_current+0xec/0x1e0 [ 1867.600808] ion_page_pool_alloc+0x11f/0x1c0 [ 1867.605222] ion_system_heap_allocate+0x138/0x910 [ 1867.610066] ? ion_alloc+0x19b/0x860 [ 1867.613782] ? rcu_read_lock_sched_held+0x110/0x130 [ 1867.618798] ? ion_system_heap_free+0x250/0x250 [ 1867.623475] ion_alloc+0x222/0x860 [ 1867.627021] ? ion_dma_buf_release+0x50/0x50 [ 1867.631487] ? kasan_check_write+0x14/0x20 [ 1867.635727] ? _copy_from_user+0x99/0x110 [ 1867.639887] ion_ioctl+0x105/0x217 [ 1867.643565] ? ion_alloc.cold+0x40/0x40 [ 1867.647549] ? ion_alloc.cold+0x40/0x40 [ 1867.651532] do_vfs_ioctl+0x7ae/0x1060 [ 1867.655422] ? selinux_file_mprotect+0x5d0/0x5d0 [ 1867.660178] ? lock_downgrade+0x740/0x740 [ 1867.664338] ? ioctl_preallocate+0x1c0/0x1c0 [ 1867.668753] ? __fget+0x237/0x370 [ 1867.672220] ? security_file_ioctl+0x89/0xb0 [ 1867.676723] SyS_ioctl+0x8f/0xc0 [ 1867.680099] ? do_vfs_ioctl+0x1060/0x1060 [ 1867.684273] do_syscall_64+0x1e8/0x640 [ 1867.688188] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1867.693038] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 1867.698239] RIP: 0033:0x45c6c9 [ 1867.701426] RSP: 002b:00007fa3c4af6c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1867.702576] syz-executor.0: [ 1867.709395] RAX: ffffffffffffffda RBX: 00007fa3c4af76d4 RCX: 000000000045c6c9 [ 1867.709400] RDX: 00000000200001c0 RSI: 00000000c0184900 RDI: 0000000000000003 [ 1867.709405] RBP: 000000000076bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1867.709410] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 1867.709415] R13: 0000000000000360 R14: 00000000004c5b9c R15: 000000000076bf2c [ 1867.714691] syz-executor.4: [ 1867.749924] FAT-fs (loop1): invalid media value (0x00) [ 1867.756605] page allocation failure: order:4 [ 1867.758309] FAT-fs (loop1): Can't find a valid FAT filesystem [ 1867.769687] page allocation failure: order:4, mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask=(null) [ 1867.779188] , mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask=(null) [ 1867.789203] syz-executor.4 cpuset=syz4 mems_allowed=0-1 [ 1867.795639] CPU: 0 PID: 24211 Comm: syz-executor.4 Not tainted 4.14.170-syzkaller #0 [ 1867.803299] syz-executor.0 cpuset= [ 1867.803647] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1867.803655] syz0 [ 1867.807184] Call Trace: [ 1867.821100] dump_stack+0x142/0x197 [ 1867.822676] mems_allowed=0-1 [ 1867.824732] warn_alloc.cold+0x96/0x1af [ 1867.824744] ? zone_watermark_ok_safe+0x2b0/0x2b0 [ 1867.824764] ? __alloc_pages_direct_compact+0xbc/0x380 [ 1867.824778] __alloc_pages_slowpath+0x23c6/0x2930 [ 1867.824796] ? save_trace+0x290/0x290 [ 1867.824815] ? warn_alloc+0xf0/0xf0 [ 1867.854283] ? __might_sleep+0x93/0xb0 [ 1867.858180] __alloc_pages_nodemask+0x62c/0x7a0 [ 1867.862972] ? lock_downgrade+0x740/0x740 [ 1867.867118] ? __alloc_pages_slowpath+0x2930/0x2930 [ 1867.872135] alloc_pages_current+0xec/0x1e0 [ 1867.876447] ion_page_pool_alloc+0x11f/0x1c0 [ 1867.880845] ion_system_heap_allocate+0x138/0x910 [ 1867.885673] ? ion_alloc+0x19b/0x860 [ 1867.889373] ? rcu_read_lock_sched_held+0x110/0x130 [ 1867.894378] ? ion_system_heap_free+0x250/0x250 [ 1867.899072] ion_alloc+0x222/0x860 [ 1867.902636] ? ion_dma_buf_release+0x50/0x50 [ 1867.907161] ? kasan_check_write+0x14/0x20 [ 1867.911403] ? _copy_from_user+0x99/0x110 [ 1867.915551] ion_ioctl+0x105/0x217 [ 1867.919092] ? ion_alloc.cold+0x40/0x40 [ 1867.923077] ? ion_alloc.cold+0x40/0x40 [ 1867.927047] do_vfs_ioctl+0x7ae/0x1060 [ 1867.930945] ? selinux_file_mprotect+0x5d0/0x5d0 [ 1867.935696] ? lock_downgrade+0x740/0x740 [ 1867.939846] ? ioctl_preallocate+0x1c0/0x1c0 [ 1867.944253] ? __fget+0x237/0x370 [ 1867.947703] ? security_file_ioctl+0x89/0xb0 [ 1867.952238] SyS_ioctl+0x8f/0xc0 [ 1867.955615] ? do_vfs_ioctl+0x1060/0x1060 [ 1867.959846] do_syscall_64+0x1e8/0x640 [ 1867.963734] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1867.968588] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 1867.973774] RIP: 0033:0x45c6c9 [ 1867.976958] RSP: 002b:00007f475dc27c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1867.984667] RAX: ffffffffffffffda RBX: 00007f475dc286d4 RCX: 000000000045c6c9 [ 1867.991948] RDX: 00000000200001c0 RSI: 00000000c0184900 RDI: 0000000000000003 [ 1867.999217] RBP: 000000000076bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1868.006484] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 1868.013754] R13: 0000000000000360 R14: 00000000004c5b9c R15: 000000000076bf2c [ 1868.021054] CPU: 1 PID: 24215 Comm: syz-executor.0 Not tainted 4.14.170-syzkaller #0 [ 1868.028945] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1868.038304] Call Trace: [ 1868.038713] Mem-Info: [ 1868.040892] dump_stack+0x142/0x197 [ 1868.040909] warn_alloc.cold+0x96/0x1af [ 1868.040917] ? zone_watermark_ok_safe+0x2b0/0x2b0 [ 1868.040935] ? __alloc_pages_direct_compact+0x290/0x380 [ 1868.040947] __alloc_pages_slowpath+0x23c6/0x2930 [ 1868.040965] ? save_trace+0x290/0x290 [ 1868.040981] ? warn_alloc+0xf0/0xf0 [ 1868.041001] ? __might_sleep+0x93/0xb0 [ 1868.041013] __alloc_pages_nodemask+0x62c/0x7a0 [ 1868.041027] ? lock_downgrade+0x740/0x740 [ 1868.047571] active_anon:1154389 inactive_anon:467 isolated_anon:48 [ 1868.047571] active_file:1168 inactive_file:1620 isolated_file:17 [ 1868.047571] unevictable:0 dirty:2 writeback:0 unstable:0 [ 1868.047571] slab_reclaimable:22184 slab_unreclaimable:125062 [ 1868.047571] mapped:54149 shmem:523 pagetables:17997 bounce:0 [ 1868.047571] free:72584 free_pcp:119 free_cma:0 [ 1868.051132] ? __alloc_pages_slowpath+0x2930/0x2930 [ 1868.051154] alloc_pages_current+0xec/0x1e0 [ 1868.051167] ion_page_pool_alloc+0x11f/0x1c0 [ 1868.051176] ion_system_heap_allocate+0x138/0x910 [ 1868.051186] ? ion_alloc+0x19b/0x860 [ 1868.051197] ? rcu_read_lock_sched_held+0x110/0x130 [ 1868.051210] ? ion_system_heap_free+0x250/0x250 [ 1868.056291] Node 0 active_anon:1569132kB inactive_anon:1864kB active_file:1528kB inactive_file:4628kB unevictable:0kB isolated(anon):96kB isolated(file):0kB mapped:211908kB dirty:0kB writeback:0kB shmem:2084kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 823296kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1868.061432] ion_alloc+0x222/0x860 [ 1868.061451] ? ion_dma_buf_release+0x50/0x50 [ 1868.061467] ? kasan_check_write+0x14/0x20 [ 1868.061477] ? _copy_from_user+0x99/0x110 [ 1868.061488] ion_ioctl+0x105/0x217 [ 1868.061497] ? ion_alloc.cold+0x40/0x40 [ 1868.061512] ? ion_alloc.cold+0x40/0x40 [ 1868.061523] do_vfs_ioctl+0x7ae/0x1060 [ 1868.061534] ? selinux_file_mprotect+0x5d0/0x5d0 [ 1868.061545] ? lock_downgrade+0x740/0x740 [ 1868.061556] ? ioctl_preallocate+0x1c0/0x1c0 [ 1868.061569] ? __fget+0x237/0x370 [ 1868.061584] ? security_file_ioctl+0x89/0xb0 [ 1868.061595] SyS_ioctl+0x8f/0xc0 [ 1868.071406] Node 1 active_anon:3048424kB inactive_anon:4kB active_file:3144kB inactive_file:1852kB unevictable:0kB isolated(anon):96kB isolated(file):68kB mapped:4688kB dirty:8kB writeback:0kB shmem:8kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 151552kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1868.073952] ? do_vfs_ioctl+0x1060/0x1060 [ 1868.073968] do_syscall_64+0x1e8/0x640 [ 1868.073976] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1868.073993] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 1868.078099] Node 0 [ 1868.082553] RIP: 0033:0x45c6c9 11:39:37 executing program 1: socket$nl_xfrm(0x10, 0x3, 0x6) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x20}, 0x0) write(0xffffffffffffffff, 0x0, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff}) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000480)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270", 0x14}], 0x0, 0x0) [ 1868.082558] RSP: 002b:00007f8987cbfc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1868.082568] RAX: ffffffffffffffda RBX: 00007f8987cc06d4 RCX: 000000000045c6c9 [ 1868.082574] RDX: 00000000200001c0 RSI: 00000000c0184900 RDI: 0000000000000003 [ 1868.082580] RBP: 000000000076bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1868.082587] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 1868.082592] R13: 0000000000000360 R14: 00000000004c5b9c R15: 000000000076bf2c [ 1868.478146] FAT-fs (loop1): invalid media value (0x00) [ 1868.484009] FAT-fs (loop1): Can't find a valid FAT filesystem [ 1868.513957] DMA free:10520kB min:216kB low:268kB high:320kB active_anon:4556kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:32kB pagetables:4kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1868.616405] lowmem_reserve[]: 0 2569 2569 2569 2569 [ 1868.634248] Node 0 DMA32 free:45360kB min:36384kB low:45480kB high:54576kB active_anon:1564708kB inactive_anon:1868kB active_file:1764kB inactive_file:19560kB unevictable:0kB writepending:916kB present:3129332kB managed:2634396kB mlocked:0kB kernel_stack:10400kB pagetables:27004kB bounce:0kB free_pcp:420kB local_pcp:256kB free_cma:0kB 11:39:37 executing program 3: socket$nl_xfrm(0x10, 0x3, 0x6) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x20}, 0x0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x8001141042, 0x0) add_key$user(0x0, &(0x7f0000000040)={'syz', 0x0}, &(0x7f0000000280)='f', 0x1, 0xfffffffffffffffd) keyctl$clear(0x7, 0x0) request_key(0x0, &(0x7f0000000180)={'syz', 0x0}, 0x0, 0x0) write(r1, &(0x7f0000000000)="b6", 0xfffffe7e) pipe(&(0x7f00000001c0)={0xffffffffffffffff}) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) ioctl$TCSETXW(0xffffffffffffffff, 0x5435, &(0x7f00000000c0)={0x0, 0x0, [0x0, 0x0, 0x6, 0x2], 0x8}) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000480)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x0, 0x0) 11:39:37 executing program 0: set_mempolicy(0x2, &(0x7f00000000c0), 0x2) r0 = openat$ion(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/ion\x00', 0x0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) dup2(r1, r1) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f00000001c0)={0x10010005, 0xffffffffffffffff}) [ 1868.764341] lowmem_reserve[]: 0 0 0 0 0 [ 1868.768399] Node 0 Normal free:0kB min:0kB low:0kB high:0kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:0kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1868.794575] syz-executor.0: page allocation failure: order:4, mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask=(null) [ 1868.841002] syz-executor.0 cpuset=syz0 mems_allowed=0-1 [ 1868.860698] lowmem_reserve[]: 0 0 0 0 0 [ 1868.867488] CPU: 1 PID: 24238 Comm: syz-executor.0 Not tainted 4.14.170-syzkaller #0 [ 1868.870130] Node 1 [ 1868.875509] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1868.875517] Call Trace: [ 1868.877777] Normal free:53156kB min:53504kB low:66880kB high:80256kB active_anon:3048556kB inactive_anon:4kB active_file:3432kB inactive_file:3304kB unevictable:0kB writepending:0kB present:3932160kB managed:3870192kB mlocked:0kB kernel_stack:15520kB pagetables:44964kB bounce:0kB free_pcp:168kB local_pcp:160kB free_cma:0kB [ 1868.887127] dump_stack+0x142/0x197 [ 1868.887141] warn_alloc.cold+0x96/0x1af [ 1868.887149] ? zone_watermark_ok_safe+0x2b0/0x2b0 [ 1868.887165] ? __alloc_pages_direct_compact+0xbc/0x380 [ 1868.887182] __alloc_pages_slowpath+0x23c6/0x2930 [ 1868.887199] ? save_trace+0x290/0x290 [ 1868.887213] ? warn_alloc+0xf0/0xf0 [ 1868.887231] ? __might_sleep+0x93/0xb0 [ 1868.909851] lowmem_reserve[]: [ 1868.918787] __alloc_pages_nodemask+0x62c/0x7a0 [ 1868.918800] ? lock_downgrade+0x740/0x740 [ 1868.918809] ? __alloc_pages_slowpath+0x2930/0x2930 [ 1868.918821] ? save_trace+0x290/0x290 [ 1868.918834] alloc_pages_current+0xec/0x1e0 [ 1868.918845] ion_page_pool_alloc+0x11f/0x1c0 [ 1868.918855] ion_system_heap_allocate+0x138/0x910 [ 1868.918868] ? ion_alloc+0x19b/0x860 [ 1868.940094] 0 [ 1868.941687] ? rcu_read_lock_sched_held+0x110/0x130 [ 1868.945553] 0 [ 1868.949184] ? ion_system_heap_free+0x250/0x250 [ 1868.962497] 0 [ 1868.965111] ion_alloc+0x222/0x860 [ 1868.980087] 0 [ 1868.982639] ? ion_dma_buf_release+0x50/0x50 [ 1868.987596] 0 [ 1868.991312] ? kasan_check_write+0x14/0x20 [ 1868.991322] ? _copy_from_user+0x99/0x110 [ 1868.991335] ion_ioctl+0x105/0x217 [ 1868.991345] ? ion_alloc.cold+0x40/0x40 [ 1868.991358] ? ion_alloc.cold+0x40/0x40 [ 1868.991368] do_vfs_ioctl+0x7ae/0x1060 [ 1868.991378] ? selinux_file_mprotect+0x5d0/0x5d0 [ 1868.991391] ? lock_downgrade+0x740/0x740 [ 1869.050601] ? ioctl_preallocate+0x1c0/0x1c0 [ 1869.055016] ? __fget+0x237/0x370 [ 1869.058472] ? security_file_ioctl+0x89/0xb0 [ 1869.062895] SyS_ioctl+0x8f/0xc0 [ 1869.066260] ? do_vfs_ioctl+0x1060/0x1060 [ 1869.070413] do_syscall_64+0x1e8/0x640 [ 1869.074301] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1869.079137] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 1869.084383] RIP: 0033:0x45c6c9 [ 1869.087571] RSP: 002b:00007f8987cbfc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1869.095274] RAX: ffffffffffffffda RBX: 00007f8987cc06d4 RCX: 000000000045c6c9 [ 1869.102553] RDX: 00000000200001c0 RSI: 00000000c0184900 RDI: 0000000000000003 [ 1869.109821] RBP: 000000000076bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1869.117125] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 1869.124389] R13: 0000000000000360 R14: 00000000004c5b9c R15: 000000000076bf2c [ 1869.140098] Node 0 DMA: 2*4kB (ME) 3*8kB (EH) 3*16kB (UMH) 3*32kB (UM) 5*64kB (UEH) 2*128kB (UE) 2*256kB (EH) 4*512kB (UMEH) 3*1024kB (MEH) 2*2048kB (UE) 0*4096kB = 10480kB [ 1869.190104] Node 0 DMA32: 804*4kB (UME) 430*8kB (ME) 12*16kB (UME) 908*32kB (UME) 4*64kB (U) 3*128kB (UM) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 36544kB [ 1869.232979] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 1869.284961] Node 1 Normal: 609*4kB (UMEH) 141*8kB (UMEH) 19*16kB (UEH) 1558*32kB (UEH) 5*64kB (H) 7*128kB (H) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 54940kB [ 1869.358882] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1869.402246] syz-executor.3 invoked oom-killer: gfp_mask=0x14040c0(GFP_KERNEL|__GFP_COMP), nodemask=(null), order=1, oom_score_adj=0 [ 1869.408674] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1869.446513] syz-executor.3 cpuset=syz3 mems_allowed=0-1 [ 1869.447130] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1869.459018] CPU: 1 PID: 7316 Comm: syz-executor.3 Not tainted 4.14.170-syzkaller #0 [ 1869.468174] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1869.468860] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1869.477704] 2238 total pagecache pages [ 1869.486805] Call Trace: [ 1869.486826] dump_stack+0x142/0x197 [ 1869.486839] dump_header+0x177/0x6cd [ 1869.486848] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 1869.486856] ? ___ratelimit+0x55/0x537 [ 1869.486866] oom_kill_process.cold+0x10/0xadd [ 1869.486874] ? rcu_read_unlock_special+0x639/0xd40 [ 1869.486885] ? lock_downgrade+0x740/0x740 [ 1869.486897] out_of_memory+0x2ee/0x1180 [ 1869.486904] ? lock_acquire+0x16f/0x430 [ 1869.486917] ? oom_killer_disable+0x1d0/0x1d0 [ 1869.486925] ? __alloc_pages_slowpath+0xca4/0x2930 [ 1869.486935] __alloc_pages_slowpath+0x2251/0x2930 [ 1869.486955] ? warn_alloc+0xf0/0xf0 [ 1869.494988] 0 pages in swap cache [ 1869.497088] ? __might_sleep+0x93/0xb0 [ 1869.497101] __alloc_pages_nodemask+0x62c/0x7a0 [ 1869.497113] ? __alloc_pages_slowpath+0x2930/0x2930 [ 1869.501443] Swap cache stats: add 0, delete 0, find 0/0 [ 1869.505915] ? ____cache_alloc_node+0x1be/0x1d0 [ 1869.505925] ? cache_grow_begin+0x335/0x400 [ 1869.505936] cache_grow_begin+0x80/0x400 [ 1869.505946] ? __cpuset_node_allowed+0xff/0x450 [ 1869.505958] fallback_alloc+0x1fd/0x2c0 [ 1869.509957] Free swap = 0kB [ 1869.514339] ____cache_alloc_node+0x1be/0x1d0 [ 1869.514349] kmem_cache_alloc+0x1f3/0x780 [ 1869.514362] getname_flags+0xcb/0x580 [ 1869.514374] user_path_mountpoint_at+0x29/0x50 [ 1869.514383] SyS_umount+0x10c/0x380 [ 1869.514390] ? __do_page_fault+0x358/0xb80 [ 1869.514397] ? __detach_mounts+0x2f0/0x2f0 [ 1869.514406] ? do_syscall_64+0x53/0x640 [ 1869.514414] ? __detach_mounts+0x2f0/0x2f0 [ 1869.514423] do_syscall_64+0x1e8/0x640 [ 1869.514431] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1869.514446] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 1869.514453] RIP: 0033:0x45f0f7 [ 1869.514457] RSP: 002b:00007fff27ea71b8 EFLAGS: 00000202 ORIG_RAX: 00000000000000a6 [ 1869.514469] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000045f0f7 [ 1869.523958] Total swap = 0kB [ 1869.527478] RDX: 0000000000403720 RSI: 0000000000000002 RDI: 00007fff27ea7260 [ 1869.527484] RBP: 0000000000001f8e R08: 0000000000000000 R09: 000000000000000d [ 1869.527488] R10: 0000000000000006 R11: 0000000000000202 R12: 00007fff27ea82f0 [ 1869.527492] R13: 0000000002a19940 R14: 0000000000000000 R15: 00007fff27ea82f0 [ 1869.530555] Mem-Info: [ 1869.560543] 1965979 pages RAM [ 1869.640586] active_anon:1154431 inactive_anon:468 isolated_anon:0 [ 1869.640586] active_file:453 inactive_file:837 isolated_file:0 [ 1869.640586] unevictable:0 dirty:56 writeback:0 unstable:0 [ 1869.640586] slab_reclaimable:22103 slab_unreclaimable:125186 [ 1869.640586] mapped:53369 shmem:523 pagetables:17920 bounce:0 [ 1869.640586] free:30350 free_pcp:292 free_cma:0 [ 1869.742456] warn_alloc_show_mem: 2 callbacks suppressed 11:39:38 executing program 4: set_mempolicy(0x2, &(0x7f00000000c0), 0x2) r0 = openat$ion(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/ion\x00', 0x0, 0x0) dup2(0xffffffffffffffff, 0xffffffffffffffff) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f00000001c0)={0x10010005, 0xffffffffffffffff}) 11:39:38 executing program 1: socket$nl_xfrm(0x10, 0x3, 0x6) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x20}, 0x0) write(0xffffffffffffffff, 0x0, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff}) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000480)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270", 0x14}], 0x0, 0x0) [ 1869.742460] Mem-Info: [ 1869.773572] active_anon:1154381 inactive_anon:468 isolated_anon:0 [ 1869.773572] active_file:651 inactive_file:1986 isolated_file:0 [ 1869.773572] unevictable:0 dirty:31 writeback:0 unstable:0 [ 1869.773572] slab_reclaimable:22103 slab_unreclaimable:124747 [ 1869.773572] mapped:54069 shmem:523 pagetables:17994 bounce:0 [ 1869.773572] free:71712 free_pcp:478 free_cma:0 [ 1869.814563] Node 0 active_anon:1569068kB inactive_anon:1868kB active_file:1948kB inactive_file:3188kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:212688kB dirty:88kB writeback:0kB shmem:2088kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 823296kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1869.828873] 0 pages HighMem/MovableOnly [ 1869.844372] Node 1 active_anon:3048656kB inactive_anon:4kB active_file:1556kB inactive_file:4456kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:4088kB dirty:36kB writeback:0kB shmem:4kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 151552kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1869.875816] Node 0 active_anon:1569068kB inactive_anon:1868kB active_file:1948kB inactive_file:3188kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:212688kB dirty:88kB writeback:0kB shmem:2088kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 823296kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1869.923502] 335855 pages reserved [ 1869.933627] FAT-fs (loop1): invalid media value (0x00) [ 1869.936155] 0 pages cma reserved [ 1869.938989] FAT-fs (loop1): Can't find a valid FAT filesystem [ 1869.946545] Node 0 DMA free:10580kB min:216kB low:268kB high:320kB active_anon:4556kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:32kB pagetables:4kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1869.976020] Node 1 active_anon:3048656kB inactive_anon:4kB active_file:1756kB inactive_file:4256kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:4088kB dirty:36kB writeback:0kB shmem:4kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 151552kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1870.004700] lowmem_reserve[]: 0 2569 2569 2569 2569 [ 1870.022722] Node 0 DMA32 free:71868kB min:36384kB low:45480kB high:54576kB active_anon:1564612kB inactive_anon:1868kB active_file:2248kB inactive_file:3188kB unevictable:0kB writepending:64kB present:3129332kB managed:2634396kB mlocked:0kB kernel_stack:10368kB pagetables:26896kB bounce:0kB free_pcp:424kB local_pcp:364kB free_cma:0kB [ 1870.059066] Node 0 DMA free:10580kB min:216kB low:268kB high:320kB active_anon:4556kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:32kB pagetables:4kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1870.086832] lowmem_reserve[]: 0 0 0 0 0 [ 1870.095364] Node 0 Normal free:0kB min:0kB low:0kB high:0kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:0kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1870.121401] lowmem_reserve[]: 0 2569 2569 2569 2569 [ 1870.126757] Node 0 DMA32 free:54312kB min:36384kB low:45480kB high:54576kB active_anon:1564608kB inactive_anon:1860kB active_file:2364kB inactive_file:3084kB unevictable:0kB writepending:52kB present:3129332kB managed:2634396kB mlocked:0kB kernel_stack:10336kB pagetables:26792kB bounce:0kB free_pcp:488kB local_pcp:308kB free_cma:0kB [ 1870.157243] lowmem_reserve[]: 0 0 0 0 0 [ 1870.161958] Node 1 Normal free:109884kB min:53504kB low:66880kB high:80256kB active_anon:3048540kB inactive_anon:12kB active_file:2148kB inactive_file:3464kB unevictable:0kB writepending:60kB present:3932160kB managed:3870192kB mlocked:0kB kernel_stack:15552kB pagetables:45068kB bounce:0kB free_pcp:220kB local_pcp:220kB free_cma:0kB [ 1870.192759] lowmem_reserve[]: 0 0 0 0 0 [ 1870.197140] Node 0 Normal free:0kB min:0kB low:0kB high:0kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:0kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1870.223012] lowmem_reserve[]: 0 0 0 0 0 [ 1870.227330] Node 0 DMA: 7*4kB (UME) 4*8kB (UEH) 3*16kB (UMH) 4*32kB (UM) 5*64kB (UEH) 2*128kB (UE) 2*256kB (EH) 4*512kB (UMEH) 3*1024kB (MEH) 2*2048kB (UE) 0*4096kB = 10540kB [ 1870.243670] lowmem_reserve[]: 0 0 0 0 0 [ 1870.247979] Node 1 Normal free:100288kB min:53504kB low:66880kB high:80256kB active_anon:3048540kB inactive_anon:12kB active_file:2148kB inactive_file:2960kB unevictable:0kB writepending:60kB present:3932160kB managed:3870192kB mlocked:0kB kernel_stack:15552kB pagetables:45068kB bounce:0kB free_pcp:48kB local_pcp:0kB free_cma:0kB [ 1870.278129] Node 0 DMA32: 1179*4kB (UME) 744*8kB (ME) 126*16kB (ME) 1024*32kB (UME) 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 45452kB [ 1870.294022] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 1870.307086] lowmem_reserve[]: 0 0 0 0 0 [ 1870.313431] Node 0 DMA: 7*4kB (UME) 4*8kB (UEH) 3*16kB (UMH) 4*32kB (UM) 5*64kB (UEH) 2*128kB (UE) 2*256kB (EH) 4*512kB (UMEH) 3*1024kB (MEH) 2*2048kB (UE) 0*4096kB = 10540kB [ 1870.335701] Node 1 Normal: 40*4kB (UEH) 41*8kB (UEH) 1536*16kB (UEH) 1565*32kB (UEH) 5*64kB (H) 7*128kB (H) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 76360kB [ 1870.357901] Node 0 DMA32: 1179*4kB (UME) 744*8kB (ME) 126*16kB (ME) 1024*32kB (UME) 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 45452kB [ 1870.376300] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1870.385522] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1870.398948] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 1870.409907] syz-executor.4: page allocation failure: order:4, mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask=(null) [ 1870.413027] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1870.435117] Node 1 Normal: 389*4kB (UMEH) 51*8kB (UMEH) 933*16kB (UMEH) 1569*32kB (UMEH) 5*64kB (H) 7*128kB (H) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 68316kB [ 1870.460731] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1870.464834] syz-executor.4 cpuset= [ 1870.475645] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1870.477199] syz4 [ 1870.482804] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1870.501512] mems_allowed=0-1 [ 1870.505304] 2569 total pagecache pages [ 1870.507904] CPU: 0 PID: 24245 Comm: syz-executor.4 Not tainted 4.14.170-syzkaller #0 [ 1870.514320] 0 pages in swap cache [ 1870.517248] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1870.517253] Call Trace: [ 1870.517272] dump_stack+0x142/0x197 [ 1870.517288] warn_alloc.cold+0x96/0x1af [ 1870.517301] ? zone_watermark_ok_safe+0x2b0/0x2b0 [ 1870.521009] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1870.530115] ? __alloc_pages_direct_compact+0xbc/0x380 [ 1870.530129] __alloc_pages_slowpath+0x23c6/0x2930 [ 1870.530149] ? save_trace+0x290/0x290 [ 1870.530162] ? warn_alloc+0xf0/0xf0 [ 1870.530179] ? __might_sleep+0x93/0xb0 [ 1870.530191] __alloc_pages_nodemask+0x62c/0x7a0 [ 1870.533010] Swap cache stats: add 0, delete 0, find 0/0 [ 1870.536388] ? lock_downgrade+0x740/0x740 [ 1870.536400] ? __alloc_pages_slowpath+0x2930/0x2930 [ 1870.536422] alloc_pages_current+0xec/0x1e0 [ 1870.536437] ion_page_pool_alloc+0x11f/0x1c0 [ 1870.540651] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1870.545243] ion_system_heap_allocate+0x138/0x910 [ 1870.545253] ? ion_alloc+0x19b/0x860 [ 1870.545265] ? rcu_read_lock_sched_held+0x110/0x130 [ 1870.545275] ? ion_system_heap_free+0x250/0x250 [ 1870.545289] ion_alloc+0x222/0x860 [ 1870.554518] Free swap = 0kB [ 1870.559404] ? ion_dma_buf_release+0x50/0x50 [ 1870.559422] ? kasan_check_write+0x14/0x20 [ 1870.559433] ? _copy_from_user+0x99/0x110 [ 1870.559445] ion_ioctl+0x105/0x217 [ 1870.564672] Total swap = 0kB [ 1870.568089] ? ion_alloc.cold+0x40/0x40 [ 1870.568106] ? ion_alloc.cold+0x40/0x40 [ 1870.568119] do_vfs_ioctl+0x7ae/0x1060 [ 1870.568133] ? selinux_file_mprotect+0x5d0/0x5d0 [ 1870.571987] 2569 total pagecache pages [ 1870.575641] ? lock_downgrade+0x740/0x740 [ 1870.575658] ? ioctl_preallocate+0x1c0/0x1c0 [ 1870.575673] ? __fget+0x237/0x370 [ 1870.580536] 1965979 pages RAM [ 1870.585709] ? security_file_ioctl+0x89/0xb0 [ 1870.585724] SyS_ioctl+0x8f/0xc0 [ 1870.585734] ? do_vfs_ioctl+0x1060/0x1060 [ 1870.585747] do_syscall_64+0x1e8/0x640 [ 1870.585759] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1870.590208] 0 pages in swap cache [ 1870.594938] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 1870.594948] RIP: 0033:0x45c6c9 [ 1870.594953] RSP: 002b:00007f475dc27c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1870.594967] RAX: ffffffffffffffda RBX: 00007f475dc286d4 RCX: 000000000045c6c9 [ 1870.599442] 0 pages HighMem/MovableOnly [ 1870.603669] RDX: 00000000200001c0 RSI: 00000000c0184900 RDI: 0000000000000003 [ 1870.603675] RBP: 000000000076bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1870.603680] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 1870.603685] R13: 0000000000000360 R14: 00000000004c5b9c R15: 000000000076bf2c [ 1870.740207] Swap cache stats: add 0, delete 0, find 0/0 [ 1870.747282] 335855 pages reserved [ 1870.765491] Free swap = 0kB [ 1870.770222] 0 pages cma reserved [ 1870.783105] Total swap = 0kB [ 1870.789906] Out of memory: Kill process 25310 (syz-executor.1) score 1007 or sacrifice child [ 1870.803923] 1965979 pages RAM [ 1870.804933] Killed process 25310 (syz-executor.1) total-vm:75096kB, anon-rss:16568kB, file-rss:34816kB, shmem-rss:0kB [ 1870.810374] 0 pages HighMem/MovableOnly [ 1870.821951] 335855 pages reserved [ 1870.825403] 0 pages cma reserved [ 1870.911054] oom_reaper: reaped process 25310 (syz-executor.1), now anon-rss:0kB, file-rss:0kB, shmem-rss:0kB 11:39:40 executing program 1: socket$nl_xfrm(0x10, 0x3, 0x6) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x20}, 0x0) write(0xffffffffffffffff, 0x0, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff}) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000480)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270", 0x14}], 0x0, 0x0) 11:39:40 executing program 5: set_mempolicy(0x2, &(0x7f00000000c0), 0x2) r0 = openat$ion(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/ion\x00', 0x0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) dup2(r1, r1) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f00000001c0)={0x10010005, 0xffffffffffffffff}) 11:39:40 executing program 4: set_mempolicy(0x2, &(0x7f00000000c0), 0x2) r0 = openat$ion(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/ion\x00', 0x0, 0x0) dup2(0xffffffffffffffff, 0xffffffffffffffff) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f00000001c0)={0x10010005, 0xffffffffffffffff}) 11:39:40 executing program 0: set_mempolicy(0x2, &(0x7f00000000c0), 0x2) r0 = openat$ion(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/ion\x00', 0x0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) dup2(r1, r1) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f00000001c0)={0x10010005, 0xffffffffffffffff}) 11:39:41 executing program 2: r0 = getpid() r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/schedstat\x00', 0x0, 0x0) lseek(r1, 0x1, 0x0) sendmsg$NFNL_MSG_CTHELPER_NEW(r1, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000080)={&(0x7f0000000240)={0x4c, 0x0, 0x9, 0x3, 0x0, 0x0, {0x0, 0x0, 0x8}, [@NFCTH_NAME={0x9, 0x1, 'syz0\x00'}, @NFCTH_NAME={0x9, 0x1, 'syz0\x00'}, @NFCTH_STATUS={0x8}, @NFCTH_TUPLE={0xc, 0x2, [@CTA_TUPLE_ZONE={0x6}]}, @NFCTH_NAME={0x9, 0x1, 'syz0\x00'}]}, 0x4c}}, 0x8011) sched_setscheduler(r0, 0x5, &(0x7f0000000380)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, &(0x7f0000000200)='/dev/vsock\x00', 0x0, 0x0) socket$pptp(0x18, 0x1, 0x2) openat$sequencer(0xffffffffffffff9c, 0x0, 0x801, 0x0) inotify_init1(0x0) poll(0x0, 0x0, 0x0) syz_open_dev$vivid(&(0x7f0000000540)='/dev/video#\x00', 0x0, 0x2) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000380)={[0x0, 0xf0, 0xfffffffffffffffc, 0x1, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) 11:39:41 executing program 3: socket$nl_xfrm(0x10, 0x3, 0x6) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x20}, 0x0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x8001141042, 0x0) add_key$user(0x0, &(0x7f0000000040)={'syz', 0x0}, &(0x7f0000000280)='f', 0x1, 0xfffffffffffffffd) keyctl$clear(0x7, 0x0) request_key(0x0, &(0x7f0000000180)={'syz', 0x0}, 0x0, 0x0) write(r1, &(0x7f0000000000)="b6", 0xfffffe7e) pipe(&(0x7f00000001c0)={0xffffffffffffffff}) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) ioctl$TCSETXW(0xffffffffffffffff, 0x5435, &(0x7f00000000c0)={0x0, 0x0, [0x0, 0x0, 0x6, 0x2], 0x8}) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000480)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x0, 0x0) [ 1871.802372] FAT-fs (loop1): invalid media value (0x00) [ 1871.807751] FAT-fs (loop1): Can't find a valid FAT filesystem [ 1871.983667] syz-executor.0: page allocation failure: order:4, mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask=(null) [ 1872.025081] syz-executor.0 cpuset=syz0 mems_allowed=0-1 [ 1872.053167] CPU: 0 PID: 24271 Comm: syz-executor.0 Not tainted 4.14.170-syzkaller #0 [ 1872.061088] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1872.070448] Call Trace: [ 1872.073047] dump_stack+0x142/0x197 [ 1872.076701] warn_alloc.cold+0x96/0x1af [ 1872.080682] ? zone_watermark_ok_safe+0x2b0/0x2b0 [ 1872.085542] ? __alloc_pages_direct_compact+0x290/0x380 [ 1872.091286] __alloc_pages_slowpath+0x23c6/0x2930 [ 1872.096140] ? save_trace+0x290/0x290 [ 1872.099949] ? warn_alloc+0xf0/0xf0 [ 1872.103795] ? __might_sleep+0x93/0xb0 [ 1872.107695] __alloc_pages_nodemask+0x62c/0x7a0 [ 1872.112373] ? lock_downgrade+0x740/0x740 [ 1872.116523] ? __alloc_pages_slowpath+0x2930/0x2930 [ 1872.121549] alloc_pages_current+0xec/0x1e0 [ 1872.125984] ion_page_pool_alloc+0x11f/0x1c0 [ 1872.130397] ion_system_heap_allocate+0x138/0x910 [ 1872.134100] syz-executor.4: [ 1872.135254] ? ion_alloc+0x19b/0x860 [ 1872.135268] ? rcu_read_lock_sched_held+0x110/0x130 [ 1872.135280] ? ion_system_heap_free+0x250/0x250 [ 1872.135296] ion_alloc+0x222/0x860 [ 1872.135312] ? ion_dma_buf_release+0x50/0x50 [ 1872.135327] ? kasan_check_write+0x14/0x20 [ 1872.135340] ? _copy_from_user+0x99/0x110 [ 1872.141098] page allocation failure: order:4 [ 1872.142071] ion_ioctl+0x105/0x217 [ 1872.142083] ? ion_alloc.cold+0x40/0x40 [ 1872.142101] ? ion_alloc.cold+0x40/0x40 [ 1872.142111] do_vfs_ioctl+0x7ae/0x1060 [ 1872.142128] ? selinux_file_mprotect+0x5d0/0x5d0 [ 1872.155135] , mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask= [ 1872.155383] ? lock_downgrade+0x740/0x740 [ 1872.155398] ? ioctl_preallocate+0x1c0/0x1c0 [ 1872.155410] ? __fget+0x237/0x370 [ 1872.164922] (null) [ 1872.168176] ? security_file_ioctl+0x89/0xb0 [ 1872.168193] SyS_ioctl+0x8f/0xc0 [ 1872.168204] ? do_vfs_ioctl+0x1060/0x1060 [ 1872.168217] do_syscall_64+0x1e8/0x640 [ 1872.168225] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1872.168241] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 1872.173059] syz-executor.4 cpuset= [ 1872.176301] RIP: 0033:0x45c6c9 [ 1872.176307] RSP: 002b:00007f8987cbfc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1872.176318] RAX: ffffffffffffffda RBX: 00007f8987cc06d4 RCX: 000000000045c6c9 [ 1872.176324] RDX: 00000000200001c0 RSI: 00000000c0184900 RDI: 0000000000000003 [ 1872.176330] RBP: 000000000076bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1872.176336] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 1872.176341] R13: 0000000000000360 R14: 00000000004c5b9c R15: 000000000076bf2c [ 1872.235932] warn_alloc_show_mem: 1 callbacks suppressed [ 1872.235936] Mem-Info: [ 1872.245357] syz4 [ 1872.252937] syz-executor.5: [ 1872.256298] mems_allowed=0-1 [ 1872.275789] active_anon:1152300 inactive_anon:470 isolated_anon:19 [ 1872.275789] active_file:1774 inactive_file:1893 isolated_file:5 [ 1872.275789] unevictable:0 dirty:85 writeback:0 unstable:0 [ 1872.275789] slab_reclaimable:21969 slab_unreclaimable:125245 [ 1872.275789] mapped:54769 shmem:523 pagetables:17898 bounce:0 [ 1872.275789] free:72477 free_pcp:56 free_cma:0 [ 1872.278555] CPU: 1 PID: 24270 Comm: syz-executor.4 Not tainted 4.14.170-syzkaller #0 [ 1872.294438] page allocation failure: order:4 [ 1872.297745] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1872.297749] Call Trace: [ 1872.297766] dump_stack+0x142/0x197 [ 1872.297780] warn_alloc.cold+0x96/0x1af [ 1872.307998] Node 0 active_anon:1560732kB inactive_anon:1872kB active_file:4484kB inactive_file:7108kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:216144kB dirty:164kB writeback:0kB shmem:2084kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 817152kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1872.308285] ? zone_watermark_ok_safe+0x2b0/0x2b0 [ 1872.350217] , mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask= [ 1872.354272] ? __alloc_pages_direct_compact+0x290/0x380 [ 1872.354286] __alloc_pages_slowpath+0x23c6/0x2930 [ 1872.354308] ? save_trace+0x290/0x290 [ 1872.367542] (null) [ 1872.369971] ? warn_alloc+0xf0/0xf0 [ 1872.369992] ? __might_sleep+0x93/0xb0 [ 1872.375222] syz-executor.5 cpuset= [ 1872.403613] __alloc_pages_nodemask+0x62c/0x7a0 [ 1872.403626] ? lock_downgrade+0x740/0x740 [ 1872.403638] ? __alloc_pages_slowpath+0x2930/0x2930 [ 1872.403656] alloc_pages_current+0xec/0x1e0 [ 1872.403668] ion_page_pool_alloc+0x11f/0x1c0 [ 1872.403677] ion_system_heap_allocate+0x138/0x910 [ 1872.403686] ? ion_alloc+0x19b/0x860 [ 1872.403696] ? rcu_read_lock_sched_held+0x110/0x130 [ 1872.403705] ? ion_system_heap_free+0x250/0x250 [ 1872.403719] ion_alloc+0x222/0x860 [ 1872.403735] ? ion_dma_buf_release+0x50/0x50 [ 1872.403749] ? kasan_check_write+0x14/0x20 [ 1872.403759] ? _copy_from_user+0x99/0x110 [ 1872.403770] ion_ioctl+0x105/0x217 [ 1872.403781] ? ion_alloc.cold+0x40/0x40 [ 1872.403794] ? ion_alloc.cold+0x40/0x40 [ 1872.403805] do_vfs_ioctl+0x7ae/0x1060 [ 1872.403816] ? selinux_file_mprotect+0x5d0/0x5d0 [ 1872.403827] ? lock_downgrade+0x740/0x740 [ 1872.415532] Node 1 active_anon:3048468kB inactive_anon:8kB active_file:2712kB inactive_file:364kB unevictable:0kB isolated(anon):76kB isolated(file):20kB mapped:2832kB dirty:176kB writeback:0kB shmem:8kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 151552kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1872.415798] ? ioctl_preallocate+0x1c0/0x1c0 [ 1872.421966] Node 0 [ 1872.426533] ? __fget+0x237/0x370 [ 1872.426552] ? security_file_ioctl+0x89/0xb0 [ 1872.426565] SyS_ioctl+0x8f/0xc0 [ 1872.426580] ? do_vfs_ioctl+0x1060/0x1060 [ 1872.434901] DMA free:10640kB min:216kB low:268kB high:320kB active_anon:4556kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:32kB pagetables:4kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1872.436541] do_syscall_64+0x1e8/0x640 [ 1872.436553] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1872.436568] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 1872.436579] RIP: 0033:0x45c6c9 [ 1872.441278] syz5 [ 1872.443997] RSP: 002b:00007f475dc27c78 EFLAGS: 00000246 11:39:41 executing program 1: socket$nl_xfrm(0x10, 0x3, 0x6) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x20}, 0x0) write(0xffffffffffffffff, 0x0, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff}) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000480)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270f7", 0x15}], 0x0, 0x0) [ 1872.448895] lowmem_reserve[]: [ 1872.452890] ORIG_RAX: 0000000000000010 [ 1872.452898] RAX: ffffffffffffffda RBX: 00007f475dc286d4 RCX: 000000000045c6c9 [ 1872.452903] RDX: 00000000200001c0 RSI: 00000000c0184900 RDI: 0000000000000003 [ 1872.452909] RBP: 000000000076bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1872.452914] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 1872.452919] R13: 0000000000000360 R14: 00000000004c5b9c R15: 000000000076bf2c [ 1872.615521] mems_allowed=0-1 [ 1872.650331] 0 2569 2569 2569 2569 [ 1872.710951] Node 0 DMA32 free:133752kB min:36384kB low:45480kB high:54576kB active_anon:1554244kB inactive_anon:1872kB active_file:4584kB inactive_file:13708kB unevictable:0kB writepending:6528kB present:3129332kB managed:2634396kB mlocked:0kB kernel_stack:10464kB pagetables:26792kB bounce:0kB free_pcp:268kB local_pcp:212kB free_cma:0kB [ 1872.744452] lowmem_reserve[]: 0 0 0 0 0 [ 1872.748860] Node 0 Normal free:0kB min:0kB low:0kB high:0kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:0kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1872.786766] CPU: 1 PID: 24268 Comm: syz-executor.5 Not tainted 4.14.170-syzkaller #0 [ 1872.794797] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1872.796608] lowmem_reserve[]: [ 1872.804362] Call Trace: [ 1872.804382] dump_stack+0x142/0x197 [ 1872.804397] warn_alloc.cold+0x96/0x1af [ 1872.804407] ? zone_watermark_ok_safe+0x2b0/0x2b0 [ 1872.804427] ? __alloc_pages_direct_compact+0x290/0x380 [ 1872.804439] __alloc_pages_slowpath+0x23c6/0x2930 [ 1872.804456] ? save_trace+0x290/0x290 [ 1872.804470] ? warn_alloc+0xf0/0xf0 [ 1872.804488] ? __might_sleep+0x93/0xb0 [ 1872.804499] __alloc_pages_nodemask+0x62c/0x7a0 [ 1872.807835] 0 [ 1872.810182] ? lock_downgrade+0x740/0x740 [ 1872.810195] ? __alloc_pages_slowpath+0x2930/0x2930 [ 1872.810211] ? retint_kernel+0x2d/0x2d [ 1872.810225] alloc_pages_current+0xec/0x1e0 [ 1872.810239] ion_page_pool_alloc+0x11f/0x1c0 [ 1872.810249] ion_system_heap_allocate+0x138/0x910 [ 1872.810258] ? ion_alloc+0x19b/0x860 [ 1872.810269] ? rcu_read_lock_sched_held+0x110/0x130 [ 1872.810279] ? ion_system_heap_free+0x250/0x250 [ 1872.810291] ion_alloc+0x222/0x860 [ 1872.810306] ? ion_dma_buf_release+0x50/0x50 [ 1872.810326] ? kasan_check_write+0x14/0x20 [ 1872.810336] ? _copy_from_user+0x99/0x110 [ 1872.810346] ion_ioctl+0x105/0x217 [ 1872.810356] ? ion_alloc.cold+0x40/0x40 [ 1872.810370] ? ion_alloc.cold+0x40/0x40 [ 1872.818361] 0 [ 1872.822799] do_vfs_ioctl+0x7ae/0x1060 [ 1872.822813] ? selinux_file_mprotect+0x5d0/0x5d0 [ 1872.822915] ? lock_downgrade+0x740/0x740 [ 1872.822932] ? ioctl_preallocate+0x1c0/0x1c0 [ 1872.822944] ? __fget+0x237/0x370 [ 1872.822960] ? security_file_ioctl+0x89/0xb0 [ 1872.828734] 0 [ 1872.833412] SyS_ioctl+0x8f/0xc0 [ 1872.833425] ? do_vfs_ioctl+0x1060/0x1060 [ 1872.833440] do_syscall_64+0x1e8/0x640 [ 1872.833451] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1872.833467] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 1872.833474] RIP: 0033:0x45c6c9 [ 1872.833478] RSP: 002b:00007fa3c4af6c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1872.833488] RAX: ffffffffffffffda RBX: 00007fa3c4af76d4 RCX: 000000000045c6c9 [ 1872.833494] RDX: 00000000200001c0 RSI: 00000000c0184900 RDI: 0000000000000003 [ 1872.833498] RBP: 000000000076bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1872.833503] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 1872.833508] R13: 0000000000000360 R14: 00000000004c5b9c R15: 000000000076bf2c [ 1872.845202] FAT-fs (loop1): invalid media value (0x00) [ 1872.863701] 0 [ 1872.864758] FAT-fs (loop1): Can't find a valid FAT filesystem [ 1873.080131] 0 [ 1873.101872] Node 1 Normal free:139936kB min:53504kB low:66880kB high:80256kB active_anon:3048468kB inactive_anon:8kB active_file:2712kB inactive_file:1784kB unevictable:0kB writepending:1576kB present:3932160kB managed:3870192kB mlocked:0kB kernel_stack:15520kB pagetables:44944kB bounce:0kB free_pcp:108kB local_pcp:0kB free_cma:0kB [ 1873.153356] lowmem_reserve[]: 0 0 0 0 0 [ 1873.157510] Node 0 DMA: 3*4kB (UME) 4*8kB (UEH) 4*16kB (UMH) 4*32kB (UM) 5*64kB (UEH) 2*128kB (UE) 2*256kB (EH) 4*512kB (UMEH) 3*1024kB (MEH) 2*2048kB (UE) 0*4096kB = 10540kB [ 1873.173829] Node 0 DMA32: 1*4kB (E) 1*8kB (U) 137*16kB (UE) 1329*32kB (UME) 0*64kB 5*128kB (UM) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 45372kB [ 1873.188243] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 1873.199744] Node 1 Normal: 3*4kB (H) 941*8kB (UEH) 2903*16kB (UEH) 1607*32kB (UEH) 5*64kB (H) 7*128kB (H) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 106628kB [ 1873.215545] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1873.224712] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1873.233498] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1873.242535] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB 11:39:42 executing program 3: socket$nl_xfrm(0x10, 0x3, 0x6) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x20}, 0x0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x8001141042, 0x0) add_key$user(0x0, &(0x7f0000000040)={'syz', 0x0}, &(0x7f0000000280)='f', 0x1, 0xfffffffffffffffd) keyctl$clear(0x7, 0x0) request_key(0x0, &(0x7f0000000180)={'syz', 0x0}, 0x0, 0x0) write(r1, &(0x7f0000000000)="b6", 0xfffffe7e) pipe(&(0x7f00000001c0)={0xffffffffffffffff}) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) ioctl$TCSETXW(0xffffffffffffffff, 0x5435, &(0x7f00000000c0)={0x0, 0x0, [0x0, 0x0, 0x6, 0x2], 0x8}) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000480)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x0, 0x0) 11:39:42 executing program 4: set_mempolicy(0x2, &(0x7f00000000c0), 0x2) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) dup2(r0, r0) ioctl$ION_IOC_ALLOC(0xffffffffffffffff, 0xc0184900, &(0x7f00000001c0)={0x10010005, 0xffffffffffffffff}) [ 1873.251415] 8441 total pagecache pages [ 1873.255486] 0 pages in swap cache [ 1873.259068] Swap cache stats: add 0, delete 0, find 0/0 [ 1873.264603] Free swap = 0kB [ 1873.267742] Total swap = 0kB [ 1873.270937] 1965979 pages RAM [ 1873.279892] 0 pages HighMem/MovableOnly [ 1873.293162] 335855 pages reserved [ 1873.297609] 0 pages cma reserved [ 1873.667737] syz-executor.4 invoked oom-killer: gfp_mask=0x15080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), nodemask=(null), order=3, oom_score_adj=1000 [ 1873.760157] syz-executor.4 cpuset=syz4 mems_allowed=0-1 [ 1873.765731] CPU: 0 PID: 24299 Comm: syz-executor.4 Not tainted 4.14.170-syzkaller #0 [ 1873.773613] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1873.783220] Call Trace: [ 1873.785809] dump_stack+0x142/0x197 [ 1873.789449] dump_header+0x177/0x6cd [ 1873.793191] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 1873.798282] ? ___ratelimit+0x55/0x537 [ 1873.802162] oom_kill_process.cold+0x10/0xadd [ 1873.806828] ? oom_unkillable_task+0x294/0x390 [ 1873.811418] ? lock_downgrade+0x740/0x740 [ 1873.815582] out_of_memory+0x2ee/0x1180 [ 1873.819815] ? lock_acquire+0x16f/0x430 [ 1873.823880] ? oom_killer_disable+0x1d0/0x1d0 [ 1873.828456] ? __alloc_pages_slowpath+0xca4/0x2930 [ 1873.833383] __alloc_pages_slowpath+0x2251/0x2930 [ 1873.838251] ? warn_alloc+0xf0/0xf0 [ 1873.841885] ? __might_sleep+0x93/0xb0 [ 1873.845782] __alloc_pages_nodemask+0x62c/0x7a0 [ 1873.850443] ? __alloc_pages_slowpath+0x2930/0x2930 [ 1873.855629] ? rcu_read_lock_sched_held+0x110/0x130 [ 1873.860744] ? check_preemption_disabled+0x3c/0x250 [ 1873.866889] copy_process.part.0+0x26a/0x6a70 [ 1873.871384] ? __handle_mm_fault+0x1bc2/0x33d0 [ 1873.875992] ? lock_downgrade+0x740/0x740 [ 1873.880157] ? pud_val+0xe0/0xe0 [ 1873.883511] ? do_raw_spin_unlock+0x174/0x260 [ 1873.888189] ? _raw_spin_unlock+0x2d/0x50 [ 1873.892347] ? __cleanup_sighand+0x50/0x50 [ 1873.896627] ? __do_page_fault+0x4e9/0xb80 [ 1873.900863] ? find_held_lock+0x35/0x130 [ 1873.904920] _do_fork+0x19e/0xce0 [ 1873.908370] ? fork_idle+0x280/0x280 [ 1873.912805] ? up_read+0x1a/0x40 [ 1873.916169] ? __do_page_fault+0x358/0xb80 [ 1873.920516] ? mprotect_fixup+0x920/0x920 [ 1873.924676] SyS_clone+0x37/0x50 [ 1873.928030] ? sys_vfork+0x30/0x30 [ 1873.931556] do_syscall_64+0x1e8/0x640 [ 1873.935456] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1873.940404] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 1873.945578] RIP: 0033:0x45f099 [ 1873.948752] RSP: 002b:00007ffcfaf60608 EFLAGS: 00000202 ORIG_RAX: 0000000000000038 [ 1873.956575] RAX: ffffffffffffffda RBX: 00007f475dc28700 RCX: 000000000045f099 [ 1873.963838] RDX: 00007f475dc289d0 RSI: 00007f475dc27db0 RDI: 00000000003d0f00 [ 1873.971092] RBP: 00007ffcfaf60820 R08: 00007f475dc28700 R09: 00007f475dc28700 [ 1873.978704] R10: 00007f475dc289d0 R11: 0000000000000202 R12: 0000000000000000 [ 1873.985982] R13: 00007ffcfaf606bf R14: 00007f475dc289c0 R15: 000000000076bf2c 11:39:43 executing program 5: set_mempolicy(0x2, &(0x7f00000000c0), 0x2) r0 = openat$ion(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/ion\x00', 0x0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) dup2(r1, r1) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f00000001c0)={0x10010005, 0xffffffffffffffff}) 11:39:43 executing program 1: socket$nl_xfrm(0x10, 0x3, 0x6) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x20}, 0x0) write(0xffffffffffffffff, 0x0, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff}) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000480)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270f7", 0x15}], 0x0, 0x0) [ 1874.385265] FAT-fs (loop1): invalid media value (0x00) [ 1874.390848] FAT-fs (loop1): Can't find a valid FAT filesystem 11:39:43 executing program 0: set_mempolicy(0x2, &(0x7f00000000c0), 0x2) r0 = openat$ion(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/ion\x00', 0x0, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f00000001c0)={0x10010005, 0xffffffffffffffff}) [ 1874.506775] Mem-Info: [ 1874.509506] active_anon:1151328 inactive_anon:468 isolated_anon:0 [ 1874.509506] active_file:1008 inactive_file:3605 isolated_file:58 [ 1874.509506] unevictable:0 dirty:108 writeback:0 unstable:0 [ 1874.509506] slab_reclaimable:21981 slab_unreclaimable:125196 [ 1874.509506] mapped:54347 shmem:523 pagetables:17945 bounce:0 [ 1874.509506] free:38117 free_pcp:504 free_cma:0 11:39:44 executing program 5: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_mreq(r0, 0x29, 0x1b, &(0x7f0000000000)={@dev}, 0x14) pipe(&(0x7f0000000180)={0xffffffffffffffff}) dup2(r1, r0) [ 1874.710325] Node 0 active_anon:1554676kB inactive_anon:1856kB active_file:4680kB inactive_file:5516kB unevictable:0kB isolated(anon):0kB isolated(file):168kB mapped:214492kB dirty:320kB writeback:0kB shmem:2072kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 811008kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1874.830139] Node 1 active_anon:3048524kB inactive_anon:16kB active_file:1196kB inactive_file:840kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:1996kB dirty:12kB writeback:0kB shmem:20kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 151552kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no 11:39:44 executing program 5: r0 = syz_open_dev$evdev(&(0x7f0000000200)='/dev/input/event#\x00', 0x0, 0x0) ioctl$TIOCSBRK(r0, 0x80084504) [ 1874.942160] Node 0 DMA free:10596kB min:216kB low:268kB high:320kB active_anon:4556kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:32kB pagetables:4kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1875.005141] lowmem_reserve[]: 0 2569 2569 2569 2569 11:39:44 executing program 1: socket$nl_xfrm(0x10, 0x3, 0x6) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x20}, 0x0) write(0xffffffffffffffff, 0x0, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff}) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000480)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270f7", 0x15}], 0x0, 0x0) 11:39:44 executing program 0: set_mempolicy(0x2, &(0x7f00000000c0), 0x2) r0 = openat$ion(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/ion\x00', 0x0, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f00000001c0)={0x10010005, 0xffffffffffffffff}) [ 1875.029830] Node 0 DMA32 free:87444kB min:36384kB low:45480kB high:54576kB active_anon:1547976kB inactive_anon:1856kB active_file:5560kB inactive_file:10388kB unevictable:0kB writepending:3676kB present:3129332kB managed:2634396kB mlocked:0kB kernel_stack:10176kB pagetables:26672kB bounce:0kB free_pcp:1156kB local_pcp:412kB free_cma:0kB [ 1875.079179] lowmem_reserve[]: 0 0 0 0 0 [ 1875.089357] Node 0 Normal free:0kB min:0kB low:0kB high:0kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:0kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1875.169446] lowmem_reserve[]: 0 0 0 0 0 [ 1875.185385] Node 1 Normal free:359728kB min:53504kB low:66880kB high:80256kB active_anon:3048484kB inactive_anon:20kB active_file:1196kB inactive_file:828kB unevictable:0kB writepending:32kB present:3932160kB managed:3870192kB mlocked:0kB kernel_stack:15648kB pagetables:44956kB bounce:0kB free_pcp:1364kB local_pcp:648kB free_cma:0kB [ 1875.265283] FAT-fs (loop1): invalid media value (0x00) [ 1875.274385] lowmem_reserve[]: 0 0 0 0 0 [ 1875.277107] FAT-fs (loop1): Can't find a valid FAT filesystem [ 1875.293291] Node 0 DMA: 2*4kB (ME) 11*8kB (UEH) 7*16kB (UMH) 4*32kB (UM) 5*64kB (UEH) 2*128kB (UE) 2*256kB (EH) 4*512kB (UMEH) 3*1024kB (MEH) 2*2048kB (UE) 0*4096kB = 10640kB [ 1875.354737] Node 0 DMA32: 3036*4kB (UMEH) 2169*8kB (UMEH) 865*16kB (UMEH) 1403*32kB (UMEH) 1*64kB (H) 1*128kB (H) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 88424kB [ 1875.383417] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 1875.426575] Node 1 Normal: 1880*4kB (UMEH) 2180*8kB (UMEH) 1757*16kB (UMEH) 1595*32kB (UMEH) 132*64kB (MH) 33*128kB (MH) 122*256kB (UM) 86*512kB (UM) 0*1024kB 0*2048kB 0*4096kB = 192048kB [ 1875.459826] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1875.477971] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1875.486837] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1875.496060] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1875.515101] 4048 total pagecache pages [ 1875.519042] 0 pages in swap cache [ 1875.524528] Swap cache stats: add 0, delete 0, find 0/0 [ 1875.529925] Free swap = 0kB [ 1875.536958] Total swap = 0kB [ 1875.540095] 1965979 pages RAM [ 1875.543497] 0 pages HighMem/MovableOnly [ 1875.547476] 335855 pages reserved [ 1875.555273] 0 pages cma reserved [ 1875.558668] Out of memory: Kill process 25402 (syz-executor.1) score 1007 or sacrifice child [ 1875.567621] Killed process 25402 (syz-executor.1) total-vm:75096kB, anon-rss:16568kB, file-rss:34816kB, shmem-rss:0kB [ 1875.624043] oom_reaper: reaped process 25402 (syz-executor.1), now anon-rss:0kB, file-rss:0kB, shmem-rss:0kB 11:39:45 executing program 5: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x4, 0xe, &(0x7f0000000280)=ANY=[@ANYBLOB="b702000038000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b700000000000000950000000000000023b5922c90d1db26e58a72e306a78bbaf158fce7df486c60f7ae965121eddcd904d19ef8883600dd6f214a4a764f17b5"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0xffffff8b}, 0x48) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000040)={r0, 0x18000000000002a0, 0xe, 0x6000000, &(0x7f0000000500)="b9ff0300000d698cb89e14f088a8000f88a800008100638877fbac141421e9", 0x0, 0x100}, 0x28) socket$kcm(0x11, 0x200000000000002, 0x300) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x7a05, 0x1700) write$cgroup_int(0xffffffffffffffff, 0x0, 0x0) 11:39:45 executing program 3: socket$nl_xfrm(0x10, 0x3, 0x6) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20}, 0x0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x8001141042, 0x0) add_key$user(0x0, &(0x7f0000000040)={'syz', 0x0}, &(0x7f0000000280)='f', 0x1, 0xfffffffffffffffd) keyctl$clear(0x7, 0x0) request_key(0x0, &(0x7f0000000180)={'syz', 0x0}, 0x0, 0x0) write(r1, &(0x7f0000000000)="b6", 0xfffffe7e) pipe(&(0x7f00000001c0)={0xffffffffffffffff}) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) ioctl$TCSETXW(0xffffffffffffffff, 0x5435, &(0x7f00000000c0)={0x0, 0x0, [0x0, 0x0, 0x6, 0x2], 0x8}) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000480)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x0, 0x0) 11:39:45 executing program 4: set_mempolicy(0x2, &(0x7f00000000c0), 0x2) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) dup2(r0, r0) ioctl$ION_IOC_ALLOC(0xffffffffffffffff, 0xc0184900, &(0x7f00000001c0)={0x10010005, 0xffffffffffffffff}) 11:39:45 executing program 0: set_mempolicy(0x2, &(0x7f00000000c0), 0x2) r0 = openat$ion(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/ion\x00', 0x0, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f00000001c0)={0x10010005, 0xffffffffffffffff}) 11:39:45 executing program 4: set_mempolicy(0x2, &(0x7f00000000c0), 0x2) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) dup2(r0, r0) ioctl$ION_IOC_ALLOC(0xffffffffffffffff, 0xc0184900, &(0x7f00000001c0)={0x10010005, 0xffffffffffffffff}) 11:39:45 executing program 2: r0 = getpid() r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/schedstat\x00', 0x0, 0x0) lseek(r1, 0x1, 0x0) sendmsg$NFNL_MSG_CTHELPER_NEW(r1, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000080)={&(0x7f0000000240)={0x4c, 0x0, 0x9, 0x3, 0x0, 0x0, {0x0, 0x0, 0x8}, [@NFCTH_NAME={0x9, 0x1, 'syz0\x00'}, @NFCTH_NAME={0x9, 0x1, 'syz0\x00'}, @NFCTH_STATUS={0x8}, @NFCTH_TUPLE={0xc, 0x2, [@CTA_TUPLE_ZONE={0x6}]}, @NFCTH_NAME={0x9, 0x1, 'syz0\x00'}]}, 0x4c}}, 0x8011) sched_setscheduler(r0, 0x5, &(0x7f0000000380)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, &(0x7f0000000200)='/dev/vsock\x00', 0x0, 0x0) socket$pptp(0x18, 0x1, 0x2) openat$sequencer(0xffffffffffffff9c, 0x0, 0x801, 0x0) inotify_init1(0x0) poll(0x0, 0x0, 0x0) syz_open_dev$vivid(&(0x7f0000000540)='/dev/video#\x00', 0x0, 0x2) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000380)={[0x0, 0xf0, 0xfffffffffffffffc, 0x1, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) 11:39:45 executing program 4: r0 = openat$ion(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/ion\x00', 0x0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) dup2(r1, r1) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f00000001c0)={0x10010005, 0xffffffffffffffff}) 11:39:45 executing program 1: perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/fuse\x00', 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000240)='fuse\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) preadv(r0, &(0x7f0000000380)=[{&(0x7f0000000300)=""/101, 0x65}], 0x1, 0x0) lremovexattr(&(0x7f0000000000)='./file0\x00', &(0x7f0000000640)=ANY=[@ANYBLOB="bc93c98f0300771a147b"]) preadv(r0, &(0x7f0000000740)=[{&(0x7f0000000480)=""/164, 0xa4}], 0x1, 0x0) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0) getsockname$packet(0xffffffffffffffff, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14) write$FUSE_INIT(r0, &(0x7f0000000100)={0x50, 0x0, 0x1, {0x7, 0x1e}}, 0x50) write$FUSE_DIRENTPLUS(r0, &(0x7f00000007c0)={0x10, 0x0, 0x2}, 0x10) 11:39:45 executing program 0: set_mempolicy(0x2, &(0x7f00000000c0), 0x2) r0 = openat$ion(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/ion\x00', 0x0, 0x0) dup2(0xffffffffffffffff, 0xffffffffffffffff) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f00000001c0)={0x10010005, 0xffffffffffffffff}) 11:39:45 executing program 5: creat(&(0x7f0000000240)='./bus\x00', 0x0) creat(&(0x7f0000000080)='./bus\x00', 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clock_gettime(0x0, &(0x7f0000000280)={0x0, 0x0}) ppoll(&(0x7f0000000500)=[{r1, 0x2103, 0x64}], 0x1, &(0x7f0000000580)={0x0, r2+10000000}, 0x0, 0x0) 11:39:45 executing program 1: perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/fuse\x00', 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000240)='fuse\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) preadv(r0, &(0x7f0000000380)=[{&(0x7f0000000300)=""/101, 0x65}], 0x1, 0x0) lremovexattr(&(0x7f0000000000)='./file0\x00', &(0x7f0000000640)=ANY=[@ANYBLOB="bc93c98f0300771a147b"]) preadv(r0, &(0x7f0000000740)=[{&(0x7f0000000480)=""/164, 0xa4}], 0x1, 0x0) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0) getsockname$packet(0xffffffffffffffff, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14) write$FUSE_INIT(r0, &(0x7f0000000100)={0x50, 0x0, 0x1, {0x7, 0x1e}}, 0x50) write$FUSE_DIRENTPLUS(r0, &(0x7f00000007c0)={0x10, 0x0, 0x2}, 0x10) [ 1876.426571] syz-executor.4: page allocation failure: order:4, mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask=(null) [ 1876.440440] syz-executor.0: page allocation failure: order:4, mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask=(null) [ 1876.484773] syz-executor.0 cpuset=syz0 mems_allowed=0-1 [ 1876.508033] syz-executor.4 cpuset=syz4 mems_allowed=0-1 [ 1876.514133] CPU: 1 PID: 24375 Comm: syz-executor.0 Not tainted 4.14.170-syzkaller #0 [ 1876.522030] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1876.531408] Call Trace: [ 1876.534087] dump_stack+0x142/0x197 [ 1876.537745] warn_alloc.cold+0x96/0x1af [ 1876.541729] ? zone_watermark_ok_safe+0x2b0/0x2b0 [ 1876.546589] ? __alloc_pages_direct_compact+0x290/0x380 [ 1876.551966] __alloc_pages_slowpath+0x23c6/0x2930 [ 1876.556927] ? save_trace+0x290/0x290 [ 1876.560739] ? warn_alloc+0xf0/0xf0 [ 1876.564495] ? __might_sleep+0x93/0xb0 [ 1876.568393] __alloc_pages_nodemask+0x62c/0x7a0 [ 1876.573161] ? lock_downgrade+0x740/0x740 [ 1876.577315] ? __alloc_pages_slowpath+0x2930/0x2930 [ 1876.582346] ? save_trace+0x290/0x290 [ 1876.586157] alloc_pages_current+0xec/0x1e0 [ 1876.590489] ion_page_pool_alloc+0x11f/0x1c0 [ 1876.594903] ion_system_heap_allocate+0x138/0x910 [ 1876.599833] ? ion_alloc+0x19b/0x860 [ 1876.603547] ? rcu_read_lock_sched_held+0x110/0x130 [ 1876.608571] ? ion_system_heap_free+0x250/0x250 [ 1876.613360] ion_alloc+0x222/0x860 [ 1876.616910] ? ion_dma_buf_release+0x50/0x50 [ 1876.621329] ? kasan_check_write+0x14/0x20 [ 1876.625566] ? _copy_from_user+0x99/0x110 [ 1876.629716] ion_ioctl+0x105/0x217 [ 1876.633295] ? ion_alloc.cold+0x40/0x40 [ 1876.637409] ? ion_alloc.cold+0x40/0x40 [ 1876.641406] do_vfs_ioctl+0x7ae/0x1060 [ 1876.645300] ? selinux_file_mprotect+0x5d0/0x5d0 [ 1876.650067] ? lock_downgrade+0x740/0x740 [ 1876.654224] ? ioctl_preallocate+0x1c0/0x1c0 [ 1876.658639] ? __fget+0x237/0x370 [ 1876.662103] ? security_file_ioctl+0x89/0xb0 [ 1876.666522] SyS_ioctl+0x8f/0xc0 [ 1876.669899] ? do_vfs_ioctl+0x1060/0x1060 [ 1876.674144] do_syscall_64+0x1e8/0x640 [ 1876.678039] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1876.682905] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 1876.688100] RIP: 0033:0x45c6c9 [ 1876.691293] RSP: 002b:00007f8987cbfc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1876.698999] RAX: ffffffffffffffda RBX: 00007f8987cc06d4 RCX: 000000000045c6c9 [ 1876.706300] RDX: 00000000200001c0 RSI: 00000000c0184900 RDI: 0000000000000003 [ 1876.713574] RBP: 000000000076bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1876.720841] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 1876.728216] R13: 0000000000000360 R14: 00000000004c5b9c R15: 000000000076bf2c [ 1876.741454] CPU: 0 PID: 24369 Comm: syz-executor.4 Not tainted 4.14.170-syzkaller #0 [ 1876.749376] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1876.758756] Call Trace: [ 1876.761357] dump_stack+0x142/0x197 [ 1876.765004] warn_alloc.cold+0x96/0x1af [ 1876.768991] ? zone_watermark_ok_safe+0x2b0/0x2b0 [ 1876.773882] ? __alloc_pages_direct_compact+0x290/0x380 [ 1876.779285] __alloc_pages_slowpath+0x23c6/0x2930 [ 1876.784146] ? save_trace+0x290/0x290 [ 1876.786940] warn_alloc_show_mem: 2 callbacks suppressed [ 1876.786944] Mem-Info: [ 1876.788006] ? warn_alloc+0xf0/0xf0 [ 1876.788029] ? __might_sleep+0x93/0xb0 [ 1876.788042] __alloc_pages_nodemask+0x62c/0x7a0 [ 1876.788055] ? lock_downgrade+0x740/0x740 [ 1876.788067] ? __alloc_pages_slowpath+0x2930/0x2930 [ 1876.788086] alloc_pages_current+0xec/0x1e0 [ 1876.788099] ion_page_pool_alloc+0x11f/0x1c0 [ 1876.794056] active_anon:1146680 inactive_anon:473 isolated_anon:48 [ 1876.794056] active_file:2123 inactive_file:6143 isolated_file:24 [ 1876.794056] unevictable:0 dirty:97 writeback:3050 unstable:0 [ 1876.794056] slab_reclaimable:21754 slab_unreclaimable:125117 [ 1876.794056] mapped:55147 shmem:529 pagetables:17901 bounce:0 [ 1876.794056] free:67502 free_pcp:331 free_cma:0 [ 1876.796094] ion_system_heap_allocate+0x138/0x910 [ 1876.796106] ? ion_alloc+0x19b/0x860 [ 1876.796118] ? rcu_read_lock_sched_held+0x110/0x130 [ 1876.796130] ? ion_system_heap_free+0x250/0x250 [ 1876.796145] ion_alloc+0x222/0x860 [ 1876.796162] ? ion_dma_buf_release+0x50/0x50 [ 1876.796178] ? kasan_check_write+0x14/0x20 [ 1876.796188] ? _copy_from_user+0x99/0x110 [ 1876.796200] ion_ioctl+0x105/0x217 [ 1876.800325] Node 0 active_anon:1554872kB inactive_anon:1892kB active_file:7288kB inactive_file:20368kB unevictable:0kB isolated(anon):96kB isolated(file):96kB mapped:218648kB dirty:244kB writeback:8800kB shmem:2116kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 815104kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1876.803701] ? ion_alloc.cold+0x40/0x40 [ 1876.803718] ? ion_alloc.cold+0x40/0x40 [ 1876.803731] do_vfs_ioctl+0x7ae/0x1060 [ 1876.803744] ? selinux_file_mprotect+0x5d0/0x5d0 [ 1876.803755] ? lock_downgrade+0x740/0x740 [ 1876.803767] ? ioctl_preallocate+0x1c0/0x1c0 [ 1876.803781] ? __fget+0x237/0x370 [ 1876.803796] ? security_file_ioctl+0x89/0xb0 [ 1876.803808] SyS_ioctl+0x8f/0xc0 [ 1876.808865] Node 1 active_anon:3031848kB inactive_anon:0kB active_file:1204kB inactive_file:4204kB unevictable:0kB isolated(anon):96kB isolated(file):0kB mapped:1940kB dirty:144kB writeback:3400kB shmem:0kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 151552kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1876.812616] ? do_vfs_ioctl+0x1060/0x1060 [ 1876.812630] do_syscall_64+0x1e8/0x640 [ 1876.812641] ? trace_hardirqs_off_thunk+0x1a/0x1c 11:39:46 executing program 1: perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/fuse\x00', 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000240)='fuse\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) preadv(r0, &(0x7f0000000380)=[{&(0x7f0000000300)=""/101, 0x65}], 0x1, 0x0) lremovexattr(&(0x7f0000000000)='./file0\x00', &(0x7f0000000640)=ANY=[@ANYBLOB="bc93c98f0300771a147b"]) preadv(r0, &(0x7f0000000740)=[{&(0x7f0000000480)=""/164, 0xa4}], 0x1, 0x0) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0) getsockname$packet(0xffffffffffffffff, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14) write$FUSE_INIT(r0, &(0x7f0000000100)={0x50, 0x0, 0x1, {0x7, 0x1e}}, 0x50) write$FUSE_DIRENTPLUS(r0, &(0x7f00000007c0)={0x10, 0x0, 0x2}, 0x10) [ 1876.812658] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 1876.812667] RIP: 0033:0x45c6c9 [ 1876.812672] RSP: 002b:00007f475dc27c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1876.812683] RAX: ffffffffffffffda RBX: 00007f475dc286d4 RCX: 000000000045c6c9 [ 1876.812690] RDX: 00000000200001c0 RSI: 00000000c0184900 RDI: 0000000000000003 [ 1876.812695] RBP: 000000000076bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1876.812701] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 1876.812706] R13: 0000000000000360 R14: 00000000004c5b9c R15: 000000000076bf2c 11:39:46 executing program 3: socket$nl_xfrm(0x10, 0x3, 0x6) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20}, 0x0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x8001141042, 0x0) add_key$user(0x0, &(0x7f0000000040)={'syz', 0x0}, &(0x7f0000000280)='f', 0x1, 0xfffffffffffffffd) keyctl$clear(0x7, 0x0) request_key(0x0, &(0x7f0000000180)={'syz', 0x0}, 0x0, 0x0) write(r1, &(0x7f0000000000)="b6", 0xfffffe7e) pipe(&(0x7f00000001c0)={0xffffffffffffffff}) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) ioctl$TCSETXW(0xffffffffffffffff, 0x5435, &(0x7f00000000c0)={0x0, 0x0, [0x0, 0x0, 0x6, 0x2], 0x8}) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000480)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x0, 0x0) [ 1877.104477] Node 0 DMA free:10640kB min:216kB low:268kB high:320kB active_anon:4556kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:32kB pagetables:4kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1877.143516] lowmem_reserve[]: 0 2569 2569 2569 2569 [ 1877.150769] Node 0 DMA32 free:122924kB min:36384kB low:45480kB high:54576kB active_anon:1548468kB inactive_anon:1904kB active_file:7296kB inactive_file:20456kB unevictable:0kB writepending:268kB present:3129332kB managed:2634396kB mlocked:0kB kernel_stack:10464kB pagetables:26708kB bounce:0kB free_pcp:1016kB local_pcp:328kB free_cma:0kB [ 1877.181409] lowmem_reserve[]: 0 0 0 0 0 [ 1877.185502] Node 0 Normal free:0kB min:0kB low:0kB high:0kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:0kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1877.223477] lowmem_reserve[]: 0 0 0 0 0 [ 1877.227662] Node 1 Normal free:139536kB min:53504kB low:66880kB high:80256kB active_anon:3031848kB inactive_anon:0kB active_file:1208kB inactive_file:4216kB unevictable:0kB writepending:44kB present:3932160kB managed:3870192kB mlocked:0kB kernel_stack:15456kB pagetables:44812kB bounce:0kB free_pcp:684kB local_pcp:684kB free_cma:0kB [ 1877.262678] lowmem_reserve[]: 0 0 0 0 0 [ 1877.266933] Node 0 DMA: 2*4kB (ME) 11*8kB (UEH) 7*16kB (UMH) 4*32kB (UM) 5*64kB (UEH) 2*128kB (UE) 2*256kB (EH) 4*512kB (UMEH) 3*1024kB (MEH) 2*2048kB (UE) 0*4096kB = 10640kB [ 1877.288001] Node 0 DMA32: 1388*4kB (UE) 3131*8kB (UME) 2382*16kB (UME) 1334*32kB (UME) 1*64kB (M) 0*128kB 0*256kB 0*512kB 0*1024kB 1*2048kB (M) 0*4096kB = 113512kB 11:39:46 executing program 4: r0 = openat$ion(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/ion\x00', 0x0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) dup2(r1, r1) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f00000001c0)={0x10010005, 0xffffffffffffffff}) [ 1877.308073] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 1877.319730] Node 1 Normal: 1736*4kB (UMEH) 4386*8kB (UMEH) 2734*16kB (UEH) 1598*32kB (UEH) 7*64kB (UH) 17*128kB (UH) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 139536kB [ 1877.346295] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1877.404790] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1877.441857] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1877.466510] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1877.526568] 5824 total pagecache pages [ 1877.556759] 0 pages in swap cache [ 1877.563943] Swap cache stats: add 0, delete 0, find 0/0 [ 1877.576175] Free swap = 0kB [ 1877.583815] Total swap = 0kB [ 1877.612862] 1965979 pages RAM [ 1877.619625] 0 pages HighMem/MovableOnly [ 1877.637973] 335855 pages reserved [ 1877.654169] 0 pages cma reserved 11:39:47 executing program 1: perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/fuse\x00', 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000240)='fuse\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) preadv(r0, &(0x7f0000000380)=[{&(0x7f0000000300)=""/101, 0x65}], 0x1, 0x0) lremovexattr(&(0x7f0000000000)='./file0\x00', &(0x7f0000000640)=ANY=[@ANYBLOB="bc93c98f0300771a147b"]) preadv(r0, &(0x7f0000000740)=[{&(0x7f0000000480)=""/164, 0xa4}], 0x1, 0x0) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0) getsockname$packet(0xffffffffffffffff, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14) write$FUSE_INIT(r0, &(0x7f0000000100)={0x50, 0x0, 0x1, {0x7, 0x1e}}, 0x50) write$FUSE_DIRENTPLUS(r0, &(0x7f00000007c0)={0x10, 0x0, 0x2}, 0x10) 11:39:47 executing program 4: r0 = openat$ion(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/ion\x00', 0x0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) dup2(r1, r1) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f00000001c0)={0x10010005, 0xffffffffffffffff}) 11:39:47 executing program 1: perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/fuse\x00', 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000240)='fuse\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) preadv(r0, &(0x7f0000000380)=[{&(0x7f0000000300)=""/101, 0x65}], 0x1, 0x0) lremovexattr(&(0x7f0000000000)='./file0\x00', &(0x7f0000000640)=ANY=[@ANYBLOB="bc93c98f0300771a147b"]) preadv(r0, &(0x7f0000000740)=[{&(0x7f0000000480)=""/164, 0xa4}], 0x1, 0x0) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0) getsockname$packet(0xffffffffffffffff, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14) write$FUSE_INIT(r0, &(0x7f0000000100)={0x50, 0x0, 0x1, {0x7, 0x1e}}, 0x50) write$FUSE_DIRENTPLUS(r0, &(0x7f00000007c0)={0x10, 0x0, 0x2}, 0x10) 11:39:48 executing program 2: r0 = getpid() r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/schedstat\x00', 0x0, 0x0) lseek(r1, 0x1, 0x0) sendmsg$NFNL_MSG_CTHELPER_NEW(r1, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000080)={&(0x7f0000000240)={0x4c, 0x0, 0x9, 0x3, 0x0, 0x0, {0x0, 0x0, 0x8}, [@NFCTH_NAME={0x9, 0x1, 'syz0\x00'}, @NFCTH_NAME={0x9, 0x1, 'syz0\x00'}, @NFCTH_STATUS={0x8}, @NFCTH_TUPLE={0xc, 0x2, [@CTA_TUPLE_ZONE={0x6}]}, @NFCTH_NAME={0x9, 0x1, 'syz0\x00'}]}, 0x4c}}, 0x8011) sched_setscheduler(r0, 0x5, &(0x7f0000000380)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, &(0x7f0000000200)='/dev/vsock\x00', 0x0, 0x0) socket$pptp(0x18, 0x1, 0x2) openat$sequencer(0xffffffffffffff9c, 0x0, 0x801, 0x0) inotify_init1(0x0) poll(0x0, 0x0, 0x0) syz_open_dev$vivid(&(0x7f0000000540)='/dev/video#\x00', 0x0, 0x2) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000380)={[0x0, 0xf0, 0xfffffffffffffffc, 0x1, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) 11:39:48 executing program 3: socket$nl_xfrm(0x10, 0x3, 0x6) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20}, 0x0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x8001141042, 0x0) add_key$user(0x0, &(0x7f0000000040)={'syz', 0x0}, &(0x7f0000000280)='f', 0x1, 0xfffffffffffffffd) keyctl$clear(0x7, 0x0) request_key(0x0, &(0x7f0000000180)={'syz', 0x0}, 0x0, 0x0) write(r1, &(0x7f0000000000)="b6", 0xfffffe7e) pipe(&(0x7f00000001c0)={0xffffffffffffffff}) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) ioctl$TCSETXW(0xffffffffffffffff, 0x5435, &(0x7f00000000c0)={0x0, 0x0, [0x0, 0x0, 0x6, 0x2], 0x8}) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000480)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x0, 0x0) 11:39:48 executing program 5: unshare(0x6c060000) socket$netlink(0x10, 0x3, 0x0) r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000240)="24000000180007841dfffd946f61050002008100fd038b0502000800080005000400ff7e", 0x24}], 0x1}, 0x0) 11:39:48 executing program 0: set_mempolicy(0x2, &(0x7f00000000c0), 0x2) r0 = openat$ion(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/ion\x00', 0x0, 0x0) dup2(0xffffffffffffffff, 0xffffffffffffffff) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f00000001c0)={0x10010005, 0xffffffffffffffff}) 11:39:48 executing program 4: set_mempolicy(0x0, &(0x7f00000000c0), 0x2) r0 = openat$ion(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/ion\x00', 0x0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) dup2(r1, r1) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f00000001c0)={0x10010005, 0xffffffffffffffff}) 11:39:48 executing program 1: perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/fuse\x00', 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000240)='fuse\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) preadv(r0, &(0x7f0000000380)=[{&(0x7f0000000300)=""/101, 0x65}], 0x1, 0x0) lremovexattr(&(0x7f0000000000)='./file0\x00', &(0x7f0000000640)=ANY=[@ANYBLOB="bc93c98f"]) preadv(r0, &(0x7f0000000740)=[{&(0x7f0000000480)=""/164, 0xa4}], 0x1, 0x0) write$FUSE_INIT(r0, &(0x7f0000000100)={0x50, 0x0, 0x1, {0x7, 0x1e}}, 0x50) write$FUSE_DIRENTPLUS(r0, &(0x7f00000007c0)={0x10, 0x0, 0x2}, 0x10) 11:39:48 executing program 0: set_mempolicy(0x2, &(0x7f00000000c0), 0x2) r0 = openat$ion(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/ion\x00', 0x0, 0x0) dup2(0xffffffffffffffff, 0xffffffffffffffff) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f00000001c0)={0x10010005, 0xffffffffffffffff}) 11:39:49 executing program 1: perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/fuse\x00', 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000240)='fuse\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) preadv(r0, &(0x7f0000000380)=[{&(0x7f0000000300)=""/101, 0x65}], 0x1, 0x0) lremovexattr(&(0x7f0000000000)='./file0\x00', &(0x7f0000000640)=ANY=[@ANYBLOB="bc93c98f"]) preadv(r0, &(0x7f0000000740)=[{&(0x7f0000000480)=""/164, 0xa4}], 0x1, 0x0) write$FUSE_INIT(r0, &(0x7f0000000100)={0x50, 0x0, 0x1, {0x7, 0x1e}}, 0x50) write$FUSE_DIRENTPLUS(r0, &(0x7f00000007c0)={0x10, 0x0, 0x2}, 0x10) [ 1879.871553] IPVS: ftp: loaded support on port[0] = 21 [ 1879.956120] syz-executor.4: page allocation failure: order:4, mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask=(null) [ 1879.969058] syz-executor.4 cpuset=syz4 mems_allowed=0-1 [ 1879.981160] CPU: 0 PID: 24448 Comm: syz-executor.4 Not tainted 4.14.170-syzkaller #0 [ 1879.989179] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1879.998655] Call Trace: [ 1880.001534] dump_stack+0x142/0x197 [ 1880.005409] warn_alloc.cold+0x96/0x1af [ 1880.009510] ? zone_watermark_ok_safe+0x2b0/0x2b0 [ 1880.014375] ? __alloc_pages_direct_compact+0x290/0x380 [ 1880.020016] __alloc_pages_slowpath+0x23c6/0x2930 [ 1880.025086] ? save_trace+0x290/0x290 [ 1880.029554] ? warn_alloc+0xf0/0xf0 [ 1880.033240] ? __might_sleep+0x93/0xb0 [ 1880.037147] __alloc_pages_nodemask+0x62c/0x7a0 [ 1880.042225] ? lock_downgrade+0x740/0x740 [ 1880.046389] ? __alloc_pages_slowpath+0x2930/0x2930 [ 1880.051565] alloc_pages_current+0xec/0x1e0 [ 1880.056071] ion_page_pool_alloc+0x11f/0x1c0 [ 1880.060498] ion_system_heap_allocate+0x138/0x910 [ 1880.065355] ? ion_alloc+0x19b/0x860 [ 1880.069092] ? rcu_read_lock_sched_held+0x110/0x130 [ 1880.074146] ? ion_system_heap_free+0x250/0x250 [ 1880.079086] ion_alloc+0x222/0x860 [ 1880.082660] ? ion_dma_buf_release+0x50/0x50 [ 1880.087257] ? kasan_check_write+0x14/0x20 [ 1880.091558] ? _copy_from_user+0x99/0x110 [ 1880.095841] ion_ioctl+0x105/0x217 [ 1880.099384] ? ion_alloc.cold+0x40/0x40 [ 1880.103731] ? ion_alloc.cold+0x40/0x40 [ 1880.107922] do_vfs_ioctl+0x7ae/0x1060 [ 1880.111875] ? selinux_file_mprotect+0x5d0/0x5d0 [ 1880.116641] ? lock_downgrade+0x740/0x740 [ 1880.120968] ? ioctl_preallocate+0x1c0/0x1c0 [ 1880.125506] ? __fget+0x237/0x370 [ 1880.128960] ? security_file_ioctl+0x89/0xb0 [ 1880.133512] SyS_ioctl+0x8f/0xc0 [ 1880.136877] ? do_vfs_ioctl+0x1060/0x1060 [ 1880.141024] do_syscall_64+0x1e8/0x640 [ 1880.144921] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1880.149768] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 1880.155006] RIP: 0033:0x45c6c9 [ 1880.158190] RSP: 002b:00007f475dc27c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1880.165898] RAX: ffffffffffffffda RBX: 00007f475dc286d4 RCX: 000000000045c6c9 [ 1880.173175] RDX: 00000000200001c0 RSI: 00000000c0184900 RDI: 0000000000000003 [ 1880.180619] RBP: 000000000076bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1880.188151] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 1880.195621] R13: 0000000000000360 R14: 00000000004c5b9c R15: 000000000076bf2c [ 1880.245183] syz-executor.0: page allocation failure: order:4, mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask=(null) [ 1880.258339] syz-executor.0 cpuset=syz0 mems_allowed=0-1 [ 1880.264458] CPU: 0 PID: 24452 Comm: syz-executor.0 Not tainted 4.14.170-syzkaller #0 [ 1880.272395] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1880.282062] Call Trace: [ 1880.284667] dump_stack+0x142/0x197 [ 1880.288412] warn_alloc.cold+0x96/0x1af [ 1880.292538] ? zone_watermark_ok_safe+0x2b0/0x2b0 [ 1880.297406] ? __alloc_pages_direct_compact+0x290/0x380 [ 1880.302947] __alloc_pages_slowpath+0x23c6/0x2930 [ 1880.307814] ? save_trace+0x290/0x290 [ 1880.311844] ? warn_alloc+0xf0/0xf0 [ 1880.315496] ? __might_sleep+0x93/0xb0 [ 1880.319548] __alloc_pages_nodemask+0x62c/0x7a0 [ 1880.324528] ? lock_downgrade+0x740/0x740 [ 1880.328694] ? __alloc_pages_slowpath+0x2930/0x2930 [ 1880.333736] ? save_trace+0x290/0x290 [ 1880.337694] alloc_pages_current+0xec/0x1e0 [ 1880.342042] ion_page_pool_alloc+0x11f/0x1c0 [ 1880.346464] ion_system_heap_allocate+0x138/0x910 [ 1880.351348] ? ion_alloc+0x19b/0x860 [ 1880.355103] ? rcu_read_lock_sched_held+0x110/0x130 [ 1880.360136] ? ion_system_heap_free+0x250/0x250 [ 1880.364910] ion_alloc+0x222/0x860 [ 1880.368719] ? ion_dma_buf_release+0x50/0x50 [ 1880.373285] ? kasan_check_write+0x14/0x20 [ 1880.377849] ? _copy_from_user+0x99/0x110 [ 1880.382024] ion_ioctl+0x105/0x217 [ 1880.386096] ? ion_alloc.cold+0x40/0x40 [ 1880.390091] ? ion_alloc.cold+0x40/0x40 [ 1880.394080] do_vfs_ioctl+0x7ae/0x1060 [ 1880.397984] ? selinux_file_mprotect+0x5d0/0x5d0 [ 1880.402952] ? lock_downgrade+0x740/0x740 [ 1880.407264] ? ioctl_preallocate+0x1c0/0x1c0 [ 1880.410636] warn_alloc_show_mem: 1 callbacks suppressed [ 1880.410640] Mem-Info: [ 1880.411704] ? __fget+0x237/0x370 [ 1880.411724] ? security_file_ioctl+0x89/0xb0 [ 1880.411741] SyS_ioctl+0x8f/0xc0 [ 1880.417828] active_anon:1146183 inactive_anon:477 isolated_anon:7 [ 1880.417828] active_file:998 inactive_file:7533 isolated_file:0 [ 1880.417828] unevictable:0 dirty:62 writeback:2381 unstable:0 [ 1880.417828] slab_reclaimable:21635 slab_unreclaimable:124528 [ 1880.417828] mapped:55302 shmem:531 pagetables:17920 bounce:0 [ 1880.417828] free:65018 free_pcp:86 free_cma:0 [ 1880.419930] ? do_vfs_ioctl+0x1060/0x1060 [ 1880.419944] do_syscall_64+0x1e8/0x640 [ 1880.419955] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1880.419974] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 1880.428955] Node 0 active_anon:1552908kB inactive_anon:1908kB active_file:3916kB inactive_file:30104kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:221112kB dirty:244kB writeback:9524kB shmem:2124kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 808960kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1880.431450] RIP: 0033:0x45c6c9 [ 1880.431455] RSP: 002b:00007f8987cbfc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1880.431465] RAX: ffffffffffffffda RBX: 00007f8987cc06d4 RCX: 000000000045c6c9 [ 1880.431469] RDX: 00000000200001c0 RSI: 00000000c0184900 RDI: 0000000000000003 [ 1880.431474] RBP: 000000000076bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1880.431479] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 1880.431485] R13: 0000000000000360 R14: 00000000004c5b9c R15: 000000000076bf2c 11:39:49 executing program 1: perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/fuse\x00', 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000240)='fuse\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) preadv(r0, &(0x7f0000000380)=[{&(0x7f0000000300)=""/101, 0x65}], 0x1, 0x0) lremovexattr(&(0x7f0000000000)='./file0\x00', &(0x7f0000000640)=ANY=[@ANYBLOB="bc93"]) preadv(r0, &(0x7f0000000740)=[{&(0x7f0000000480)=""/164, 0xa4}], 0x1, 0x0) write$FUSE_INIT(r0, &(0x7f0000000100)={0x50, 0x0, 0x1, {0x7, 0x1e}}, 0x50) write$FUSE_DIRENTPLUS(r0, &(0x7f00000007c0)={0x10, 0x0, 0x2}, 0x10) 11:39:49 executing program 3: socket$nl_xfrm(0x10, 0x3, 0x6) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x8001141042, 0x0) add_key$user(0x0, &(0x7f0000000040)={'syz', 0x0}, &(0x7f0000000280)='f', 0x1, 0xfffffffffffffffd) keyctl$clear(0x7, 0x0) request_key(0x0, &(0x7f0000000180)={'syz', 0x0}, 0x0, 0x0) write(r1, &(0x7f0000000000)="b6", 0xfffffe7e) pipe(&(0x7f00000001c0)={0xffffffffffffffff}) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) ioctl$TCSETXW(0xffffffffffffffff, 0x5435, &(0x7f00000000c0)={0x0, 0x0, [0x0, 0x0, 0x6, 0x2], 0x8}) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000480)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x0, 0x0) [ 1880.572174] Node 1 active_anon:3031824kB inactive_anon:0kB active_file:76kB inactive_file:28kB unevictable:0kB isolated(anon):28kB isolated(file):0kB mapped:96kB dirty:4kB writeback:0kB shmem:0kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 151552kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1880.601569] Node 0 DMA free:10640kB min:216kB low:268kB high:320kB active_anon:4556kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:32kB pagetables:4kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1880.630493] lowmem_reserve[]: 0 2569 2569 2569 2569 [ 1880.635851] Node 0 DMA32 free:88508kB min:36384kB low:45480kB high:54576kB active_anon:1548152kB inactive_anon:1908kB active_file:3916kB inactive_file:30304kB unevictable:0kB writepending:168kB present:3129332kB managed:2634396kB mlocked:0kB kernel_stack:10304kB pagetables:26716kB bounce:0kB free_pcp:500kB local_pcp:312kB free_cma:0kB [ 1880.699972] lowmem_reserve[]: 0 0 0 0 0 [ 1880.711474] Node 0 Normal free:0kB min:0kB low:0kB high:0kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:0kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1880.737903] lowmem_reserve[]: 0 0 0 0 0 [ 1880.742687] Node 1 Normal free:135544kB min:53504kB low:66880kB high:80256kB active_anon:3031824kB inactive_anon:0kB active_file:76kB inactive_file:28kB unevictable:0kB writepending:4kB present:3932160kB managed:3870192kB mlocked:0kB kernel_stack:15488kB pagetables:44812kB bounce:0kB free_pcp:64kB local_pcp:0kB free_cma:0kB [ 1880.780985] lowmem_reserve[]: 0 0 0 0 0 [ 1880.785324] Node 0 DMA: 3*4kB (UME) 4*8kB (UEH) 4*16kB (UMH) 4*32kB (UM) 5*64kB (UEH) 2*128kB (UE) 2*256kB (EH) 4*512kB (UMEH) 3*1024kB (MEH) 2*2048kB (UE) 0*4096kB = 10540kB [ 1880.802295] Node 0 DMA32: 1*4kB (M) 0*8kB 153*16kB (U) 1343*32kB (UE) 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 45428kB [ 1880.815928] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 1880.837707] Node 1 Normal: 38*4kB (MEH) 38*8kB (MEH) 1647*16kB (UMEH) 1566*32kB (UMEH) 5*64kB (H) 7*128kB (H) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 78136kB [ 1880.859710] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1880.869867] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1880.879560] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1880.889620] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1880.905914] 7278 total pagecache pages 11:39:50 executing program 1: perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/fuse\x00', 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000240)='fuse\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) preadv(r0, &(0x7f0000000380)=[{&(0x7f0000000300)=""/101, 0x65}], 0x1, 0x0) lremovexattr(&(0x7f0000000000)='./file0\x00', &(0x7f0000000640)=ANY=[@ANYBLOB="bc93"]) preadv(r0, &(0x7f0000000740)=[{&(0x7f0000000480)=""/164, 0xa4}], 0x1, 0x0) write$FUSE_INIT(r0, &(0x7f0000000100)={0x50, 0x0, 0x1, {0x7, 0x1e}}, 0x50) write$FUSE_DIRENTPLUS(r0, &(0x7f00000007c0)={0x10, 0x0, 0x2}, 0x10) [ 1880.910572] 0 pages in swap cache [ 1880.914521] Swap cache stats: add 0, delete 0, find 0/0 [ 1880.920703] Free swap = 0kB [ 1880.925168] Total swap = 0kB [ 1880.928766] 1965979 pages RAM [ 1880.933160] 0 pages HighMem/MovableOnly [ 1880.937425] 335855 pages reserved [ 1880.941309] 0 pages cma reserved [ 1881.173396] udevd invoked oom-killer: gfp_mask=0x14040c0(GFP_KERNEL|__GFP_COMP), nodemask=(null), order=1, oom_score_adj=-1000 [ 1881.279954] udevd cpuset=/ mems_allowed=0-1 [ 1881.295574] CPU: 0 PID: 3716 Comm: udevd Not tainted 4.14.170-syzkaller #0 [ 1881.302750] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1881.312262] Call Trace: [ 1881.314857] dump_stack+0x142/0x197 [ 1881.318631] dump_header+0x177/0x6cd [ 1881.322431] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 1881.327526] ? ___ratelimit+0x55/0x537 [ 1881.331412] oom_kill_process.cold+0x10/0xadd [ 1881.336060] ? oom_unkillable_task+0x294/0x390 [ 1881.340648] ? lock_downgrade+0x740/0x740 [ 1881.344807] out_of_memory+0x2ee/0x1180 [ 1881.349003] ? lock_acquire+0x16f/0x430 [ 1881.352978] ? oom_killer_disable+0x1d0/0x1d0 [ 1881.357471] ? __alloc_pages_slowpath+0xca4/0x2930 [ 1881.362620] __alloc_pages_slowpath+0x2251/0x2930 [ 1881.367475] ? warn_alloc+0xf0/0xf0 [ 1881.371168] ? __might_sleep+0x93/0xb0 [ 1881.375059] __alloc_pages_nodemask+0x62c/0x7a0 [ 1881.379727] ? __alloc_pages_slowpath+0x2930/0x2930 [ 1881.384843] ? ____cache_alloc_node+0x1be/0x1d0 [ 1881.389523] ? cache_grow_begin+0x335/0x400 [ 1881.393843] cache_grow_begin+0x80/0x400 [ 1881.397994] ? __cpuset_node_allowed+0xff/0x450 [ 1881.402663] fallback_alloc+0x1fd/0x2c0 [ 1881.406813] ____cache_alloc_node+0x1be/0x1d0 [ 1881.411461] kmem_cache_alloc+0x1f3/0x780 [ 1881.415609] getname_flags+0xcb/0x580 [ 1881.419491] ? mntput_no_expire+0xfa/0x850 [ 1881.423737] ? dput.part.0+0x170/0x750 [ 1881.427623] user_path_at_empty+0x2f/0x50 [ 1881.431771] SyS_readlink+0xb7/0x290 [ 1881.435708] ? SyS_readlinkat+0x2a0/0x2a0 [ 1881.439904] ? do_syscall_64+0x53/0x640 [ 1881.443890] ? SyS_readlinkat+0x2a0/0x2a0 [ 1881.448049] do_syscall_64+0x1e8/0x640 [ 1881.451937] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1881.456790] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 1881.461979] RIP: 0033:0x7f77f098c577 [ 1881.465728] RSP: 002b:00007fff787a79d8 EFLAGS: 00000246 ORIG_RAX: 0000000000000059 [ 1881.473553] RAX: ffffffffffffffda RBX: 00000000018f6030 RCX: 00007f77f098c577 [ 1881.481016] RDX: 0000000000000400 RSI: 00007fff787a79e0 RDI: 00007fff787a7ec0 [ 1881.488489] RBP: 00007fff787a8720 R08: 00007fff787a8720 R09: 00007f77f09e0de0 [ 1881.495943] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff787a7ec0 [ 1881.503331] R13: 0000000000000400 R14: 0000000001903ec0 R15: 00000000018f6030 [ 1881.639263] Mem-Info: [ 1881.658199] active_anon:1146118 inactive_anon:470 isolated_anon:0 [ 1881.658199] active_file:151 inactive_file:168 isolated_file:22 [ 1881.658199] unevictable:0 dirty:9 writeback:3 unstable:0 [ 1881.658199] slab_reclaimable:21424 slab_unreclaimable:124508 [ 1881.658199] mapped:52531 shmem:523 pagetables:17829 bounce:0 [ 1881.658199] free:24916 free_pcp:154 free_cma:0 [ 1881.701612] Node 0 active_anon:1552692kB inactive_anon:1876kB active_file:560kB inactive_file:656kB unevictable:0kB isolated(anon):0kB isolated(file):88kB mapped:210072kB dirty:36kB writeback:12kB shmem:2088kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 808960kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1881.784003] Node 1 active_anon:3031780kB inactive_anon:4kB active_file:44kB inactive_file:16kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:52kB dirty:0kB writeback:0kB shmem:4kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 151552kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 1881.813564] Node 0 DMA free:10480kB min:216kB low:268kB high:320kB active_anon:4556kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:32kB pagetables:4kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1881.841561] lowmem_reserve[]: 0 2569 2569 2569 2569 [ 1881.847004] Node 0 DMA32 free:36536kB min:36384kB low:45480kB high:54576kB active_anon:1548116kB inactive_anon:1876kB active_file:452kB inactive_file:456kB unevictable:0kB writepending:16kB present:3129332kB managed:2634396kB mlocked:0kB kernel_stack:10144kB pagetables:26540kB bounce:0kB free_pcp:228kB local_pcp:112kB free_cma:0kB [ 1881.910101] lowmem_reserve[]: 0 0 0 0 0 [ 1881.914285] Node 0 Normal free:0kB min:0kB low:0kB high:0kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:0kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1881.952460] lowmem_reserve[]: 0 0 0 0 0 [ 1881.980141] Node 1 Normal free:286324kB min:53504kB low:66880kB high:80256kB active_anon:3031780kB inactive_anon:4kB active_file:48kB inactive_file:12kB unevictable:0kB writepending:4kB present:3932160kB managed:3870192kB mlocked:0kB kernel_stack:15488kB pagetables:44812kB bounce:0kB free_pcp:208kB local_pcp:92kB free_cma:0kB [ 1882.069452] lowmem_reserve[]: 0 0 0 0 0 [ 1882.076311] Node 0 DMA: 2*4kB (ME) 3*8kB (EH) 3*16kB (UMH) 3*32kB (UM) 5*64kB (UEH) 2*128kB (UE) 2*256kB (EH) 4*512kB (UMEH) 3*1024kB (MEH) 2*2048kB (UE) 0*4096kB = 10480kB [ 1882.098737] Node 0 DMA32: 2476*4kB (ME) 813*8kB (UME) 123*16kB (UM) 557*32kB (UMEH) 16*64kB (UM) 0*128kB 0*256kB 0*512kB 0*1024kB 2*2048kB (U) 1*4096kB (U) = 45416kB [ 1882.150906] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 1882.165924] Node 1 Normal: 38*4kB (UEH) 37*8kB (EH) 18*16kB (UEH) 505*32kB (UEH) 389*64kB (UH) 7*128kB (H) 1*256kB (M) 0*512kB 66*1024kB (U) 30*2048kB (UM) 31*4096kB (U) = 298944kB 11:39:51 executing program 4: set_mempolicy(0x0, &(0x7f00000000c0), 0x2) r0 = openat$ion(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/ion\x00', 0x0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) dup2(r1, r1) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f00000001c0)={0x10010005, 0xffffffffffffffff}) [ 1882.198782] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1882.212531] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1882.222777] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1882.238908] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1882.266328] 4731 total pagecache pages [ 1882.278403] 0 pages in swap cache [ 1882.286472] Swap cache stats: add 0, delete 0, find 0/0 [ 1882.302445] Free swap = 0kB [ 1882.308889] Total swap = 0kB [ 1882.319273] 1965979 pages RAM [ 1882.337207] 0 pages HighMem/MovableOnly [ 1882.345755] 335855 pages reserved [ 1882.354241] 0 pages cma reserved [ 1882.361093] Out of memory: Kill process 25572 (syz-executor.1) score 1007 or sacrifice child [ 1882.379785] Killed process 25572 (syz-executor.1) total-vm:75096kB, anon-rss:16568kB, file-rss:34816kB, shmem-rss:0kB [ 1882.523601] oom_reaper: reaped process 25572 (syz-executor.1), now anon-rss:0kB, file-rss:0kB, shmem-rss:0kB 11:39:51 executing program 0: set_mempolicy(0x2, &(0x7f00000000c0), 0x2) dup2(0xffffffffffffffff, 0xffffffffffffffff) ioctl$ION_IOC_ALLOC(0xffffffffffffffff, 0xc0184900, &(0x7f00000001c0)={0x10010005, 0xffffffffffffffff}) 11:39:51 executing program 1: perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/fuse\x00', 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000240)='fuse\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) preadv(r0, &(0x7f0000000380)=[{&(0x7f0000000300)=""/101, 0x65}], 0x1, 0x0) lremovexattr(&(0x7f0000000000)='./file0\x00', &(0x7f0000000640)=ANY=[@ANYBLOB="bc93"]) preadv(r0, &(0x7f0000000740)=[{&(0x7f0000000480)=""/164, 0xa4}], 0x1, 0x0) write$FUSE_INIT(r0, &(0x7f0000000100)={0x50, 0x0, 0x1, {0x7, 0x1e}}, 0x50) write$FUSE_DIRENTPLUS(r0, &(0x7f00000007c0)={0x10, 0x0, 0x2}, 0x10) 11:39:51 executing program 5: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = memfd_create(&(0x7f0000000340)='-B\xd5NI\xc5j\xbappp\xf0\b\x84\xa2m\x00:)\x00\xbb\x8d\xac\xacva}knh#\xcb)\x0f\xc8\xc0:\x9cc\x10d\xee\xa9\x8bCc\xad\x89\x9ck\xde\xc5\xe96\xddU\xa9=\xcdJx\xaa\x8f~\xb90a\xa9\xb2\x04K\x98\x93?\x88Q\xf7\xd6\x1d\xa1\xce\x8b\x19\xea\xef\xe3\xab\xb6\xa5$4\xd6\xfe7\x0f\xe7\xd9$\xce \xabN\xae\xc9\xbd\xd3g@\xe1\'s\x0e\x90\xf2\xcdr\xb8(', 0x0) write(r2, &(0x7f0000000240)="b156d417452c8f6d46edb3b1077f2aba", 0x10) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x11, r2, 0x0) sendfile(r2, r2, &(0x7f0000000200), 0xff8) creat(&(0x7f0000000040)='./bus\x00', 0x0) 11:39:51 executing program 2: r0 = getpid() r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/schedstat\x00', 0x0, 0x0) lseek(r1, 0x1, 0x0) sendmsg$NFNL_MSG_CTHELPER_NEW(r1, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000080)={&(0x7f0000000240)={0x4c, 0x0, 0x9, 0x3, 0x0, 0x0, {0x0, 0x0, 0x8}, [@NFCTH_NAME={0x9, 0x1, 'syz0\x00'}, @NFCTH_NAME={0x9, 0x1, 'syz0\x00'}, @NFCTH_STATUS={0x8}, @NFCTH_TUPLE={0xc, 0x2, [@CTA_TUPLE_ZONE={0x6}]}, @NFCTH_NAME={0x9, 0x1, 'syz0\x00'}]}, 0x4c}}, 0x8011) sched_setscheduler(r0, 0x5, &(0x7f0000000380)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, &(0x7f0000000200)='/dev/vsock\x00', 0x0, 0x0) socket$pptp(0x18, 0x1, 0x2) openat$sequencer(0xffffffffffffff9c, 0x0, 0x801, 0x0) inotify_init1(0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer\x00', 0x801, 0x0) syz_open_dev$vivid(&(0x7f0000000540)='/dev/video#\x00', 0x0, 0x2) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000380)={[0x0, 0xf0, 0xfffffffffffffffc, 0x1, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) 11:39:51 executing program 0: set_mempolicy(0x2, &(0x7f00000000c0), 0x2) dup2(0xffffffffffffffff, 0xffffffffffffffff) ioctl$ION_IOC_ALLOC(0xffffffffffffffff, 0xc0184900, &(0x7f00000001c0)={0x10010005, 0xffffffffffffffff}) 11:39:52 executing program 4: set_mempolicy(0x0, &(0x7f00000000c0), 0x2) r0 = openat$ion(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/ion\x00', 0x0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) dup2(r1, r1) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f00000001c0)={0x10010005, 0xffffffffffffffff}) 11:39:52 executing program 0: set_mempolicy(0x2, &(0x7f00000000c0), 0x2) dup2(0xffffffffffffffff, 0xffffffffffffffff) ioctl$ION_IOC_ALLOC(0xffffffffffffffff, 0xc0184900, &(0x7f00000001c0)={0x10010005, 0xffffffffffffffff}) 11:39:52 executing program 3: socket$nl_xfrm(0x10, 0x3, 0x6) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x8001141042, 0x0) add_key$user(0x0, &(0x7f0000000040)={'syz', 0x0}, &(0x7f0000000280)='f', 0x1, 0xfffffffffffffffd) keyctl$clear(0x7, 0x0) request_key(0x0, &(0x7f0000000180)={'syz', 0x0}, 0x0, 0x0) write(r1, &(0x7f0000000000)="b6", 0xfffffe7e) pipe(&(0x7f00000001c0)={0xffffffffffffffff}) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) ioctl$TCSETXW(0xffffffffffffffff, 0x5435, &(0x7f00000000c0)={0x0, 0x0, [0x0, 0x0, 0x6, 0x2], 0x8}) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000480)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x0, 0x0) 11:39:52 executing program 5: openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup/syz0\x00', 0x200002, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000caefb8)={0x8, 0x3, &(0x7f00000002c0)=ANY=[@ANYBLOB="85000000610000005400000000000000950000000000000080f5ab38ffe09fe6d08867a9ab76676aafe864ee2a000013f36ade00d8768ec534c22e24fbcb480da4a5905a2be9792612f84c2a63020036b8409b03da809713eedeb40daa7993ce962a8619fdebaad8ee4584bb842fa1ac3f0eb70dd97089cb7e6f2961d4dcfc7049ce39117a1b0da25d6b2ab32ccdb510b36f6c9aa7eb5007c0fb08f5572088b47e8a8f5fad76ad49c3f8b230d5d780ec03f182c46c4f8d074e5b9bde0eece50000000080ffffffd8d485ec77259af8f02a2f0e3e705a9f90cbe958fabc8d2439abc3f58b709f73864fe4cf53fd34c362eac95d6ea0b5"], &(0x7f0000281ffc)='GPL\x00'}, 0x48) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup/syz0\x00', 0x200002, 0x0) r1 = socket$kcm(0x2b, 0x1, 0x0) accept$packet(r1, &(0x7f0000000240)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @local}, &(0x7f0000000280)=0x14) r2 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fcntl$setstatus(r2, 0x4, 0x2000) fcntl$F_GET_RW_HINT(r2, 0x40b, &(0x7f0000000100)) r3 = syz_open_procfs(0x0, &(0x7f0000000140)='fd\x00') getdents(r3, &(0x7f00000000c0)=""/31, 0x77c) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') sendmsg$TIPC_NL_MON_SET(r4, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000100)}, 0x0) sendmsg$TIPC_NL_MON_GET(r3, &(0x7f0000000200)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f00000001c0)={&(0x7f00000002c0)={0x44, r5, 0x10, 0x70bd28, 0x25dfdbfc, {}, [@TIPC_NLA_NET={0x4}, @TIPC_NLA_SOCK={0x4}, @TIPC_NLA_LINK={0x4}, @TIPC_NLA_NODE={0x20, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_ADDR={0x8, 0x1, 0xa}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x7}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x2}]}, @TIPC_NLA_NET={0x4}]}, 0x44}, 0x1, 0x0, 0x0, 0x4}, 0x800) ioctl$FIBMAP(0xffffffffffffffff, 0x1, &(0x7f0000000080)=0xfffffffc) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) bpf$BPF_PROG_ATTACH(0x9, &(0x7f0000000500)={r0}, 0x10) 11:39:52 executing program 0: r0 = openat$ion(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/ion\x00', 0x0, 0x0) dup2(0xffffffffffffffff, 0xffffffffffffffff) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f00000001c0)={0x10010005, 0xffffffffffffffff}) 11:39:52 executing program 1: perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/fuse\x00', 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000240)='fuse\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) preadv(r0, &(0x7f0000000380)=[{&(0x7f0000000300)=""/101, 0x65}], 0x1, 0x0) lremovexattr(&(0x7f0000000000)='./file0\x00', &(0x7f0000000640)=ANY=[@ANYBLOB="bc93"]) preadv(r0, &(0x7f0000000740)=[{&(0x7f0000000480)=""/164, 0xa4}], 0x1, 0x0) write$FUSE_INIT(r0, &(0x7f0000000100)={0x50, 0x0, 0x1, {0x7, 0x1e}}, 0x50) write$FUSE_DIRENTPLUS(r0, &(0x7f00000007c0)={0x10, 0x0, 0x2}, 0x10) 11:39:52 executing program 5: openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup/syz0\x00', 0x200002, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000caefb8)={0x8, 0x3, &(0x7f00000002c0)=ANY=[@ANYBLOB="85000000610000005400000000000000950000000000000080f5ab38ffe09fe6d08867a9ab76676aafe864ee2a000013f36ade00d8768ec534c22e24fbcb480da4a5905a2be9792612f84c2a63020036b8409b03da809713eedeb40daa7993ce962a8619fdebaad8ee4584bb842fa1ac3f0eb70dd97089cb7e6f2961d4dcfc7049ce39117a1b0da25d6b2ab32ccdb510b36f6c9aa7eb5007c0fb08f5572088b47e8a8f5fad76ad49c3f8b230d5d780ec03f182c46c4f8d074e5b9bde0eece50000000080ffffffd8d485ec77259af8f02a2f0e3e705a9f90cbe958fabc8d2439abc3f58b709f73864fe4cf53fd34c362eac95d6ea0b5"], &(0x7f0000281ffc)='GPL\x00'}, 0x48) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup/syz0\x00', 0x200002, 0x0) r1 = socket$kcm(0x2b, 0x1, 0x0) accept$packet(r1, &(0x7f0000000240)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @local}, &(0x7f0000000280)=0x14) r2 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fcntl$setstatus(r2, 0x4, 0x2000) fcntl$F_GET_RW_HINT(r2, 0x40b, &(0x7f0000000100)) r3 = syz_open_procfs(0x0, &(0x7f0000000140)='fd\x00') getdents(r3, &(0x7f00000000c0)=""/31, 0x77c) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') sendmsg$TIPC_NL_MON_SET(r4, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000100)}, 0x0) sendmsg$TIPC_NL_MON_GET(r3, &(0x7f0000000200)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f00000001c0)={&(0x7f00000002c0)={0x44, r5, 0x10, 0x70bd28, 0x25dfdbfc, {}, [@TIPC_NLA_NET={0x4}, @TIPC_NLA_SOCK={0x4}, @TIPC_NLA_LINK={0x4}, @TIPC_NLA_NODE={0x20, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_ADDR={0x8, 0x1, 0xa}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x7}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x2}]}, @TIPC_NLA_NET={0x4}]}, 0x44}, 0x1, 0x0, 0x0, 0x4}, 0x800) ioctl$FIBMAP(0xffffffffffffffff, 0x1, &(0x7f0000000080)=0xfffffffc) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) bpf$BPF_PROG_ATTACH(0x9, &(0x7f0000000500)={r0}, 0x10) [ 1883.382370] syz-executor.0: page allocation failure: order:4, mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask=(null) [ 1883.422854] syz-executor.0 cpuset=syz0 mems_allowed=0-1 [ 1883.428422] CPU: 1 PID: 24520 Comm: syz-executor.0 Not tainted 4.14.170-syzkaller #0 [ 1883.438216] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1883.447755] Call Trace: [ 1883.450662] dump_stack+0x142/0x197 [ 1883.454309] warn_alloc.cold+0x96/0x1af [ 1883.458317] ? zone_watermark_ok_safe+0x2b0/0x2b0 [ 1883.463424] ? __alloc_pages_direct_compact+0xbc/0x380 [ 1883.468727] __alloc_pages_slowpath+0x23c6/0x2930 [ 1883.473604] ? save_trace+0x290/0x290 [ 1883.477964] ? warn_alloc+0xf0/0xf0 [ 1883.481612] ? __might_sleep+0x93/0xb0 [ 1883.485520] __alloc_pages_nodemask+0x62c/0x7a0 [ 1883.490581] ? lock_downgrade+0x740/0x740 [ 1883.494747] ? __alloc_pages_slowpath+0x2930/0x2930 [ 1883.500120] ? retint_kernel+0x2d/0x2d [ 1883.504021] alloc_pages_current+0xec/0x1e0 [ 1883.508345] ion_page_pool_alloc+0x11f/0x1c0 [ 1883.512757] ion_system_heap_allocate+0x138/0x910 [ 1883.517621] ? ion_alloc+0x19b/0x860 [ 1883.521459] ? rcu_read_lock_sched_held+0x110/0x130 [ 1883.526482] ? ion_system_heap_free+0x250/0x250 [ 1883.531359] ion_alloc+0x222/0x860 [ 1883.535011] ? ion_dma_buf_release+0x50/0x50 [ 1883.539710] ? kasan_check_write+0x14/0x20 [ 1883.543947] ? _copy_from_user+0x99/0x110 [ 1883.548312] ion_ioctl+0x105/0x217 [ 1883.551925] ? ion_alloc.cold+0x40/0x40 [ 1883.555910] ? ion_alloc.cold+0x40/0x40 [ 1883.559973] do_vfs_ioctl+0x7ae/0x1060 [ 1883.564200] ? selinux_file_mprotect+0x5d0/0x5d0 [ 1883.568957] ? lock_downgrade+0x740/0x740 [ 1883.573288] ? ioctl_preallocate+0x1c0/0x1c0 [ 1883.577817] ? __fget+0x237/0x370 [ 1883.581274] ? security_file_ioctl+0x89/0xb0 [ 1883.585681] SyS_ioctl+0x8f/0xc0 [ 1883.589252] ? do_vfs_ioctl+0x1060/0x1060 [ 1883.593404] do_syscall_64+0x1e8/0x640 [ 1883.597323] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1883.602179] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 1883.607450] RIP: 0033:0x45c6c9 [ 1883.610682] RSP: 002b:00007f8987cbfc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 11:39:52 executing program 5: perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x3, 0x0, 0x0, 0x0, 0x0, 0x5, 0x808, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair(0x1e, 0x80005, 0x0, &(0x7f0000000340)={0x0, 0x0}) close(r0) setsockopt$sock_attach_bpf(r1, 0x10f, 0x87, &(0x7f0000000180), 0x4de) bpf$MAP_CREATE(0x0, &(0x7f0000000180)={0x0, 0x0, 0x3, 0x1}, 0x3c) socketpair(0x1e, 0x80005, 0x0, &(0x7f0000000340)={0x0, 0x0}) close(r2) socketpair(0x1e, 0x1, 0x0, &(0x7f0000000140)={0x0, 0x0}) close(r4) setsockopt$sock_attach_bpf(r5, 0x10f, 0x87, &(0x7f0000000180), 0x5ae) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0) r6 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8912, 0x400200) socket$kcm(0x29, 0x0, 0x0) setsockopt$sock_attach_bpf(r3, 0x10f, 0x87, &(0x7f0000000180), 0x127) sendmsg$tipc(r3, &(0x7f0000000500)={&(0x7f0000000280), 0x10, 0x0}, 0x0) [ 1883.618461] RAX: ffffffffffffffda RBX: 00007f8987cc06d4 RCX: 000000000045c6c9 [ 1883.625924] RDX: 00000000200001c0 RSI: 00000000c0184900 RDI: 0000000000000003 [ 1883.633316] RBP: 000000000076bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1883.640623] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 1883.647893] R13: 0000000000000360 R14: 00000000004c5b9c R15: 000000000076bf2c 11:39:52 executing program 4: set_mempolicy(0x2, 0x0, 0x2) r0 = openat$ion(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/ion\x00', 0x0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) dup2(r1, r1) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f00000001c0)={0x10010005, 0xffffffffffffffff}) 11:39:53 executing program 5: sendmsg$NFNL_MSG_CTHELPER_NEW(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)={0x44, 0x0, 0x9, 0x0, 0x0, 0x0, {}, [@NFCTH_NAME={0x9, 0x1, 'syz0\x00'}, @NFCTH_NAME={0x9, 0x1, 'syz0\x00'}, @NFCTH_TUPLE={0xc, 0x2, [@CTA_TUPLE_ZONE={0x6}]}, @NFCTH_NAME={0x9, 0x1, 'syz0\x00'}]}, 0x44}}, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0x0, 0xf0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 1883.716552] warn_alloc_show_mem: 1 callbacks suppressed [ 1883.716556] Mem-Info: [ 1883.730616] active_anon:1142002 inactive_anon:476 isolated_anon:0 [ 1883.730616] active_file:1549 inactive_file:2497 isolated_file:5 [ 1883.730616] unevictable:0 dirty:56 writeback:0 unstable:0 [ 1883.730616] slab_reclaimable:21236 slab_unreclaimable:124728 [ 1883.730616] mapped:55250 shmem:530 pagetables:17766 bounce:0 [ 1883.730616] free:55664 free_pcp:219 free_cma:0 [ 1883.796681] Node 0 active_anon:1552816kB inactive_anon:1904kB active_file:5456kB inactive_file:9360kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:219676kB dirty:136kB writeback:0kB shmem:2120kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 808960kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1883.848192] Node 1 active_anon:3015192kB inactive_anon:0kB active_file:840kB inactive_file:528kB unevictable:0kB isolated(anon):0kB isolated(file):20kB mapped:1424kB dirty:88kB writeback:0kB shmem:0kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 151552kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1883.876842] Node 0 DMA free:10540kB min:216kB low:268kB high:320kB active_anon:4556kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:32kB pagetables:4kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1883.950268] syz-executor.4: page allocation failure: order:4, mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask=(null) [ 1883.962665] lowmem_reserve[]: 0 2569 2569 2569 2569 [ 1883.967902] Node 0 DMA32 free:48476kB min:36384kB low:45480kB high:54576kB active_anon:1548488kB inactive_anon:1912kB active_file:5496kB inactive_file:9040kB unevictable:0kB writepending:104kB present:3129332kB managed:2634396kB mlocked:0kB kernel_stack:10240kB pagetables:26580kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1883.999130] syz-executor.4 cpuset=syz4 mems_allowed=0-1 [ 1884.006554] CPU: 1 PID: 24535 Comm: syz-executor.4 Not tainted 4.14.170-syzkaller #0 [ 1884.014789] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1884.024442] Call Trace: [ 1884.027124] dump_stack+0x142/0x197 [ 1884.031230] warn_alloc.cold+0x96/0x1af [ 1884.035222] ? zone_watermark_ok_safe+0x2b0/0x2b0 [ 1884.040266] ? __alloc_pages_direct_compact+0xbc/0x380 [ 1884.045682] __alloc_pages_slowpath+0x23c6/0x2930 [ 1884.050560] ? save_trace+0x290/0x290 [ 1884.054558] ? warn_alloc+0xf0/0xf0 [ 1884.058204] ? __might_sleep+0x93/0xb0 [ 1884.062434] __alloc_pages_nodemask+0x62c/0x7a0 [ 1884.067114] ? lock_downgrade+0x740/0x740 [ 1884.071261] ? __alloc_pages_slowpath+0x2930/0x2930 [ 1884.076422] ? retint_kernel+0x2d/0x2d [ 1884.080327] alloc_pages_current+0xec/0x1e0 [ 1884.084958] ion_page_pool_alloc+0x11f/0x1c0 [ 1884.089371] ion_system_heap_allocate+0x138/0x910 [ 1884.094253] ? ion_alloc+0x19b/0x860 [ 1884.097967] ? rcu_read_lock_sched_held+0x110/0x130 [ 1884.103351] ? ion_system_heap_free+0x250/0x250 [ 1884.108028] ion_alloc+0x222/0x860 [ 1884.111675] ? ion_dma_buf_release+0x50/0x50 [ 1884.116315] ? kasan_check_write+0x14/0x20 [ 1884.120548] ? _copy_from_user+0x99/0x110 [ 1884.124902] ion_ioctl+0x105/0x217 [ 1884.128442] ? ion_alloc.cold+0x40/0x40 [ 1884.132589] ? ion_alloc.cold+0x40/0x40 [ 1884.136565] do_vfs_ioctl+0x7ae/0x1060 [ 1884.140668] ? selinux_file_mprotect+0x5d0/0x5d0 [ 1884.145551] ? lock_downgrade+0x740/0x740 [ 1884.149827] ? ioctl_preallocate+0x1c0/0x1c0 [ 1884.154244] ? __fget+0x237/0x370 [ 1884.157699] ? security_file_ioctl+0x89/0xb0 [ 1884.162298] SyS_ioctl+0x8f/0xc0 [ 1884.165671] ? do_vfs_ioctl+0x1060/0x1060 [ 1884.169818] do_syscall_64+0x1e8/0x640 [ 1884.173710] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1884.178572] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 1884.183835] RIP: 0033:0x45c6c9 [ 1884.187018] RSP: 002b:00007f475dc27c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1884.195171] RAX: ffffffffffffffda RBX: 00007f475dc286d4 RCX: 000000000045c6c9 [ 1884.202440] RDX: 00000000200001c0 RSI: 00000000c0184900 RDI: 0000000000000003 [ 1884.210073] RBP: 000000000076bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1884.217482] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 1884.224758] R13: 0000000000000360 R14: 00000000004c5b9c R15: 000000000076bf2c [ 1884.233165] lowmem_reserve[]: 0 0 0 0 0 [ 1884.237621] Node 0 Normal free:0kB min:0kB low:0kB high:0kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:0kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1884.263681] lowmem_reserve[]: 0 0 0 0 0 [ 1884.267950] Node 1 Normal free:59192kB min:53504kB low:66880kB high:80256kB active_anon:3015192kB inactive_anon:0kB active_file:948kB inactive_file:304kB unevictable:0kB writepending:28kB present:3932160kB managed:3870192kB mlocked:0kB kernel_stack:15488kB pagetables:44680kB bounce:0kB free_pcp:8kB local_pcp:0kB free_cma:0kB [ 1884.298570] lowmem_reserve[]: 0 0 0 0 0 [ 1884.303140] Node 0 DMA: 3*4kB (UME) 4*8kB (UEH) 4*16kB (UMH) 4*32kB (UM) 5*64kB (UEH) 2*128kB (UE) 2*256kB (EH) 4*512kB (UMEH) 3*1024kB (MEH) 2*2048kB (UE) 0*4096kB = 10540kB [ 1884.321637] Node 0 DMA32: 2374*4kB (UME) 904*8kB (UME) 64*16kB (UME) 959*32kB (UME) 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 48440kB [ 1884.338508] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 1884.349992] Node 1 Normal: 404*4kB (UMEH) 239*8kB (UMEH) 815*16kB (UMEH) 1294*32kB (UMEH) 6*64kB (UH) 41*128kB (UH) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 63608kB [ 1884.365929] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1884.375800] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1884.385028] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1884.394205] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1884.403460] 4487 total pagecache pages [ 1884.407601] 0 pages in swap cache [ 1884.420336] Swap cache stats: add 0, delete 0, find 0/0 [ 1884.431782] Free swap = 0kB [ 1884.438691] Total swap = 0kB [ 1884.445516] 1965979 pages RAM [ 1884.452341] 0 pages HighMem/MovableOnly [ 1884.461250] 335855 pages reserved [ 1884.469877] 0 pages cma reserved [ 1884.807248] syz-executor.5 invoked oom-killer: gfp_mask=0x14280ca(GFP_HIGHUSER_MOVABLE|__GFP_ZERO), nodemask=(null), order=0, oom_score_adj=1000 [ 1884.871949] syz-executor.5 cpuset=syz5 mems_allowed=0-1 [ 1884.913232] CPU: 1 PID: 24541 Comm: syz-executor.5 Not tainted 4.14.170-syzkaller #0 [ 1884.921267] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1884.930842] Call Trace: [ 1884.933609] dump_stack+0x142/0x197 [ 1884.937238] dump_header+0x177/0x6cd [ 1884.940952] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 1884.946328] ? ___ratelimit+0x55/0x537 [ 1884.950351] oom_kill_process.cold+0x10/0xadd [ 1884.954844] ? oom_unkillable_task+0x294/0x390 [ 1884.959630] ? lock_downgrade+0x740/0x740 [ 1884.963999] out_of_memory+0x2ee/0x1180 [ 1884.967972] ? lock_acquire+0x16f/0x430 [ 1884.972124] ? oom_killer_disable+0x1d0/0x1d0 [ 1884.977128] ? __alloc_pages_slowpath+0xca4/0x2930 [ 1884.982059] __alloc_pages_slowpath+0x2251/0x2930 [ 1884.986918] ? avc_has_extended_perms+0x7b7/0xe40 [ 1884.991946] ? warn_alloc+0xf0/0xf0 [ 1884.995634] ? __might_sleep+0x93/0xb0 [ 1884.999515] __alloc_pages_nodemask+0x62c/0x7a0 [ 1885.004217] ? __alloc_pages_slowpath+0x2930/0x2930 [ 1885.009435] ? __lock_acquire+0x5f7/0x4620 [ 1885.013688] ? __lock_acquire+0x5f7/0x4620 [ 1885.018088] alloc_pages_vma+0xc9/0x4c0 [ 1885.022062] __handle_mm_fault+0x186c/0x33d0 [ 1885.026465] ? copy_page_range+0x1de0/0x1de0 [ 1885.031124] ? find_held_lock+0x35/0x130 [ 1885.035307] ? handle_mm_fault+0x1b6/0x7c0 [ 1885.039714] handle_mm_fault+0x293/0x7c0 [ 1885.043872] __do_page_fault+0x4c1/0xb80 [ 1885.048002] ? vmalloc_fault+0xe30/0xe30 [ 1885.052107] ? page_fault+0x2f/0x50 [ 1885.055928] do_page_fault+0x71/0x511 [ 1885.059834] ? page_fault+0x2f/0x50 [ 1885.063492] page_fault+0x45/0x50 [ 1885.067060] RIP: 0033:0x40afed [ 1885.070262] RSP: 002b:00007fa3c4ad4070 EFLAGS: 00010202 [ 1885.075831] RAX: 000000000040afe0 RBX: 00007fa3c4ad66d4 RCX: 00000000200008c0 [ 1885.083455] RDX: 0000000020000000 RSI: ffffffffffffffff RDI: ffffffffffffffff [ 1885.090918] RBP: 000000000076bfc8 R08: 0000000000000001 R09: 0000000000000000 [ 1885.098197] R10: 00007fa3c4ad69d0 R11: 0000000000000246 R12: 00000000ffffffff [ 1885.105475] R13: 0000000000000b9e R14: 00000000004cda79 R15: 000000000076bfd4 [ 1885.416855] Mem-Info: [ 1885.422533] active_anon:1142022 inactive_anon:476 isolated_anon:0 [ 1885.422533] active_file:605 inactive_file:310 isolated_file:0 [ 1885.422533] unevictable:0 dirty:2 writeback:0 unstable:0 [ 1885.422533] slab_reclaimable:21055 slab_unreclaimable:124365 [ 1885.422533] mapped:53066 shmem:530 pagetables:17796 bounce:0 [ 1885.422533] free:25910 free_pcp:273 free_cma:0 [ 1885.551496] Node 0 active_anon:1552880kB inactive_anon:1900kB active_file:92kB inactive_file:72kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:209032kB dirty:8kB writeback:0kB shmem:2116kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 808960kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1885.582740] Node 1 active_anon:3015208kB inactive_anon:4kB active_file:12kB inactive_file:20kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:132kB dirty:0kB writeback:0kB shmem:4kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 151552kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1885.619081] Node 0 DMA free:10480kB min:216kB low:268kB high:320kB active_anon:4556kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:32kB pagetables:4kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1885.650051] lowmem_reserve[]: 0 2569 2569 2569 2569 [ 1885.655771] Node 0 DMA32 free:36356kB min:36384kB low:45480kB high:54576kB active_anon:1548324kB inactive_anon:1900kB active_file:92kB inactive_file:172kB unevictable:0kB writepending:8kB present:3129332kB managed:2634396kB mlocked:0kB kernel_stack:10208kB pagetables:26500kB bounce:0kB free_pcp:120kB local_pcp:120kB free_cma:0kB [ 1885.759380] lowmem_reserve[]: 0 0 0 0 0 [ 1885.778222] Node 0 Normal free:0kB min:0kB low:0kB high:0kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:0kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1885.808511] lowmem_reserve[]: 0 0 0 0 0 [ 1885.813020] Node 1 Normal free:56976kB min:53504kB low:66880kB high:80256kB active_anon:3015208kB inactive_anon:4kB active_file:40kB inactive_file:132kB unevictable:0kB writepending:0kB present:3932160kB managed:3870192kB mlocked:0kB kernel_stack:15552kB pagetables:44680kB bounce:0kB free_pcp:236kB local_pcp:156kB free_cma:0kB [ 1885.867298] lowmem_reserve[]: 0 0 0 0 0 [ 1885.880448] Node 0 DMA: 2*4kB (ME) 3*8kB (EH) 3*16kB (UMH) 3*32kB (UM) 5*64kB (UEH) 2*128kB (UE) 2*256kB (EH) 4*512kB (UMEH) 3*1024kB (MEH) 2*2048kB (UE) 0*4096kB = 10480kB [ 1885.903424] Node 0 DMA32: 2622*4kB (UME) 773*8kB (ME) 147*16kB (ME) 429*32kB (UME) 28*64kB (M) 6*128kB (M) 4*256kB (M) 0*512kB 0*1024kB 0*2048kB 0*4096kB = 36336kB [ 1885.927649] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 1885.939540] Node 1 Normal: 40*4kB (UMEH) 46*8kB (UMEH) 21*16kB (UMEH) 111*32kB (UMEH) 445*64kB (UMH) 175*128kB (UMH) 23*256kB (UM) 6*512kB (UM) 17*1024kB (U) 0*2048kB 0*4096kB = 81664kB [ 1885.962134] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1885.974082] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1886.005214] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1886.033721] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1886.050972] 787 total pagecache pages [ 1886.055720] 0 pages in swap cache [ 1886.064556] Swap cache stats: add 0, delete 0, find 0/0 [ 1886.070787] Free swap = 0kB [ 1886.074834] Total swap = 0kB [ 1886.078770] 1965979 pages RAM [ 1886.087054] 0 pages HighMem/MovableOnly [ 1886.092211] 335855 pages reserved [ 1886.095797] 0 pages cma reserved [ 1886.099265] Out of memory: Kill process 25923 (syz-executor.1) score 1007 or sacrifice child [ 1886.113891] Killed process 25923 (syz-executor.1) total-vm:75096kB, anon-rss:16568kB, file-rss:34816kB, shmem-rss:0kB [ 1886.194709] oom_reaper: reaped process 25923 (syz-executor.1), now anon-rss:0kB, file-rss:0kB, shmem-rss:0kB 11:39:56 executing program 5: mkdir(&(0x7f0000000000)='./file0\x00', 0x0) ioctl$sock_TIOCINQ(0xffffffffffffffff, 0x541b, &(0x7f0000000100)) perf_event_open(&(0x7f0000000280)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x20, 0x0, 0xea5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pivot_root(&(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='./file0\x00') unshare(0x40000000) ioctl$UI_SET_KEYBIT(0xffffffffffffffff, 0x40045565, 0x0) sendmsg$DEVLINK_CMD_GET(0xffffffffffffffff, 0x0, 0x40000) rename(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000880)='./file0\x00') 11:39:56 executing program 2: r0 = getpid() r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/schedstat\x00', 0x0, 0x0) lseek(r1, 0x1, 0x0) sendmsg$NFNL_MSG_CTHELPER_NEW(r1, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000080)={&(0x7f0000000240)={0x4c, 0x0, 0x9, 0x3, 0x0, 0x0, {0x0, 0x0, 0x8}, [@NFCTH_NAME={0x9, 0x1, 'syz0\x00'}, @NFCTH_NAME={0x9, 0x1, 'syz0\x00'}, @NFCTH_STATUS={0x8}, @NFCTH_TUPLE={0xc, 0x2, [@CTA_TUPLE_ZONE={0x6}]}, @NFCTH_NAME={0x9, 0x1, 'syz0\x00'}]}, 0x4c}}, 0x8011) sched_setscheduler(r0, 0x5, &(0x7f0000000380)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, &(0x7f0000000200)='/dev/vsock\x00', 0x0, 0x0) socket$pptp(0x18, 0x1, 0x2) openat$sequencer(0xffffffffffffff9c, 0x0, 0x801, 0x0) inotify_init1(0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer\x00', 0x801, 0x0) syz_open_dev$vivid(&(0x7f0000000540)='/dev/video#\x00', 0x0, 0x2) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000380)={[0x0, 0xf0, 0xfffffffffffffffc, 0x1, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) 11:39:56 executing program 1: perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/fuse\x00', 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000240)='fuse\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) preadv(r0, &(0x7f0000000380)=[{&(0x7f0000000300)=""/101, 0x65}], 0x1, 0x0) lremovexattr(&(0x7f0000000000)='./file0\x00', &(0x7f0000000640)=ANY=[@ANYBLOB="bc93"]) preadv(r0, &(0x7f0000000740)=[{&(0x7f0000000480)=""/164, 0xa4}], 0x1, 0x0) write$FUSE_INIT(r0, &(0x7f0000000100)={0x50, 0x0, 0x1, {0x7, 0x1e}}, 0x50) 11:39:56 executing program 0: r0 = openat$ion(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/ion\x00', 0x0, 0x0) dup2(0xffffffffffffffff, 0xffffffffffffffff) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f00000001c0)={0x10010005, 0xffffffffffffffff}) 11:39:56 executing program 4: set_mempolicy(0x2, 0x0, 0x2) r0 = openat$ion(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/ion\x00', 0x0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) dup2(r1, r1) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f00000001c0)={0x10010005, 0xffffffffffffffff}) 11:39:56 executing program 3: socket$nl_xfrm(0x10, 0x3, 0x6) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x8001141042, 0x0) add_key$user(0x0, &(0x7f0000000040)={'syz', 0x0}, &(0x7f0000000280)='f', 0x1, 0xfffffffffffffffd) keyctl$clear(0x7, 0x0) request_key(0x0, &(0x7f0000000180)={'syz', 0x0}, 0x0, 0x0) write(r1, &(0x7f0000000000)="b6", 0xfffffe7e) pipe(&(0x7f00000001c0)={0xffffffffffffffff}) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) ioctl$TCSETXW(0xffffffffffffffff, 0x5435, &(0x7f00000000c0)={0x0, 0x0, [0x0, 0x0, 0x6, 0x2], 0x8}) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000480)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x0, 0x0) 11:39:56 executing program 0: r0 = openat$ion(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/ion\x00', 0x0, 0x0) dup2(0xffffffffffffffff, 0xffffffffffffffff) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f00000001c0)={0x10010005, 0xffffffffffffffff}) 11:39:56 executing program 4: set_mempolicy(0x2, 0x0, 0x2) r0 = openat$ion(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/ion\x00', 0x0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) dup2(r1, r1) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f00000001c0)={0x10010005, 0xffffffffffffffff}) [ 1887.463907] IPVS: ftp: loaded support on port[0] = 21 11:39:57 executing program 1: perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/fuse\x00', 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000240)='fuse\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) preadv(r0, &(0x7f0000000380)=[{&(0x7f0000000300)=""/101, 0x65}], 0x1, 0x0) lremovexattr(&(0x7f0000000000)='./file0\x00', &(0x7f0000000640)=ANY=[@ANYBLOB="bc93"]) preadv(r0, &(0x7f0000000740)=[{&(0x7f0000000480)=""/164, 0xa4}], 0x1, 0x0) write$FUSE_INIT(r0, &(0x7f0000000100)={0x50, 0x0, 0x1, {0x7, 0x1e}}, 0x50) [ 1887.851162] syz-executor.4: page allocation failure: order:4, mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask=(null) [ 1887.911842] syz-executor.4 cpuset=syz4 mems_allowed=0-1 [ 1887.926715] CPU: 1 PID: 24591 Comm: syz-executor.4 Not tainted 4.14.170-syzkaller #0 [ 1887.934774] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1887.944330] Call Trace: [ 1887.947153] dump_stack+0x142/0x197 [ 1887.951004] warn_alloc.cold+0x96/0x1af [ 1887.955122] ? zone_watermark_ok_safe+0x2b0/0x2b0 [ 1887.960020] ? __alloc_pages_direct_compact+0x290/0x380 [ 1887.965735] __alloc_pages_slowpath+0x23c6/0x2930 [ 1887.970607] ? save_trace+0x290/0x290 [ 1887.974427] ? warn_alloc+0xf0/0xf0 [ 1887.978318] ? __might_sleep+0x93/0xb0 [ 1887.982226] __alloc_pages_nodemask+0x62c/0x7a0 [ 1887.987183] ? lock_downgrade+0x740/0x740 [ 1887.991356] ? __alloc_pages_slowpath+0x2930/0x2930 [ 1887.996404] ? save_trace+0x290/0x290 [ 1888.000577] alloc_pages_current+0xec/0x1e0 [ 1888.004913] ion_page_pool_alloc+0x11f/0x1c0 [ 1888.009454] ion_system_heap_allocate+0x138/0x910 [ 1888.014467] ? ion_alloc+0x19b/0x860 [ 1888.018195] ? rcu_read_lock_sched_held+0x110/0x130 [ 1888.023448] ? ion_system_heap_free+0x250/0x250 [ 1888.028137] ion_alloc+0x222/0x860 [ 1888.031766] ? ion_dma_buf_release+0x50/0x50 [ 1888.036361] ? kasan_check_write+0x14/0x20 [ 1888.040807] ? _copy_from_user+0x99/0x110 [ 1888.044983] ion_ioctl+0x105/0x217 [ 1888.048803] ? ion_alloc.cold+0x40/0x40 [ 1888.053055] ? ion_alloc.cold+0x40/0x40 [ 1888.057037] do_vfs_ioctl+0x7ae/0x1060 [ 1888.060930] ? selinux_file_mprotect+0x5d0/0x5d0 [ 1888.065798] ? lock_downgrade+0x740/0x740 [ 1888.069948] ? ioctl_preallocate+0x1c0/0x1c0 [ 1888.074756] ? __fget+0x237/0x370 [ 1888.078213] ? security_file_ioctl+0x89/0xb0 [ 1888.082624] SyS_ioctl+0x8f/0xc0 [ 1888.086174] ? do_vfs_ioctl+0x1060/0x1060 [ 1888.090327] do_syscall_64+0x1e8/0x640 [ 1888.094464] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1888.099483] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 1888.104674] RIP: 0033:0x45c6c9 [ 1888.108091] RSP: 002b:00007f475dc27c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1888.115986] RAX: ffffffffffffffda RBX: 00007f475dc286d4 RCX: 000000000045c6c9 [ 1888.123475] RDX: 00000000200001c0 RSI: 00000000c0184900 RDI: 0000000000000003 [ 1888.130745] RBP: 000000000076bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1888.138192] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 1888.145678] R13: 0000000000000360 R14: 00000000004c5b9c R15: 000000000076bf2c [ 1888.196158] warn_alloc_show_mem: 1 callbacks suppressed [ 1888.196162] Mem-Info: [ 1888.205614] active_anon:1138409 inactive_anon:471 isolated_anon:50 [ 1888.205614] active_file:1877 inactive_file:6161 isolated_file:12 [ 1888.205614] unevictable:0 dirty:132 writeback:0 unstable:0 [ 1888.205614] slab_reclaimable:20863 slab_unreclaimable:124520 [ 1888.205614] mapped:55107 shmem:531 pagetables:17858 bounce:0 [ 1888.205614] free:69416 free_pcp:34 free_cma:0 [ 1888.244673] syz-executor.0: page allocation failure: order:4, mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask=(null) [ 1888.245112] Node 0 active_anon:1555108kB inactive_anon:1884kB active_file:4708kB inactive_file:20504kB unevictable:0kB isolated(anon):72kB isolated(file):48kB mapped:215196kB dirty:396kB writeback:0kB shmem:2124kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 811008kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1888.261646] syz-executor.0 cpuset=syz0 mems_allowed=0-1 [ 1888.299833] CPU: 0 PID: 24585 Comm: syz-executor.0 Not tainted 4.14.170-syzkaller #0 [ 1888.308059] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1888.317744] Call Trace: [ 1888.320341] dump_stack+0x142/0x197 [ 1888.323969] warn_alloc.cold+0x96/0x1af [ 1888.327937] ? zone_watermark_ok_safe+0x2b0/0x2b0 [ 1888.332963] ? __alloc_pages_direct_compact+0x290/0x380 [ 1888.338361] __alloc_pages_slowpath+0x23c6/0x2930 [ 1888.343228] ? save_trace+0x290/0x290 [ 1888.347031] ? warn_alloc+0xf0/0xf0 [ 1888.350783] ? __might_sleep+0x93/0xb0 [ 1888.354677] __alloc_pages_nodemask+0x62c/0x7a0 [ 1888.359353] ? lock_downgrade+0x740/0x740 [ 1888.363554] ? __alloc_pages_slowpath+0x2930/0x2930 [ 1888.368793] alloc_pages_current+0xec/0x1e0 [ 1888.373173] ion_page_pool_alloc+0x11f/0x1c0 [ 1888.377618] ion_system_heap_allocate+0x138/0x910 [ 1888.382457] ? ion_alloc+0x19b/0x860 [ 1888.386433] ? rcu_read_lock_sched_held+0x110/0x130 [ 1888.391917] ? ion_system_heap_free+0x250/0x250 [ 1888.396691] ion_alloc+0x222/0x860 [ 1888.400237] ? ion_dma_buf_release+0x50/0x50 [ 1888.404666] ? kasan_check_write+0x14/0x20 [ 1888.408894] ? _copy_from_user+0x99/0x110 [ 1888.413184] ion_ioctl+0x105/0x217 [ 1888.416858] ? ion_alloc.cold+0x40/0x40 [ 1888.421127] ? ion_alloc.cold+0x40/0x40 [ 1888.425216] do_vfs_ioctl+0x7ae/0x1060 [ 1888.429102] ? selinux_file_mprotect+0x5d0/0x5d0 [ 1888.433856] ? lock_downgrade+0x740/0x740 [ 1888.438235] ? ioctl_preallocate+0x1c0/0x1c0 [ 1888.442640] ? __fget+0x237/0x370 [ 1888.446111] ? security_file_ioctl+0x89/0xb0 [ 1888.450524] SyS_ioctl+0x8f/0xc0 [ 1888.453882] ? do_vfs_ioctl+0x1060/0x1060 [ 1888.458024] do_syscall_64+0x1e8/0x640 [ 1888.461913] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1888.466790] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 1888.471975] RIP: 0033:0x45c6c9 [ 1888.475289] RSP: 002b:00007f8987cbfc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1888.483102] RAX: ffffffffffffffda RBX: 00007f8987cc06d4 RCX: 000000000045c6c9 [ 1888.490362] RDX: 00000000200001c0 RSI: 00000000c0184900 RDI: 0000000000000003 [ 1888.497762] RBP: 000000000076bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1888.505031] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 1888.512293] R13: 0000000000000360 R14: 00000000004c5b9c R15: 000000000076bf2c 11:39:57 executing program 3: socket$nl_xfrm(0x10, 0x3, 0x6) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x20}, 0x0) r1 = open(0x0, 0x8001141042, 0x0) add_key$user(0x0, &(0x7f0000000040)={'syz', 0x0}, &(0x7f0000000280)='f', 0x1, 0xfffffffffffffffd) keyctl$clear(0x7, 0x0) request_key(0x0, &(0x7f0000000180)={'syz', 0x0}, 0x0, 0x0) write(r1, &(0x7f0000000000)="b6", 0xfffffe7e) pipe(&(0x7f00000001c0)={0xffffffffffffffff}) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) ioctl$TCSETXW(0xffffffffffffffff, 0x5435, &(0x7f00000000c0)={0x0, 0x0, [0x0, 0x0, 0x6, 0x2], 0x8}) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000480)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x0, 0x0) [ 1888.520828] Node 1 active_anon:2998628kB inactive_anon:0kB active_file:2800kB inactive_file:3680kB unevictable:0kB isolated(anon):76kB isolated(file):0kB mapped:5132kB dirty:132kB writeback:0kB shmem:0kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 151552kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1888.555508] Node 0 DMA free:10640kB min:216kB low:268kB high:320kB active_anon:4556kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:32kB pagetables:4kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1888.583560] lowmem_reserve[]: 0 2569 2569 2569 2569 11:39:57 executing program 0: set_mempolicy(0x0, &(0x7f00000000c0), 0x2) r0 = openat$ion(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/ion\x00', 0x0, 0x0) dup2(0xffffffffffffffff, 0xffffffffffffffff) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f00000001c0)={0x10010005, 0xffffffffffffffff}) [ 1888.588621] Node 0 DMA32 free:95876kB min:36384kB low:45480kB high:54576kB active_anon:1550652kB inactive_anon:1884kB active_file:4708kB inactive_file:20504kB unevictable:0kB writepending:396kB present:3129332kB managed:2634396kB mlocked:0kB kernel_stack:10304kB pagetables:26732kB bounce:0kB free_pcp:284kB local_pcp:28kB free_cma:0kB [ 1888.619133] lowmem_reserve[]: 0 0 0 0 0 [ 1888.628316] Node 0 Normal free:0kB min:0kB low:0kB high:0kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:0kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1888.658460] lowmem_reserve[]: 0 0 0 0 0 [ 1888.662622] Node 1 Normal free:139928kB min:53504kB low:66880kB high:80256kB active_anon:2998628kB inactive_anon:0kB active_file:2800kB inactive_file:3704kB unevictable:0kB writepending:132kB present:3932160kB managed:3870192kB mlocked:0kB kernel_stack:15424kB pagetables:44548kB bounce:0kB free_pcp:340kB local_pcp:8kB free_cma:0kB [ 1888.692990] lowmem_reserve[]: 0 0 0 0 0 [ 1888.697206] Node 0 DMA: 2*4kB (ME) 11*8kB (UEH) 7*16kB (UMH) 4*32kB (UM) 5*64kB (UEH) 2*128kB (UE) 2*256kB (EH) 4*512kB (UMEH) 3*1024kB (MEH) 2*2048kB (UE) 0*4096kB = 10640kB [ 1888.717475] Node 0 DMA32: 164*4kB (ME) 171*8kB (UME) 2565*16kB (UME) 1302*32kB (UME) 2*64kB (UM) 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 84856kB [ 1888.743242] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 1888.754282] Node 1 Normal: 1888*4kB (UMEH) 4458*8kB (UEH) 2809*16kB (UEH) 1579*32kB (UEH) 5*64kB (H) 7*128kB (H) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 139904kB [ 1888.769676] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1888.779223] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1888.810120] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1888.819105] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1888.840241] 5144 total pagecache pages [ 1888.844183] 0 pages in swap cache [ 1888.847635] Swap cache stats: add 0, delete 0, find 0/0 [ 1888.870106] Free swap = 0kB [ 1888.873173] Total swap = 0kB [ 1888.876307] 1965979 pages RAM [ 1888.879412] 0 pages HighMem/MovableOnly [ 1888.887613] 335855 pages reserved [ 1888.893090] syz-executor.0: page allocation failure: order:4, mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask=(null) [ 1888.905423] 0 pages cma reserved [ 1888.930091] syz-executor.0 cpuset=syz0 mems_allowed=0-1 [ 1888.935521] CPU: 1 PID: 24613 Comm: syz-executor.0 Not tainted 4.14.170-syzkaller #0 [ 1888.943405] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1888.952872] Call Trace: [ 1888.955536] dump_stack+0x142/0x197 [ 1888.959178] warn_alloc.cold+0x96/0x1af [ 1888.963160] ? zone_watermark_ok_safe+0x2b0/0x2b0 [ 1888.968026] ? __alloc_pages_direct_compact+0x290/0x380 [ 1888.973402] __alloc_pages_slowpath+0x23c6/0x2930 [ 1888.978258] ? save_trace+0x290/0x290 [ 1888.982095] ? warn_alloc+0xf0/0xf0 [ 1888.985738] ? __might_sleep+0x93/0xb0 [ 1888.989635] __alloc_pages_nodemask+0x62c/0x7a0 [ 1888.994314] ? lock_downgrade+0x740/0x740 [ 1888.998566] ? __alloc_pages_slowpath+0x2930/0x2930 [ 1889.003591] ? save_trace+0x290/0x290 [ 1889.007499] alloc_pages_current+0xec/0x1e0 [ 1889.011936] ion_page_pool_alloc+0x11f/0x1c0 [ 1889.016352] ion_system_heap_allocate+0x138/0x910 [ 1889.021321] ? ion_alloc+0x19b/0x860 [ 1889.025044] ? rcu_read_lock_sched_held+0x110/0x130 [ 1889.030069] ? ion_system_heap_free+0x250/0x250 [ 1889.034748] ion_alloc+0x222/0x860 [ 1889.038298] ? ion_dma_buf_release+0x50/0x50 [ 1889.042714] ? kasan_check_write+0x14/0x20 [ 1889.046947] ? _copy_from_user+0x99/0x110 [ 1889.051101] ion_ioctl+0x105/0x217 [ 1889.054647] ? ion_alloc.cold+0x40/0x40 [ 1889.058626] ? ion_alloc.cold+0x40/0x40 [ 1889.062611] do_vfs_ioctl+0x7ae/0x1060 [ 1889.066499] ? selinux_file_mprotect+0x5d0/0x5d0 [ 1889.071267] ? lock_downgrade+0x740/0x740 [ 1889.075417] ? ioctl_preallocate+0x1c0/0x1c0 [ 1889.079937] ? __fget+0x237/0x370 [ 1889.083407] ? security_file_ioctl+0x89/0xb0 [ 1889.087818] SyS_ioctl+0x8f/0xc0 [ 1889.091193] ? do_vfs_ioctl+0x1060/0x1060 [ 1889.095346] do_syscall_64+0x1e8/0x640 [ 1889.099228] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1889.104205] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 1889.109508] RIP: 0033:0x45c6c9 [ 1889.112694] RSP: 002b:00007f8987cbfc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1889.120505] RAX: ffffffffffffffda RBX: 00007f8987cc06d4 RCX: 000000000045c6c9 11:39:58 executing program 1: perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/fuse\x00', 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000240)='fuse\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) preadv(r0, &(0x7f0000000380)=[{&(0x7f0000000300)=""/101, 0x65}], 0x1, 0x0) lremovexattr(&(0x7f0000000000)='./file0\x00', &(0x7f0000000640)=ANY=[@ANYBLOB="bc93"]) preadv(r0, &(0x7f0000000740)=[{&(0x7f0000000480)=""/164, 0xa4}], 0x1, 0x0) write$FUSE_INIT(r0, &(0x7f0000000100)={0x50, 0x0, 0x1, {0x7, 0x1e}}, 0x50) [ 1889.127898] RDX: 00000000200001c0 RSI: 00000000c0184900 RDI: 0000000000000003 [ 1889.135167] RBP: 000000000076bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1889.142496] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 1889.149764] R13: 0000000000000360 R14: 00000000004c5b9c R15: 000000000076bf2c 11:39:58 executing program 5: mkdir(&(0x7f0000000000)='./file0\x00', 0x0) ioctl$sock_TIOCINQ(0xffffffffffffffff, 0x541b, &(0x7f0000000100)) perf_event_open(&(0x7f0000000280)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x20, 0x0, 0xea5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pivot_root(&(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='./file0\x00') unshare(0x40000000) ioctl$UI_SET_KEYBIT(0xffffffffffffffff, 0x40045565, 0x0) sendmsg$DEVLINK_CMD_GET(0xffffffffffffffff, 0x0, 0x40000) rename(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000880)='./file0\x00') [ 1889.500176] warn_alloc_show_mem: 1 callbacks suppressed [ 1889.500180] Mem-Info: [ 1889.508149] active_anon:1138493 inactive_anon:469 isolated_anon:0 [ 1889.508149] active_file:1948 inactive_file:1948 isolated_file:0 [ 1889.508149] unevictable:0 dirty:150 writeback:0 unstable:0 [ 1889.508149] slab_reclaimable:20846 slab_unreclaimable:124944 [ 1889.508149] mapped:55148 shmem:523 pagetables:17842 bounce:0 [ 1889.508149] free:54970 free_pcp:350 free_cma:0 [ 1889.543442] Node 0 active_anon:1555276kB inactive_anon:1876kB active_file:4984kB inactive_file:4092kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:215536kB dirty:448kB writeback:0kB shmem:2092kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 811008kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1889.573460] Node 1 active_anon:2998796kB inactive_anon:0kB active_file:2808kB inactive_file:3700kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:5156kB dirty:152kB writeback:0kB shmem:0kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 151552kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1889.602042] Node 0 DMA free:10540kB min:216kB low:268kB high:320kB active_anon:4556kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:32kB pagetables:4kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1889.628808] lowmem_reserve[]: 0 2569 2569 2569 2569 [ 1889.634541] Node 0 DMA32 free:46432kB min:36384kB low:45480kB high:54576kB active_anon:1550720kB inactive_anon:1876kB active_file:4984kB inactive_file:4092kB unevictable:0kB writepending:448kB present:3129332kB managed:2634396kB mlocked:0kB kernel_stack:10624kB pagetables:26816kB bounce:0kB free_pcp:1256kB local_pcp:528kB free_cma:0kB [ 1889.666204] lowmem_reserve[]: 0 0 0 0 0 [ 1889.670370] Node 0 Normal free:0kB min:0kB low:0kB high:0kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:0kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1889.696203] lowmem_reserve[]: 0 0 0 0 0 [ 1889.700381] Node 1 Normal free:163324kB min:53504kB low:66880kB high:80256kB active_anon:2998796kB inactive_anon:0kB active_file:2808kB inactive_file:3700kB unevictable:0kB writepending:152kB present:3932160kB managed:3870192kB mlocked:0kB kernel_stack:15456kB pagetables:44548kB bounce:0kB free_pcp:512kB local_pcp:156kB free_cma:0kB [ 1889.730565] lowmem_reserve[]: 0 0 0 0 0 [ 1889.734941] Node 0 DMA: 3*4kB (UME) 4*8kB (UEH) 4*16kB (UMH) 4*32kB (UM) 5*64kB (UEH) 2*128kB (UE) 2*256kB (EH) 4*512kB (UMEH) 3*1024kB (MEH) 2*2048kB (UE) 0*4096kB = 10540kB [ 1889.751260] Node 0 DMA32: 765*4kB (ME) 640*8kB (UME) 65*16kB (UME) 575*32kB (UME) 181*64kB (UME) 34*128kB (UME) 12*256kB (U) 0*512kB 0*1024kB 0*2048kB 0*4096kB = 46628kB [ 1889.767057] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 1889.778782] Node 1 Normal: 37*4kB (EH) 38*8kB (UEH) 2001*16kB (UEH) 1581*32kB (UMEH) 816*64kB (UMH) 48*128kB (UH) 35*256kB (U) 25*512kB (U) 0*1024kB 0*2048kB 0*4096kB = 163188kB 11:39:59 executing program 2: r0 = getpid() r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/schedstat\x00', 0x0, 0x0) lseek(r1, 0x1, 0x0) sendmsg$NFNL_MSG_CTHELPER_NEW(r1, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000080)={&(0x7f0000000240)={0x4c, 0x0, 0x9, 0x3, 0x0, 0x0, {0x0, 0x0, 0x8}, [@NFCTH_NAME={0x9, 0x1, 'syz0\x00'}, @NFCTH_NAME={0x9, 0x1, 'syz0\x00'}, @NFCTH_STATUS={0x8}, @NFCTH_TUPLE={0xc, 0x2, [@CTA_TUPLE_ZONE={0x6}]}, @NFCTH_NAME={0x9, 0x1, 'syz0\x00'}]}, 0x4c}}, 0x8011) sched_setscheduler(r0, 0x5, &(0x7f0000000380)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, &(0x7f0000000200)='/dev/vsock\x00', 0x0, 0x0) socket$pptp(0x18, 0x1, 0x2) openat$sequencer(0xffffffffffffff9c, 0x0, 0x801, 0x0) inotify_init1(0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer\x00', 0x801, 0x0) syz_open_dev$vivid(&(0x7f0000000540)='/dev/video#\x00', 0x0, 0x2) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000380)={[0x0, 0xf0, 0xfffffffffffffffc, 0x1, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) 11:39:59 executing program 4: set_mempolicy(0x2, &(0x7f00000000c0), 0x0) r0 = openat$ion(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/ion\x00', 0x0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) dup2(r1, r1) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f00000001c0)={0x10010005, 0xffffffffffffffff}) 11:39:59 executing program 3: socket$nl_xfrm(0x10, 0x3, 0x6) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x20}, 0x0) r1 = open(0x0, 0x8001141042, 0x0) add_key$user(0x0, &(0x7f0000000040)={'syz', 0x0}, &(0x7f0000000280)='f', 0x1, 0xfffffffffffffffd) keyctl$clear(0x7, 0x0) request_key(0x0, &(0x7f0000000180)={'syz', 0x0}, 0x0, 0x0) write(r1, &(0x7f0000000000)="b6", 0xfffffe7e) pipe(&(0x7f00000001c0)={0xffffffffffffffff}) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) ioctl$TCSETXW(0xffffffffffffffff, 0x5435, &(0x7f00000000c0)={0x0, 0x0, [0x0, 0x0, 0x6, 0x2], 0x8}) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000480)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x0, 0x0) [ 1889.795372] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1889.805715] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1889.814505] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1889.825857] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1889.835439] 4446 total pagecache pages [ 1889.839713] 0 pages in swap cache [ 1889.843729] Swap cache stats: add 0, delete 0, find 0/0 11:39:59 executing program 4: set_mempolicy(0x2, &(0x7f00000000c0), 0x0) r0 = openat$ion(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/ion\x00', 0x0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) dup2(r1, r1) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f00000001c0)={0x10010005, 0xffffffffffffffff}) [ 1889.849413] Free swap = 0kB [ 1889.860331] Total swap = 0kB [ 1889.863475] 1965979 pages RAM [ 1889.866672] 0 pages HighMem/MovableOnly [ 1889.871166] 335855 pages reserved [ 1889.874728] 0 pages cma reserved 11:39:59 executing program 1: perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/fuse\x00', 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000240)='fuse\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) preadv(r0, &(0x7f0000000380)=[{&(0x7f0000000300)=""/101, 0x65}], 0x1, 0x0) lremovexattr(&(0x7f0000000000)='./file0\x00', &(0x7f0000000640)=ANY=[@ANYBLOB="bc93"]) preadv(r0, &(0x7f0000000740)=[{&(0x7f0000000480)=""/164, 0xa4}], 0x1, 0x0) write$FUSE_DIRENTPLUS(r0, &(0x7f00000007c0)={0x10, 0x0, 0x2}, 0x10) 11:39:59 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) sendmsg$IPVS_CMD_DEL_DAEMON(0xffffffffffffffff, &(0x7f0000000380)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x10000000}, 0xc, 0x0}, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x4, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000, 0x1, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 11:39:59 executing program 4: set_mempolicy(0x2, &(0x7f00000000c0), 0x0) r0 = openat$ion(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/ion\x00', 0x0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) dup2(r1, r1) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f00000001c0)={0x10010005, 0xffffffffffffffff}) 11:39:59 executing program 0: set_mempolicy(0x0, 0x0, 0x2) r0 = openat$ion(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/ion\x00', 0x0, 0x0) dup2(0xffffffffffffffff, 0xffffffffffffffff) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f00000001c0)={0x10010005, 0xffffffffffffffff}) 11:40:00 executing program 3: socket$nl_xfrm(0x10, 0x3, 0x6) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x20}, 0x0) r1 = open(0x0, 0x8001141042, 0x0) add_key$user(0x0, &(0x7f0000000040)={'syz', 0x0}, &(0x7f0000000280)='f', 0x1, 0xfffffffffffffffd) keyctl$clear(0x7, 0x0) request_key(0x0, &(0x7f0000000180)={'syz', 0x0}, 0x0, 0x0) write(r1, &(0x7f0000000000)="b6", 0xfffffe7e) pipe(&(0x7f00000001c0)={0xffffffffffffffff}) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) ioctl$TCSETXW(0xffffffffffffffff, 0x5435, &(0x7f00000000c0)={0x0, 0x0, [0x0, 0x0, 0x6, 0x2], 0x8}) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000480)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x0, 0x0) 11:40:00 executing program 5: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000600)="6653070000053c07bc3376003639405cb4aed12f000000000015ffa8ee79cfde47a110126616e608ceae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d4979e65199615607672c5995c9e79066e3ceb991601d4b8a6355ddc55368aa1938f1a25958737a63d7da119b71c4444cf18e38d2b30dbb21ad45e199815491be65cb154ad160c3b3ea8100cbb96a06f8b0dd4c6ad7ec5678f5900c32c2393f1d4010577a7ab0f26501c03a7c3e1d2104e948cd2a88309f748594f12bf72a1390327ba114af6071764f185268dac8650786bc215fe30e91909a321591f55cda9a591e6fc80509aa1bc925423384eeffffff6899ad18b091791dfb8be2d9c70315619ea42f0ecb26eb3c87702cf6d85025f46aef88118dd9b12c7b39791562be3e200d28d836ae7832f9d3b506e8838b7a1697", 0x139}], 0x4, 0x0) sendmsg(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0xffffffffffffff0d, 0x0, 0x0, 0x0, 0xfd9c}, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0xe) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ptrace$cont(0x20, r0, 0x0, 0x0) [ 1890.949335] audit: type=1400 audit(1581680400.186:387): avc: denied { module_load } for pid=24664 comm="syz-executor.5" path="/sys/kernel/debug/kcov" dev="debugfs" ino=67 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:debugfs_t:s0 tclass=system permissive=1 11:40:00 executing program 1: perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/fuse\x00', 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000240)='fuse\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) preadv(r0, &(0x7f0000000380)=[{&(0x7f0000000300)=""/101, 0x65}], 0x1, 0x0) lremovexattr(&(0x7f0000000000)='./file0\x00', &(0x7f0000000640)=ANY=[@ANYBLOB="bc93"]) preadv(r0, &(0x7f0000000740)=[{&(0x7f0000000480)=""/164, 0xa4}], 0x1, 0x0) write$FUSE_DIRENTPLUS(r0, &(0x7f00000007c0)={0x10, 0x0, 0x2}, 0x10) [ 1891.179665] syz-executor.4: page allocation failure: order:4, mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask=(null) [ 1891.218461] syz-executor.4 cpuset=syz4 mems_allowed=0-1 [ 1891.236049] CPU: 1 PID: 24655 Comm: syz-executor.4 Not tainted 4.14.170-syzkaller #0 [ 1891.244323] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1891.253687] Call Trace: [ 1891.256276] dump_stack+0x142/0x197 [ 1891.259915] warn_alloc.cold+0x96/0x1af [ 1891.263891] ? zone_watermark_ok_safe+0x2b0/0x2b0 [ 1891.271262] ? __alloc_pages_direct_compact+0xbc/0x380 [ 1891.276549] __alloc_pages_slowpath+0x23c6/0x2930 [ 1891.281402] ? save_trace+0x290/0x290 [ 1891.285219] ? warn_alloc+0xf0/0xf0 [ 1891.288859] ? __might_sleep+0x93/0xb0 [ 1891.292755] __alloc_pages_nodemask+0x62c/0x7a0 [ 1891.297430] ? lock_downgrade+0x740/0x740 [ 1891.301583] ? __alloc_pages_slowpath+0x2930/0x2930 [ 1891.306616] alloc_pages_current+0xec/0x1e0 [ 1891.310945] ion_page_pool_alloc+0x11f/0x1c0 [ 1891.315362] ion_system_heap_allocate+0x138/0x910 [ 1891.320213] ? ion_alloc+0x19b/0x860 [ 1891.323930] ? rcu_read_lock_sched_held+0x110/0x130 [ 1891.328950] ? ion_system_heap_free+0x250/0x250 [ 1891.333608] ion_alloc+0x222/0x860 [ 1891.337135] ? ion_dma_buf_release+0x50/0x50 [ 1891.341532] ? kasan_check_write+0x14/0x20 [ 1891.345751] ? _copy_from_user+0x99/0x110 [ 1891.349885] ion_ioctl+0x105/0x217 [ 1891.353435] ? ion_alloc.cold+0x40/0x40 [ 1891.357398] ? ion_alloc.cold+0x40/0x40 [ 1891.361358] do_vfs_ioctl+0x7ae/0x1060 [ 1891.365233] ? selinux_file_mprotect+0x5d0/0x5d0 [ 1891.369979] ? lock_downgrade+0x740/0x740 [ 1891.374115] ? ioctl_preallocate+0x1c0/0x1c0 [ 1891.378508] ? __fget+0x237/0x370 [ 1891.381950] ? security_file_ioctl+0x89/0xb0 [ 1891.386344] SyS_ioctl+0x8f/0xc0 [ 1891.389694] ? do_vfs_ioctl+0x1060/0x1060 [ 1891.393827] do_syscall_64+0x1e8/0x640 [ 1891.397729] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1891.402582] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 1891.407765] RIP: 0033:0x45c6c9 [ 1891.411032] RSP: 002b:00007f475dc27c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1891.418735] RAX: ffffffffffffffda RBX: 00007f475dc286d4 RCX: 000000000045c6c9 [ 1891.425989] RDX: 00000000200001c0 RSI: 00000000c0184900 RDI: 0000000000000003 [ 1891.433245] RBP: 000000000076bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1891.440517] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 1891.447784] R13: 0000000000000360 R14: 00000000004c5b9c R15: 000000000076bf2c [ 1891.487831] syz-executor.0: page allocation failure: order:4, mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask=(null) [ 1891.529483] syz-executor.0 cpuset=syz0 mems_allowed=0-1 [ 1891.540841] CPU: 1 PID: 24659 Comm: syz-executor.0 Not tainted 4.14.170-syzkaller #0 [ 1891.548744] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1891.558093] Call Trace: [ 1891.560690] dump_stack+0x142/0x197 [ 1891.564319] warn_alloc.cold+0x96/0x1af [ 1891.568293] ? zone_watermark_ok_safe+0x2b0/0x2b0 [ 1891.573169] ? __alloc_pages_direct_compact+0xbc/0x380 [ 1891.578450] __alloc_pages_slowpath+0x23c6/0x2930 [ 1891.583303] ? save_trace+0x290/0x290 [ 1891.587109] ? warn_alloc+0xf0/0xf0 [ 1891.590744] ? __might_sleep+0x93/0xb0 [ 1891.594632] __alloc_pages_nodemask+0x62c/0x7a0 [ 1891.599308] ? lock_downgrade+0x740/0x740 [ 1891.603457] ? __alloc_pages_slowpath+0x2930/0x2930 [ 1891.608476] ? save_trace+0x290/0x290 [ 1891.612277] alloc_pages_current+0xec/0x1e0 [ 1891.616597] ion_page_pool_alloc+0x11f/0x1c0 [ 1891.621005] ion_system_heap_allocate+0x138/0x910 [ 1891.625848] ? ion_alloc+0x19b/0x860 [ 1891.629559] ? rcu_read_lock_sched_held+0x110/0x130 [ 1891.634575] ? ion_system_heap_free+0x250/0x250 [ 1891.639251] ion_alloc+0x222/0x860 [ 1891.642797] ? ion_dma_buf_release+0x50/0x50 [ 1891.647207] ? kasan_check_write+0x14/0x20 [ 1891.651447] ? _copy_from_user+0x99/0x110 [ 1891.655606] ion_ioctl+0x105/0x217 [ 1891.659155] ? ion_alloc.cold+0x40/0x40 [ 1891.663141] ? ion_alloc.cold+0x40/0x40 [ 1891.667120] do_vfs_ioctl+0x7ae/0x1060 [ 1891.671014] ? selinux_file_mprotect+0x5d0/0x5d0 [ 1891.675948] ? lock_downgrade+0x740/0x740 [ 1891.680101] ? ioctl_preallocate+0x1c0/0x1c0 [ 1891.684517] ? __fget+0x237/0x370 [ 1891.687981] ? security_file_ioctl+0x89/0xb0 [ 1891.692399] SyS_ioctl+0x8f/0xc0 [ 1891.695773] ? do_vfs_ioctl+0x1060/0x1060 [ 1891.699927] do_syscall_64+0x1e8/0x640 [ 1891.703816] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1891.708671] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 1891.713864] RIP: 0033:0x45c6c9 [ 1891.717059] RSP: 002b:00007f8987cbfc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1891.724771] RAX: ffffffffffffffda RBX: 00007f8987cc06d4 RCX: 000000000045c6c9 [ 1891.732040] RDX: 00000000200001c0 RSI: 00000000c0184900 RDI: 0000000000000003 [ 1891.739307] RBP: 000000000076bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1891.746576] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 1891.753842] R13: 0000000000000360 R14: 00000000004c5b9c R15: 000000000076bf2c [ 1891.950087] Mem-Info: [ 1891.952571] active_anon:1137970 inactive_anon:469 isolated_anon:24 [ 1891.952571] active_file:320 inactive_file:287 isolated_file:7 [ 1891.952571] unevictable:0 dirty:13 writeback:0 unstable:0 [ 1891.952571] slab_reclaimable:20596 slab_unreclaimable:124840 [ 1891.952571] mapped:52584 shmem:523 pagetables:17791 bounce:0 [ 1891.952571] free:35761 free_pcp:390 free_cma:0 11:40:01 executing program 1: perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/fuse\x00', 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000240)='fuse\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) preadv(r0, &(0x7f0000000380)=[{&(0x7f0000000300)=""/101, 0x65}], 0x1, 0x0) lremovexattr(&(0x7f0000000000)='./file0\x00', &(0x7f0000000640)=ANY=[@ANYBLOB="bc93"]) preadv(r0, &(0x7f0000000740)=[{&(0x7f0000000480)=""/164, 0xa4}], 0x1, 0x0) write$FUSE_DIRENTPLUS(r0, &(0x7f00000007c0)={0x10, 0x0, 0x2}, 0x10) [ 1892.055236] Node 0 active_anon:1552848kB inactive_anon:1860kB active_file:744kB inactive_file:1888kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:210528kB dirty:24kB writeback:0kB shmem:2072kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 808960kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1892.152764] Node 1 active_anon:2998912kB inactive_anon:24kB active_file:1452kB inactive_file:4672kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:4192kB dirty:4kB writeback:0kB shmem:24kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 151552kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1892.250506] Node 0 DMA free:10484kB min:216kB low:268kB high:320kB active_anon:4556kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:32kB pagetables:4kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1892.340102] lowmem_reserve[]: 0 2569 2569 2569 2569 [ 1892.345189] Node 0 DMA32 free:35836kB min:36384kB low:45480kB high:54576kB active_anon:1548236kB inactive_anon:1880kB active_file:552kB inactive_file:684kB unevictable:0kB writepending:44kB present:3129332kB managed:2634396kB mlocked:0kB kernel_stack:10112kB pagetables:26392kB bounce:0kB free_pcp:1068kB local_pcp:388kB free_cma:0kB [ 1892.416410] lowmem_reserve[]: 0 0 0 0 0 [ 1892.420859] Node 0 Normal free:0kB min:0kB low:0kB high:0kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:0kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1892.448334] lowmem_reserve[]: 0 0 0 0 0 [ 1892.453090] Node 1 Normal free:53264kB min:53504kB low:66880kB high:80256kB active_anon:2998912kB inactive_anon:24kB active_file:2360kB inactive_file:3712kB unevictable:0kB writepending:4kB present:3932160kB managed:3870192kB mlocked:0kB kernel_stack:15584kB pagetables:44848kB bounce:0kB free_pcp:1120kB local_pcp:476kB free_cma:0kB [ 1892.483832] lowmem_reserve[]: 0 0 0 0 0 [ 1892.488482] Node 0 DMA: 3*4kB (UME) 3*8kB (EH) 3*16kB (UMH) 3*32kB (UM) 5*64kB (UEH) 2*128kB (UE) 2*256kB (EH) 4*512kB (UMEH) 3*1024kB (MEH) 2*2048kB (UE) 0*4096kB = 10484kB [ 1892.506447] Node 0 DMA32: 2557*4kB (UME) 615*8kB (UME) 136*16kB (UME) 515*32kB (UME) 19*64kB (UM) 8*128kB (UM) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 36044kB [ 1892.552166] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 1892.605219] Node 1 Normal: 64*4kB (UMEH) 22*8kB (UMH) 246*16kB (UEH) 1576*32kB (UEH) 5*64kB (H) 7*128kB (H) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 56016kB [ 1892.625717] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1892.635094] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1892.650762] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1892.672286] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1892.691069] 1377 total pagecache pages [ 1892.695442] 0 pages in swap cache [ 1892.699355] Swap cache stats: add 0, delete 0, find 0/0 [ 1892.709779] Free swap = 0kB [ 1892.714363] Total swap = 0kB [ 1892.718094] 1965979 pages RAM [ 1892.728367] 0 pages HighMem/MovableOnly [ 1892.732908] 335855 pages reserved [ 1892.779888] 0 pages cma reserved 11:40:02 executing program 0: set_mempolicy(0x0, 0x0, 0x2) r0 = openat$ion(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/ion\x00', 0x0, 0x0) dup2(0xffffffffffffffff, 0xffffffffffffffff) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f00000001c0)={0x10010005, 0xffffffffffffffff}) 11:40:02 executing program 4: set_mempolicy(0x2, &(0x7f00000000c0), 0x2) r0 = openat$ion(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) dup2(r1, r1) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f00000001c0)={0x10010005, 0xffffffffffffffff}) 11:40:02 executing program 3: socket$nl_xfrm(0x10, 0x3, 0x6) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x20}, 0x0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x0, 0x0) add_key$user(0x0, &(0x7f0000000040)={'syz', 0x0}, &(0x7f0000000280)='f', 0x1, 0xfffffffffffffffd) keyctl$clear(0x7, 0x0) request_key(0x0, &(0x7f0000000180)={'syz', 0x0}, 0x0, 0x0) write(r1, &(0x7f0000000000)="b6", 0xfffffe7e) pipe(&(0x7f00000001c0)={0xffffffffffffffff}) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) ioctl$TCSETXW(0xffffffffffffffff, 0x5435, &(0x7f00000000c0)={0x0, 0x0, [0x0, 0x0, 0x6, 0x2], 0x8}) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000480)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x0, 0x0) 11:40:02 executing program 1: perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/fuse\x00', 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000240)='fuse\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) preadv(r0, &(0x7f0000000380)=[{&(0x7f0000000300)=""/101, 0x65}], 0x1, 0x0) lremovexattr(&(0x7f0000000000)='./file0\x00', &(0x7f0000000640)=ANY=[@ANYBLOB="bc93"]) write$FUSE_INIT(r0, &(0x7f0000000100)={0x50, 0x0, 0x1, {0x7, 0x1e}}, 0x50) write$FUSE_DIRENTPLUS(r0, &(0x7f00000007c0)={0x10, 0x0, 0x2}, 0x10) 11:40:02 executing program 4: set_mempolicy(0x2, &(0x7f00000000c0), 0x2) r0 = openat$ion(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) dup2(r1, r1) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f00000001c0)={0x10010005, 0xffffffffffffffff}) 11:40:02 executing program 2: r0 = getpid() r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/schedstat\x00', 0x0, 0x0) lseek(r1, 0x1, 0x0) sendmsg$NFNL_MSG_CTHELPER_NEW(r1, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000080)={&(0x7f0000000240)={0x4c, 0x0, 0x9, 0x3, 0x0, 0x0, {0x0, 0x0, 0x8}, [@NFCTH_NAME={0x9, 0x1, 'syz0\x00'}, @NFCTH_NAME={0x9, 0x1, 'syz0\x00'}, @NFCTH_STATUS={0x8}, @NFCTH_TUPLE={0xc, 0x2, [@CTA_TUPLE_ZONE={0x6}]}, @NFCTH_NAME={0x9, 0x1, 'syz0\x00'}]}, 0x4c}}, 0x8011) sched_setscheduler(r0, 0x5, &(0x7f0000000380)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, &(0x7f0000000200)='/dev/vsock\x00', 0x0, 0x0) socket$pptp(0x18, 0x1, 0x2) openat$sequencer(0xffffffffffffff9c, 0x0, 0x801, 0x0) poll(0x0, 0x0, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer\x00', 0x801, 0x0) syz_open_dev$vivid(&(0x7f0000000540)='/dev/video#\x00', 0x0, 0x2) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000380)={[0x0, 0xf0, 0xfffffffffffffffc, 0x1, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) 11:40:02 executing program 4: set_mempolicy(0x2, &(0x7f00000000c0), 0x2) r0 = openat$ion(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) dup2(r1, r1) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f00000001c0)={0x10010005, 0xffffffffffffffff}) 11:40:02 executing program 0: set_mempolicy(0x0, 0x0, 0x2) r0 = openat$ion(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/ion\x00', 0x0, 0x0) dup2(0xffffffffffffffff, 0xffffffffffffffff) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f00000001c0)={0x10010005, 0xffffffffffffffff}) 11:40:02 executing program 4: set_mempolicy(0x2, &(0x7f00000000c0), 0x2) r0 = openat$ion(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/ion\x00', 0x0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) dup2(0xffffffffffffffff, r1) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f00000001c0)={0x10010005, 0xffffffffffffffff}) 11:40:03 executing program 0: set_mempolicy(0x0, &(0x7f00000000c0), 0x0) r0 = openat$ion(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/ion\x00', 0x0, 0x0) dup2(0xffffffffffffffff, 0xffffffffffffffff) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f00000001c0)={0x10010005, 0xffffffffffffffff}) 11:40:03 executing program 4: set_mempolicy(0x2, &(0x7f00000000c0), 0x2) r0 = openat$ion(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/ion\x00', 0x0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) dup2(0xffffffffffffffff, r1) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f00000001c0)={0x10010005, 0xffffffffffffffff}) 11:40:03 executing program 2: r0 = getpid() r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/schedstat\x00', 0x0, 0x0) lseek(r1, 0x1, 0x0) sendmsg$NFNL_MSG_CTHELPER_NEW(r1, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000080)={&(0x7f0000000240)={0x4c, 0x0, 0x9, 0x3, 0x0, 0x0, {0x0, 0x0, 0x8}, [@NFCTH_NAME={0x9, 0x1, 'syz0\x00'}, @NFCTH_NAME={0x9, 0x1, 'syz0\x00'}, @NFCTH_STATUS={0x8}, @NFCTH_TUPLE={0xc, 0x2, [@CTA_TUPLE_ZONE={0x6}]}, @NFCTH_NAME={0x9, 0x1, 'syz0\x00'}]}, 0x4c}}, 0x8011) sched_setscheduler(r0, 0x5, &(0x7f0000000380)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, &(0x7f0000000200)='/dev/vsock\x00', 0x0, 0x0) socket$pptp(0x18, 0x1, 0x2) openat$sequencer(0xffffffffffffff9c, 0x0, 0x801, 0x0) poll(0x0, 0x0, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer\x00', 0x801, 0x0) syz_open_dev$vivid(&(0x7f0000000540)='/dev/video#\x00', 0x0, 0x2) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000380)={[0x0, 0xf0, 0xfffffffffffffffc, 0x1, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) 11:40:03 executing program 5: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000600)="6653070000053c07bc3376003639405cb4aed12f000000000015ffa8ee79cfde47a110126616e608ceae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d4979e65199615607672c5995c9e79066e3ceb991601d4b8a6355ddc55368aa1938f1a25958737a63d7da119b71c4444cf18e38d2b30dbb21ad45e199815491be65cb154ad160c3b3ea8100cbb96a06f8b0dd4c6ad7ec5678f5900c32c2393f1d4010577a7ab0f26501c03a7c3e1d2104e948cd2a88309f748594f12bf72a1390327ba114af6071764f185268dac8650786bc215fe30e91909a321591f55cda9a591e6fc80509aa1bc925423384eeffffff6899ad18b091791dfb8be2d9c70315619ea42f0ecb26eb3c87702cf6d85025f46aef88118dd9b12c7b39791562be3e200d28d836ae7832f9d3b506e8838b7a1697", 0x139}], 0x4, 0x0) sendmsg(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0xffffffffffffff0d, 0x0, 0x0, 0x0, 0xfd9c}, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0xe) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ptrace$cont(0x20, r0, 0x0, 0x0) 11:40:03 executing program 1: perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/fuse\x00', 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000240)='fuse\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) preadv(r0, &(0x7f0000000380)=[{&(0x7f0000000300)=""/101, 0x65}], 0x1, 0x0) lremovexattr(&(0x7f0000000000)='./file0\x00', &(0x7f0000000640)=ANY=[@ANYBLOB="bc93"]) write$FUSE_INIT(r0, &(0x7f0000000100)={0x50, 0x0, 0x1, {0x7, 0x1e}}, 0x50) write$FUSE_DIRENTPLUS(r0, &(0x7f00000007c0)={0x10, 0x0, 0x2}, 0x10) 11:40:03 executing program 0: set_mempolicy(0x0, &(0x7f00000000c0), 0x0) r0 = openat$ion(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/ion\x00', 0x0, 0x0) dup2(0xffffffffffffffff, 0xffffffffffffffff) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f00000001c0)={0x10010005, 0xffffffffffffffff}) 11:40:03 executing program 3: socket$nl_xfrm(0x10, 0x3, 0x6) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x20}, 0x0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x0, 0x0) add_key$user(0x0, &(0x7f0000000040)={'syz', 0x0}, &(0x7f0000000280)='f', 0x1, 0xfffffffffffffffd) keyctl$clear(0x7, 0x0) request_key(0x0, &(0x7f0000000180)={'syz', 0x0}, 0x0, 0x0) write(r1, &(0x7f0000000000)="b6", 0xfffffe7e) pipe(&(0x7f00000001c0)={0xffffffffffffffff}) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) ioctl$TCSETXW(0xffffffffffffffff, 0x5435, &(0x7f00000000c0)={0x0, 0x0, [0x0, 0x0, 0x6, 0x2], 0x8}) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000480)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x0, 0x0) [ 1894.345151] syz-executor.0: page allocation failure: order:4, mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask=(null) [ 1894.370966] syz-executor.0 cpuset=syz0 mems_allowed=0-1 [ 1894.378739] CPU: 0 PID: 24745 Comm: syz-executor.0 Not tainted 4.14.170-syzkaller #0 [ 1894.386639] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1894.396000] Call Trace: [ 1894.398610] dump_stack+0x142/0x197 [ 1894.402253] warn_alloc.cold+0x96/0x1af [ 1894.406234] ? zone_watermark_ok_safe+0x2b0/0x2b0 [ 1894.411098] ? __alloc_pages_direct_compact+0x290/0x380 [ 1894.416471] __alloc_pages_slowpath+0x23c6/0x2930 [ 1894.421431] ? save_trace+0x290/0x290 [ 1894.425247] ? warn_alloc+0xf0/0xf0 [ 1894.428886] ? __might_sleep+0x93/0xb0 [ 1894.432788] __alloc_pages_nodemask+0x62c/0x7a0 [ 1894.437692] ? lock_downgrade+0x740/0x740 [ 1894.441858] ? __alloc_pages_slowpath+0x2930/0x2930 [ 1894.446879] ? __sanitizer_cov_trace_pc+0x3e/0x60 [ 1894.451717] alloc_pages_current+0xec/0x1e0 [ 1894.456037] ion_page_pool_alloc+0x11f/0x1c0 [ 1894.460437] ion_system_heap_allocate+0x138/0x910 [ 1894.465275] ? ion_alloc+0x19b/0x860 [ 1894.468973] ? rcu_read_lock_sched_held+0x110/0x130 [ 1894.473984] ? ion_system_heap_free+0x250/0x250 [ 1894.478652] ion_alloc+0x222/0x860 [ 1894.482192] ? ion_dma_buf_release+0x50/0x50 [ 1894.487467] ? kasan_check_write+0x14/0x20 [ 1894.491694] ? _copy_from_user+0x99/0x110 [ 1894.495839] ion_ioctl+0x105/0x217 [ 1894.499365] ? ion_alloc.cold+0x40/0x40 [ 1894.503331] ? ion_alloc.cold+0x40/0x40 [ 1894.507318] do_vfs_ioctl+0x7ae/0x1060 [ 1894.511207] ? selinux_file_mprotect+0x5d0/0x5d0 [ 1894.515982] ? lock_downgrade+0x740/0x740 [ 1894.520138] ? ioctl_preallocate+0x1c0/0x1c0 [ 1894.524538] ? __fget+0x237/0x370 [ 1894.527998] ? security_file_ioctl+0x89/0xb0 [ 1894.532409] SyS_ioctl+0x8f/0xc0 [ 1894.535849] ? do_vfs_ioctl+0x1060/0x1060 [ 1894.539997] do_syscall_64+0x1e8/0x640 [ 1894.543888] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1894.548730] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 1894.553911] RIP: 0033:0x45c6c9 [ 1894.557213] RSP: 002b:00007f8987cbfc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1894.564920] RAX: ffffffffffffffda RBX: 00007f8987cc06d4 RCX: 000000000045c6c9 [ 1894.572184] RDX: 00000000200001c0 RSI: 00000000c0184900 RDI: 0000000000000003 [ 1894.579549] RBP: 000000000076bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1894.586812] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 1894.594073] R13: 0000000000000360 R14: 00000000004c5b9c R15: 000000000076bf2c [ 1894.638586] warn_alloc_show_mem: 1 callbacks suppressed [ 1894.638590] Mem-Info: [ 1894.655249] active_anon:1138021 inactive_anon:478 isolated_anon:24 [ 1894.655249] active_file:1563 inactive_file:2339 isolated_file:61 [ 1894.655249] unevictable:0 dirty:96 writeback:0 unstable:0 [ 1894.655249] slab_reclaimable:20249 slab_unreclaimable:124790 [ 1894.655249] mapped:55128 shmem:531 pagetables:17868 bounce:0 [ 1894.655249] free:73969 free_pcp:130 free_cma:0 [ 1894.694916] Node 0 active_anon:1553480kB inactive_anon:1912kB active_file:2160kB inactive_file:5216kB unevictable:0kB isolated(anon):96kB isolated(file):0kB mapped:213144kB dirty:280kB writeback:0kB shmem:2124kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 808960kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1894.735022] Node 1 active_anon:2998604kB inactive_anon:0kB active_file:4092kB inactive_file:4140kB unevictable:0kB isolated(anon):0kB isolated(file):244kB mapped:7368kB dirty:104kB writeback:0kB shmem:0kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 151552kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1894.780210] Node 0 DMA free:10640kB min:216kB low:268kB high:320kB active_anon:4556kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:32kB pagetables:4kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1894.808051] syz-executor.4: page allocation failure: order:4, mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask=(null) [ 1894.820247] lowmem_reserve[]: 0 2569 2569 2569 2569 [ 1894.825293] Node 0 DMA32 free:146576kB min:36384kB low:45480kB high:54576kB active_anon:1548932kB inactive_anon:1884kB active_file:2144kB inactive_file:5224kB unevictable:0kB writepending:300kB present:3129332kB managed:2634396kB mlocked:0kB kernel_stack:10656kB pagetables:26920kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1894.830143] syz-executor.4 cpuset= [ 1894.858470] lowmem_reserve[]: [ 1894.859901] syz4 [ 1894.862785] 0 [ 1894.865944] mems_allowed=0-1 [ 1894.867617] 0 [ 1894.869150] CPU: 0 PID: 24734 Comm: syz-executor.4 Not tainted 4.14.170-syzkaller #0 [ 1894.872636] 0 [ 1894.873949] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1894.873954] Call Trace: [ 1894.873972] dump_stack+0x142/0x197 [ 1894.873988] warn_alloc.cold+0x96/0x1af [ 1894.873999] ? zone_watermark_ok_safe+0x2b0/0x2b0 [ 1894.882118] 0 [ 1894.883663] ? __alloc_pages_direct_compact+0xbc/0x380 [ 1894.883678] __alloc_pages_slowpath+0x23c6/0x2930 [ 1894.883700] ? save_trace+0x290/0x290 [ 1894.893748] 0 [ 1894.895631] ? warn_alloc+0xf0/0xf0 [ 1894.895653] ? __might_sleep+0x93/0xb0 [ 1894.895669] __alloc_pages_nodemask+0x62c/0x7a0 [ 1894.903255] ? lock_downgrade+0x740/0x740 [ 1894.903267] ? __alloc_pages_slowpath+0x2930/0x2930 [ 1894.903281] ? policy_nodemask+0x3c/0x150 [ 1894.903295] alloc_pages_current+0xec/0x1e0 [ 1894.903310] ion_page_pool_alloc+0x11f/0x1c0 [ 1894.903320] ion_system_heap_allocate+0x138/0x910 [ 1894.903330] ? ion_alloc+0x19b/0x860 [ 1894.903340] ? rcu_read_lock_sched_held+0x110/0x130 [ 1894.903354] ? ion_system_heap_free+0x250/0x250 11:40:04 executing program 4: set_mempolicy(0x2, &(0x7f00000000c0), 0x2) r0 = openat$ion(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/ion\x00', 0x0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) dup2(0xffffffffffffffff, r1) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f00000001c0)={0x10010005, 0xffffffffffffffff}) [ 1894.910803] Node 0 [ 1894.915273] ion_alloc+0x222/0x860 [ 1894.915291] ? ion_dma_buf_release+0x50/0x50 [ 1894.915306] ? kasan_check_write+0x14/0x20 [ 1894.915319] ? _copy_from_user+0x99/0x110 [ 1894.920489] Normal free:0kB min:0kB low:0kB high:0kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:0kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1894.923952] ion_ioctl+0x105/0x217 [ 1894.923964] ? ion_alloc.cold+0x40/0x40 [ 1894.923981] ? ion_alloc.cold+0x40/0x40 [ 1894.923993] do_vfs_ioctl+0x7ae/0x1060 [ 1894.924004] ? selinux_file_mprotect+0x5d0/0x5d0 [ 1894.924017] ? lock_downgrade+0x740/0x740 [ 1894.925984] lowmem_reserve[]: [ 1894.929422] ? ioctl_preallocate+0x1c0/0x1c0 [ 1894.929437] ? __fget+0x237/0x370 [ 1894.929453] ? security_file_ioctl+0x89/0xb0 [ 1894.929465] SyS_ioctl+0x8f/0xc0 [ 1894.934093] 0 [ 1894.938008] ? do_vfs_ioctl+0x1060/0x1060 [ 1894.938023] do_syscall_64+0x1e8/0x640 [ 1894.938034] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1894.938050] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 1894.938061] RIP: 0033:0x45c6c9 [ 1894.942405] 0 [ 1894.947202] RSP: 002b:00007f475dc27c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1894.947213] RAX: ffffffffffffffda RBX: 00007f475dc286d4 RCX: 000000000045c6c9 [ 1894.947219] RDX: 00000000200001c0 RSI: 00000000c0184900 RDI: 0000000000000003 [ 1894.947224] RBP: 000000000076bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1894.947230] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff 11:40:04 executing program 1: perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/fuse\x00', 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000240)='fuse\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) preadv(r0, &(0x7f0000000380)=[{&(0x7f0000000300)=""/101, 0x65}], 0x1, 0x0) lremovexattr(&(0x7f0000000000)='./file0\x00', &(0x7f0000000640)=ANY=[@ANYBLOB="bc93"]) write$FUSE_INIT(r0, &(0x7f0000000100)={0x50, 0x0, 0x1, {0x7, 0x1e}}, 0x50) write$FUSE_DIRENTPLUS(r0, &(0x7f00000007c0)={0x10, 0x0, 0x2}, 0x10) 11:40:04 executing program 3: socket$nl_xfrm(0x10, 0x3, 0x6) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x20}, 0x0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x0, 0x0) add_key$user(0x0, &(0x7f0000000040)={'syz', 0x0}, &(0x7f0000000280)='f', 0x1, 0xfffffffffffffffd) keyctl$clear(0x7, 0x0) request_key(0x0, &(0x7f0000000180)={'syz', 0x0}, 0x0, 0x0) write(r1, &(0x7f0000000000)="b6", 0xfffffe7e) pipe(&(0x7f00000001c0)={0xffffffffffffffff}) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) ioctl$TCSETXW(0xffffffffffffffff, 0x5435, &(0x7f00000000c0)={0x0, 0x0, [0x0, 0x0, 0x6, 0x2], 0x8}) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000480)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x0, 0x0) [ 1894.947236] R13: 0000000000000360 R14: 00000000004c5b9c R15: 000000000076bf2c 11:40:04 executing program 2: r0 = getpid() r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/schedstat\x00', 0x0, 0x0) lseek(r1, 0x1, 0x0) sendmsg$NFNL_MSG_CTHELPER_NEW(r1, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000080)={&(0x7f0000000240)={0x4c, 0x0, 0x9, 0x3, 0x0, 0x0, {0x0, 0x0, 0x8}, [@NFCTH_NAME={0x9, 0x1, 'syz0\x00'}, @NFCTH_NAME={0x9, 0x1, 'syz0\x00'}, @NFCTH_STATUS={0x8}, @NFCTH_TUPLE={0xc, 0x2, [@CTA_TUPLE_ZONE={0x6}]}, @NFCTH_NAME={0x9, 0x1, 'syz0\x00'}]}, 0x4c}}, 0x8011) sched_setscheduler(r0, 0x5, &(0x7f0000000380)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, &(0x7f0000000200)='/dev/vsock\x00', 0x0, 0x0) socket$pptp(0x18, 0x1, 0x2) openat$sequencer(0xffffffffffffff9c, 0x0, 0x801, 0x0) poll(0x0, 0x0, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer\x00', 0x801, 0x0) syz_open_dev$vivid(&(0x7f0000000540)='/dev/video#\x00', 0x0, 0x2) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000380)={[0x0, 0xf0, 0xfffffffffffffffc, 0x1, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) [ 1895.233180] syz-executor.4: page allocation failure: order:4, mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask=(null) [ 1895.245397] syz-executor.4 cpuset=syz4 mems_allowed=0-1 [ 1895.251316] CPU: 0 PID: 24763 Comm: syz-executor.4 Not tainted 4.14.170-syzkaller #0 [ 1895.259317] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1895.268682] Call Trace: [ 1895.271416] dump_stack+0x142/0x197 [ 1895.275050] warn_alloc.cold+0x96/0x1af [ 1895.279030] ? zone_watermark_ok_safe+0x2b0/0x2b0 [ 1895.283869] ? __alloc_pages_direct_compact+0x290/0x380 [ 1895.289231] __alloc_pages_slowpath+0x23c6/0x2930 [ 1895.294078] ? save_trace+0x290/0x290 [ 1895.297872] ? warn_alloc+0xf0/0xf0 [ 1895.301501] ? __might_sleep+0x93/0xb0 [ 1895.305402] __alloc_pages_nodemask+0x62c/0x7a0 [ 1895.310073] ? lock_downgrade+0x740/0x740 [ 1895.314221] ? __alloc_pages_slowpath+0x2930/0x2930 [ 1895.319241] alloc_pages_current+0xec/0x1e0 [ 1895.323577] ion_page_pool_alloc+0x11f/0x1c0 [ 1895.327971] ion_system_heap_allocate+0x138/0x910 [ 1895.332808] ? ion_alloc+0x19b/0x860 [ 1895.336508] ? rcu_read_lock_sched_held+0x110/0x130 [ 1895.341517] ? ion_system_heap_free+0x250/0x250 [ 1895.347649] ion_alloc+0x222/0x860 [ 1895.351187] ? ion_dma_buf_release+0x50/0x50 [ 1895.355593] ? kasan_check_write+0x14/0x20 [ 1895.359813] ? _copy_from_user+0x99/0x110 [ 1895.363959] ion_ioctl+0x105/0x217 [ 1895.367488] ? ion_alloc.cold+0x40/0x40 [ 1895.371450] ? ion_alloc.cold+0x40/0x40 [ 1895.375416] do_vfs_ioctl+0x7ae/0x1060 [ 1895.379294] ? selinux_file_mprotect+0x5d0/0x5d0 [ 1895.384045] ? lock_downgrade+0x740/0x740 [ 1895.388183] ? ioctl_preallocate+0x1c0/0x1c0 [ 1895.392676] ? __fget+0x237/0x370 [ 1895.396137] ? security_file_ioctl+0x89/0xb0 [ 1895.400537] SyS_ioctl+0x8f/0xc0 [ 1895.403891] ? do_vfs_ioctl+0x1060/0x1060 [ 1895.408026] do_syscall_64+0x1e8/0x640 [ 1895.411908] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1895.416745] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 1895.421925] RIP: 0033:0x45c6c9 [ 1895.425102] RSP: 002b:00007f475dc27c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1895.432793] RAX: ffffffffffffffda RBX: 00007f475dc286d4 RCX: 000000000045c6c9 [ 1895.440060] RDX: 00000000200001c0 RSI: 00000000c0184900 RDI: 0000000000000003 [ 1895.447353] RBP: 000000000076bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1895.454625] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 1895.461884] R13: 0000000000000360 R14: 00000000004c5b9c R15: 000000000076bf2c [ 1895.469464] 0 0 0 [ 1895.471835] Node 1 Normal free:204968kB min:53504kB low:66880kB high:80256kB active_anon:2998604kB inactive_anon:0kB active_file:4172kB inactive_file:3840kB unevictable:0kB writepending:112kB present:3932160kB managed:3870192kB mlocked:0kB kernel_stack:15424kB pagetables:44548kB bounce:0kB free_pcp:628kB local_pcp:628kB free_cma:0kB [ 1895.504329] lowmem_reserve[]: 0 0 0 0 0 [ 1895.510798] Node 0 DMA: 2*4kB (ME) 11*8kB (UEH) 7*16kB (UMH) 4*32kB (UM) 5*64kB (UEH) 2*128kB (UE) 2*256kB (EH) 4*512kB (UMEH) 3*1024kB (MEH) 2*2048kB (UE) 0*4096kB = 10640kB [ 1895.534889] Node 0 DMA32: 3034*4kB (UME) 4400*8kB (UME) 2839*16kB (UE) 1397*32kB (UME) 34*64kB (UM) 9*128kB (U) 4*256kB (UM) 0*512kB 0*1024kB 0*2048kB 0*4096kB = 141816kB [ 1895.550722] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 1895.562125] Node 1 Normal: 1978*4kB (UMEH) 4574*8kB (UMEH) 2599*16kB (UMEH) 1597*32kB (UMEH) 726*64kB (UMH) 25*128kB (UMH) 32*256kB (U) 19*512kB (U) 0*1024kB 0*2048kB 0*4096kB = 204776kB [ 1895.579369] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1895.588496] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1895.597249] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1895.606395] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1895.615109] 4388 total pagecache pages [ 1895.619022] 0 pages in swap cache [ 1895.622560] Swap cache stats: add 0, delete 0, find 0/0 [ 1895.627953] Free swap = 0kB [ 1895.631049] Total swap = 0kB [ 1895.634170] 1965979 pages RAM [ 1895.637273] 0 pages HighMem/MovableOnly [ 1895.641398] 335855 pages reserved [ 1895.645106] 0 pages cma reserved 11:40:05 executing program 4: set_mempolicy(0x2, &(0x7f00000000c0), 0x2) r0 = openat$ion(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/ion\x00', 0x0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) dup2(r1, 0xffffffffffffffff) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f00000001c0)={0x10010005, 0xffffffffffffffff}) 11:40:05 executing program 0: set_mempolicy(0x0, &(0x7f00000000c0), 0x0) r0 = openat$ion(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/ion\x00', 0x0, 0x0) dup2(0xffffffffffffffff, 0xffffffffffffffff) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f00000001c0)={0x10010005, 0xffffffffffffffff}) 11:40:05 executing program 4: set_mempolicy(0x2, &(0x7f00000000c0), 0x2) r0 = openat$ion(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/ion\x00', 0x0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) dup2(r1, 0xffffffffffffffff) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f00000001c0)={0x10010005, 0xffffffffffffffff}) 11:40:05 executing program 1: perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/fuse\x00', 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000240)='fuse\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) lremovexattr(&(0x7f0000000000)='./file0\x00', &(0x7f0000000640)=ANY=[@ANYBLOB="bc93"]) preadv(r0, &(0x7f0000000740)=[{&(0x7f0000000480)=""/164, 0xa4}], 0x1, 0x0) write$FUSE_INIT(r0, &(0x7f0000000100)={0x50, 0x0, 0x1, {0x7, 0x1e}}, 0x50) write$FUSE_DIRENTPLUS(r0, &(0x7f00000007c0)={0x10, 0x0, 0x2}, 0x10) [ 1896.346381] syz-executor.0: page allocation failure: order:4, mode:0x142c0c2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask=(null) [ 1896.384773] syz-executor.0 cpuset=syz0 mems_allowed=0-1 [ 1896.398922] CPU: 1 PID: 24786 Comm: syz-executor.0 Not tainted 4.14.170-syzkaller #0 [ 1896.406834] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1896.416191] Call Trace: [ 1896.418790] dump_stack+0x142/0x197 [ 1896.422426] warn_alloc.cold+0x96/0x1af [ 1896.426407] ? zone_watermark_ok_safe+0x2b0/0x2b0 [ 1896.431264] ? __alloc_pages_direct_compact+0x290/0x380 [ 1896.436636] __alloc_pages_slowpath+0x23c6/0x2930 [ 1896.441489] ? save_trace+0x290/0x290 [ 1896.445295] ? warn_alloc+0xf0/0xf0 [ 1896.448934] ? __might_sleep+0x93/0xb0 [ 1896.452842] __alloc_pages_nodemask+0x62c/0x7a0 [ 1896.457508] ? lock_downgrade+0x740/0x740 [ 1896.461644] ? __alloc_pages_slowpath+0x2930/0x2930 [ 1896.466654] alloc_pages_current+0xec/0x1e0 [ 1896.470963] ion_page_pool_alloc+0x11f/0x1c0 [ 1896.475356] ion_system_heap_allocate+0x138/0x910 [ 1896.480204] ? ion_alloc+0x19b/0x860 [ 1896.483901] ? rcu_read_lock_sched_held+0x110/0x130 [ 1896.488908] ? ion_system_heap_free+0x250/0x250 [ 1896.493562] ion_alloc+0x222/0x860 [ 1896.497088] ? ion_dma_buf_release+0x50/0x50 [ 1896.501483] ? kasan_check_write+0x14/0x20 [ 1896.505701] ? _copy_from_user+0x99/0x110 [ 1896.509838] ion_ioctl+0x105/0x217 [ 1896.513361] ? ion_alloc.cold+0x40/0x40 [ 1896.517326] ? ion_alloc.cold+0x40/0x40 [ 1896.521285] do_vfs_ioctl+0x7ae/0x1060 [ 1896.525155] ? selinux_file_mprotect+0x5d0/0x5d0 [ 1896.529893] ? lock_downgrade+0x740/0x740 [ 1896.534024] ? ioctl_preallocate+0x1c0/0x1c0 [ 1896.538416] ? __fget+0x237/0x370 [ 1896.541857] ? security_file_ioctl+0x89/0xb0 [ 1896.546256] SyS_ioctl+0x8f/0xc0 [ 1896.549603] ? do_vfs_ioctl+0x1060/0x1060 [ 1896.553737] do_syscall_64+0x1e8/0x640 [ 1896.557608] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1896.562437] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 1896.567610] RIP: 0033:0x45c6c9 [ 1896.570782] RSP: 002b:00007f8987cbfc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1896.578605] RAX: ffffffffffffffda RBX: 00007f8987cc06d4 RCX: 000000000045c6c9 [ 1896.585887] RDX: 00000000200001c0 RSI: 00000000c0184900 RDI: 0000000000000003 [ 1896.593144] RBP: 000000000076bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1896.601613] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 1896.608868] R13: 0000000000000360 R14: 00000000004c5b9c R15: 000000000076bf2c [ 1896.630096] warn_alloc_show_mem: 2 callbacks suppressed [ 1896.630101] Mem-Info: [ 1896.646460] active_anon:1138438 inactive_anon:477 isolated_anon:24 [ 1896.646460] active_file:1142 inactive_file:1711 isolated_file:0 [ 1896.646460] unevictable:0 dirty:20 writeback:0 unstable:0 [ 1896.646460] slab_reclaimable:19868 slab_unreclaimable:125353 [ 1896.646460] mapped:54256 shmem:531 pagetables:17755 bounce:0 [ 1896.646460] free:136312 free_pcp:328 free_cma:0 [ 1896.695205] Node 0 active_anon:1555148kB inactive_anon:1876kB active_file:2528kB inactive_file:5272kB unevictable:0kB isolated(anon):96kB isolated(file):0kB mapped:213212kB dirty:56kB writeback:0kB shmem:2092kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 808960kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1896.738812] Node 1 active_anon:2998704kB inactive_anon:32kB active_file:2540kB inactive_file:1572kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:4012kB dirty:24kB writeback:0kB shmem:32kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 151552kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1896.767442] Node 0 DMA free:10640kB min:216kB low:268kB high:320kB active_anon:4556kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:32kB pagetables:4kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1896.795386] lowmem_reserve[]: 0 2569 2569 2569 2569 [ 1896.800638] Node 0 DMA32 free:148280kB min:36384kB low:45480kB high:54576kB active_anon:1548668kB inactive_anon:1876kB active_file:2592kB inactive_file:5312kB unevictable:0kB writepending:120kB present:3129332kB managed:2634396kB mlocked:0kB kernel_stack:10368kB pagetables:26760kB bounce:0kB free_pcp:1044kB local_pcp:692kB free_cma:0kB [ 1896.841280] lowmem_reserve[]: 0 0 0 0 0 [ 1896.845432] Node 0 Normal free:0kB min:0kB low:0kB high:0kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:0kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1896.872272] lowmem_reserve[]: 0 0 0 0 0 [ 1896.876410] Node 1 Normal free:176628kB min:53504kB low:66880kB high:80256kB active_anon:2998708kB inactive_anon:20kB active_file:2664kB inactive_file:1448kB unevictable:0kB writepending:24kB present:3932160kB managed:3870192kB mlocked:0kB kernel_stack:15424kB pagetables:44504kB bounce:0kB free_pcp:504kB local_pcp:452kB free_cma:0kB [ 1896.907123] lowmem_reserve[]: 0 0 0 0 0 [ 1896.911670] Node 0 DMA: 2*4kB (ME) 11*8kB (UEH) 7*16kB (UMH) 4*32kB (UM) 5*64kB (UEH) 2*128kB (UE) 2*256kB (EH) 4*512kB (UMEH) 3*1024kB (MEH) 2*2048kB (UE) 0*4096kB = 10640kB [ 1896.928195] Node 0 DMA32: 4922*4kB (UME) 4452*8kB (UE) 2833*16kB (UE) 1407*32kB (UE) 2*64kB (UM) 1*128kB (M) 1*256kB (M) 1*512kB (M) 1*1024kB (M) 0*2048kB 0*4096kB = 147704kB 11:40:06 executing program 3: socket$nl_xfrm(0x10, 0x3, 0x6) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x20}, 0x0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x8001141042, 0x0) add_key$user(0x0, 0x0, &(0x7f0000000280)='f', 0x1, 0xfffffffffffffffd) keyctl$clear(0x7, 0x0) request_key(0x0, &(0x7f0000000180)={'syz', 0x0}, 0x0, 0x0) write(r1, &(0x7f0000000000)="b6", 0xfffffe7e) pipe(&(0x7f00000001c0)={0xffffffffffffffff}) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) ioctl$TCSETXW(0xffffffffffffffff, 0x5435, &(0x7f00000000c0)={0x0, 0x0, [0x0, 0x0, 0x6, 0x2], 0x8}) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000480)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x0, 0x0) 11:40:06 executing program 4: set_mempolicy(0x2, &(0x7f00000000c0), 0x2) r0 = openat$ion(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/ion\x00', 0x0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) dup2(r1, 0xffffffffffffffff) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f00000001c0)={0x10010005, 0xffffffffffffffff}) [ 1896.944385] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 1896.962629] Node 1 Normal: 2007*4kB (UMEH) 4601*8kB (UMEH) 2537*16kB (UEH) 1589*32kB (UEH) 38*64kB (MH) 9*128kB (UMH) 40*256kB (U) 52*512kB (U) 0*1024kB 0*2048kB 0*4096kB = 176724kB [ 1896.983678] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB 11:40:06 executing program 5: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000600)="6653070000053c07bc3376003639405cb4aed12f000000000015ffa8ee79cfde47a110126616e608ceae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d4979e65199615607672c5995c9e79066e3ceb991601d4b8a6355ddc55368aa1938f1a25958737a63d7da119b71c4444cf18e38d2b30dbb21ad45e199815491be65cb154ad160c3b3ea8100cbb96a06f8b0dd4c6ad7ec5678f5900c32c2393f1d4010577a7ab0f26501c03a7c3e1d2104e948cd2a88309f748594f12bf72a1390327ba114af6071764f185268dac8650786bc215fe30e91909a321591f55cda9a591e6fc80509aa1bc925423384eeffffff6899ad18b091791dfb8be2d9c70315619ea42f0ecb26eb3c87702cf6d85025f46aef88118dd9b12c7b39791562be3e200d28d836ae7832f9d3b506e8838b7a1697", 0x139}], 0x4, 0x0) sendmsg(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0xffffffffffffff0d, 0x0, 0x0, 0x0, 0xfd9c}, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0xe) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ptrace$cont(0x20, r0, 0x0, 0x0) [ 1897.001929] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1897.027006] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1897.039382] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1897.049954] 3689 total pagecache pages [ 1897.053985] 0 pages in swap cache [ 1897.057500] Swap cache stats: add 0, delete 0, find 0/0 [ 1897.063305] Free swap = 0kB [ 1897.066405] Total swap = 0kB [ 1897.080402] 1965979 pages RAM [ 1897.083604] 0 pages HighMem/MovableOnly [ 1897.096133] 335855 pages reserved [ 1897.112318] 0 pages cma reserved 11:40:06 executing program 4: set_mempolicy(0x2, &(0x7f00000000c0), 0x2) openat$ion(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/ion\x00', 0x0, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) dup2(r0, r0) ioctl$ION_IOC_ALLOC(0xffffffffffffffff, 0xc0184900, &(0x7f00000001c0)={0x10010005, 0xffffffffffffffff}) 11:40:06 executing program 4: set_mempolicy(0x2, &(0x7f00000000c0), 0x2) openat$ion(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/ion\x00', 0x0, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) dup2(r0, r0) ioctl$ION_IOC_ALLOC(0xffffffffffffffff, 0xc0184900, &(0x7f00000001c0)={0x10010005, 0xffffffffffffffff}) 11:40:06 executing program 1: perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/fuse\x00', 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000240)='fuse\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) lremovexattr(&(0x7f0000000000)='./file0\x00', &(0x7f0000000640)=ANY=[@ANYBLOB="bc93"]) preadv(r0, &(0x7f0000000740)=[{&(0x7f0000000480)=""/164, 0xa4}], 0x1, 0x0) write$FUSE_INIT(r0, &(0x7f0000000100)={0x50, 0x0, 0x1, {0x7, 0x1e}}, 0x50) write$FUSE_DIRENTPLUS(r0, &(0x7f00000007c0)={0x10, 0x0, 0x2}, 0x10) 11:40:06 executing program 4: set_mempolicy(0x2, &(0x7f00000000c0), 0x2) openat$ion(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/ion\x00', 0x0, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) dup2(r0, r0) ioctl$ION_IOC_ALLOC(0xffffffffffffffff, 0xc0184900, &(0x7f00000001c0)={0x10010005, 0xffffffffffffffff}) 11:40:06 executing program 2: r0 = getpid() r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/schedstat\x00', 0x0, 0x0) lseek(r1, 0x1, 0x0) sendmsg$NFNL_MSG_CTHELPER_NEW(r1, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000080)={&(0x7f0000000240)={0x4c, 0x0, 0x9, 0x3, 0x0, 0x0, {0x0, 0x0, 0x8}, [@NFCTH_NAME={0x9, 0x1, 'syz0\x00'}, @NFCTH_NAME={0x9, 0x1, 'syz0\x00'}, @NFCTH_STATUS={0x8}, @NFCTH_TUPLE={0xc, 0x2, [@CTA_TUPLE_ZONE={0x6}]}, @NFCTH_NAME={0x9, 0x1, 'syz0\x00'}]}, 0x4c}}, 0x8011) sched_setscheduler(r0, 0x5, &(0x7f0000000380)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, &(0x7f0000000200)='/dev/vsock\x00', 0x0, 0x0) socket$pptp(0x18, 0x1, 0x2) inotify_init1(0x0) poll(0x0, 0x0, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer\x00', 0x801, 0x0) syz_open_dev$vivid(&(0x7f0000000540)='/dev/video#\x00', 0x0, 0x2) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000380)={[0x0, 0xf0, 0xfffffffffffffffc, 0x1, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) 11:40:06 executing program 4: set_mempolicy(0x2, &(0x7f00000000c0), 0x2) r0 = openat$ion(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/ion\x00', 0x0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) dup2(r1, r1) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, 0x0) 11:40:07 executing program 0: set_mempolicy(0x0, &(0x7f00000000c0), 0x0) r0 = openat$ion(0xffffffffffffff9c, 0x0, 0x0, 0x0) dup2(0xffffffffffffffff, 0xffffffffffffffff) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f00000001c0)={0x10010005, 0xffffffffffffffff}) 11:40:07 executing program 4: set_mempolicy(0x2, &(0x7f00000000c0), 0x2) r0 = openat$ion(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/ion\x00', 0x0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) dup2(r1, r1) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, 0x0) 11:40:07 executing program 3: socket$nl_xfrm(0x10, 0x3, 0x6) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x20}, 0x0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x8001141042, 0x0) add_key$user(0x0, 0x0, &(0x7f0000000280)='f', 0x1, 0xfffffffffffffffd) keyctl$clear(0x7, 0x0) request_key(0x0, &(0x7f0000000180)={'syz', 0x0}, 0x0, 0x0) write(r1, &(0x7f0000000000)="b6", 0xfffffe7e) pipe(&(0x7f00000001c0)={0xffffffffffffffff}) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) ioctl$TCSETXW(0xffffffffffffffff, 0x5435, &(0x7f00000000c0)={0x0, 0x0, [0x0, 0x0, 0x6, 0x2], 0x8}) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000480)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x0, 0x0) 11:40:07 executing program 4: set_mempolicy(0x2, &(0x7f00000000c0), 0x2) r0 = openat$ion(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/ion\x00', 0x0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) dup2(r1, r1) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, 0x0) 11:40:07 executing program 4: set_mempolicy(0x2, &(0x7f00000000c0), 0x2) r0 = openat$ion(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/ion\x00', 0x0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) dup2(r1, r1) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f00000001c0)={0x0, 0xffffffffffffffff}) 11:40:09 executing program 5: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000600)="6653070000053c07bc3376003639405cb4aed12f000000000015ffa8ee79cfde47a110126616e608ceae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d4979e65199615607672c5995c9e79066e3ceb991601d4b8a6355ddc55368aa1938f1a25958737a63d7da119b71c4444cf18e38d2b30dbb21ad45e199815491be65cb154ad160c3b3ea8100cbb96a06f8b0dd4c6ad7ec5678f5900c32c2393f1d4010577a7ab0f26501c03a7c3e1d2104e948cd2a88309f748594f12bf72a1390327ba114af6071764f185268dac8650786bc215fe30e91909a321591f55cda9a591e6fc80509aa1bc925423384eeffffff6899ad18b091791dfb8be2d9c70315619ea42f0ecb26eb3c87702cf6d85025f46aef88118dd9b12c7b39791562be3e200d28d836ae7832f9d3b506e8838b7a1697", 0x139}], 0x4, 0x0) sendmsg(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0xffffffffffffff0d, 0x0, 0x0, 0x0, 0xfd9c}, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0xe) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ptrace$cont(0x20, r0, 0x0, 0x0) 11:40:09 executing program 0: set_mempolicy(0x0, &(0x7f00000000c0), 0x0) r0 = openat$ion(0xffffffffffffff9c, 0x0, 0x0, 0x0) dup2(0xffffffffffffffff, 0xffffffffffffffff) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f00000001c0)={0x10010005, 0xffffffffffffffff}) 11:40:09 executing program 4: set_mempolicy(0x2, &(0x7f00000000c0), 0x2) r0 = openat$ion(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/ion\x00', 0x0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) dup2(r1, r1) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f00000001c0)={0x0, 0xffffffffffffffff}) 11:40:09 executing program 2: r0 = getpid() r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/schedstat\x00', 0x0, 0x0) lseek(r1, 0x1, 0x0) sendmsg$NFNL_MSG_CTHELPER_NEW(r1, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000080)={&(0x7f0000000240)={0x4c, 0x0, 0x9, 0x3, 0x0, 0x0, {0x0, 0x0, 0x8}, [@NFCTH_NAME={0x9, 0x1, 'syz0\x00'}, @NFCTH_NAME={0x9, 0x1, 'syz0\x00'}, @NFCTH_STATUS={0x8}, @NFCTH_TUPLE={0xc, 0x2, [@CTA_TUPLE_ZONE={0x6}]}, @NFCTH_NAME={0x9, 0x1, 'syz0\x00'}]}, 0x4c}}, 0x8011) sched_setscheduler(r0, 0x5, &(0x7f0000000380)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, &(0x7f0000000200)='/dev/vsock\x00', 0x0, 0x0) socket$pptp(0x18, 0x1, 0x2) inotify_init1(0x0) poll(0x0, 0x0, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer\x00', 0x801, 0x0) syz_open_dev$vivid(&(0x7f0000000540)='/dev/video#\x00', 0x0, 0x2) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000380)={[0x0, 0xf0, 0xfffffffffffffffc, 0x1, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) 11:40:09 executing program 1: perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/fuse\x00', 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000240)='fuse\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) lremovexattr(&(0x7f0000000000)='./file0\x00', &(0x7f0000000640)=ANY=[@ANYBLOB="bc93"]) preadv(r0, &(0x7f0000000740)=[{&(0x7f0000000480)=""/164, 0xa4}], 0x1, 0x0) write$FUSE_INIT(r0, &(0x7f0000000100)={0x50, 0x0, 0x1, {0x7, 0x1e}}, 0x50) write$FUSE_DIRENTPLUS(r0, &(0x7f00000007c0)={0x10, 0x0, 0x2}, 0x10) 11:40:09 executing program 3: socket$nl_xfrm(0x10, 0x3, 0x6) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x20}, 0x0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x8001141042, 0x0) add_key$user(0x0, 0x0, &(0x7f0000000280)='f', 0x1, 0xfffffffffffffffd) keyctl$clear(0x7, 0x0) request_key(0x0, &(0x7f0000000180)={'syz', 0x0}, 0x0, 0x0) write(r1, &(0x7f0000000000)="b6", 0xfffffe7e) pipe(&(0x7f00000001c0)={0xffffffffffffffff}) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) ioctl$TCSETXW(0xffffffffffffffff, 0x5435, &(0x7f00000000c0)={0x0, 0x0, [0x0, 0x0, 0x6, 0x2], 0x8}) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000480)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x0, 0x0) 11:40:09 executing program 4: set_mempolicy(0x2, &(0x7f00000000c0), 0x2) r0 = openat$ion(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/ion\x00', 0x0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) dup2(r1, r1) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f00000001c0)={0x0, 0xffffffffffffffff}) 11:40:09 executing program 0: set_mempolicy(0x0, &(0x7f00000000c0), 0x0) r0 = openat$ion(0xffffffffffffff9c, 0x0, 0x0, 0x0) dup2(0xffffffffffffffff, 0xffffffffffffffff) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f00000001c0)={0x10010005, 0xffffffffffffffff}) 11:40:09 executing program 0: set_mempolicy(0x0, &(0x7f00000000c0), 0x0) openat$ion(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/ion\x00', 0x0, 0x0) dup2(0xffffffffffffffff, 0xffffffffffffffff) ioctl$ION_IOC_ALLOC(0xffffffffffffffff, 0xc0184900, &(0x7f00000001c0)={0x10010005, 0xffffffffffffffff}) 11:40:09 executing program 4: set_mempolicy(0x2, &(0x7f00000000c0), 0x2) r0 = openat$ion(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/ion\x00', 0x0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) dup2(r1, r1) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f00000001c0)={0x10010005}) 11:40:09 executing program 0: set_mempolicy(0x0, &(0x7f00000000c0), 0x0) openat$ion(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/ion\x00', 0x0, 0x0) dup2(0xffffffffffffffff, 0xffffffffffffffff) ioctl$ION_IOC_ALLOC(0xffffffffffffffff, 0xc0184900, &(0x7f00000001c0)={0x10010005, 0xffffffffffffffff}) 11:40:09 executing program 4: set_mempolicy(0x2, &(0x7f00000000c0), 0x2) r0 = openat$ion(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/ion\x00', 0x0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) dup2(r1, r1) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f00000001c0)={0x10010005}) 11:40:12 executing program 4: set_mempolicy(0x2, &(0x7f00000000c0), 0x2) r0 = openat$ion(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/ion\x00', 0x0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) dup2(r1, r1) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f00000001c0)={0x10010005}) 11:40:12 executing program 0: set_mempolicy(0x0, &(0x7f00000000c0), 0x0) openat$ion(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/ion\x00', 0x0, 0x0) dup2(0xffffffffffffffff, 0xffffffffffffffff) ioctl$ION_IOC_ALLOC(0xffffffffffffffff, 0xc0184900, &(0x7f00000001c0)={0x10010005, 0xffffffffffffffff}) 11:40:12 executing program 2: r0 = getpid() r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/schedstat\x00', 0x0, 0x0) lseek(r1, 0x1, 0x0) sendmsg$NFNL_MSG_CTHELPER_NEW(r1, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000080)={&(0x7f0000000240)={0x4c, 0x0, 0x9, 0x3, 0x0, 0x0, {0x0, 0x0, 0x8}, [@NFCTH_NAME={0x9, 0x1, 'syz0\x00'}, @NFCTH_NAME={0x9, 0x1, 'syz0\x00'}, @NFCTH_STATUS={0x8}, @NFCTH_TUPLE={0xc, 0x2, [@CTA_TUPLE_ZONE={0x6}]}, @NFCTH_NAME={0x9, 0x1, 'syz0\x00'}]}, 0x4c}}, 0x8011) sched_setscheduler(r0, 0x5, &(0x7f0000000380)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, &(0x7f0000000200)='/dev/vsock\x00', 0x0, 0x0) socket$pptp(0x18, 0x1, 0x2) inotify_init1(0x0) poll(0x0, 0x0, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer\x00', 0x801, 0x0) syz_open_dev$vivid(&(0x7f0000000540)='/dev/video#\x00', 0x0, 0x2) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000380)={[0x0, 0xf0, 0xfffffffffffffffc, 0x1, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) 11:40:12 executing program 1: perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/fuse\x00', 0x2, 0x0) preadv(r0, &(0x7f0000000380)=[{&(0x7f0000000300)=""/101, 0x65}], 0x1, 0x0) lremovexattr(&(0x7f0000000000)='./file0\x00', &(0x7f0000000640)=ANY=[@ANYBLOB="bc93"]) preadv(r0, &(0x7f0000000740)=[{&(0x7f0000000480)=""/164, 0xa4}], 0x1, 0x0) write$FUSE_INIT(r0, &(0x7f0000000100)={0x50, 0x0, 0x1, {0x7, 0x1e}}, 0x50) write$FUSE_DIRENTPLUS(r0, &(0x7f00000007c0)={0x10, 0x0, 0x2}, 0x10) 11:40:12 executing program 3: socket$nl_xfrm(0x10, 0x3, 0x6) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x20}, 0x0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x8001141042, 0x0) add_key$user(0x0, &(0x7f0000000040)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffffd) keyctl$clear(0x7, 0x0) request_key(0x0, &(0x7f0000000180)={'syz', 0x0}, 0x0, 0x0) write(r1, &(0x7f0000000000)="b6", 0xfffffe7e) pipe(&(0x7f00000001c0)={0xffffffffffffffff}) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) ioctl$TCSETXW(0xffffffffffffffff, 0x5435, &(0x7f00000000c0)={0x0, 0x0, [0x0, 0x0, 0x6, 0x2], 0x8}) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000480)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x0, 0x0) 11:40:12 executing program 5: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000600)="6653070000053c07bc3376003639405cb4aed12f000000000015ffa8ee79cfde47a110126616e608ceae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d4979e65199615607672c5995c9e79066e3ceb991601d4b8a6355ddc55368aa1938f1a25958737a63d7da119b71c4444cf18e38d2b30dbb21ad45e199815491be65cb154ad160c3b3ea8100cbb96a06f8b0dd4c6ad7ec5678f5900c32c2393f1d4010577a7ab0f26501c03a7c3e1d2104e948cd2a88309f748594f12bf72a1390327ba114af6071764f185268dac8650786bc215fe30e91909a321591f55cda9a591e6fc80509aa1bc925423384eeffffff6899ad18b091791dfb8be2d9c70315619ea42f0ecb26eb3c87702cf6d85025f46aef88118dd9b12c7b39791562be3e200d28d836ae7832f9d3b506e8838b7a1697", 0x139}], 0x4, 0x0) sendmsg(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0xffffffffffffff0d, 0x0, 0x0, 0x0, 0xfd9c}, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0xe) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) dup(r1) ptrace$cont(0x20, r0, 0x0, 0x0) 11:40:12 executing program 4: mkdir(&(0x7f0000000080)='./file0\x00', 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/fuse\x00', 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000240)='fuse\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) preadv(r0, &(0x7f0000000380)=[{&(0x7f0000000300)=""/101, 0x65}], 0x1, 0x0) lremovexattr(&(0x7f0000000000)='./file0\x00', &(0x7f0000000640)=ANY=[@ANYBLOB="bc"]) preadv(r0, &(0x7f0000000740)=[{&(0x7f0000000480)=""/164, 0xa4}], 0x1, 0x0) write$FUSE_INIT(r0, &(0x7f0000000100)={0x50, 0x0, 0x1, {0x7, 0x1e}}, 0x50) 11:40:12 executing program 0: set_mempolicy(0x0, &(0x7f00000000c0), 0x0) r0 = openat$ion(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/ion\x00', 0x0, 0x0) dup2(0xffffffffffffffff, 0xffffffffffffffff) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, 0x0) 11:40:12 executing program 1: perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/fuse\x00', 0x2, 0x0) preadv(r0, &(0x7f0000000380)=[{&(0x7f0000000300)=""/101, 0x65}], 0x1, 0x0) lremovexattr(&(0x7f0000000000)='./file0\x00', &(0x7f0000000640)=ANY=[@ANYBLOB="bc93"]) preadv(r0, &(0x7f0000000740)=[{&(0x7f0000000480)=""/164, 0xa4}], 0x1, 0x0) write$FUSE_INIT(r0, &(0x7f0000000100)={0x50, 0x0, 0x1, {0x7, 0x1e}}, 0x50) write$FUSE_DIRENTPLUS(r0, &(0x7f00000007c0)={0x10, 0x0, 0x2}, 0x10) 11:40:12 executing program 0: set_mempolicy(0x0, &(0x7f00000000c0), 0x0) r0 = openat$ion(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/ion\x00', 0x0, 0x0) dup2(0xffffffffffffffff, 0xffffffffffffffff) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, 0x0) 11:40:12 executing program 1: perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/fuse\x00', 0x2, 0x0) preadv(r0, &(0x7f0000000380)=[{&(0x7f0000000300)=""/101, 0x65}], 0x1, 0x0) lremovexattr(&(0x7f0000000000)='./file0\x00', &(0x7f0000000640)=ANY=[@ANYBLOB="bc93"]) preadv(r0, &(0x7f0000000740)=[{&(0x7f0000000480)=""/164, 0xa4}], 0x1, 0x0) write$FUSE_INIT(r0, &(0x7f0000000100)={0x50, 0x0, 0x1, {0x7, 0x1e}}, 0x50) write$FUSE_DIRENTPLUS(r0, &(0x7f00000007c0)={0x10, 0x0, 0x2}, 0x10) 11:40:12 executing program 0: set_mempolicy(0x0, &(0x7f00000000c0), 0x0) r0 = openat$ion(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/ion\x00', 0x0, 0x0) dup2(0xffffffffffffffff, 0xffffffffffffffff) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, 0x0) 11:40:12 executing program 1: perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) mount$fuse(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000240)='fuse\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='fd=', @ANYRESHEX, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) preadv(0xffffffffffffffff, &(0x7f0000000380)=[{&(0x7f0000000300)=""/101, 0x65}], 0x1, 0x0) lremovexattr(&(0x7f0000000000)='./file0\x00', &(0x7f0000000640)=ANY=[@ANYBLOB="bc93"]) preadv(0xffffffffffffffff, &(0x7f0000000740)=[{&(0x7f0000000480)=""/164, 0xa4}], 0x1, 0x0) write$FUSE_INIT(0xffffffffffffffff, &(0x7f0000000100)={0x50, 0x0, 0x1, {0x7, 0x1e}}, 0x50) write$FUSE_DIRENTPLUS(0xffffffffffffffff, &(0x7f00000007c0)={0x10, 0x0, 0x2}, 0x10) 11:40:12 executing program 0: set_mempolicy(0x0, &(0x7f00000000c0), 0x0) r0 = openat$ion(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/ion\x00', 0x0, 0x0) dup2(0xffffffffffffffff, 0xffffffffffffffff) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f00000001c0)={0x0, 0xffffffffffffffff}) 11:40:13 executing program 2: r0 = getpid() r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/schedstat\x00', 0x0, 0x0) lseek(r1, 0x1, 0x0) sendmsg$NFNL_MSG_CTHELPER_NEW(r1, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000080)={&(0x7f0000000240)={0x4c, 0x0, 0x9, 0x3, 0x0, 0x0, {0x0, 0x0, 0x8}, [@NFCTH_NAME={0x9, 0x1, 'syz0\x00'}, @NFCTH_NAME={0x9, 0x1, 'syz0\x00'}, @NFCTH_STATUS={0x8}, @NFCTH_TUPLE={0xc, 0x2, [@CTA_TUPLE_ZONE={0x6}]}, @NFCTH_NAME={0x9, 0x1, 'syz0\x00'}]}, 0x4c}}, 0x8011) sched_setscheduler(r0, 0x5, &(0x7f0000000380)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, &(0x7f0000000200)='/dev/vsock\x00', 0x0, 0x0) openat$sequencer(0xffffffffffffff9c, 0x0, 0x801, 0x0) inotify_init1(0x0) poll(0x0, 0x0, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer\x00', 0x801, 0x0) syz_open_dev$vivid(&(0x7f0000000540)='/dev/video#\x00', 0x0, 0x2) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000380)={[0x0, 0xf0, 0xfffffffffffffffc, 0x1, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) 11:40:13 executing program 1: perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) mount$fuse(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000240)='fuse\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='fd=', @ANYRESHEX, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) preadv(0xffffffffffffffff, &(0x7f0000000380)=[{&(0x7f0000000300)=""/101, 0x65}], 0x1, 0x0) lremovexattr(&(0x7f0000000000)='./file0\x00', &(0x7f0000000640)=ANY=[@ANYBLOB="bc93"]) preadv(0xffffffffffffffff, &(0x7f0000000740)=[{&(0x7f0000000480)=""/164, 0xa4}], 0x1, 0x0) write$FUSE_INIT(0xffffffffffffffff, &(0x7f0000000100)={0x50, 0x0, 0x1, {0x7, 0x1e}}, 0x50) write$FUSE_DIRENTPLUS(0xffffffffffffffff, &(0x7f00000007c0)={0x10, 0x0, 0x2}, 0x10) 11:40:13 executing program 0: set_mempolicy(0x0, &(0x7f00000000c0), 0x0) r0 = openat$ion(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/ion\x00', 0x0, 0x0) dup2(0xffffffffffffffff, 0xffffffffffffffff) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f00000001c0)={0x0, 0xffffffffffffffff}) 11:40:15 executing program 5: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000600)="6653070000053c07bc3376003639405cb4aed12f000000000015ffa8ee79cfde47a110126616e608ceae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d4979e65199615607672c5995c9e79066e3ceb991601d4b8a6355ddc55368aa1938f1a25958737a63d7da119b71c4444cf18e38d2b30dbb21ad45e199815491be65cb154ad160c3b3ea8100cbb96a06f8b0dd4c6ad7ec5678f5900c32c2393f1d4010577a7ab0f26501c03a7c3e1d2104e948cd2a88309f748594f12bf72a1390327ba114af6071764f185268dac8650786bc215fe30e91909a321591f55cda9a591e6fc80509aa1bc925423384eeffffff6899ad18b091791dfb8be2d9c70315619ea42f0ecb26eb3c87702cf6d85025f46aef88118dd9b12c7b39791562be3e200d28d836ae7832f9d3b506e8838b7a1697", 0x139}], 0x4, 0x0) sendmsg(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0xffffffffffffff0d, 0x0, 0x0, 0x0, 0xfd9c}, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0xe) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) dup(r1) ptrace$cont(0x20, r0, 0x0, 0x0) 11:40:15 executing program 1: perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) mount$fuse(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000240)='fuse\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='fd=', @ANYRESHEX, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) preadv(0xffffffffffffffff, &(0x7f0000000380)=[{&(0x7f0000000300)=""/101, 0x65}], 0x1, 0x0) lremovexattr(&(0x7f0000000000)='./file0\x00', &(0x7f0000000640)=ANY=[@ANYBLOB="bc93"]) preadv(0xffffffffffffffff, &(0x7f0000000740)=[{&(0x7f0000000480)=""/164, 0xa4}], 0x1, 0x0) write$FUSE_INIT(0xffffffffffffffff, &(0x7f0000000100)={0x50, 0x0, 0x1, {0x7, 0x1e}}, 0x50) write$FUSE_DIRENTPLUS(0xffffffffffffffff, &(0x7f00000007c0)={0x10, 0x0, 0x2}, 0x10) 11:40:15 executing program 3: socket$nl_xfrm(0x10, 0x3, 0x6) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x20}, 0x0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x8001141042, 0x0) add_key$user(0x0, &(0x7f0000000040)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffffd) keyctl$clear(0x7, 0x0) request_key(0x0, &(0x7f0000000180)={'syz', 0x0}, 0x0, 0x0) write(r1, &(0x7f0000000000)="b6", 0xfffffe7e) pipe(&(0x7f00000001c0)={0xffffffffffffffff}) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) ioctl$TCSETXW(0xffffffffffffffff, 0x5435, &(0x7f00000000c0)={0x0, 0x0, [0x0, 0x0, 0x6, 0x2], 0x8}) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000480)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x0, 0x0) 11:40:15 executing program 0: set_mempolicy(0x0, &(0x7f00000000c0), 0x0) r0 = openat$ion(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/ion\x00', 0x0, 0x0) dup2(0xffffffffffffffff, 0xffffffffffffffff) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f00000001c0)={0x0, 0xffffffffffffffff}) 11:40:15 executing program 2: r0 = getpid() r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/schedstat\x00', 0x0, 0x0) lseek(r1, 0x1, 0x0) sendmsg$NFNL_MSG_CTHELPER_NEW(r1, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000080)={&(0x7f0000000240)={0x4c, 0x0, 0x9, 0x3, 0x0, 0x0, {0x0, 0x0, 0x8}, [@NFCTH_NAME={0x9, 0x1, 'syz0\x00'}, @NFCTH_NAME={0x9, 0x1, 'syz0\x00'}, @NFCTH_STATUS={0x8}, @NFCTH_TUPLE={0xc, 0x2, [@CTA_TUPLE_ZONE={0x6}]}, @NFCTH_NAME={0x9, 0x1, 'syz0\x00'}]}, 0x4c}}, 0x8011) sched_setscheduler(r0, 0x5, &(0x7f0000000380)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, &(0x7f0000000200)='/dev/vsock\x00', 0x0, 0x0) openat$sequencer(0xffffffffffffff9c, 0x0, 0x801, 0x0) inotify_init1(0x0) poll(0x0, 0x0, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer\x00', 0x801, 0x0) syz_open_dev$vivid(&(0x7f0000000540)='/dev/video#\x00', 0x0, 0x2) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000380)={[0x0, 0xf0, 0xfffffffffffffffc, 0x1, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) 11:40:15 executing program 4: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000600)="6653070000053c07bc3376003639405cb4aed12f000000000015ffa8ee79cfde47a110126616e608ceae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d4979e65199615607672c5995c9e79066e3ceb991601d4b8a6355ddc55368aa1938f1a25958737a63d7da119b71c4444cf18e38d2b30dbb21ad45e199815491be65cb154ad160c3b3ea8100cbb96a06f8b0dd4c6ad7ec5678", 0x9f}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0xe) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ptrace$cont(0x20, r0, 0x0, 0x0) 11:40:15 executing program 1: perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/fuse\x00', 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000240)='fuse\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) preadv(r0, &(0x7f0000000380)=[{&(0x7f0000000300)=""/101, 0x65}], 0x1, 0x0) lremovexattr(&(0x7f0000000000)='./file0\x00', &(0x7f0000000640)=ANY=[@ANYBLOB="bc93"]) preadv(r0, &(0x7f0000000740)=[{&(0x7f0000000480)=""/164, 0xa4}], 0x1, 0x0) write$FUSE_INIT(r0, &(0x7f0000000100)={0x50, 0x0, 0x1, {0x7, 0x1e}}, 0x50) write$FUSE_DIRENTPLUS(r0, &(0x7f00000007c0)={0x10, 0x0, 0x2}, 0x10) 11:40:15 executing program 0: set_mempolicy(0x0, &(0x7f00000000c0), 0x0) r0 = openat$ion(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/ion\x00', 0x0, 0x0) dup2(0xffffffffffffffff, 0xffffffffffffffff) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f00000001c0)={0x10010005}) 11:40:15 executing program 1: perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/fuse\x00', 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000240)='fuse\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) preadv(r0, &(0x7f0000000380)=[{&(0x7f0000000300)=""/101, 0x65}], 0x1, 0x0) lremovexattr(&(0x7f0000000000)='./file0\x00', &(0x7f0000000640)=ANY=[@ANYBLOB="bc93"]) preadv(r0, &(0x7f0000000740)=[{&(0x7f0000000480)=""/164, 0xa4}], 0x1, 0x0) write$FUSE_INIT(r0, &(0x7f0000000100)={0x50, 0x0, 0x1, {0x7, 0x1e}}, 0x50) write$FUSE_DIRENTPLUS(r0, &(0x7f00000007c0)={0x10, 0x0, 0x2}, 0x10) 11:40:15 executing program 0: set_mempolicy(0x0, &(0x7f00000000c0), 0x0) r0 = openat$ion(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/ion\x00', 0x0, 0x0) dup2(0xffffffffffffffff, 0xffffffffffffffff) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f00000001c0)={0x10010005}) 11:40:15 executing program 1: perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/fuse\x00', 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000240)='fuse\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) preadv(r0, &(0x7f0000000380)=[{&(0x7f0000000300)=""/101, 0x65}], 0x1, 0x0) lremovexattr(&(0x7f0000000000)='./file0\x00', &(0x7f0000000640)=ANY=[@ANYBLOB="bc93"]) preadv(r0, &(0x7f0000000740)=[{&(0x7f0000000480)=""/164, 0xa4}], 0x1, 0x0) write$FUSE_INIT(r0, &(0x7f0000000100)={0x50, 0x0, 0x1, {0x7, 0x1e}}, 0x50) write$FUSE_DIRENTPLUS(r0, &(0x7f00000007c0)={0x10, 0x0, 0x2}, 0x10) 11:40:15 executing program 0: set_mempolicy(0x0, &(0x7f00000000c0), 0x0) r0 = openat$ion(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/ion\x00', 0x0, 0x0) dup2(0xffffffffffffffff, 0xffffffffffffffff) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f00000001c0)={0x10010005}) 11:40:18 executing program 5: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000600)="6653070000053c07bc3376003639405cb4aed12f000000000015ffa8ee79cfde47a110126616e608ceae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d4979e65199615607672c5995c9e79066e3ceb991601d4b8a6355ddc55368aa1938f1a25958737a63d7da119b71c4444cf18e38d2b30dbb21ad45e199815491be65cb154ad160c3b3ea8100cbb96a06f8b0dd4c6ad7ec5678f5900c32c2393f1d4010577a7ab0f26501c03a7c3e1d2104e948cd2a88309f748594f12bf72a1390327ba114af6071764f185268dac8650786bc215fe30e91909a321591f55cda9a591e6fc80509aa1bc925423384eeffffff6899ad18b091791dfb8be2d9c70315619ea42f0ecb26eb3c87702cf6d85025f46aef88118dd9b12c7b39791562be3e200d28d836ae7832f9d3b506e8838b7a1697", 0x139}], 0x4, 0x0) sendmsg(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0xffffffffffffff0d, 0x0, 0x0, 0x0, 0xfd9c}, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0xe) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) dup(r1) ptrace$cont(0x20, r0, 0x0, 0x0) 11:40:18 executing program 1: mkdir(&(0x7f0000000080)='./file0\x00', 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/fuse\x00', 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000240)='fuse\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) preadv(r0, &(0x7f0000000380)=[{&(0x7f0000000300)=""/101, 0x65}], 0x1, 0x0) lremovexattr(&(0x7f0000000000)='./file0\x00', &(0x7f0000000640)=ANY=[@ANYBLOB="bc93"]) preadv(r0, &(0x7f0000000740)=[{&(0x7f0000000480)=""/164, 0xa4}], 0x1, 0x0) write$FUSE_INIT(r0, &(0x7f0000000100)={0x50, 0x0, 0x1, {0x7, 0x1e}}, 0x50) write$FUSE_DIRENTPLUS(r0, &(0x7f00000007c0)={0x10, 0x0, 0x2}, 0x10) 11:40:18 executing program 0: perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0x1) syz_read_part_table(0x0, 0x1d4, &(0x7f0000000200)=[{&(0x7f0000000080)="0300050000000100001400000000000000000f0000000000000000000500000000004200000000000000000000000000000000000000000000000000000055aa", 0x40, 0x1c0}]) 11:40:18 executing program 2: r0 = getpid() r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/schedstat\x00', 0x0, 0x0) lseek(r1, 0x1, 0x0) sendmsg$NFNL_MSG_CTHELPER_NEW(r1, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000080)={&(0x7f0000000240)={0x4c, 0x0, 0x9, 0x3, 0x0, 0x0, {0x0, 0x0, 0x8}, [@NFCTH_NAME={0x9, 0x1, 'syz0\x00'}, @NFCTH_NAME={0x9, 0x1, 'syz0\x00'}, @NFCTH_STATUS={0x8}, @NFCTH_TUPLE={0xc, 0x2, [@CTA_TUPLE_ZONE={0x6}]}, @NFCTH_NAME={0x9, 0x1, 'syz0\x00'}]}, 0x4c}}, 0x8011) sched_setscheduler(r0, 0x5, &(0x7f0000000380)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, &(0x7f0000000200)='/dev/vsock\x00', 0x0, 0x0) openat$sequencer(0xffffffffffffff9c, 0x0, 0x801, 0x0) inotify_init1(0x0) poll(0x0, 0x0, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer\x00', 0x801, 0x0) syz_open_dev$vivid(&(0x7f0000000540)='/dev/video#\x00', 0x0, 0x2) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000380)={[0x0, 0xf0, 0xfffffffffffffffc, 0x1, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) 11:40:18 executing program 3: socket$nl_xfrm(0x10, 0x3, 0x6) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x20}, 0x0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x8001141042, 0x0) add_key$user(0x0, &(0x7f0000000040)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffffd) keyctl$clear(0x7, 0x0) request_key(0x0, &(0x7f0000000180)={'syz', 0x0}, 0x0, 0x0) write(r1, &(0x7f0000000000)="b6", 0xfffffe7e) pipe(&(0x7f00000001c0)={0xffffffffffffffff}) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) ioctl$TCSETXW(0xffffffffffffffff, 0x5435, &(0x7f00000000c0)={0x0, 0x0, [0x0, 0x0, 0x6, 0x2], 0x8}) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000480)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x0, 0x0) 11:40:18 executing program 4: r0 = syz_open_dev$sndctrl(&(0x7f0000001440)='/dev/snd/controlC#\x00', 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(r0, 0x40045532, &(0x7f0000000040)) r1 = syz_open_dev$sndpcmp(&(0x7f0000000000)='/dev/snd/pcmC#D#p\x00', 0x0, 0x405) ioctl$SNDRV_PCM_IOCTL_SW_PARAMS(r1, 0x806c4120, 0x0) 11:40:18 executing program 4: r0 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0xbc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) close(r0) 11:40:18 executing program 1: mkdir(0x0, 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/fuse\x00', 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000240)='fuse\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) preadv(r0, &(0x7f0000000380)=[{&(0x7f0000000300)=""/101, 0x65}], 0x1, 0x0) lremovexattr(&(0x7f0000000000)='./file0\x00', &(0x7f0000000640)=ANY=[@ANYBLOB="bc93"]) preadv(r0, &(0x7f0000000740)=[{&(0x7f0000000480)=""/164, 0xa4}], 0x1, 0x0) write$FUSE_INIT(r0, &(0x7f0000000100)={0x50, 0x0, 0x1, {0x7, 0x1e}}, 0x50) write$FUSE_DIRENTPLUS(r0, &(0x7f00000007c0)={0x10, 0x0, 0x2}, 0x10) 11:40:18 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) select(0x40, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x1524}, 0x0, 0x0, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000300)=[{&(0x7f0000000080)="c8", 0x1}, {&(0x7f00000000c0)='8}', 0x2}, {&(0x7f0000000040)="b54f8779dfbffe1b31e4bd", 0xb}], 0x3, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x11c000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 1909.466046] ldm_validate_privheads(): Disk read failed. [ 1909.509587] loop0: p2 < > 11:40:18 executing program 1: mkdir(0x0, 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/fuse\x00', 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000240)='fuse\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) preadv(r0, &(0x7f0000000380)=[{&(0x7f0000000300)=""/101, 0x65}], 0x1, 0x0) lremovexattr(&(0x7f0000000000)='./file0\x00', &(0x7f0000000640)=ANY=[@ANYBLOB="bc93"]) preadv(r0, &(0x7f0000000740)=[{&(0x7f0000000480)=""/164, 0xa4}], 0x1, 0x0) write$FUSE_INIT(r0, &(0x7f0000000100)={0x50, 0x0, 0x1, {0x7, 0x1e}}, 0x50) write$FUSE_DIRENTPLUS(r0, &(0x7f00000007c0)={0x10, 0x0, 0x2}, 0x10) [ 1909.530536] loop0: partition table partially beyond EOD, truncated [ 1909.582735] loop0: p2 size 2 extends beyond EOD, truncated 11:40:18 executing program 1: mkdir(0x0, 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/fuse\x00', 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000240)='fuse\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) preadv(r0, &(0x7f0000000380)=[{&(0x7f0000000300)=""/101, 0x65}], 0x1, 0x0) lremovexattr(&(0x7f0000000000)='./file0\x00', &(0x7f0000000640)=ANY=[@ANYBLOB="bc93"]) preadv(r0, &(0x7f0000000740)=[{&(0x7f0000000480)=""/164, 0xa4}], 0x1, 0x0) write$FUSE_INIT(r0, &(0x7f0000000100)={0x50, 0x0, 0x1, {0x7, 0x1e}}, 0x50) write$FUSE_DIRENTPLUS(r0, &(0x7f00000007c0)={0x10, 0x0, 0x2}, 0x10) 11:40:18 executing program 1: mkdir(&(0x7f0000000080)='./file0\x00', 0x0) r0 = openat$fuse(0xffffffffffffff9c, 0x0, 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000240)='fuse\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) preadv(r0, &(0x7f0000000380)=[{&(0x7f0000000300)=""/101, 0x65}], 0x1, 0x0) lremovexattr(&(0x7f0000000000)='./file0\x00', &(0x7f0000000640)=ANY=[@ANYBLOB="bc93"]) preadv(r0, &(0x7f0000000740)=[{&(0x7f0000000480)=""/164, 0xa4}], 0x1, 0x0) write$FUSE_INIT(r0, &(0x7f0000000100)={0x50, 0x0, 0x1, {0x7, 0x1e}}, 0x50) write$FUSE_DIRENTPLUS(r0, &(0x7f00000007c0)={0x10, 0x0, 0x2}, 0x10) [ 1909.679641] kvm: emulating exchange as write [ 1909.784193] ldm_validate_privheads(): Disk read failed. [ 1909.793664] loop0: p2 < > [ 1909.799279] loop0: partition table partially beyond EOD, truncated [ 1909.817200] loop0: p2 size 2 extends beyond EOD, truncated 11:40:21 executing program 5: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000600)="6653070000053c07bc3376003639405cb4aed12f000000000015ffa8ee79cfde47a110126616e608ceae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d4979e65199615607672c5995c9e79066e3ceb991601d4b8a6355ddc55368aa1938f1a25958737a63d7da119b71c4444cf18e38d2b30dbb21ad45e199815491be65cb154ad160c3b3ea8100cbb96a06f8b0dd4c6ad7ec5678f5900c32c2393f1d4010577a7ab0f26501c03a7c3e1d2104e948cd2a88309f748594f12bf72a1390327ba114af6071764f185268dac8650786bc215fe30e91909a321591f55cda9a591e6fc80509aa1bc925423384eeffffff6899ad18b091791dfb8be2d9c70315619ea42f0ecb26eb3c87702cf6d85025f46aef88118dd9b12c7b39791562be3e200d28d836ae7832f9d3b506e8838b7a1697", 0x139}], 0x4, 0x0) sendmsg(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0xffffffffffffff0d, 0x0, 0x0, 0x0, 0xfd9c}, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0xe) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) ptrace$cont(0x20, r0, 0x0, 0x0) 11:40:21 executing program 1: mkdir(&(0x7f0000000080)='./file0\x00', 0x0) r0 = openat$fuse(0xffffffffffffff9c, 0x0, 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000240)='fuse\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) preadv(r0, &(0x7f0000000380)=[{&(0x7f0000000300)=""/101, 0x65}], 0x1, 0x0) lremovexattr(&(0x7f0000000000)='./file0\x00', &(0x7f0000000640)=ANY=[@ANYBLOB="bc93"]) preadv(r0, &(0x7f0000000740)=[{&(0x7f0000000480)=""/164, 0xa4}], 0x1, 0x0) write$FUSE_INIT(r0, &(0x7f0000000100)={0x50, 0x0, 0x1, {0x7, 0x1e}}, 0x50) write$FUSE_DIRENTPLUS(r0, &(0x7f00000007c0)={0x10, 0x0, 0x2}, 0x10) 11:40:21 executing program 0: perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0x1) syz_read_part_table(0x0, 0x1d4, &(0x7f0000000200)=[{&(0x7f0000000080)="0300050000000100001400000000000000000f0000000000000000000500000000004200000000000000000000000000000000000000000000000000000055aa", 0x40, 0x1c0}]) 11:40:21 executing program 2: r0 = getpid() r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/schedstat\x00', 0x0, 0x0) lseek(r1, 0x1, 0x0) sendmsg$NFNL_MSG_CTHELPER_NEW(r1, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000080)={&(0x7f0000000240)={0x4c, 0x0, 0x9, 0x3, 0x0, 0x0, {0x0, 0x0, 0x8}, [@NFCTH_NAME={0x9, 0x1, 'syz0\x00'}, @NFCTH_NAME={0x9, 0x1, 'syz0\x00'}, @NFCTH_STATUS={0x8}, @NFCTH_TUPLE={0xc, 0x2, [@CTA_TUPLE_ZONE={0x6}]}, @NFCTH_NAME={0x9, 0x1, 'syz0\x00'}]}, 0x4c}}, 0x8011) sched_setscheduler(r0, 0x5, &(0x7f0000000380)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) socket$pptp(0x18, 0x1, 0x2) openat$sequencer(0xffffffffffffff9c, 0x0, 0x801, 0x0) inotify_init1(0x0) poll(0x0, 0x0, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer\x00', 0x801, 0x0) syz_open_dev$vivid(&(0x7f0000000540)='/dev/video#\x00', 0x0, 0x2) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000380)={[0x0, 0xf0, 0xfffffffffffffffc, 0x1, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) 11:40:21 executing program 3: socket$nl_xfrm(0x10, 0x3, 0x6) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x20}, 0x0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x8001141042, 0x0) add_key$user(0x0, &(0x7f0000000040)={'syz', 0x0}, &(0x7f0000000280), 0x0, 0xfffffffffffffffd) keyctl$clear(0x7, 0x0) request_key(0x0, &(0x7f0000000180)={'syz', 0x0}, 0x0, 0x0) write(r1, &(0x7f0000000000)="b6", 0xfffffe7e) pipe(&(0x7f00000001c0)={0xffffffffffffffff}) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) ioctl$TCSETXW(0xffffffffffffffff, 0x5435, &(0x7f00000000c0)={0x0, 0x0, [0x0, 0x0, 0x6, 0x2], 0x8}) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000480)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x0, 0x0) 11:40:21 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) select(0x40, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x1524}, 0x0, 0x0, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000300)=[{&(0x7f0000000080)="c8", 0x1}, {&(0x7f00000000c0)='8}', 0x2}, {&(0x7f0000000040)="b54f8779dfbffe1b31e4bd", 0xb}], 0x3, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x11c000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) 11:40:21 executing program 1: mkdir(&(0x7f0000000080)='./file0\x00', 0x0) r0 = openat$fuse(0xffffffffffffff9c, 0x0, 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000240)='fuse\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) preadv(r0, &(0x7f0000000380)=[{&(0x7f0000000300)=""/101, 0x65}], 0x1, 0x0) lremovexattr(&(0x7f0000000000)='./file0\x00', &(0x7f0000000640)=ANY=[@ANYBLOB="bc93"]) preadv(r0, &(0x7f0000000740)=[{&(0x7f0000000480)=""/164, 0xa4}], 0x1, 0x0) write$FUSE_INIT(r0, &(0x7f0000000100)={0x50, 0x0, 0x1, {0x7, 0x1e}}, 0x50) write$FUSE_DIRENTPLUS(r0, &(0x7f00000007c0)={0x10, 0x0, 0x2}, 0x10) 11:40:21 executing program 1: mkdir(&(0x7f0000000080)='./file0\x00', 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/fuse\x00', 0x2, 0x0) mount$fuse(0x0, 0x0, &(0x7f0000000240)='fuse\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) preadv(r0, &(0x7f0000000380)=[{&(0x7f0000000300)=""/101, 0x65}], 0x1, 0x0) lremovexattr(&(0x7f0000000000)='./file0\x00', &(0x7f0000000640)=ANY=[@ANYBLOB="bc93"]) preadv(r0, &(0x7f0000000740)=[{&(0x7f0000000480)=""/164, 0xa4}], 0x1, 0x0) write$FUSE_INIT(r0, &(0x7f0000000100)={0x50, 0x0, 0x1, {0x7, 0x1e}}, 0x50) write$FUSE_DIRENTPLUS(r0, &(0x7f00000007c0)={0x10, 0x0, 0x2}, 0x10) [ 1912.457881] ldm_validate_privheads(): Disk read failed. [ 1912.494965] loop0: p2 < > [ 1912.504941] loop0: partition table partially beyond EOD, truncated [ 1912.527158] loop0: p2 size 2 extends beyond EOD, truncated 11:40:21 executing program 1: mkdir(&(0x7f0000000080)='./file0\x00', 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/fuse\x00', 0x2, 0x0) mount$fuse(0x0, 0x0, &(0x7f0000000240)='fuse\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) preadv(r0, &(0x7f0000000380)=[{&(0x7f0000000300)=""/101, 0x65}], 0x1, 0x0) lremovexattr(&(0x7f0000000000)='./file0\x00', &(0x7f0000000640)=ANY=[@ANYBLOB="bc93"]) preadv(r0, &(0x7f0000000740)=[{&(0x7f0000000480)=""/164, 0xa4}], 0x1, 0x0) write$FUSE_INIT(r0, &(0x7f0000000100)={0x50, 0x0, 0x1, {0x7, 0x1e}}, 0x50) write$FUSE_DIRENTPLUS(r0, &(0x7f00000007c0)={0x10, 0x0, 0x2}, 0x10) 11:40:21 executing program 0: perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0x1) syz_read_part_table(0x0, 0x1d4, &(0x7f0000000200)=[{&(0x7f0000000080)="0300050000000100001400000000000000000f0000000000000000000500000000004200000000000000000000000000000000000000000000000000000055aa", 0x40, 0x1c0}]) 11:40:21 executing program 1: mkdir(&(0x7f0000000080)='./file0\x00', 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/fuse\x00', 0x2, 0x0) mount$fuse(0x0, 0x0, &(0x7f0000000240)='fuse\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) preadv(r0, &(0x7f0000000380)=[{&(0x7f0000000300)=""/101, 0x65}], 0x1, 0x0) lremovexattr(&(0x7f0000000000)='./file0\x00', &(0x7f0000000640)=ANY=[@ANYBLOB="bc93"]) preadv(r0, &(0x7f0000000740)=[{&(0x7f0000000480)=""/164, 0xa4}], 0x1, 0x0) write$FUSE_INIT(r0, &(0x7f0000000100)={0x50, 0x0, 0x1, {0x7, 0x1e}}, 0x50) write$FUSE_DIRENTPLUS(r0, &(0x7f00000007c0)={0x10, 0x0, 0x2}, 0x10) 11:40:22 executing program 1: mkdir(&(0x7f0000000080)='./file0\x00', 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/fuse\x00', 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000200)='./file0\x00', 0x0, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) preadv(r0, &(0x7f0000000380)=[{&(0x7f0000000300)=""/101, 0x65}], 0x1, 0x0) lremovexattr(&(0x7f0000000000)='./file0\x00', &(0x7f0000000640)=ANY=[@ANYBLOB="bc93"]) preadv(r0, &(0x7f0000000740)=[{&(0x7f0000000480)=""/164, 0xa4}], 0x1, 0x0) write$FUSE_INIT(r0, &(0x7f0000000100)={0x50, 0x0, 0x1, {0x7, 0x1e}}, 0x50) write$FUSE_DIRENTPLUS(r0, &(0x7f00000007c0)={0x10, 0x0, 0x2}, 0x10) [ 1912.914595] ldm_validate_privheads(): Disk read failed. [ 1912.929130] loop0: p2 < > [ 1912.932533] loop0: partition table partially beyond EOD, truncated [ 1912.941918] loop0: p2 size 2 extends beyond EOD, truncated 11:40:24 executing program 0: r0 = socket$inet(0x2, 0x80001, 0x84) setsockopt$sock_int(r0, 0x1, 0xf, &(0x7f0000000280)=0x3, 0x4) bind$inet(r0, &(0x7f0000000180)={0x2, 0x4e20, @local}, 0x10) listen(r0, 0x3) r1 = socket$inet(0x2, 0x80001, 0x84) setsockopt$sock_int(r1, 0x1, 0xf, &(0x7f0000000280)=0x3, 0x4) bind$inet(r1, &(0x7f0000000180)={0x2, 0x0, @local}, 0x10) listen(r1, 0x3) r2 = syz_open_dev$vcsa(&(0x7f0000000380)='/dev/vcsa#\x00', 0x4, 0x0) dup2(r2, r1) 11:40:24 executing program 5: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000600)="6653070000053c07bc3376003639405cb4aed12f000000000015ffa8ee79cfde47a110126616e608ceae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d4979e65199615607672c5995c9e79066e3ceb991601d4b8a6355ddc55368aa1938f1a25958737a63d7da119b71c4444cf18e38d2b30dbb21ad45e199815491be65cb154ad160c3b3ea8100cbb96a06f8b0dd4c6ad7ec5678f5900c32c2393f1d4010577a7ab0f26501c03a7c3e1d2104e948cd2a88309f748594f12bf72a1390327ba114af6071764f185268dac8650786bc215fe30e91909a321591f55cda9a591e6fc80509aa1bc925423384eeffffff6899ad18b091791dfb8be2d9c70315619ea42f0ecb26eb3c87702cf6d85025f46aef88118dd9b12c7b39791562be3e200d28d836ae7832f9d3b506e8838b7a1697", 0x139}], 0x4, 0x0) sendmsg(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0xffffffffffffff0d, 0x0, 0x0, 0x0, 0xfd9c}, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0xe) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) ptrace$cont(0x20, r0, 0x0, 0x0) 11:40:24 executing program 1: mkdir(&(0x7f0000000080)='./file0\x00', 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/fuse\x00', 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000200)='./file0\x00', 0x0, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) preadv(r0, &(0x7f0000000380)=[{&(0x7f0000000300)=""/101, 0x65}], 0x1, 0x0) lremovexattr(&(0x7f0000000000)='./file0\x00', &(0x7f0000000640)=ANY=[@ANYBLOB="bc93"]) preadv(r0, &(0x7f0000000740)=[{&(0x7f0000000480)=""/164, 0xa4}], 0x1, 0x0) write$FUSE_INIT(r0, &(0x7f0000000100)={0x50, 0x0, 0x1, {0x7, 0x1e}}, 0x50) write$FUSE_DIRENTPLUS(r0, &(0x7f00000007c0)={0x10, 0x0, 0x2}, 0x10) 11:40:24 executing program 3: socket$nl_xfrm(0x10, 0x3, 0x6) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x20}, 0x0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x8001141042, 0x0) add_key$user(0x0, &(0x7f0000000040)={'syz', 0x0}, &(0x7f0000000280), 0x0, 0xfffffffffffffffd) keyctl$clear(0x7, 0x0) request_key(0x0, &(0x7f0000000180)={'syz', 0x0}, 0x0, 0x0) write(r1, &(0x7f0000000000)="b6", 0xfffffe7e) pipe(&(0x7f00000001c0)={0xffffffffffffffff}) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) ioctl$TCSETXW(0xffffffffffffffff, 0x5435, &(0x7f00000000c0)={0x0, 0x0, [0x0, 0x0, 0x6, 0x2], 0x8}) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000480)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x0, 0x0) 11:40:24 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) select(0x40, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x1524}, 0x0, 0x0, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000300)=[{&(0x7f0000000080)="c8", 0x1}, {&(0x7f00000000c0)='8}', 0x2}, {&(0x7f0000000040)="b54f8779dfbffe1b31e4bd", 0xb}], 0x3, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x11c000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) 11:40:24 executing program 2: r0 = getpid() r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/schedstat\x00', 0x0, 0x0) lseek(r1, 0x1, 0x0) sendmsg$NFNL_MSG_CTHELPER_NEW(r1, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000080)={&(0x7f0000000240)={0x4c, 0x0, 0x9, 0x3, 0x0, 0x0, {0x0, 0x0, 0x8}, [@NFCTH_NAME={0x9, 0x1, 'syz0\x00'}, @NFCTH_NAME={0x9, 0x1, 'syz0\x00'}, @NFCTH_STATUS={0x8}, @NFCTH_TUPLE={0xc, 0x2, [@CTA_TUPLE_ZONE={0x6}]}, @NFCTH_NAME={0x9, 0x1, 'syz0\x00'}]}, 0x4c}}, 0x8011) sched_setscheduler(r0, 0x5, &(0x7f0000000380)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) socket$pptp(0x18, 0x1, 0x2) openat$sequencer(0xffffffffffffff9c, 0x0, 0x801, 0x0) inotify_init1(0x0) poll(0x0, 0x0, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer\x00', 0x801, 0x0) syz_open_dev$vivid(&(0x7f0000000540)='/dev/video#\x00', 0x0, 0x2) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000380)={[0x0, 0xf0, 0xfffffffffffffffc, 0x1, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) 11:40:24 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x1, 0x4, &(0x7f0000000040)=@framed={{0xffffffb4, 0x5, 0x0, 0x0, 0x0, 0x61, 0x10, 0xa2}, [@ldst={0x0, 0x0, 0x3f9}]}, &(0x7f0000003ff6)='GPL\x00', 0x5, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0x1dd}, 0x48) 11:40:24 executing program 1: mkdir(&(0x7f0000000080)='./file0\x00', 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/fuse\x00', 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000200)='./file0\x00', 0x0, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) preadv(r0, &(0x7f0000000380)=[{&(0x7f0000000300)=""/101, 0x65}], 0x1, 0x0) lremovexattr(&(0x7f0000000000)='./file0\x00', &(0x7f0000000640)=ANY=[@ANYBLOB="bc93"]) preadv(r0, &(0x7f0000000740)=[{&(0x7f0000000480)=""/164, 0xa4}], 0x1, 0x0) write$FUSE_INIT(r0, &(0x7f0000000100)={0x50, 0x0, 0x1, {0x7, 0x1e}}, 0x50) write$FUSE_DIRENTPLUS(r0, &(0x7f00000007c0)={0x10, 0x0, 0x2}, 0x10) 11:40:24 executing program 1: mkdir(&(0x7f0000000080)='./file0\x00', 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/fuse\x00', 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000240)='fuse\x00', 0x0, 0x0) preadv(r0, &(0x7f0000000380)=[{&(0x7f0000000300)=""/101, 0x65}], 0x1, 0x0) lremovexattr(&(0x7f0000000000)='./file0\x00', &(0x7f0000000640)=ANY=[@ANYBLOB="bc93"]) preadv(r0, &(0x7f0000000740)=[{&(0x7f0000000480)=""/164, 0xa4}], 0x1, 0x0) write$FUSE_INIT(r0, &(0x7f0000000100)={0x50, 0x0, 0x1, {0x7, 0x1e}}, 0x50) write$FUSE_DIRENTPLUS(r0, &(0x7f00000007c0)={0x10, 0x0, 0x2}, 0x10) 11:40:24 executing program 0: r0 = socket$inet(0x2, 0x80001, 0x84) setsockopt$sock_int(r0, 0x1, 0xf, &(0x7f0000000280)=0x3, 0x4) bind$inet(r0, &(0x7f0000000180)={0x2, 0x4e20, @local}, 0x10) r1 = socket$inet(0x2, 0x80001, 0x84) bind$inet(r1, &(0x7f0000000180)={0x2, 0x4e20, @local}, 0x10) 11:40:24 executing program 1: mkdir(&(0x7f0000000080)='./file0\x00', 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/fuse\x00', 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000240)='fuse\x00', 0x0, 0x0) preadv(r0, &(0x7f0000000380)=[{&(0x7f0000000300)=""/101, 0x65}], 0x1, 0x0) lremovexattr(&(0x7f0000000000)='./file0\x00', &(0x7f0000000640)=ANY=[@ANYBLOB="bc93"]) preadv(r0, &(0x7f0000000740)=[{&(0x7f0000000480)=""/164, 0xa4}], 0x1, 0x0) write$FUSE_INIT(r0, &(0x7f0000000100)={0x50, 0x0, 0x1, {0x7, 0x1e}}, 0x50) write$FUSE_DIRENTPLUS(r0, &(0x7f00000007c0)={0x10, 0x0, 0x2}, 0x10) 11:40:24 executing program 0: prlimit64(0x0, 0x0, &(0x7f0000000200)={0x9}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30}, 0x0) socket$inet6(0xa, 0x2, 0x0) pipe(&(0x7f0000000180)={0xffffffffffffffff}) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) vmsplice(r0, 0x0, 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x386, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f0000000240)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-cipher_null\x00'}, 0x58) r2 = accept4(r1, 0x0, 0x0, 0x0) r3 = syz_open_procfs(0x0, &(0x7f00000001c0)='pagemap\x00') sendfile(r2, r3, 0x0, 0x50000000000443) 11:40:24 executing program 1: mkdir(&(0x7f0000000080)='./file0\x00', 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/fuse\x00', 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000240)='fuse\x00', 0x0, 0x0) preadv(r0, &(0x7f0000000380)=[{&(0x7f0000000300)=""/101, 0x65}], 0x1, 0x0) lremovexattr(&(0x7f0000000000)='./file0\x00', &(0x7f0000000640)=ANY=[@ANYBLOB="bc93"]) preadv(r0, &(0x7f0000000740)=[{&(0x7f0000000480)=""/164, 0xa4}], 0x1, 0x0) write$FUSE_INIT(r0, &(0x7f0000000100)={0x50, 0x0, 0x1, {0x7, 0x1e}}, 0x50) write$FUSE_DIRENTPLUS(r0, &(0x7f00000007c0)={0x10, 0x0, 0x2}, 0x10) 11:40:27 executing program 2: r0 = getpid() r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/schedstat\x00', 0x0, 0x0) lseek(r1, 0x1, 0x0) sendmsg$NFNL_MSG_CTHELPER_NEW(r1, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000080)={&(0x7f0000000240)={0x4c, 0x0, 0x9, 0x3, 0x0, 0x0, {0x0, 0x0, 0x8}, [@NFCTH_NAME={0x9, 0x1, 'syz0\x00'}, @NFCTH_NAME={0x9, 0x1, 'syz0\x00'}, @NFCTH_STATUS={0x8}, @NFCTH_TUPLE={0xc, 0x2, [@CTA_TUPLE_ZONE={0x6}]}, @NFCTH_NAME={0x9, 0x1, 'syz0\x00'}]}, 0x4c}}, 0x8011) sched_setscheduler(r0, 0x5, &(0x7f0000000380)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) socket$pptp(0x18, 0x1, 0x2) openat$sequencer(0xffffffffffffff9c, 0x0, 0x801, 0x0) inotify_init1(0x0) poll(0x0, 0x0, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer\x00', 0x801, 0x0) syz_open_dev$vivid(&(0x7f0000000540)='/dev/video#\x00', 0x0, 0x2) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000380)={[0x0, 0xf0, 0xfffffffffffffffc, 0x1, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) 11:40:27 executing program 5: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000600)="6653070000053c07bc3376003639405cb4aed12f000000000015ffa8ee79cfde47a110126616e608ceae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d4979e65199615607672c5995c9e79066e3ceb991601d4b8a6355ddc55368aa1938f1a25958737a63d7da119b71c4444cf18e38d2b30dbb21ad45e199815491be65cb154ad160c3b3ea8100cbb96a06f8b0dd4c6ad7ec5678f5900c32c2393f1d4010577a7ab0f26501c03a7c3e1d2104e948cd2a88309f748594f12bf72a1390327ba114af6071764f185268dac8650786bc215fe30e91909a321591f55cda9a591e6fc80509aa1bc925423384eeffffff6899ad18b091791dfb8be2d9c70315619ea42f0ecb26eb3c87702cf6d85025f46aef88118dd9b12c7b39791562be3e200d28d836ae7832f9d3b506e8838b7a1697", 0x139}], 0x4, 0x0) sendmsg(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0xffffffffffffff0d, 0x0, 0x0, 0x0, 0xfd9c}, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0xe) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) ptrace$cont(0x20, r0, 0x0, 0x0) 11:40:27 executing program 3: socket$nl_xfrm(0x10, 0x3, 0x6) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x20}, 0x0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x8001141042, 0x0) add_key$user(0x0, &(0x7f0000000040)={'syz', 0x0}, &(0x7f0000000280), 0x0, 0xfffffffffffffffd) keyctl$clear(0x7, 0x0) request_key(0x0, &(0x7f0000000180)={'syz', 0x0}, 0x0, 0x0) write(r1, &(0x7f0000000000)="b6", 0xfffffe7e) pipe(&(0x7f00000001c0)={0xffffffffffffffff}) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) ioctl$TCSETXW(0xffffffffffffffff, 0x5435, &(0x7f00000000c0)={0x0, 0x0, [0x0, 0x0, 0x6, 0x2], 0x8}) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000480)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x0, 0x0) 11:40:27 executing program 1: mkdir(&(0x7f0000000080)='./file0\x00', 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/fuse\x00', 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000240)='fuse\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=']) preadv(r0, &(0x7f0000000380)=[{&(0x7f0000000300)=""/101, 0x65}], 0x1, 0x0) lremovexattr(&(0x7f0000000000)='./file0\x00', &(0x7f0000000640)=ANY=[@ANYBLOB="bc93"]) preadv(r0, &(0x7f0000000740)=[{&(0x7f0000000480)=""/164, 0xa4}], 0x1, 0x0) write$FUSE_INIT(r0, &(0x7f0000000100)={0x50, 0x0, 0x1, {0x7, 0x1e}}, 0x50) write$FUSE_DIRENTPLUS(r0, &(0x7f00000007c0)={0x10, 0x0, 0x2}, 0x10) 11:40:27 executing program 0: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6(0xa, 0x2, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000000)=ANY=[@ANYBLOB="66696c74657200000000000000000000000000000000000000000000000000005000000004000000f8030000c8000000c8000000c8000000ac0100000000000030030000300300003003000030030000300300000400000000000000ff010000000000000000000000000001000000000000001a0000000000000001000000000000fc02000000000000000000000000000000000000000000000000626f6e645f736c6176655f300000000073797a6b616c6c6572310000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a400c800000000000000000000000000000000000000000024004e465155455545000000000000000000000000000000000000000000000100000000fe800000000000000000000000000000ff0100000000000000000000000000010000000000000000000000000000000000000000000000000000000000000000726f736530000000000000000000000076657468305f746f5f626f6e640000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a400e400000000000000000000000000000000000000000040005443504f5054535452495000000000000000000000001d000000000000000000000000000000000000000000000000000000000000000000000000000000fe8000000000000000000000000000bbfe80000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006272696467653000000000000000000069705f767469300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600184010000000000000000000000000000000000000000bc00636f6e6e747261636b000000000000000000000000000000000000000002fe8000000000000000000000000000bb000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000fe8000000000000000000000000000bb00000000000000000000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000240052454a454354000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a400c80000000000000000000000000000000000000000002400000000000000000000000000000000000000000000000000000000000000feffffff"], 0x454) getpid() 11:40:27 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) select(0x40, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x1524}, 0x0, 0x0, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000300)=[{&(0x7f0000000080)="c8", 0x1}, {&(0x7f00000000c0)='8}', 0x2}, {&(0x7f0000000040)="b54f8779dfbffe1b31e4bd", 0xb}], 0x3, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x11c000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) 11:40:27 executing program 1: mkdir(&(0x7f0000000080)='./file0\x00', 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/fuse\x00', 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000240)='fuse\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=']) preadv(r0, &(0x7f0000000380)=[{&(0x7f0000000300)=""/101, 0x65}], 0x1, 0x0) lremovexattr(&(0x7f0000000000)='./file0\x00', &(0x7f0000000640)=ANY=[@ANYBLOB="bc93"]) preadv(r0, &(0x7f0000000740)=[{&(0x7f0000000480)=""/164, 0xa4}], 0x1, 0x0) write$FUSE_INIT(r0, &(0x7f0000000100)={0x50, 0x0, 0x1, {0x7, 0x1e}}, 0x50) write$FUSE_DIRENTPLUS(r0, &(0x7f00000007c0)={0x10, 0x0, 0x2}, 0x10) 11:40:27 executing program 0: pipe(0x0) socket$inet_udp(0x2, 0x2, 0x0) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41be, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x20}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb8, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$TUNSETVNETBE(0xffffffffffffffff, 0x400454de, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_ASSIGN_PCI_DEVICE(0xffffffffffffffff, 0x8040ae69, 0x0) syz_emit_ethernet(0x1b7, &(0x7f0000000680)={@link_local, @broadcast, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "4df88c", 0x181, 0x3a, 0x0, @remote, @local, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x1, {0x7, 0x6, "fbcb77", 0x0, 0x88, 0x3f, @mcast2, @remote, [@srh={0x33, 0xc, 0x4, 0x6, 0x7, 0x30, 0x8, [@ipv4={[], [], @initdev={0xac, 0x1e, 0x0, 0x0}}, @rand_addr="c07728bb20c60ce16eea401390f74477", @mcast1, @dev={0xfe, 0x80, [], 0x20}, @mcast2, @dev={0xfe, 0x80, [], 0xc}]}, @fragment={0x17, 0x0, 0xc3, 0x1, 0x0, 0x1d, 0x67}, @fragment={0x4, 0x0, 0x7, 0x1, 0x0, 0x0, 0x68}, @dstopts={0x62, 0x8, [], [@hao={0xc9, 0x10, @mcast2}, @ra={0x5, 0x2, 0xcae2}, @generic={0x6, 0x22, "aae6d292925747505337c2da89c4d5770a6ecd49961824367633a88f4f5c71e06ef9"}, @pad1, @padn={0x1, 0x3, [0x0, 0x0, 0x0]}]}, @dstopts={0x0, 0x2, [], [@enc_lim={0x4, 0x1, 0x80}, @generic={0x8, 0x7, "da4fb7f5951711"}, @ra={0x5, 0x2, 0x5}, @ra={0x5, 0x2, 0x401}]}, @dstopts={0x0, 0x5, [], [@hao={0xc9, 0x10, @mcast1}, @ra={0x5, 0x2, 0x1}, @padn, @enc_lim={0x4, 0x1, 0x6}, @hao={0xc9, 0x10, @mcast2}]}, @hopopts={0x3c, 0x2, [], [@ra={0x5, 0x2, 0x5}, @pad1, @ra, @ra={0x5, 0x2, 0x8}, @enc_lim={0x4, 0x1, 0x1}]}], "a80264d42eac75612668363f391277315c"}}}}}}}, 0x0) ioctl$FS_IOC_RESVSP(0xffffffffffffffff, 0x402c5828, 0x0) r0 = syz_open_procfs(0x0, 0x0) ioctl$RTC_SET_TIME(r0, 0x4024700a, 0x0) sendmsg$NL80211_CMD_DEL_KEY(0xffffffffffffffff, 0x0, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)={0x13, 0x10, 0x3}, 0x2c) r2 = dup2(0xffffffffffffffff, r1) getdents64(r2, 0x0, 0x0) ioctl$LOOP_SET_DIRECT_IO(r2, 0x4c08, 0x3) r3 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000280)='/dev/vhost-vsock\x00', 0x2, 0x0) ioctl$VHOST_SET_VRING_BASE(r3, 0xaf01, 0x0) openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000)='/dev/hwrng\x00', 0x0, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) bind$netlink(0xffffffffffffffff, 0x0, 0x0) ioctl$sock_SIOCSIFVLAN_DEL_VLAN_CMD(r4, 0x8983, &(0x7f00000000c0)={0x1, 'ip6erspan0\x00', {}, 0x2}) 11:40:27 executing program 1: mkdir(&(0x7f0000000080)='./file0\x00', 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/fuse\x00', 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000240)='fuse\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=']) preadv(r0, &(0x7f0000000380)=[{&(0x7f0000000300)=""/101, 0x65}], 0x1, 0x0) lremovexattr(&(0x7f0000000000)='./file0\x00', &(0x7f0000000640)=ANY=[@ANYBLOB="bc93"]) preadv(r0, &(0x7f0000000740)=[{&(0x7f0000000480)=""/164, 0xa4}], 0x1, 0x0) write$FUSE_INIT(r0, &(0x7f0000000100)={0x50, 0x0, 0x1, {0x7, 0x1e}}, 0x50) write$FUSE_DIRENTPLUS(r0, &(0x7f00000007c0)={0x10, 0x0, 0x2}, 0x10) 11:40:27 executing program 1: mkdir(&(0x7f0000000080)='./file0\x00', 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/fuse\x00', 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000240)='fuse\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYRESDEC=0x0]) preadv(r0, &(0x7f0000000380)=[{&(0x7f0000000300)=""/101, 0x65}], 0x1, 0x0) lremovexattr(&(0x7f0000000000)='./file0\x00', &(0x7f0000000640)=ANY=[@ANYBLOB="bc93"]) preadv(r0, &(0x7f0000000740)=[{&(0x7f0000000480)=""/164, 0xa4}], 0x1, 0x0) write$FUSE_INIT(r0, &(0x7f0000000100)={0x50, 0x0, 0x1, {0x7, 0x1e}}, 0x50) write$FUSE_DIRENTPLUS(r0, &(0x7f00000007c0)={0x10, 0x0, 0x2}, 0x10) 11:40:28 executing program 1: mkdir(&(0x7f0000000080)='./file0\x00', 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/fuse\x00', 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000240)='fuse\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYRESDEC=0x0]) preadv(r0, &(0x7f0000000380)=[{&(0x7f0000000300)=""/101, 0x65}], 0x1, 0x0) lremovexattr(&(0x7f0000000000)='./file0\x00', &(0x7f0000000640)=ANY=[@ANYBLOB="bc93"]) preadv(r0, &(0x7f0000000740)=[{&(0x7f0000000480)=""/164, 0xa4}], 0x1, 0x0) write$FUSE_INIT(r0, &(0x7f0000000100)={0x50, 0x0, 0x1, {0x7, 0x1e}}, 0x50) write$FUSE_DIRENTPLUS(r0, &(0x7f00000007c0)={0x10, 0x0, 0x2}, 0x10) 11:40:28 executing program 1: mkdir(&(0x7f0000000080)='./file0\x00', 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/fuse\x00', 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000240)='fuse\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYRESDEC=0x0]) preadv(r0, &(0x7f0000000380)=[{&(0x7f0000000300)=""/101, 0x65}], 0x1, 0x0) lremovexattr(&(0x7f0000000000)='./file0\x00', &(0x7f0000000640)=ANY=[@ANYBLOB="bc93"]) preadv(r0, &(0x7f0000000740)=[{&(0x7f0000000480)=""/164, 0xa4}], 0x1, 0x0) write$FUSE_INIT(r0, &(0x7f0000000100)={0x50, 0x0, 0x1, {0x7, 0x1e}}, 0x50) write$FUSE_DIRENTPLUS(r0, &(0x7f00000007c0)={0x10, 0x0, 0x2}, 0x10) 11:40:28 executing program 2: r0 = getpid() r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/schedstat\x00', 0x0, 0x0) lseek(r1, 0x1, 0x0) sendmsg$NFNL_MSG_CTHELPER_NEW(r1, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000080)={&(0x7f0000000240)={0x4c, 0x0, 0x9, 0x3, 0x0, 0x0, {0x0, 0x0, 0x8}, [@NFCTH_NAME={0x9, 0x1, 'syz0\x00'}, @NFCTH_NAME={0x9, 0x1, 'syz0\x00'}, @NFCTH_STATUS={0x8}, @NFCTH_TUPLE={0xc, 0x2, [@CTA_TUPLE_ZONE={0x6}]}, @NFCTH_NAME={0x9, 0x1, 'syz0\x00'}]}, 0x4c}}, 0x8011) sched_setscheduler(r0, 0x5, &(0x7f0000000380)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$vsock(0xffffffffffffff9c, &(0x7f0000000200)='/dev/vsock\x00', 0x0, 0x0) socket$pptp(0x18, 0x1, 0x2) openat$sequencer(0xffffffffffffff9c, 0x0, 0x801, 0x0) inotify_init1(0x0) poll(0x0, 0x0, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer\x00', 0x801, 0x0) syz_open_dev$vivid(&(0x7f0000000540)='/dev/video#\x00', 0x0, 0x2) r2 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0xf0, 0xfffffffffffffffc, 0x1, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 11:40:30 executing program 5: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000600)="6653070000053c07bc3376003639405cb4aed12f000000000015ffa8ee79cfde47a110126616e608ceae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d4979e65199615607672c5995c9e79066e3ceb991601d4b8a6355ddc55368aa1938f1a25958737a63d7da119b71c4444cf18e38d2b30dbb21ad45e199815491be65cb154ad160c3b3ea8100cbb96a06f8b0dd4c6ad7ec5678f5900c32c2393f1d4010577a7ab0f26501c03a7c3e1d2104e948cd2a88309f748594f12bf72a1390327ba114af6071764f185268dac8650786bc215fe30e91909a321591f55cda9a591e6fc80509aa1bc925423384eeffffff6899ad18b091791dfb8be2d9c70315619ea42f0ecb26eb3c87702cf6d85025f46aef88118dd9b12c7b39791562be3e200d28d836ae7832f9d3b506e8838b7a1697", 0x139}], 0x4, 0x0) sendmsg(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0xffffffffffffff0d, 0x0, 0x0, 0x0, 0xfd9c}, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0xe) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) r1 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) ptrace$cont(0x20, r0, 0x0, 0x0) 11:40:30 executing program 1: mkdir(&(0x7f0000000080)='./file0\x00', 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/fuse\x00', 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000240)='fuse\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB, @ANYRESDEC=0x0]) preadv(r0, &(0x7f0000000380)=[{&(0x7f0000000300)=""/101, 0x65}], 0x1, 0x0) lremovexattr(&(0x7f0000000000)='./file0\x00', &(0x7f0000000640)=ANY=[@ANYBLOB="bc93"]) preadv(r0, &(0x7f0000000740)=[{&(0x7f0000000480)=""/164, 0xa4}], 0x1, 0x0) write$FUSE_INIT(r0, &(0x7f0000000100)={0x50, 0x0, 0x1, {0x7, 0x1e}}, 0x50) write$FUSE_DIRENTPLUS(r0, &(0x7f00000007c0)={0x10, 0x0, 0x2}, 0x10) 11:40:30 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000032000/0x18000)=nil, &(0x7f0000000280)=[@text32={0x20, &(0x7f0000000140)="b9800000c00f3235010000000f309a090000006500660f3882af724d00002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0x51}], 0x1, 0x0, 0x0, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb8, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x4, 0x0, 0x40000004, 0x2, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) syz_open_procfs(0xffffffffffffffff, &(0x7f0000000140)='ns\x00') write$P9_RWRITE(0xffffffffffffffff, &(0x7f00000001c0)={0xb, 0x77, 0x2}, 0xb) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x12, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa, @perf_config_ext={0x8001, 0x41}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r3 = syz_open_procfs(0x0, &(0x7f0000000280)) getdents64(r3, &(0x7f0000000df0)=""/528, 0x18) ioctl$KVM_RUN(r2, 0xae80, 0x0) 11:40:30 executing program 2: r0 = getpid() r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/schedstat\x00', 0x0, 0x0) lseek(r1, 0x1, 0x0) sendmsg$NFNL_MSG_CTHELPER_NEW(r1, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000080)={&(0x7f0000000240)={0x4c, 0x0, 0x9, 0x3, 0x0, 0x0, {0x0, 0x0, 0x8}, [@NFCTH_NAME={0x9, 0x1, 'syz0\x00'}, @NFCTH_NAME={0x9, 0x1, 'syz0\x00'}, @NFCTH_STATUS={0x8}, @NFCTH_TUPLE={0xc, 0x2, [@CTA_TUPLE_ZONE={0x6}]}, @NFCTH_NAME={0x9, 0x1, 'syz0\x00'}]}, 0x4c}}, 0x8011) sched_setscheduler(r0, 0x5, &(0x7f0000000380)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$vsock(0xffffffffffffff9c, &(0x7f0000000200)='/dev/vsock\x00', 0x0, 0x0) socket$pptp(0x18, 0x1, 0x2) openat$sequencer(0xffffffffffffff9c, 0x0, 0x801, 0x0) inotify_init1(0x0) poll(0x0, 0x0, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer\x00', 0x801, 0x0) syz_open_dev$vivid(&(0x7f0000000540)='/dev/video#\x00', 0x0, 0x2) r2 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0xf0, 0xfffffffffffffffc, 0x1, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 11:40:30 executing program 3: socket$nl_xfrm(0x10, 0x3, 0x6) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x20}, 0x0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x8001141042, 0x0) add_key$user(0x0, &(0x7f0000000040)={'syz', 0x0}, &(0x7f0000000280)='f', 0x1, 0xfffffffffffffffd) keyctl$clear(0x7, 0x0) request_key(0x0, 0x0, 0x0, 0x0) write(r1, &(0x7f0000000000)="b6", 0xfffffe7e) pipe(&(0x7f00000001c0)={0xffffffffffffffff}) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) ioctl$TCSETXW(0xffffffffffffffff, 0x5435, &(0x7f00000000c0)={0x0, 0x0, [0x0, 0x0, 0x6, 0x2], 0x8}) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000480)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x0, 0x0) 11:40:30 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) select(0x40, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x1524}, 0x0, 0x0, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000300)=[{&(0x7f0000000080)="c8", 0x1}, {&(0x7f00000000c0)='8}', 0x2}, {&(0x7f0000000040)="b54f8779dfbffe1b31e4bd", 0xb}], 0x3, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x11c000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 11:40:30 executing program 1: mkdir(&(0x7f0000000080)='./file0\x00', 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/fuse\x00', 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000240)='fuse\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB, @ANYRESDEC=0x0]) preadv(r0, &(0x7f0000000380)=[{&(0x7f0000000300)=""/101, 0x65}], 0x1, 0x0) lremovexattr(&(0x7f0000000000)='./file0\x00', &(0x7f0000000640)=ANY=[@ANYBLOB="bc93"]) preadv(r0, &(0x7f0000000740)=[{&(0x7f0000000480)=""/164, 0xa4}], 0x1, 0x0) write$FUSE_INIT(r0, &(0x7f0000000100)={0x50, 0x0, 0x1, {0x7, 0x1e}}, 0x50) write$FUSE_DIRENTPLUS(r0, &(0x7f00000007c0)={0x10, 0x0, 0x2}, 0x10) [ 1921.627365] kvm [25288]: vcpu0, guest rIP: 0x14c Hyper-V uhandled wrmsr: 0x40000011 data 0x200000005 [ 1921.661893] kvm [25288]: vcpu0, guest rIP: 0x14c Hyper-V uhandled wrmsr: 0x40000055 data 0x200000010 [ 1921.684684] kvm [25288]: vcpu0, guest rIP: 0x14c Hyper-V uhandled wrmsr: 0x4000007d data 0x200000054 [ 1921.711291] kvm [25288]: vcpu0, guest rIP: 0x14c Hyper-V uhandled wrmsr: 0x40000042 data 0x20000009a [ 1921.722088] kvm [25288]: vcpu0, guest rIP: 0x14c Hyper-V uhandled wrmsr: 0x40000060 data 0x2000000d1 11:40:31 executing program 1: mkdir(&(0x7f0000000080)='./file0\x00', 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/fuse\x00', 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000240)='fuse\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB, @ANYRESDEC=0x0]) preadv(r0, &(0x7f0000000380)=[{&(0x7f0000000300)=""/101, 0x65}], 0x1, 0x0) lremovexattr(&(0x7f0000000000)='./file0\x00', &(0x7f0000000640)=ANY=[@ANYBLOB="bc93"]) preadv(r0, &(0x7f0000000740)=[{&(0x7f0000000480)=""/164, 0xa4}], 0x1, 0x0) write$FUSE_INIT(r0, &(0x7f0000000100)={0x50, 0x0, 0x1, {0x7, 0x1e}}, 0x50) write$FUSE_DIRENTPLUS(r0, &(0x7f00000007c0)={0x10, 0x0, 0x2}, 0x10) [ 1921.732820] kvm [25288]: vcpu0, guest rIP: 0x14c Hyper-V uhandled wrmsr: 0x4000000c data 0x2000000c5 [ 1921.746318] kvm [25288]: vcpu0, guest rIP: 0x14c Hyper-V uhandled wrmsr: 0x40000007 data 0x2000000d6 [ 1921.757799] kvm [25288]: vcpu0, guest rIP: 0x14c Hyper-V uhandled wrmsr: 0x40000038 data 0x200000092 [ 1921.781539] kvm [25288]: vcpu0, guest rIP: 0x14c Hyper-V uhandled wrmsr: 0x4000001b data 0x2000000b9 [ 1921.793330] kvm [25288]: vcpu0, guest rIP: 0x14c Hyper-V uhandled wrmsr: 0x40000065 data 0x2000000cf [ 1921.810845] kvm [25288]: vcpu0, guest rIP: 0x14c Hyper-V uhandled wrmsr: 0x40000020 data 0x20000004e [ 1921.825556] kvm [25288]: vcpu0, guest rIP: 0x14c Hyper-V uhandled wrmsr: 0x40000020 data 0x20000002a 11:40:31 executing program 1: mkdir(&(0x7f0000000080)='./file0\x00', 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/fuse\x00', 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000240)='fuse\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',grou', @ANYRESDEC=0x0]) preadv(r0, &(0x7f0000000380)=[{&(0x7f0000000300)=""/101, 0x65}], 0x1, 0x0) lremovexattr(&(0x7f0000000000)='./file0\x00', &(0x7f0000000640)=ANY=[@ANYBLOB="bc93"]) preadv(r0, &(0x7f0000000740)=[{&(0x7f0000000480)=""/164, 0xa4}], 0x1, 0x0) write$FUSE_INIT(r0, &(0x7f0000000100)={0x50, 0x0, 0x1, {0x7, 0x1e}}, 0x50) write$FUSE_DIRENTPLUS(r0, &(0x7f00000007c0)={0x10, 0x0, 0x2}, 0x10) 11:40:31 executing program 1: mkdir(&(0x7f0000000080)='./file0\x00', 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/fuse\x00', 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000240)='fuse\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',grou', @ANYRESDEC=0x0]) preadv(r0, &(0x7f0000000380)=[{&(0x7f0000000300)=""/101, 0x65}], 0x1, 0x0) lremovexattr(&(0x7f0000000000)='./file0\x00', &(0x7f0000000640)=ANY=[@ANYBLOB="bc93"]) preadv(r0, &(0x7f0000000740)=[{&(0x7f0000000480)=""/164, 0xa4}], 0x1, 0x0) write$FUSE_INIT(r0, &(0x7f0000000100)={0x50, 0x0, 0x1, {0x7, 0x1e}}, 0x50) write$FUSE_DIRENTPLUS(r0, &(0x7f00000007c0)={0x10, 0x0, 0x2}, 0x10) 11:40:31 executing program 1: mkdir(&(0x7f0000000080)='./file0\x00', 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/fuse\x00', 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000240)='fuse\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',grou', @ANYRESDEC=0x0]) preadv(r0, &(0x7f0000000380)=[{&(0x7f0000000300)=""/101, 0x65}], 0x1, 0x0) lremovexattr(&(0x7f0000000000)='./file0\x00', &(0x7f0000000640)=ANY=[@ANYBLOB="bc93"]) preadv(r0, &(0x7f0000000740)=[{&(0x7f0000000480)=""/164, 0xa4}], 0x1, 0x0) write$FUSE_INIT(r0, &(0x7f0000000100)={0x50, 0x0, 0x1, {0x7, 0x1e}}, 0x50) write$FUSE_DIRENTPLUS(r0, &(0x7f00000007c0)={0x10, 0x0, 0x2}, 0x10) [ 1921.946267] kvm [25288]: vcpu0, guest rIP: 0x14c Hyper-V uhandled wrmsr: 0x40000020 data 0x20000004e 11:40:31 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000002c0)=ANY=[@ANYBLOB="7000000000011905030000000000000018000000240001001400010008000100ffffffff08000200ac1e00010c0002000500010000000000240002000c00020005000100000000001400010008000100e0000002080002000000000008000700000000000c000600080001007f000001"], 0x70}}, 0x0) [ 1922.111082] kasan: CONFIG_KASAN_INLINE enabled [ 1922.117263] kasan: GPF could be caused by NULL-ptr deref or user memory access [ 1922.142446] general protection fault: 0000 [#1] PREEMPT SMP KASAN [ 1922.148733] Modules linked in: [ 1922.151925] CPU: 0 PID: 25330 Comm: syz-executor.0 Not tainted 4.14.170-syzkaller #0 [ 1922.159801] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1922.170019] task: ffff888033a42000 task.stack: ffff8881fc3b0000 [ 1922.176071] RIP: 0010:get_unique_tuple+0x230/0x19e0 [ 1922.181073] RSP: 0018:ffff8881fc3b6ea0 EFLAGS: 00010246 [ 1922.186480] RAX: dffffc0000000000 RBX: ffff8881fc3b7028 RCX: 1ffffffff1166044 [ 1922.193744] RDX: 0000000000000000 RSI: ffffffff85474c52 RDI: ffffffff88b30220 [ 1922.201017] RBP: ffff8881fc3b6fc8 R08: 0000000000000000 R09: ffff888033a428f0 [ 1922.208282] R10: ffff888033a428d0 R11: ffff888033a42000 R12: 0000000000000000 [ 1922.215538] R13: 0000000000000018 R14: ffff8881fc3b704e R15: ffff8881fc3b7078 [ 1922.222800] FS: 00007f8987cc0700(0000) GS:ffff8880aec00000(0000) knlGS:0000000000000000 [ 1922.231006] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 1922.236873] CR2: 0000001b2ca35000 CR3: 000000002f817000 CR4: 00000000001426f0 [ 1922.244128] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 1922.251411] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 1922.258666] Call Trace: [ 1922.261242] ? find_held_lock+0x35/0x130 [ 1922.265311] ? nf_ct_invert_tuplepr+0x17d/0x2c0 [ 1922.269977] ? nft_cmp_dump+0x180/0x180 [ 1922.273943] ? hash_by_src+0x360/0x360 [ 1922.277816] ? lock_downgrade+0x740/0x740 [ 1922.281970] ? nf_ct_invert_tuplepr+0x1a4/0x2c0 [ 1922.286633] nf_nat_setup_info+0x1bd/0x7f0 [ 1922.290855] ? nf_nat_proto_clean+0x1c0/0x1c0 [ 1922.295336] ? kmem_cache_alloc+0x12e/0x780 [ 1922.299641] ? __nf_conntrack_alloc+0xa2/0x5e0 [ 1922.304205] ? nf_conntrack_alloc+0x38/0x50 [ 1922.308512] ? netlink_unicast+0x44d/0x650 [ 1922.312730] ? netlink_sendmsg+0x7c4/0xc60 [ 1922.316970] ? sock_sendmsg+0xce/0x110 [ 1922.320934] ? ___sys_sendmsg+0x70a/0x840 [ 1922.325098] ? __sys_sendmsg+0xb9/0x140 [ 1922.329120] ? SyS_sendmsg+0x2d/0x50 [ 1922.332816] ? do_syscall_64+0x1e8/0x640 [ 1922.336863] ? entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 1922.342214] ? save_trace+0x290/0x290 [ 1922.346003] ? save_trace+0x290/0x290 [ 1922.349788] __nf_nat_alloc_null_binding+0x13f/0x180 [ 1922.354878] ? nf_nat_setup_info+0x7f0/0x7f0 [ 1922.359279] ? __lock_is_held+0xb6/0x140 [ 1922.363334] ? check_preemption_disabled+0x3c/0x250 [ 1922.368355] ? rcu_lockdep_current_cpu_online+0xf2/0x140 [ 1922.373805] nfnetlink_parse_nat_setup+0x34a/0x3b0 [ 1922.378941] ? nft_cmp_dump+0x180/0x180 [ 1922.382917] ? nf_nat_alloc_null_binding+0x50/0x50 [ 1922.387849] ? rcu_read_lock_sched_held+0x110/0x130 [ 1922.392887] ? __lock_is_held+0xb6/0x140 [ 1922.396936] ? check_preemption_disabled+0x3c/0x250 [ 1922.401994] ? nf_nat_alloc_null_binding+0x50/0x50 [ 1922.406942] ? rcu_lockdep_current_cpu_online+0xf2/0x140 [ 1922.412374] ? nf_nat_alloc_null_binding+0x50/0x50 [ 1922.417358] ctnetlink_parse_nat_setup+0x76/0x4a0 [ 1922.422194] ctnetlink_create_conntrack+0x468/0x10c0 [ 1922.427282] ? ctnetlink_del_conntrack+0x5e0/0x5e0 [ 1922.432200] ? hash_conntrack_raw+0x2c1/0x430 [ 1922.436732] ? nf_ct_get_id+0x170/0x170 [ 1922.440712] ctnetlink_new_conntrack+0x4af/0xcc0 [ 1922.445468] ? ctnetlink_create_conntrack+0x10c0/0x10c0 [ 1922.450848] ? ctnetlink_create_conntrack+0x10c0/0x10c0 [ 1922.456209] nfnetlink_rcv_msg+0xa08/0xc00 [ 1922.460438] netlink_rcv_skb+0x14f/0x3c0 [ 1922.464486] ? nfnetlink_bind+0x240/0x240 [ 1922.468627] ? netlink_ack+0x9a0/0x9a0 [ 1922.472502] ? ns_capable_common+0x12c/0x160 [ 1922.476964] ? __netlink_ns_capable+0xe2/0x130 [ 1922.481533] nfnetlink_rcv+0x1ab/0x1650 [ 1922.485561] ? netlink_deliver_tap+0x93/0x8f0 [ 1922.490047] ? find_held_lock+0x35/0x130 [ 1922.494195] ? netlink_deliver_tap+0x93/0x8f0 [ 1922.498798] ? nfnl_err_del+0x160/0x160 [ 1922.502759] ? lock_downgrade+0x740/0x740 [ 1922.506897] ? netlink_deliver_tap+0xba/0x8f0 [ 1922.511380] netlink_unicast+0x44d/0x650 [ 1922.515436] ? netlink_attachskb+0x6a0/0x6a0 [ 1922.519890] ? security_netlink_send+0x81/0xb0 [ 1922.524455] netlink_sendmsg+0x7c4/0xc60 [ 1922.528524] ? netlink_unicast+0x650/0x650 [ 1922.532750] ? security_socket_sendmsg+0x89/0xb0 [ 1922.537598] ? netlink_unicast+0x650/0x650 [ 1922.542085] sock_sendmsg+0xce/0x110 [ 1922.545787] ___sys_sendmsg+0x70a/0x840 [ 1922.549748] ? copy_msghdr_from_user+0x3f0/0x3f0 [ 1922.554533] ? __fget+0x210/0x370 [ 1922.557973] ? find_held_lock+0x35/0x130 [ 1922.562067] ? __fget+0x210/0x370 [ 1922.565561] ? lock_downgrade+0x740/0x740 [ 1922.569701] ? __fget+0x237/0x370 [ 1922.573137] ? __fget_light+0x172/0x1f0 [ 1922.577098] ? __fdget+0x1b/0x20 [ 1922.580451] ? sockfd_lookup_light+0xb4/0x160 [ 1922.584933] __sys_sendmsg+0xb9/0x140 [ 1922.588729] ? SyS_shutdown+0x170/0x170 [ 1922.592691] ? put_timespec64+0xb4/0x100 [ 1922.596737] ? SyS_clock_gettime+0xf8/0x180 [ 1922.601045] SyS_sendmsg+0x2d/0x50 [ 1922.604574] ? __sys_sendmsg+0x140/0x140 [ 1922.608626] do_syscall_64+0x1e8/0x640 [ 1922.612508] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1922.617342] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 1922.622524] RIP: 0033:0x45c6c9 [ 1922.625697] RSP: 002b:00007f8987cbfc78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1922.633504] RAX: ffffffffffffffda RBX: 00007f8987cc06d4 RCX: 000000000045c6c9 [ 1922.640767] RDX: 0000000000000000 RSI: 0000000020000280 RDI: 0000000000000003 [ 1922.648039] RBP: 000000000076bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1922.655304] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 1922.662562] R13: 00000000000008fe R14: 00000000004cb801 R15: 000000000076bf2c [ 1922.669820] Code: 48 c1 e9 03 80 3c 11 00 0f 85 91 14 00 00 4a 8b 14 e5 60 01 b3 88 4c 8d 24 c2 48 b8 00 00 00 00 00 fc ff df 4c 89 e2 48 c1 ea 03 <80> 3c 02 00 0f 85 81 14 00 00 49 8b 04 24 48 89 85 30 ff ff ff [ 1922.689055] RIP: get_unique_tuple+0x230/0x19e0 RSP: ffff8881fc3b6ea0 [ 1922.698194] ---[ end trace 138d38560ed5aede ]--- [ 1922.706577] Kernel panic - not syncing: Fatal exception [ 1922.713370] Kernel Offset: disabled [ 1922.717080] Rebooting in 86400 seconds..