program: syz_mount_image$exfat(&(0x7f0000000380), &(0x7f0000000180)='./file1\x00', 0x0, &(0x7f0000000100)=ANY=[], 0x1, 0x14fe, &(0x7f0000002ac0)="$eJzs3QuYjtX6MPB1r7UexjTxNslhWPe6H940WCZJckiSQ5IkSZJTQtIkSUJiyCkJSchxkhyGkBwmJo3z+ZBz0mRLkiSnnML6rqndtve//b/s/e39//y/Pffvutb1rvtaz72etd6beZ/nuebwQ9fhtZrUrt6IiMS/BH57SRFCxAghBgkh8gkhAiFE+fjy8dnjeRSk/GsnYf9ej6Zd6xWwa4nrn7Nx/XM2rn/OxvXP2bj+ORvXP2fj+udsXH/GcrKtMwvfwC3ntn/9+X/Mby/8/P//Q/z5n7Nx/f/TnM7zzxzN9f9Pctl7/89lcP1zNq5/zsb1z9m4/jkb1z9n4/ozlpNd6+fP3K5tu9b//hhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOM5Qzn/BVaCPF7/1qvizHGGGOMMcYYY/8+Pve1XgFjjDHGGGOMMcb+54GQQgktApFL5BYxIo+IFdeJOHG9yCvyiYi4QcSLG0V+cZMoIAqKQqKwSBBFRFFhBAorSISimCguouJmUULcIhJFSVFKlBZOlBFJ4lZRVtwmyonbRXlxh6gg7hQVRSVRWVQRd4mq4m5RTdwjqot7RQ1RU9QStcV9oo64X9QVD4h64kFRXzwkGoiHRUPxiGgkHhWNxWOiiXhcNBVPiGaiuWghWopW/1f5r4ie4lXRS/QWKaKP6CteE/1EfzFADBSDxOtisHhDDBFviqFimBgu3hIjxNtipHhHjBKjxRjxrhgrxonxYoKYKCaJVPGemCzeF1PEB2KqmCamixkiTcwUs8SHYraYI+aKj8Q88bGYLxaIhWKRSBefiMViicgQn4ql4jORKZaJ5WKFWClWidVijVgr1on1YoPYKDaJzWKL2Co+F9vEdrFD7BS7xG6xR3wh9oovxT7xlcgSX/+T+Wf/S343ECBAggQNGnJBLoiBGIiFWIiDOMgLeSECEYiHeMgP+aEAFIBCUAgSIAGKQlFAQCAgKAbFIApRKAElIBESoRSUAgcOkiAJysJtUA7KQXkoDxWgAlSESlAJqkAVqApVoRpUg+pQHWpADagFteA+uA/uh7pQF+pBPagP9aEBNICG0BAaQSNoDI2hCTSBptAUmkEzaAEtoBW0gtbQGtpAG2gH7aA9tIcO0AGSIRk6QkfoBJ2gM3SGLtAFukJX6AbdoTu8Aq/Aq/Aq9IYasg/0hb7QD/rBABgIA+F1GAxvwBvwJgyFYTAc3oK34G0YCWdgFIyGMTAGqspxMB4mAMlJkAqpMBkmwxSYAlNhGkyDGZAGM2EWzILZMAfmwEcwDz6Gj2EBLIBFkA7psBiWQAZkwFI4C5mwDJbDClgJq2AlrIG1sAbWwwZYD5tgE2yBLfA5fA7bYTvshJ2wG3bDF/AFfAlfwlDIgizYD/vhAByAg3AQDsEhOAyH4QgcgaNwFI7BMTgOJ+AknIDTcBrOwFk4B+fgAlyAi3ARLsPl7P/8MpuWWuaSuWSMjJGxMlbGyTiZV+aVERmR8TJe5pf5ZQFZQBaShWSCTJBFZVGJEiXJUBaTxWRURmUJWUImykRZSpaSTjqZJJNkWVlWlpPlZHl5h6wg75QVZSXZ1lWRVWRV2c5Vk/fI6rK6rCFrylqytqwt68g6sq6sK+vJerK+rC8byIdlQ9kHBsCjMrsyTeQwaCqHQzPZXLaQLeXb8KRsLUdCG9lWtpNPy9EwCjrI1i5ZPic7yvHQSb4gJ8CLsoucBF3ly7Kb7C57yFdkT9nG9ZK95VToI/vKGdBP9pcD5EA5G2rK7IrVkm/KoXKYHC7fkovgbTlSviNHydFyjHxXjpXj5Hg5QU6Uk2SqfE9Olu/LKfIDOVVOk9PlDJkmZ8pZ8kM5W86Rc+VHcp78WM6XC+RCuUimy0/kYrlEZshP5VL5mcyUy+RyuUKulKvkarlGrpXr5Hq5QW6Um+RmuUVulZ/LbXK73CF3yl1yt9wjv5B75Zdyn/xKZsmv5X75J3lAfiMPym/lIfmdPCy/l0fkD/Ko/FEekz/J4/KEPClPydPyZ3lGnpXn5Hl5Qf4iL8pL8rL0UihQUimlVaByqdwqRuVRseo6FaeuV3lVPhVRN6h4daPKr25SBVRBVUgVVgmqiCqqjEJlFalQFVPFVVTdrEqoW1SiKqlKqdLKqTIqSd2qyqrbVDl1uyqv7lAV1J2qoqqkKqsq6i5VVd2tqql7VHV1r6qhaqpaqra6T9VR96u66gFVTz2o6quHVAP1sGqoHlGN1KOqsXpMNVGPq6bqCdVMNVctVEvVSj2pWqunVBvVVrVTT6v26hnVQT2rktVzqqN6XnVSL6jO6kXVRb2kuqqXVTfVXfVQl9Rl5VUv1VulqD6qr3pN9VP91QA1UA1Sr6vB6g01RL2phqpharh6S41Qb6uR6h01So1WY9S7aqwap8arCWqimqRS1XtqsnpfTVEfqKlqmpquZqg0NVMN+PNMc/+B/Pf/Tv6QX8++RW1Vn6ttarvaoXaqXWq32qP2qL1qr9qn9qkslaX2q/3qgDqgDqqD6pA6pA6rw+qIOqKOqqPqmDqmjqsT6rw6pU6rn9UZdVadVefVBXVBXfzzeyA0aKmV1jrQuXRuHaPz6Fh9nY7T1+u8Op+O6Bt0vL5R59c36QK6oC6kC+sEXUQX1Uajtpp0qIvp4jqqb9Yl9C06UZfUpXRp7XQZnaRv/Zfzr7a+VrqVbq1b6za6jW6n2+n2ur3uoDvoZJ2sO+qOupPupDvrzrqL7qK76q66m+6me+geuqfuqb0QIkWn6L76Nd1P99cD9EA9SL+uB+vBeogeoofqoXq4Hq5H6BF6pB6pR+lReoweo8fqsXq8Hq8n6ok6VafqyXqynqKn6Kl6qp6up+s0naZn6Vl6tp6t5+q5ep6ep+fr+XqhXqjTdbperBfrDJ2hl+qlOlMv08v0Cr1Cr9Kr9Bq9Rq/T6/QGvUFv0pt0pv79GzR36B16l96l9+g9eq/eq/fpfTpLZ+n9er8+oA/og/qgPqQP6cP6sD6ij+ij+qg+po/p4/q4PqlP6tP6tD6jz+hz+py+oC/oi/qivqwvZ1/2BTKQgQ50kCvIFcQEMUFsEBvEBXFB3iBvEAkiQXwQH+QPbgoKBAWDQkHhICEoEhQNTICBDSgIg2JB8SAa3ByUCG4JEoOSQamgdOCCMkFScGtQNrgtKBfcHpQP7ggqBHcGFYNKQeWgSnBXUDW4O6gW3BNUD+4NagQ1g1pB7eC+oE5wf1A3eCCoFzwY1A8eChoEDwcNg0eCRsGjQePgsaBJ8HjQNHgiaBY0D1oELYNW/9b5vT9T8CnXy/Q2KaaP6WteM/1MfzPADDSDzOtmsHnDDDFvmqFmmBlu3jIjzNtmpHnHjDKjzRjzrhlrxpnxZoKZaCaZVPOemWzeN1PMB2aqmWammxkmzcw0s8yHZraZY+aaj8w887GZbxaYhWaRSTefmMVmickwn5ql5jOTaZaZ5WaFWWlWmdVmjVlr1pn1ZoPZaDaZzWaL2Wo+N9vMdrPD7DS7zG6zx3xh9povzT7zlckyX5v95k/mgPnGHDTfmkPmO3PYfG+OmB/MUfOjOWZ+MsfNCXPSnDKnzc/mjDlrzpnz5oL5xVw0l8xl47Mv7rM/3lGjxlyYC2MwBmMxFuMwDvNiXoxgBOMxHvNjfiyABbAQFsIETMCiWBSzERIWw2IYxSiWwBKYiIlYCkuhQ4dJmIRlsSyWw3JYHstjBayAFbEiVsbs+5G78G68G+/Be/BevBdrYk2sjbWxDtbBulgX62E9rI/1sQE2wIbYEBthI2yMjbEJNsGm2BSbYTNsgS2wFbbC1tga22AbbIftsD22xw7YAZMxGTtiR+yEnbAzdsYu2AW7Ylfsht2wB/bAntgTe2EvTMEU7It9sR/2wwE4AAfhIByMg3EIDsGhOBSH43AcgSNwJI7EUTgax+C7OBbH4XicgBNxEqZiKk7GyTgFp+BUnIrTcTqmYRrOwlk4G2fjXJyL83Aezsf5uBAXYjqm42JcjBmYgUtxKWZiJi7H5bgSV+JqXI1rcS2ux/W4ETfiZtyMW3ErbsNtuAN34C7chXtwD+7FvbgP92EWZuF+3I8H8AAexIN4CA/hYTyMR/AIHsWjeAyP4XE8DifxJJ7G03gGz+A5PIcX8Be8iJfwMnqMsXlsrL3OxtnrbV6bz8bYPL2FEH+JC9nCNsEWsUWtsQVswb+J0VqbaEvaUra0dbaMTbK3/iGuaCvZyraKvctWtXfban+I69j7bV37gK1nH7S17X1/E9e3D9kG9nHb0D5hG9nmtrFtaZvYx21T+4RtZpvbFralbW+fsR3sszbZPmc72uf/EC+2S+xau86utxvsXvulPWfP2yP2B3vB/mJ72d52kH3dDrZv2CH2TTvUDvtDPMa+a8facXa8nWAn2kl/iKfbGTbNzrSz7Id2tp3zhzjdfmLn2Qw73y6wC+2iX+PsNWXYT+1S+5nNtMvscrvCrrSr7Gq75i9rXWE32c12i91jv7Db7Ha7w+60u+zuX+PsfeyzX9ks+7U9bL+3B+w39qA9ag/Z736Ns/d31P5oj9mf7HF7wp60p+xp+7M9Y8/+uv/svZ+yl+xl660gIEmKNAWUi3JTDOWhWLqO4uh6ykv5KEI3UDzdSPnpJipABakQFaYEKkJFyRCSJaKQilFxitLNVIJuoUQqSaWoNDkqQ0l0K5Wl26gc3U7l6Q6qQHdSRapElakK3UVV6W6qRvdQdbqXalBNqkW16T6qQ/dTXXqA6tGDVJ8eogb0MDWkR6gRPUqN6TFqQo9TU3qCmlFzakEtqRU9Sa3pKWpDbakdPU3t6RnqQM9SMj1HHel56kQvUGd6kbrQS9SVXqZu1J160CvUk16lXtSbUqgP9aXXqB/1pwE0kAbR6zSY3qAh9CYNpWE0nN6iEfQ2jaR3aBSNpjH0Lo2lcTSeJtBEmkSp9B5NpvdpCn1AU2kaTacZlEYzaRZ9SLNpDs2lj2gefUzzaQEtpEWUTp/QYlpCGfQpLaXPKJOW0XJaQStpFa2mNbSW1tF62kAbaRNtpi20lT6nbbSddtBO2kW7aQ99QXvpS9pHX1EWfU376U90gL6hg/QtHaLv6DB9T0foBzpKP9Ix+omO0wk6SafoNP1MZ+gsnaPzdIF+oYt0iS6TJxFCKEMV6jAIc4W5w5gwTxgbXhfGhdeHecN8YSS8IYwPbwzzhzeFBcKCYaGwcJgQFgmLhibE0IYUhmGxsHgYDW8OS4S3hIlhybBUWDp0YZkwKbw1LBveFpYLbw/Lh3eEFcI7w4phpbByWCW8K6wa3h1WC+8Jq4f3hjXCmmGtsHZ4X1gnvD+sGz4Q1gsfDMuFD4UNwofDhuEjYaPw0bBx+FjYJHw8bBo+ETYLm4ctwpZhq/DJsHX4VNgmbBu2C58O24fPhB3CZ8Pk8LmwY/j8VcdTwj5h3/C18LXQ+wfUwuiiaHr0k+ji6JJoRvTT6NLoZ9HM6LLo8uiK6Mroqujq6Jro2ui66ProhujG6Kbo5uiWqPe1cwsHTjrltAtcLpfbxbg8LtZd5+Lc9S6vy+ci7gYX7250+d1NroAr6Aq5wi7BFXFFnXHorCMXumKuuIu6m10Jd4tLdCVdKVfaOVfGJbmWrpVr5Vq7p1wb19a1c0+7p90z7hn3rHvWPec6uuddJ/eC6+xedF3cS+4l97Lr5rq7Hu4V19O96nq53i7Fpbi+rq/r5/q5AW6AG+QGucFusBvihrihbqgb7oa7EW6EG+lGulFulBvjxrixbqwb78a7iW6iS3WpbrKb7Ka4KW6qm+qmu+kuzaW5WW6Wm+1mu7lurpvn5rn5br5b6Ba6dJfuFrvFLsNluKVuqct0mW65W+5WupVutVvt1rq1br1b7za6jW6z2+y2uq1um9vmdrgdbpfb5fa4PW6v2+v2uX0uy2W5/W6/O+AOuIPuW3fIfecOu+/dEfeDO+p+dMfcT+64O+FOulPutPvZnXFn3Tl33l1wv7iL7pK77LxLjbwXmRx5PzIl8kFkamRaZHpkRiQtMjMyK/JhZHZkTmRu5KPIvMjHkfmRBZGFkUWR9MgnkcWRJZGMyKeRpZHPIpmRZZHlkRWRlZFVEe+LbAt9MV/cR/3NvoS/xSf6kr6UL+2dL+OT/K2+rL/Nl/O3+/L+Dl/B3+kr+kq+sn/CN/PNfQvf0rfyT/rW/infxrf17fzTvr1/xnfwz/pk/5zv6J/3nfwLvrN/0XfxL/mu/mXfzXf3Pfwrvqd/1ffyvX2K7+P7+td8P9/fD/AD/SD/uh/s3/BD/Jt+qB/mh/u3/Aj/th/p3/Gj/Gg/xr/rx/pxfryf4Cf6ST7Vv+cn+/f9FP+Bn+qn+el+hk/zM/0s/6Gf7ef4uf4jP89/7Of7BX6hX+TT/Sd+sV/iM/ynfqn/zGf6ZX65X+FX+lV+tV/j1/p1fr3f4Df6TX6z3+K3+s/9Nr/d7/A7/S6/2+/xX/i9/ku/z3/ls/zXfr//kz/gv/EH/bf+kP/OH/bf+yP+B3/U/+iP+Z/8cX/Cn/Sn/Gn/sz/jz/pz/ry/4H/xF/0lf5l/Zo0xxhhj7B+irjLe57/JkX/u9xVCXL+98KH/Or6xwG/9/rkT2keEEM/17vro761GjZSUlD8fm6lEUHyBECJyJT+XuBIvE+3EMyJZtBVl/zIe81fn6i+7X6CrzB+9Q4jYv8rJzv89vjL/bX93//3luHlXnX+BEInFr+TkEVfiK/OX+2/mL9j6KvPn+SZViDZ/lRMnrsRX5k8ST4nnRfLfHMkYY4wxxhhjjP2mv6zc+Wr3t9n35wn6Sk5ucSX+e/fnjDHGGGOMMcYY+9/lxe49nn0yObltZ+78T3V8vt/e6v8t6+EOd/6BzrX+ysQYY4wxxhj7d7ty0X+tV8IYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjOVc/y9+ndjv57ra3xpkjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHG/lP9nwAAAP//sjE7Eg==") socket$packet(0x11, 0x3, 0x300) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b00000000000000000000000080000000000000", @ANYRES32, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00', @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f00000004c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000008200000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000006c0)='sched_switch\x00', r4, 0x0, 0x7}, 0x18) execveat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0, 0x0, 0x0) r5 = fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) getsockopt$bt_l2cap_L2CAP_OPTIONS(r5, 0x6, 0x1, 0x0, 0x0) r6 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x145802, 0x0) pwritev2(r6, &(0x7f00000001c0)=[{&(0x7f0000000200)='y', 0xf4240}], 0x1, 0x0, 0x0, 0x0) ioctl$sock_ipv6_tunnel_SIOCGET6RD(r6, 0x89f8, &(0x7f00000009c0)={'gretap0\x00', &(0x7f0000000900)={'erspan0\x00', 0x0, 0x40, 0x80, 0x81, 0x4, {{0x20, 0x4, 0x1, 0x1, 0x80, 0x68, 0x0, 0x3, 0x2f, 0x0, @dev={0xac, 0x14, 0x14, 0xa}, @loopback, {[@cipso={0x86, 0xe, 0x0, [{0x0, 0x8, "de9f3853c39d"}]}, @noop, @generic={0x83, 0x8, "d5d27cf8d5bb"}, @generic={0x8c, 0x9, "b59088ed3d65c1"}, @noop, @timestamp={0x44, 0x20, 0x8, 0x0, 0x4, [0x9, 0x4, 0xc, 0xfff, 0x7, 0x9110, 0x4]}, @end, @timestamp={0x44, 0xc, 0x57, 0x0, 0x2, [0xffffffff, 0x6]}, @cipso={0x86, 0x12, 0x1, [{0x1, 0xc, "ecc955c1b00e248f3752"}]}, @lsrr={0x83, 0xb, 0x8, [@rand_addr=0x64010101, @empty]}]}}}}}) getsockname$packet(r6, &(0x7f0000000a00)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @random}, &(0x7f0000000a40)=0x14) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r5, 0x89f1, &(0x7f0000000b00)={'syztnl0\x00', &(0x7f0000000a80)={'ip6gre0\x00', 0x0, 0x2f, 0x8, 0x5, 0x8, 0x8, @private2={0xfc, 0x2, '\x00', 0x1}, @remote, 0xa0, 0x7800, 0x0, 0x5}}) getsockopt$inet_mreqn(r6, 0x0, 0x23, &(0x7f0000000b40)={@multicast2, @dev, 0x0}, &(0x7f0000000b80)=0xc) ioctl$ifreq_SIOCGIFINDEX_vcan(r2, 0x8933, &(0x7f0000000bc0)={'vcan0\x00', 0x0}) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000c80)={r5, 0x58, &(0x7f0000000c00)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0}}, 0x10) ioctl$sock_ipv6_tunnel_SIOCGET6RD(r6, 0x89f8, &(0x7f0000000dc0)={'syztnl0\x00', &(0x7f0000000cc0)={'syztnl1\x00', 0x0, 0x80, 0x8041, 0x7f, 0x10001, {{0x38, 0x4, 0x1, 0x1c, 0xe0, 0x64, 0x0, 0x0, 0x2f, 0x0, @local, @remote, {[@generic={0x44, 0x3, "d9"}, @end, @noop, @timestamp_prespec={0x44, 0x2c, 0x6b, 0x3, 0x2, [{@remote, 0x67}, {@broadcast, 0x4}, {@dev={0xac, 0x14, 0x14, 0x39}, 0x3}, {@remote, 0x6}, {@remote, 0x4}]}, @timestamp={0x44, 0x18, 0x36, 0x0, 0x1, [0x10, 0xfff, 0x5, 0xf, 0x2]}, @rr={0x7, 0x23, 0x5, [@multicast1, @remote, @local, @multicast2, @local, @remote, @multicast1, @local]}, @end, @timestamp_addr={0x44, 0x1c, 0x77, 0x1, 0xf, [{@broadcast, 0x9}, {@private=0xa010100, 0x7}, {@dev={0xac, 0x14, 0x14, 0x31}, 0xfffffffc}]}, @noop, @cipso={0x86, 0x3f, 0x3, [{0x2, 0x10, "98dc01990a0d459c1ee8edae80ef"}, {0x0, 0xe, "d2ff321dd164f9b78f35a9dc"}, {0x0, 0x10, "66bf432fc0564d4c3cb9c7662d1f"}, {0x0, 0xb, "4a3d34f27a905a51ba"}]}]}}}}}) ioctl$ifreq_SIOCGIFINDEX_wireguard(r1, 0x8933, &(0x7f0000000e00)={'wg2\x00', 0x0}) ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(r5, 0x89f3, &(0x7f0000000ec0)={'sit0\x00', &(0x7f0000000e40)={'erspan0\x00', 0x0, 0x1, 0x20, 0x4, 0xa, {{0x10, 0x4, 0x1, 0x0, 0x40, 0x67, 0x0, 0x1, 0x29, 0x0, @remote, @multicast2, {[@timestamp_prespec={0x44, 0x2c, 0xb5, 0x3, 0x3, [{@initdev={0xac, 0x1e, 0x1, 0x0}, 0xe99}, {@local, 0x7fff}, {@broadcast, 0x2c97}, {@private=0xa010102, 0x40}, {@multicast2, 0x7f}]}]}}}}}) sendmsg$ETHTOOL_MSG_LINKMODES_GET(0xffffffffffffffff, &(0x7f0000001180)={&(0x7f0000000000), 0xc, &(0x7f0000001140)={&(0x7f0000000f00)={0x20c, 0x0, 0x400, 0x70bd26, 0x25dfdbfd, {}, [@HEADER={0x20, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'caif0\x00'}]}, @HEADER={0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}]}, @HEADER={0x64, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_FLAGS={0x8}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'bridge_slave_0\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'pim6reg0\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8}]}, @HEADER={0x30, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'bridge0\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}]}, @HEADER={0x78, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'vlan1\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'batadv0\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r7}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r8}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'ip6gre0\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x7}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}]}, @HEADER={0x1c, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x4}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r9}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r10}]}, @HEADER={0x58, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r11}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r12}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r13}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'bond_slave_1\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'ipvlan0\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'batadv_slave_1\x00'}]}, @HEADER={0x4c, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth1_vlan\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r14}, @ETHTOOL_A_HEADER_FLAGS={0x8}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r15}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'wg2\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8}]}]}, 0x20c}, 0x1, 0x0, 0x0, 0x4000000}, 0x20000040) [ 59.733360][ T5096] Bluetooth: hci0: command tx timeout [ 59.828349][ T5110] loop0: detected capacity change from 0 to 256 [ 59.850252][ T5110] exFAT-fs (loop0): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d18cac, utbl_chksum : 0xe619d30d) [ 60.140231][ T5112] process 'syz.0.0' launched './file1' with NULL argv: empty string added [ 60.150123][ T5112] ================================================================== [ 60.152895][ T5112] BUG: KASAN: stack-out-of-bounds in exfat_get_block+0x1d43/0x2180 [ 60.155798][ T5112] Write of size 4 at addr ffffc9000b32f420 by task syz.0.0/5112 [ 60.158627][ T5112] [ 60.159467][ T5112] CPU: 0 UID: 0 PID: 5112 Comm: syz.0.0 Not tainted 6.12.0-rc3-syzkaller-00420-g715ca9dd687f #0 [ 60.163359][ T5112] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 60.167553][ T5112] Call Trace: [ 60.168903][ T5112] [ 60.170108][ T5112] dump_stack_lvl+0x241/0x360 [ 60.172022][ T5112] ? __pfx_dump_stack_lvl+0x10/0x10 [ 60.174163][ T5112] ? __pfx__printk+0x10/0x10 [ 60.176042][ T5112] ? _printk+0xd5/0x120 [ 60.177732][ T5112] print_report+0x169/0x550 [ 60.179520][ T5112] ? __virt_addr_valid+0xbd/0x530 [ 60.181459][ T5112] ? exfat_get_block+0x1d43/0x2180 [ 60.183217][ T5112] kasan_report+0x143/0x180 [ 60.184811][ T5112] ? exfat_get_block+0x1d43/0x2180 [ 60.186449][ T5112] exfat_get_block+0x1d43/0x2180 [ 60.188076][ T5112] ? __pfx_exfat_get_block+0x10/0x10 [ 60.189756][ T5112] ? __pfx_exfat_get_block+0x10/0x10 [ 60.191767][ T5112] __blockdev_direct_IO+0x1c8e/0x4890 [ 60.193578][ T5112] ? __pfx___blockdev_direct_IO+0x10/0x10 [ 60.195698][ T5112] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 60.197913][ T5112] ? __pfx_exfat_get_block+0x10/0x10 [ 60.199874][ T5112] ? __pfx_filemap_invalidate_pages+0x10/0x10 [ 60.202067][ T5112] ? seqcount_lockdep_reader_access+0x1d7/0x220 [ 60.204486][ T5112] exfat_direct_IO+0x151/0x400 [ 60.206400][ T5112] generic_file_direct_write+0x17a/0x390 [ 60.208513][ T5112] __generic_file_write_iter+0x126/0x230 [ 60.210642][ T5112] ? exfat_file_write_iter+0x15a/0x3f0 [ 60.212645][ T5112] exfat_file_write_iter+0x165/0x3f0 [ 60.214544][ T5112] do_iter_readv_writev+0x600/0x880 [ 60.216589][ T5112] ? __pfx_do_iter_readv_writev+0x10/0x10 [ 60.219013][ T5112] ? rcu_read_lock_any_held+0xb7/0x160 [ 60.220978][ T5112] vfs_writev+0x376/0xba0 [ 60.222827][ T5112] ? __pfx_lock_acquire+0x10/0x10 [ 60.224800][ T5112] ? __pfx_vfs_writev+0x10/0x10 [ 60.226755][ T5112] ? __might_fault+0xaa/0x120 [ 60.228639][ T5112] ? __fget_files+0x29/0x470 [ 60.230204][ T5112] ? __fget_files+0x29/0x470 [ 60.231878][ T5112] __se_sys_pwritev2+0x1ca/0x2d0 [ 60.233539][ T5112] ? __pfx___se_sys_pwritev2+0x10/0x10 [ 60.235399][ T5112] ? do_syscall_64+0x100/0x230 [ 60.237097][ T5112] ? __x64_sys_pwritev2+0x21/0xf0 [ 60.238613][ T5112] do_syscall_64+0xf3/0x230 [ 60.240309][ T5112] ? clear_bhb_loop+0x35/0x90 [ 60.241997][ T5112] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 60.244114][ T5112] RIP: 0033:0x7ffaef57dff9 [ 60.245919][ T5112] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 60.253307][ T5112] RSP: 002b:00007ffaf03a0038 EFLAGS: 00000246 ORIG_RAX: 0000000000000148 [ 60.256463][ T5112] RAX: ffffffffffffffda RBX: 00007ffaef736130 RCX: 00007ffaef57dff9 [ 60.259561][ T5112] RDX: 0000000000000001 RSI: 00000000200001c0 RDI: 000000000000000a [ 60.262587][ T5112] RBP: 00007ffaef5f0296 R08: 0000000000000000 R09: 0000000000000000 [ 60.265519][ T5112] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 60.268362][ T5112] R13: 0000000000000000 R14: 00007ffaef736130 R15: 00007ffcb5eb08e8 [ 60.271227][ T5112] [ 60.272463][ T5112] [ 60.273377][ T5112] The buggy address belongs to stack of task syz.0.0/5112 [ 60.276017][ T5112] and is located at offset 96 in frame: [ 60.278154][ T5112] exfat_get_block+0x0/0x2180 [ 60.279730][ T5112] [ 60.280541][ T5112] This frame has 4 objects: [ 60.282051][ T5112] [32, 36) 'last_clu.i' [ 60.282059][ T5112] [48, 60) 'new_clu.i' [ 60.283479][ T5112] [80, 84) 'fclus.i' [ 60.284906][ T5112] [96, 100) 'cluster' [ 60.286425][ T5112] [ 60.288904][ T5112] The buggy address belongs to the virtual mapping at [ 60.288904][ T5112] [ffffc9000b328000, ffffc9000b331000) created by: [ 60.288904][ T5112] copy_process+0x5d1/0x3d50 [ 60.295550][ T5112] [ 60.296425][ T5112] The buggy address belongs to the physical page: [ 60.298717][ T5112] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x4d08f [ 60.301843][ T5112] flags: 0x4fff00000000000(node=1|zone=1|lastcpupid=0x7ff) [ 60.304421][ T5112] raw: 04fff00000000000 0000000000000000 dead000000000122 0000000000000000 [ 60.307478][ T5112] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 60.310686][ T5112] page dumped because: kasan: bad access detected [ 60.312973][ T5112] page_owner tracks the page as allocated [ 60.314875][ T5112] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2dc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_NOWARN|__GFP_ZERO), pid 5109, tgid 5109 (syz.0.0), ts 60136283175, free_ts 0 [ 60.321039][ T5112] post_alloc_hook+0x1f3/0x230 [ 60.322738][ T5112] get_page_from_freelist+0x3045/0x3190 [ 60.324598][ T5112] __alloc_pages_noprof+0x292/0x710 [ 60.326371][ T5112] alloc_pages_mpol_noprof+0x3e8/0x680 [ 60.328468][ T5112] __vmalloc_node_range_noprof+0xa2b/0x13f0 [ 60.330744][ T5112] dup_task_struct+0x444/0x8c0 [ 60.332572][ T5112] copy_process+0x5d1/0x3d50 [ 60.334372][ T5112] kernel_clone+0x226/0x8f0 [ 60.336154][ T5112] __se_sys_clone3+0x2cb/0x350 [ 60.338009][ T5112] do_syscall_64+0xf3/0x230 [ 60.339847][ T5112] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 60.342212][ T5112] page_owner free stack trace missing [ 60.344361][ T5112] [ 60.345350][ T5112] Memory state around the buggy address: [ 60.347576][ T5112] ffffc9000b32f300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 60.350720][ T5112] ffffc9000b32f380: 00 00 00 00 00 00 00 00 f1 f1 f1 f1 04 f2 00 04 [ 60.353888][ T5112] >ffffc9000b32f400: f2 f2 04 f2 04 f3 f3 f3 00 00 00 00 00 00 00 00 [ 60.356858][ T5112] ^ [ 60.358657][ T5112] ffffc9000b32f480: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 60.361519][ T5112] ffffc9000b32f500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 60.364449][ T5112] ================================================================== [ 60.368130][ T5112] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 60.370966][ T5112] CPU: 0 UID: 0 PID: 5112 Comm: syz.0.0 Not tainted 6.12.0-rc3-syzkaller-00420-g715ca9dd687f #0 [ 60.374517][ T5112] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 60.378218][ T5112] Call Trace: [ 60.379531][ T5112] [ 60.380563][ T5112] dump_stack_lvl+0x241/0x360 [ 60.382165][ T5112] ? __pfx_dump_stack_lvl+0x10/0x10 [ 60.384073][ T5112] ? __pfx__printk+0x10/0x10 [ 60.385783][ T5112] ? lock_release+0xbf/0xa30 [ 60.387505][ T5112] ? vscnprintf+0x5d/0x90 [ 60.389055][ T5112] panic+0x349/0x880 [ 60.390484][ T5112] ? check_panic_on_warn+0x21/0xb0 [ 60.392237][ T5112] ? __pfx_panic+0x10/0x10 [ 60.393733][ T5112] ? mark_lock+0x9a/0x360 [ 60.395295][ T5112] ? _raw_spin_unlock_irqrestore+0xd8/0x140 [ 60.397463][ T5112] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 60.399868][ T5112] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 60.402406][ T5112] ? print_report+0x502/0x550 [ 60.404223][ T5112] check_panic_on_warn+0x86/0xb0 [ 60.406230][ T5112] ? exfat_get_block+0x1d43/0x2180 [ 60.408299][ T5112] end_report+0x77/0x160 [ 60.410022][ T5112] kasan_report+0x154/0x180 [ 60.411727][ T5112] ? exfat_get_block+0x1d43/0x2180 [ 60.413710][ T5112] exfat_get_block+0x1d43/0x2180 [ 60.415668][ T5112] ? __pfx_exfat_get_block+0x10/0x10 [ 60.417720][ T5112] ? __pfx_exfat_get_block+0x10/0x10 [ 60.419711][ T5112] __blockdev_direct_IO+0x1c8e/0x4890 [ 60.421743][ T5112] ? __pfx___blockdev_direct_IO+0x10/0x10 [ 60.423886][ T5112] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 60.426063][ T5112] ? __pfx_exfat_get_block+0x10/0x10 [ 60.428044][ T5112] ? __pfx_filemap_invalidate_pages+0x10/0x10 [ 60.430220][ T5112] ? seqcount_lockdep_reader_access+0x1d7/0x220 [ 60.432486][ T5112] exfat_direct_IO+0x151/0x400 [ 60.434228][ T5112] generic_file_direct_write+0x17a/0x390 [ 60.436398][ T5112] __generic_file_write_iter+0x126/0x230 [ 60.438195][ T5112] ? exfat_file_write_iter+0x15a/0x3f0 [ 60.440173][ T5112] exfat_file_write_iter+0x165/0x3f0 [ 60.442347][ T5112] do_iter_readv_writev+0x600/0x880 [ 60.444403][ T5112] ? __pfx_do_iter_readv_writev+0x10/0x10 [ 60.446570][ T5112] ? rcu_read_lock_any_held+0xb7/0x160 [ 60.448576][ T5112] vfs_writev+0x376/0xba0 [ 60.450159][ T5112] ? __pfx_lock_acquire+0x10/0x10 [ 60.452150][ T5112] ? __pfx_vfs_writev+0x10/0x10 [ 60.453953][ T5112] ? __might_fault+0xaa/0x120 [ 60.455802][ T5112] ? __fget_files+0x29/0x470 [ 60.457588][ T5112] ? __fget_files+0x29/0x470 [ 60.459331][ T5112] __se_sys_pwritev2+0x1ca/0x2d0 [ 60.461097][ T5112] ? __pfx___se_sys_pwritev2+0x10/0x10 [ 60.463147][ T5112] ? do_syscall_64+0x100/0x230 [ 60.464949][ T5112] ? __x64_sys_pwritev2+0x21/0xf0 [ 60.466625][ T5112] do_syscall_64+0xf3/0x230 [ 60.468441][ T5112] ? clear_bhb_loop+0x35/0x90 [ 60.470332][ T5112] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 60.472629][ T5112] RIP: 0033:0x7ffaef57dff9 [ 60.474417][ T5112] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 60.481967][ T5112] RSP: 002b:00007ffaf03a0038 EFLAGS: 00000246 ORIG_RAX: 0000000000000148 [ 60.485151][ T5112] RAX: ffffffffffffffda RBX: 00007ffaef736130 RCX: 00007ffaef57dff9 [ 60.488192][ T5112] RDX: 0000000000000001 RSI: 00000000200001c0 RDI: 000000000000000a [ 60.491314][ T5112] RBP: 00007ffaef5f0296 R08: 0000000000000000 R09: 0000000000000000 [ 60.494465][ T5112] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 60.497650][ T5112] R13: 0000000000000000 R14: 00007ffaef736130 R15: 00007ffcb5eb08e8 [ 60.500794][ T5112] [ 60.502342][ T5112] Kernel Offset: disabled [ 60.504081][ T5112] Rebooting in 86400 seconds..