program:
syz_mount_image$exfat(&(0x7f0000001500), &(0x7f0000001540)='./file0\x00', 0x0, &(0x7f0000001580), 0x1, 0x14d1, &(0x7f00000015c0)="$eJzs3AlwlcW2KOBe3f1DiBG3EZl79fphiwGaiIjIICIyiIiICIjMIiBiRERERISATCICIgIyRkSGEAGRIUDEMM/zPBg5iIiIyCSTQL/C47ncczy3uO+8cy+vKuur6kqv/Hut3Z1VyT9UZf/UdViNxjWrNiAi8a9Qf5vAX78kCyFihBADhRC3CSECIUTZ+LLx147nUpD8L70J+x/SMPVmr4DdTNz/7I37n71x/7M37n/2xv3P3rj/2Rv3P3vj/jOWraUVuJ1H9h38/D874/N/9sb9z964/9kb9z974/5nb9z/7I37n71x/7M37j9j2dr/B8+gedzEwRhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOM/S+44K/TQoi/zW/2uhhjjDHGGGOMMfbv43Pe7BUwxhhjjDHGGGPsfx4IKZTQIhA5RE4RI3KJWHGLiBO3itziNhERt4t4cYfII+4UeUU+kV8UEAVFIVFYGIHCChKhKCKKiqi4SxQTd4sEUVyUECWFE6VEorhHlBb3ijLiPlFW3C/KiQdEeVFBVBSVxIOisnhIVBEPi6riEVFNVBc1RE3xqKglHhO1xeOijnhC1BVPinriKVFfPC0aiIaikXhGNBbPiiaiqWgmmosWoqVo9S/lvyV6iLdFT9FLJIveoo94R/QV/UR/MUAMFO+KQeI9MVi8L4aIoWKY+EAMFx+KEeIjMVKMEqPFx2KMGCvGifFigpgoUsQnYpL4VEwWn4kpYqqYJqaLVDFDpInPxUwxS8wWX4g54ksxV8wT88UCkS4WikViscgQX4kl4muRKZaKZWK5WCFWilVitVgj1op1Yr3YIDaKTWKz2CK2im1iu9ghdopdYrfYI/aKfWK/OCC+EVni2//L/PP/kN8NBAiQIEGDhhyQA2IgBmIhFuIgDnJDbohABOIhHvJAHsgLeSE/5IeCUBAKQ2FAQCAgKAJFIApRKAbFIAESoASUAAcOEiERSsO9UAbKQFkoC+WgHJSHClABKkElqAyVoQpUgapQFapBNagBNeBReBQeg9pQG+pAHagLdaEe1IP6UB8aQANoBI2gMTSGJtAEmkEzaAEtoBW0gtbQGtpAG2gH7aA9tIcO0AGSIAk6QkfoBJ2gM3SGLtAFukJX6AZvwpvwFrwFb8Pb0Auqyd7QB/pAX+gL/WEADIB3YRC8B+/B+zAEhsIw+AA+gA9hBJyDkTAKRsNoqCzHwjgYDyQnQgqkwCSYBJNhMkyBqTAVpkMqzIA0SIOZMAtmwRcwB76EL2EezIMFkA7psAgWQwZkwBI4D5mwFJbBclgBK2EFrIY1sBrWwXpYBxthI2yGzbAVtsJ22A47YSfsht2wF/bCftgPQyALsuAgHIRDcAgOw2E4AkfgKByFY3AMjsNxOAEn4CScgtNwCs7CWTgH5+ECXIBLcAkuw2W4Clev/fLLa7TUMofMIWNkjIyVsTJOxsncMreMyIiMl/Eyj8wj88q8Mr/MLwvKgrKwLCxRoiQZyiKyiIzKqCwmi8kEmSBLyBLSSScTZaIsLUvLMrKMLCvvl+XkA7K8rCDbukqykqws27kq8mFZVVaV1WR1WUPWlDVlLVlL1pa1ZR1ZR9aVdWU9+ZSsL3tDf2gor3WmsRwKTeQwaCabyxaypfwQnpOt5QhoI9vKdvIFOQpGQgfZ2iXJl2VHOQ46yVfleHhNdpEToat8Q3aTb8ru8i3ZQ7ZxPWUvOQV6yz5yOvSV/WR/OUDOhOryWsdqyPflEDlUDpMfyAXwoRwhP5Ij5Sg5Wn4sx8ixcpwcLyfIiTJFfiInyU/lZPmZnCKnymlyukyVM2Sa/FzOlLPkbPmFnCO/lHPlPDlfLpDpcqFcJBfLDPmVXCK/lplyqVwml8sVcqVcJVfLNXKtXCfXyw1yo9wkN8stcqvcJrfLHXKn3CV3yz1yr9wn98sD8huZJb+VB+Vf5CH5nTwsv5dH5A/yqPxRHpM/yePyZ3lC/iJPylPytDwjz8pf5Tl5Xl6QF+Ul+Zu8LK/Iq9JLoUBJpZRWgcqhcqoYlUvFqltUnLpV5Va3qYi6XcWrO1QedafKq/Kp/KqAKqgKqcLKKFRWkQpVEVVURdVdqpi6WyWo4qqEKqmcKqUS1T2qtLpXlVH3qbLqflVOPaDKqwqqoqqkHlSV1UOqinpYVVWPqGqquqqhaqpHVS31mKqtHld11BOqrnpS1VNPqfrqadVANVSN1DOqsXpWNVFNVTPVXLVQLVUr9ZxqrZ5XbVRb1U69oNqrF1UH9ZJKUi+rjuoV1Um9qjqr11QX9brqqt5Q3dSbqru6oq4qr3qqXipZ9VZ91Duqr+qn+qsBaqB6Vw1S76nB6n01RA1Vw9QHarj6UI1QH6mRapQarT5WY9RYNU6NVxPURJWiPlGT1KdqsvpMTVFT1TQ1XaWqGar/H5Vm/zfyP/0n+YN/f/fNaovaqrap7WqH2ql2qd1qj9qj9ql96oA6oLJUljqoDqpD6pA6rA6rI+qIOqqOqmPqmDqujqsT6oQ6qU6pi+qMOqt+VefUeXVeXVSX1CV1+Y+fgdCgpVZa60Dn0Dl1jM6lY/UtOk7fqnPr23RE367j9R06j75T59X5dH5dQBfUhXRhbTRqq0mHuoguqqP6Ll1M360TdHFdQpfUTpfSifqe/+f8G62vlW6lW+vWuo1uo9vpdrq9bq876A46SSfpjrqj7qQ76c66s+6iu+iuuqvuprvp7rq77qF76J66p07WybqPfkf31f10fz1AD9Tv6kF6kB6sB+sheogepofp4Xq4HqFH6JF6pB6tR+sxeowep8fpCXqCTtEpepKepCfryXqKnqKn6Wk6VafqNJ2mZ+qZeraerefoOXqunqvn6/k6XafrRXqRztAZeoleojP1Ur1UL9fL9Uq9Uq/Wq/VavVav1+v1Rr1RZ+oteoveprfpHXqH3qV36T16j96n9+kD+oDO0ln6oD6oD+lD+rA+rI/oI/qoPqqP6WP6uD6uT+gT+qQ+qU/r0/qsPqvP6XP6gr6gL+lL+rK+rK/qq9cu+wIZyEAHOsgR5AhigpggNogN4oK4IHeQO4gEkSA+iA/yBHcGeYN8Qf6gQFAwKBQUDkyAgQ0oCIMiQdEgGtwVFAvuDhKC4kGJoGTgglJBYnBPUDq4NygT3BeUDe4PygUPBOWDCkHFoFLwYFA5eCioEjwcVA0eCaoF1YMaQc3g0aBW8FhQO3g8qBM8EdQNngzqBU8F9YOngwZBw6BR8EzQOHg2aBI0DZoFzYMWQcug1b+1vvfn8j3veppeJtn0Nn3MO6av6Wf6mwFmoHnXDDLvmcHmfTPEDDXDzAdmuPnQjDAfmZFmlBltPjZjzFgzzow3E8xEk2I+MZPMp2ay+cxMMVPNNDPdpJoZJs18bmaaWWa2+cLMMV+auWaemW8WmHSz0Cwyi02G+cosMV+bTLPULDPLzQqz0qwyq80as9asM+vNBrPRbDKbzRaz1Wwz280Os9PsMrvNHrPX7DP7zQHzjcky35qD5i/mkPnOHDbfmyPmB3PU/GiOmZ/McfOzOWF+MSfNKXPanDFnza/mnDlvLpiL5pL5zVw2V8xV469d3F87vaNGjTkwB8ZgDMZiLMZhHObG3BjBCMZjPObBPJgX82J+zI8FsSAWxsJ4DSFhESyCUYxiMSyGCZiAJbAEOnSYiIlYGktjGSyDZbEslsNyWB7LY0WsiA/ig/gQPoQP48P4CD6C1bE61sSaWAtrYW2sjXWwDtbFulgP62F9rI8NsAE2wkbYGBtjE2yCzbAZtsAW2ApbYWtsjW2wDbbDdtge22MH7IBJmIQdsSN2wk7YGTtjF+yCXbErdsNu2B27Yw/sgT2xJyZjMvbBPtgX+2J/7I8DcSAOwkE4GAfjEByCw3AYDsfhOAJH4EgchaPxYxyDY3EcjscJOBFTMAUn4SScjJNxCk7BaTgNUzEV0zANZ+JMnI2zcQ7Owbk4F+fjfEzHdFyEizADM3AJLsFMzMRluAxX4ApchatwDa7BdbgON+AG3ISbcAtuwW24DXfgDtyFu3AP7sF9uA8P4AHMwiw8iAfxEB7Cw3gYj+ARPIpH8Rgew+N4HE/gCTyJJ/E0nsazeBbP4Tm8gBfwEv6Gl/EKXkWPMTaXjbW32Dh7q81tb7P/GOe3BWxBW8gWtsbmtfn+LkZrbYItbkvYktbZUjbR3vOnuLytYCvaSvZBW9k+ZKv8Ka5lH7O17eO2jn3C1rSP/l1c1z5p69lnbX3b1DawzW0j29I2ts/aJrapbWab2xa2pW1vX7Qd7Es2yb5sO9pX/hQvsovtGrvWrrPr7T67316wF+0x+5O9ZH+zPW0vO9C+awfZ9+xg+74dYof+KR5tP7Zj7Fg7zo63E+zEP8XT7HSbamfYNPu5nWln/SlOtwvtHJth59p5dr5d8Ht8bU0Z9iu7xH5tM+1Su8wutyvsSrvKrv6PtS63G+0mu9nusXvtNrvd7rA77S67+/f42j4O2G9slv3WHrU/2kP2O3vYHrdH7A+/x9f2d9z+bE/YX+xJe8qetmfsWfurPWfP/77/a3s/Y6/Yq9ZbQUCSFGkKKAflpBjKRbF0C8XRrZSbbqMI3U7xdAfloTspL+Wj/FSAClIhKkyGkCwRhVSEilKU7qJidDclUHEqQSXJUSlKpHuoNN1LZeg+Kkv3Uzl6gMpTBapIlehBqkwPURV6mKrSI1SNqlMNqkmPUi16jGrT41SHnqC69CTVo6eoPj1NDaghNaJnqDE9S02oKTWj5tSCWlIreo5a0/PUhtpSO3qB2tOL1IFeoiR6mTrSK9SJXqXO9Bp1odepK71B3ehN6k5vUQ96m3pSL0qm3tSH3qG+1I/60wAaSO/SIHqPBtP7NISG0jD6gIbThzSCPqKRNIpG08c0hsbSOBpPE2gipdAnNIk+pcn0GU2hqTSNplMqzaA0+pxm0iyaTV/QHPqS5tI8mk8LKJ0W0iJaTBn0FS2hrymTltIyWk4raCWtotW0htbSOlpPG2gjbaLNtIW20jbaTjtoJ+2i3bSH9tI+2k8H6BvKom/pIP2FDtF3dJi+pyP0Ax2lH+kY/UTH6Wc6Qb/QSTpFp+kMnaVf6Rydpwt0kS7Rb3SZrtBV8iRCCGWoQh0GYY4wZxgT5gpjw1vCuPDWMHd4WxgJbw/jwzvCPOGdYd4wX5g/LBAWDAuFhUMTYmhDCsOwSFg0jIZ3hcXCu8OEsHhYIiwZurBUmBjeE5YO7w3LhPeFZcP7w3LhA2H5sEJYMawUPhhWDh8Kq4QPh1XDR8JqYfWwRlgzfDSsFT4W1g4fD+uET4RlwifDeuFTYf3w6bBB2DBsFD4TNg6fDZuETcNmYfOwRdgybBU+F7YOnw/bhG3DduELYfvwxbBD+FKYFL4cdgxfueHx5LB32Cd8J3wn9P5xNT+6IJoeXRhdFF0czYh+FV0S/TqaGV0aXRZdHl0RXRldFV0dXRNdG10XXR/dEN0Y3RTdHPW+Zk7hwEmnnHaBy+FyuhiXy8W6W1ycu9Xldre5iLvdxbs7XB53p8vr8rn8roAr6Aq5ws44dNaRC10RV9RF3V2umLvbJbjiroQr6Zwr5RJdS9fKtXKt3fOujWvr2rkX3AvuRfeie8m95F52Hd0rrpN71XV2r7ku7nX3unvDdXNvuu7uLdfDve16ul4u2SW7Pq6P6+v6uv6uvxvoBrpBbpAb7Aa7IW6IG+aGueFuuBvhRriRbqQb7Ua7MW6MG+fGuQlugktxKW6Sm+Qmu8luipviprlpLtWlujSX5ma6mW62m+3muDlurpvr5rv5Lt2lu0VukctwGW6JW+IyXaZb5pa5FW6FW+VWuTVujVvn1rkNboPb5Da5LW6L2+a2uR1uh9vldrk9bo/b5/a5A+6Ay3JZ7qA76A65Q+6w+94dcT+4o+5Hd8z95I67n90J94s76U650+6MO+t+defceXfBXXSX3G/usrvirjrvUiKfRCZFPo1MjnwWmRKZGpkWmR5JjcyIpEU+j8yMzIrMjnwRmRP5MjI3Mi8yP7Igkh5ZGFkUWRzJiHwVWRL5OpIZWRpZFlkeWRFZGfG+0LbQF/FFfdTf5Yv5u32CL+5L+JLe+VI+0d/jS/t7fRl/ny/r7/fl/AO+vK/gK/qmvplv7lv4lr6Vf8639s/7Nr6tb+df8O39i76Df8kn+Zd9R/+K7+Rf9Z39a76Lf9139W/4bv5N392/5Xv4t31P38sn+96+j3/H9/X9fH8/wA/07/pB/j0/2L/vh/ihfpj/wA/3H/oR/iM/0o/yo/3Hfowf68f58X6Cn+hT/Cd+kv/UT/af+Sl+qp/mp/tUP8On+c/9TD/Lz/Zf+Dn+Sz/Xz/Pz/QKf7hf6RX6xz/Bf+SX+a5/pl/plfrlf4Vf6VX61X+PX+nV+vd/gN/pNfrPf4rf6bX673+F3+l1+t9/j9/p9fr8/4L/xWf5bf9D/xR/y3/nD/nt/xP/gj/of/TH/kz/uf/Yn/C/+pD/lT/sz/qz/1Z/z5/0Ff9Ff8r/5y/6Kv8r/s8YYY4wx9t+ibnC89z/5nvxjXNNHCHHr9gJH/rHmhrx/nfeT+zpGhBAv9+ra8G+jYcPk5OQ/XpupRFB0nhAicj0/h7geLxXtxIsiSbQVpf/p+vrJikA3qB+9X4jY/5QTI67H1+vf+1/Ub7rwhvXnCZFQ9HpOLnE9vl6/zH9Rf3f7G9TP9V2KEG3+U06cuB5fr58onheviKS/eyVjjDHGGGOMMfZX/eSlbje6v712f15QX8/JKa7HN7o/Z4wxxhhjjDHG2M332pvdX3ouKaltZ57whCc8+Y/Jzf7LxBhjjDHGGPt3u37Rf7NXwhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMZV//Gx8ndrP3yBhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjN1s/ycAAP//fMhn/w==")
lchown(&(0x7f0000000080)='./file0\x00', 0x0, 0x0)
syz_mount_image$hfsplus(&(0x7f0000000600), &(0x7f0000000640)='./file0\x00', 0x0, &(0x7f0000000200), 0x1, 0x5d8, &(0x7f00000006c0)="$eJzs3U1vG8cdB+Df0rJsuoDDJHaSFi0q2IcWMWqLYuLoUKBuURQ6BEWAXnLJQbDpWDCtBBJTKEFR2H299hskPcjnnnooejCQnvsVBPSQQ4HedXOxyyXFWIoixbJIJc8DDGeGszs78/fuiLuEwQDfWEtv5/SjFFm68uZGWd/a7PS2Njv3huUkZ5I0kplBlmI1KT5NbmSQ8u3yzbq74ouO887Hbyx+1n74YFCbqVO1fWO//Q7mfp0yl+RUnR9Vfzefur9iNMMyYJeHgYNJe7zL/cPs/pTXLTANisHfzV1aybkkZ+vPAalXh8bxju7oHWqVAwAAgBPque1sZyPnJz0OAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOEnq3/8v6tQYludSDH//f7Z+L3X5RHs06QEAAAAAAAAAwBH4/na2s5Hzw/rjovrO/1JVuVC9fisfZD3drOVqNrKcfvpZSztJa6yj2Y3lfn+tfYA9F/bcc+F45gsAAAAAAAAAX1O/y9LO9/8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADANiuTUIKvShWG5lcZMkrNJZsvt7if/HJZPskeTHgAAAAAcg+e2s52NnB/WHxfVPf9L1X3/2XyQ1fSzkn566eZW9SxgcNff2Nrs9LY2O/fKtLvfn/7vUMOoeszg2cPeR56vtrg42mMpv8ivciVzeStrWcmvs5x+upnLz6vScoq06qcXreE49x7vjc/V3vqysb5SjaSZ21mpxnY1N/NeermVRjWHapv9j/igjE7xk9oBY3SrzssZ/aXOp0OrisjpUUTm69iX0Xh+/0gc8jx58kjtNEbPoC48g5ifq/My1n+a6pgvjJ19L+0fieTSf7739zu91bt3bq9fmZ4pfUVPRqIzFomXv1GRmK2jMVhFD7daXqr2PZ+V/DLv5Va6eT2LeT0LeS2vZT6LuT4W14sHuNYah7vWLv+wLjST/LnOp0MZ1+fH4jq+0rWqtvF3dqL0wtGvSDPfqQvlMX5f59PhyUi0xyLx4v6R+Ovj8nW9t3p37c7y+wc83g/qvLxs/zhVa3N5vrxQ/mNVtc+fHWXbi3u2tau2C6O2xq62i6O2L7tSZ+vPcLt7WqjaXt6zrVO1vTLWttenHACm3rlXz802/9v8d/OT5h+ad5pvnv3ZmcUz353N6X/N/OPU3xoPGz8uXs0n+e3O/T8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPDVrX/40d3lXq+7pqCgoDAqTHplAp61a/17719b//CjH63cW363+253tdNpX19YvL64cP3a7ZVed37wOulhAs/Azh/9SY8EAAAAAAAAAAAAOKjj+O8Ek54jAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAcLItvZ3Tj1KkPX91vqxvbXZ6ZRqWd7acSdJIUvwmKT5NbmSQ0hrrrvii47zz8RuLn7UfPtjpa2a4fWO//Q7mfp0yl+RUnR9Vfzefur9iNMMyYJeHgYNJ+38AAAD//+NBDmE=")
close(0x5)
r0 = syz_open_dev$loop(&(0x7f0000000640), 0x0, 0x22400)
ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105042, 0x1ff)
mmap$IORING_OFF_SQ_RING(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x4, 0x11, r1, 0x0)
r2 = socket$inet_udp(0x2, 0x2, 0x0)
ioctl$sock_ipv6_tunnel_SIOCCHG6RD(r2, 0x89fb, 0x0)
syz_clone3(&(0x7f00000003c0)={0x2024880, 0x0, 0x0, 0x0, {0x27}, 0x0, 0x0, 0x0, 0x0}, 0x58)
madvise(&(0x7f0000000000/0x8000)=nil, 0x8000, 0x15)
ioctl$LOOP_SET_STATUS(r0, 0x4c02, &(0x7f00000000c0)={0x0, {}, 0x0, {}, 0x6, 0x2, 0x15, 0x17, "9e959f16b6787b08aa26e66cfcc1d8a6078ed99eebe0ca8b000000dd8f6fac274de9d948bba5e51e92bbd4ce85450d0000461eb0ffff7c00fcffffff00", "f625c1076e4c36c800def96015e0fb7e904d865c2fdc458ee68d347f41be5a08", [0x1, 0x7]})
[ 84.573605][ T5092] Bluetooth: hci0: command tx timeout
[ 85.676070][ T5109] loop0: detected capacity change from 0 to 256
[ 85.782059][ T24] audit: type=1800 audit(1723972067.087:2): pid=5109 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.0" name="file1" dev="loop0" ino=1048584 res=0 errno=0
[ 85.805130][ T24] audit: type=1800 audit(1723972067.107:3): pid=5109 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.0" name="file1" dev="loop0" ino=1048584 res=0 errno=0
[ 85.838017][ T5109] ==================================================================
[ 85.841216][ T5109] BUG: KASAN: stack-out-of-bounds in __unwind_start+0x3e/0x7c0
[ 85.844187][ T5109] Write of size 96 at addr ffffc900018373c0 by task syz.0.0/5109
[ 85.847046][ T5109]
[ 85.848025][ T5109] CPU: 0 UID: 0 PID: 5109 Comm: syz.0.0 Not tainted 6.11.0-rc3-syzkaller-00338-gc3f2d783a459 #0
[ 85.852053][ T5109] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 85.855943][ T5109] Call Trace:
[ 85.857217][ T5109]
[ 85.858373][ T5109] dump_stack_lvl+0x241/0x360
[ 85.861468][ T5109] ? __pfx_dump_stack_lvl+0x10/0x10
[ 85.863428][ T5109] ? __pfx__printk+0x10/0x10
[ 85.865274][ T5109] ? _printk+0xd5/0x120
[ 85.866945][ T5109] print_report+0x169/0x550
[ 85.868645][ T5109] ? __virt_addr_valid+0xbd/0x530
[ 85.870542][ T5109] ? __unwind_start+0x3e/0x7c0
[ 85.872470][ T5109] kasan_report+0x143/0x180
[ 85.874380][ T5109] ? __unwind_start+0x3e/0x7c0
[ 85.876194][ T5109] ? __pfx_stack_trace_consume_entry+0x10/0x10
[ 85.878599][ T5109] kasan_check_range+0x282/0x290
[ 85.880620][ T5109] __asan_memset+0x23/0x50
[ 85.882275][ T5109] __unwind_start+0x3e/0x7c0
[ 85.883941][ T5109] ? __pfx_stack_trace_consume_entry+0x10/0x10
[ 85.886064][ T5109] arch_stack_walk+0x103/0x1b0
[ 85.887732][ T5109] stack_trace_save+0x118/0x1d0
[ 85.889424][ T5109] ? __pfx_stack_trace_save+0x10/0x10
[ 85.891315][ T5109] ? __pfx_reserve_pfn_range+0x10/0x10
[ 85.893229][ T5109] kasan_save_track+0x3f/0x80
[ 85.894984][ T5109] __kasan_slab_alloc+0x66/0x80
[ 85.896838][ T5109] ? vm_area_dup+0x27/0x290
[ 85.898656][ T5109] kmem_cache_alloc_noprof+0x135/0x2a0
[ 85.900804][ T5109] vm_area_dup+0x27/0x290
[ 85.902507][ T5109] copy_mm+0xc7b/0x1f30
[ 85.904163][ T5109] ? __pfx_copy_mm+0x10/0x10
[ 85.905955][ T5109] ? __init_rwsem+0x122/0x160
[ 85.907814][ T5109] ? copy_signal+0x549/0x670
[ 85.909597][ T5109] copy_process+0x187c/0x3e10
[ 85.911437][ T5109] ? copy_process+0x9fa/0x3e10
[ 85.913321][ T5109] ? __pfx_copy_process+0x10/0x10
[ 85.915374][ T5109] ? __might_fault+0xc6/0x120
[ 85.917247][ T5109] ? __asan_memset+0x23/0x50
[ 85.919085][ T5109] kernel_clone+0x226/0x8f0
[ 85.920836][ T5109] ? __pfx_kernel_clone+0x10/0x10
[ 85.922803][ T5109] ? __pfx_lock_release+0x10/0x10
[ 85.924690][ T5109] __se_sys_clone3+0x2cb/0x350
[ 85.926562][ T5109] ? __might_fault+0xaa/0x120
[ 85.928453][ T5109] ? __pfx___se_sys_clone3+0x10/0x10
[ 85.930446][ T5109] ? rcu_is_watching+0x15/0xb0
[ 85.932372][ T5109] ? lockdep_hardirqs_on_prepare+0x43d/0x780
[ 85.934687][ T5109] ? exc_page_fault+0x590/0x8c0
[ 85.936541][ T5109] ? do_syscall_64+0xb6/0x230
[ 85.938340][ T5109] do_syscall_64+0xf3/0x230
[ 85.940033][ T5109] ? clear_bhb_loop+0x35/0x90
[ 85.941758][ T5109] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 85.944057][ T5109] RIP: 0033:0x7ff7f27799b9
[ 85.945854][ T5109] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 85.953488][ T5109] RSP: 002b:00007ff7f358ef08 EFLAGS: 00000246 ORIG_RAX: 00000000000001b3
[ 85.956635][ T5109] RAX: ffffffffffffffda RBX: 0000000000000058 RCX: 00007ff7f27799b9
[ 85.959620][ T5109] RDX: 00007ff7f358ef20 RSI: 0000000000000058 RDI: 00007ff7f358ef20
[ 85.962657][ T5109] RBP: 00007ff7f27e78d8 R08: 0000000000000000 R09: 0000000000000058
[ 85.965728][ T5109] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 85.968882][ T5109] R13: 0000000000000000 R14: 00007ff7f2915f80 R15: 00007ffc51f8f378
[ 85.972048][ T5109]
[ 85.973334][ T5109]
[ 85.974279][ T5109] The buggy address belongs to stack of task syz.0.0/5109
[ 85.976993][ T5109]
[ 85.977959][ T5109] The buggy address belongs to the virtual mapping at
[ 85.977959][ T5109] [ffffc90001830000, ffffc90001839000) created by:
[ 85.977959][ T5109] copy_process+0x5d1/0x3e10
[ 85.984620][ T5109]
[ 85.985567][ T5109] The buggy address belongs to the physical page:
[ 85.988049][ T5109] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x45dba
[ 85.991521][ T5109] flags: 0x4fff00000000000(node=1|zone=1|lastcpupid=0x7ff)
[ 85.994365][ T5109] raw: 04fff00000000000 0000000000000000 dead000000000122 0000000000000000
[ 85.997675][ T5109] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[ 86.000979][ T5109] page dumped because: kasan: bad access detected
[ 86.003428][ T5109] page_owner tracks the page as allocated
[ 86.005604][ T5109] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2dc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_NOWARN|__GFP_ZERO), pid 5108, tgid 5108 (syz.0.0), ts 82537916190, free_ts 0
[ 86.012541][ T5109] post_alloc_hook+0x1f3/0x230
[ 86.014318][ T5109] get_page_from_freelist+0x2e4c/0x2f10
[ 86.016264][ T5109] __alloc_pages_noprof+0x256/0x6c0
[ 86.018118][ T5109] alloc_pages_mpol_noprof+0x3e8/0x680
[ 86.020072][ T5109] __vmalloc_node_range_noprof+0xa40/0x1400
[ 86.022176][ T5109] dup_task_struct+0x444/0x8c0
[ 86.023935][ T5109] copy_process+0x5d1/0x3e10
[ 86.025540][ T5109] kernel_clone+0x226/0x8f0
[ 86.027152][ T5109] __se_sys_clone3+0x2cb/0x350
[ 86.028960][ T5109] do_syscall_64+0xf3/0x230
[ 86.030619][ T5109] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 86.032930][ T5109] page_owner free stack trace missing
[ 86.035036][ T5109]
[ 86.035963][ T5109] Memory state around the buggy address:
[ 86.038191][ T5109] ffffc90001837280: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 86.041383][ T5109] ffffc90001837300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 86.044589][ T5109] >ffffc90001837380: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f2
[ 86.047559][ T5109] ^
[ 86.050584][ T5109] ffffc90001837400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 86.053704][ T5109] ffffc90001837480: f1 f1 f1 f1 00 00 00 f3 f3 f3 f3 f3 00 00 00 00
[ 86.056728][ T5109] ==================================================================
[ 86.304719][ T5109] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 86.307416][ T5109] CPU: 0 UID: 0 PID: 5109 Comm: syz.0.0 Not tainted 6.11.0-rc3-syzkaller-00338-gc3f2d783a459 #0
[ 86.311267][ T5109] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 86.315433][ T5109] Call Trace:
[ 86.316800][ T5109]
[ 86.317974][ T5109] dump_stack_lvl+0x241/0x360
[ 86.319816][ T5109] ? __pfx_dump_stack_lvl+0x10/0x10
[ 86.321839][ T5109] ? __pfx__printk+0x10/0x10
[ 86.323758][ T5109] ? preempt_schedule+0xe1/0xf0
[ 86.325685][ T5109] ? vscnprintf+0x5d/0x90
[ 86.327337][ T5109] panic+0x349/0x860
[ 86.328812][ T5109] ? check_panic_on_warn+0x21/0xb0
[ 86.330873][ T5109] ? __pfx_panic+0x10/0x10
[ 86.332648][ T5109] ? _raw_spin_unlock_irqrestore+0x130/0x140
[ 86.335066][ T5109] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[ 86.337543][ T5109] ? print_report+0x502/0x550
[ 86.339458][ T5109] check_panic_on_warn+0x86/0xb0
[ 86.341407][ T5109] ? __unwind_start+0x3e/0x7c0
[ 86.343306][ T5109] end_report+0x77/0x160
[ 86.344975][ T5109] kasan_report+0x154/0x180
[ 86.346689][ T5109] ? __unwind_start+0x3e/0x7c0
[ 86.348542][ T5109] ? __pfx_stack_trace_consume_entry+0x10/0x10
[ 86.350873][ T5109] kasan_check_range+0x282/0x290
[ 86.352619][ T5109] __asan_memset+0x23/0x50
[ 86.354347][ T5109] __unwind_start+0x3e/0x7c0
[ 86.356176][ T5109] ? __pfx_stack_trace_consume_entry+0x10/0x10
[ 86.358565][ T5109] arch_stack_walk+0x103/0x1b0
[ 86.360466][ T5109] stack_trace_save+0x118/0x1d0
[ 86.362329][ T5109] ? __pfx_stack_trace_save+0x10/0x10
[ 86.364469][ T5109] ? __pfx_reserve_pfn_range+0x10/0x10
[ 86.366496][ T5109] kasan_save_track+0x3f/0x80
[ 86.368182][ T5109] __kasan_slab_alloc+0x66/0x80
[ 86.369856][ T5109] ? vm_area_dup+0x27/0x290
[ 86.371428][ T5109] kmem_cache_alloc_noprof+0x135/0x2a0
[ 86.373341][ T5109] vm_area_dup+0x27/0x290
[ 86.374888][ T5109] copy_mm+0xc7b/0x1f30
[ 86.376325][ T5109] ? __pfx_copy_mm+0x10/0x10
[ 86.377933][ T5109] ? __init_rwsem+0x122/0x160
[ 86.379786][ T5109] ? copy_signal+0x549/0x670
[ 86.381663][ T5109] copy_process+0x187c/0x3e10
[ 86.383562][ T5109] ? copy_process+0x9fa/0x3e10
[ 86.385429][ T5109] ? __pfx_copy_process+0x10/0x10
[ 86.387373][ T5109] ? __might_fault+0xc6/0x120
[ 86.389199][ T5109] ? __asan_memset+0x23/0x50
[ 86.391191][ T5109] kernel_clone+0x226/0x8f0
[ 86.393385][ T5109] ? __pfx_kernel_clone+0x10/0x10
[ 86.395749][ T5109] ? __pfx_lock_release+0x10/0x10
[ 86.397744][ T5109] __se_sys_clone3+0x2cb/0x350
[ 86.399602][ T5109] ? __might_fault+0xaa/0x120
[ 86.401445][ T5109] ? __pfx___se_sys_clone3+0x10/0x10
[ 86.403535][ T5109] ? rcu_is_watching+0x15/0xb0
[ 86.405468][ T5109] ? lockdep_hardirqs_on_prepare+0x43d/0x780
[ 86.407797][ T5109] ? exc_page_fault+0x590/0x8c0
[ 86.409713][ T5109] ? do_syscall_64+0xb6/0x230
[ 86.411609][ T5109] do_syscall_64+0xf3/0x230
[ 86.413399][ T5109] ? clear_bhb_loop+0x35/0x90
[ 86.415342][ T5109] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 86.417665][ T5109] RIP: 0033:0x7ff7f27799b9
[ 86.419417][ T5109] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 86.426887][ T5109] RSP: 002b:00007ff7f358ef08 EFLAGS: 00000246 ORIG_RAX: 00000000000001b3
[ 86.430082][ T5109] RAX: ffffffffffffffda RBX: 0000000000000058 RCX: 00007ff7f27799b9
[ 86.433091][ T5109] RDX: 00007ff7f358ef20 RSI: 0000000000000058 RDI: 00007ff7f358ef20
[ 86.436068][ T5109] RBP: 00007ff7f27e78d8 R08: 0000000000000000 R09: 0000000000000058
[ 86.439154][ T5109] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 86.442223][ T5109] R13: 0000000000000000 R14: 00007ff7f2915f80 R15: 00007ffc51f8f378
[ 86.445466][ T5109]
[ 86.447019][ T5109] Kernel Offset: disabled
[ 86.448752][ T5109] Rebooting in 86400 seconds..