[ 101.453446][ T9] cfg80211: failed to load regulatory.db
Warning: Permanently added '10.128.0.42' (ED25519) to the list of known hosts.
2025/10/12 12:52:16 parsed 1 programs
[ 109.462593][ T5833] cgroup: Unknown subsys name 'net'
[ 109.616306][ T5833] cgroup: Unknown subsys name 'cpuset'
[ 109.626842][ T5833] cgroup: Unknown subsys name 'rlimit'
[ 111.332969][ T5833] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k
[ 114.152952][ T5841] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[ 115.740828][ T1157] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 115.748965][ T1157] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 115.785874][ T1157] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 115.795552][ T1157] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 116.313336][ T5868] chnl_net:caif_netlink_parms(): no params data found
[ 116.466685][ T5868] bridge0: port 1(bridge_slave_0) entered blocking state
[ 116.474066][ T5868] bridge0: port 1(bridge_slave_0) entered disabled state
[ 116.481272][ T5868] bridge_slave_0: entered allmulticast mode
[ 116.492103][ T5868] bridge_slave_0: entered promiscuous mode
[ 116.506772][ T5868] bridge0: port 2(bridge_slave_1) entered blocking state
[ 116.514102][ T5868] bridge0: port 2(bridge_slave_1) entered disabled state
[ 116.521301][ T5868] bridge_slave_1: entered allmulticast mode
[ 116.529103][ T5868] bridge_slave_1: entered promiscuous mode
[ 116.570825][ T5868] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 116.585883][ T5868] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 116.629438][ T5868] team0: Port device team_slave_0 added
[ 116.639294][ T5868] team0: Port device team_slave_1 added
[ 116.674363][ T5868] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 116.681391][ T5868] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 116.707810][ T5868] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 116.720857][ T5868] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 116.727814][ T5868] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 116.754369][ T5868] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 116.807861][ T5868] hsr_slave_0: entered promiscuous mode
[ 116.814824][ T5868] hsr_slave_1: entered promiscuous mode
[ 116.997278][ T5868] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 117.010151][ T5868] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 117.021138][ T5868] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 117.033824][ T5868] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 117.127479][ T5868] 8021q: adding VLAN 0 to HW filter on device bond0
[ 117.150190][ T5868] 8021q: adding VLAN 0 to HW filter on device team0
[ 117.164581][ T1157] bridge0: port 1(bridge_slave_0) entered blocking state
[ 117.172035][ T1157] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 117.190134][ T12] bridge0: port 2(bridge_slave_1) entered blocking state
[ 117.197337][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 117.248186][ T5868] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[ 117.447945][ T5868] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 117.498904][ T5868] veth0_vlan: entered promiscuous mode
[ 117.511711][ T5868] veth1_vlan: entered promiscuous mode
[ 117.545571][ T5868] veth0_macvtap: entered promiscuous mode
[ 117.555936][ T5868] veth1_macvtap: entered promiscuous mode
[ 117.577411][ T5868] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 117.592922][ T5868] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 117.609331][ T1157] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 117.619154][ T1157] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 117.629455][ T1157] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 117.638421][ T1157] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 117.787878][ T1022] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 117.891260][ T1022] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 117.995332][ T1022] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 118.017011][ T52] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 118.026987][ T52] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 118.034932][ T52] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 118.043561][ T52] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 118.054313][ T52] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 118.070948][ T1022] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 120.331319][ T1022] bridge_slave_1: left allmulticast mode
[ 120.351187][ T1022] bridge_slave_1: left promiscuous mode
[ 120.369827][ T1022] bridge0: port 2(bridge_slave_1) entered disabled state
[ 120.395662][ T1022] bridge_slave_0: left allmulticast mode
[ 120.413487][ T1022] bridge_slave_0: left promiscuous mode
[ 120.419384][ T1022] bridge0: port 1(bridge_slave_0) entered disabled state
2025/10/12 12:52:33 executed programs: 0
[ 120.984967][ T5143] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 120.993350][ T5143] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 121.012020][ T5143] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 121.036290][ T5143] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 121.044830][ T5143] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 121.195208][ T1022] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 121.210100][ T1022] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 121.221396][ T1022] bond0 (unregistering): Released all slaves
[ 121.334236][ T1022] hsr_slave_0: left promiscuous mode
[ 121.341806][ T1022] hsr_slave_1: left promiscuous mode
[ 121.348656][ T1022] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 121.359237][ T1022] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 121.369224][ T1022] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 121.379326][ T1022] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 121.398056][ T1022] veth1_macvtap: left promiscuous mode
[ 121.403781][ T1022] veth0_macvtap: left promiscuous mode
[ 121.409405][ T1022] veth1_vlan: left promiscuous mode
[ 121.414831][ T1022] veth0_vlan: left promiscuous mode
[ 121.711544][ T1022] team0 (unregistering): Port device team_slave_1 removed
[ 121.734182][ T1022] team0 (unregistering): Port device team_slave_0 removed
[ 122.203446][ T5944] chnl_net:caif_netlink_parms(): no params data found
[ 122.400718][ T5944] bridge0: port 1(bridge_slave_0) entered blocking state
[ 122.415201][ T5944] bridge0: port 1(bridge_slave_0) entered disabled state
[ 122.422821][ T5944] bridge_slave_0: entered allmulticast mode
[ 122.430862][ T5944] bridge_slave_0: entered promiscuous mode
[ 122.442920][ T5944] bridge0: port 2(bridge_slave_1) entered blocking state
[ 122.450106][ T5944] bridge0: port 2(bridge_slave_1) entered disabled state
[ 122.457367][ T5944] bridge_slave_1: entered allmulticast mode
[ 122.473474][ T5944] bridge_slave_1: entered promiscuous mode
[ 122.529307][ T5944] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 122.544377][ T5944] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 122.978145][ T5944] team0: Port device team_slave_0 added
[ 122.990136][ T5944] team0: Port device team_slave_1 added
[ 123.048171][ T5944] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 123.055641][ T5944] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 123.081997][ T5944] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 123.101370][ T5944] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 123.108418][ T5944] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 123.132791][ T52] Bluetooth: hci0: command tx timeout
[ 123.136893][ T5944] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 123.247292][ T5944] hsr_slave_0: entered promiscuous mode
[ 123.254225][ T5944] hsr_slave_1: entered promiscuous mode
[ 124.025489][ T5944] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 124.038106][ T5944] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 124.055055][ T5944] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 124.068812][ T5944] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 124.193354][ T5944] 8021q: adding VLAN 0 to HW filter on device bond0
[ 124.223174][ T5944] 8021q: adding VLAN 0 to HW filter on device team0
[ 124.239308][ T1022] bridge0: port 1(bridge_slave_0) entered blocking state
[ 124.246502][ T1022] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 124.278664][ T1022] bridge0: port 2(bridge_slave_1) entered blocking state
[ 124.285850][ T1022] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 124.598710][ T5944] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 124.661133][ T5944] veth0_vlan: entered promiscuous mode
[ 124.680849][ T5944] veth1_vlan: entered promiscuous mode
[ 124.726630][ T5944] veth0_macvtap: entered promiscuous mode
[ 124.739569][ T5944] veth1_macvtap: entered promiscuous mode
[ 124.763675][ T5944] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 124.782947][ T5944] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 124.800764][ T3520] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 124.820206][ T1105] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 124.830620][ T1105] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 124.848774][ T1105] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 124.929915][ T1105] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 124.948309][ T1105] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 124.994019][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 125.002650][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 125.086560][ T6021] loop0: detected capacity change from 0 to 256
[ 125.096366][ T6021] exfat: Deprecated parameter 'namecase'
[ 125.123837][ T6021] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x5441951d, utbl_chksum : 0xe619d30d)
[ 125.160182][ T6021] ==================================================================
[ 125.168277][ T6021] BUG: KASAN: stack-out-of-bounds in exfat_nls_to_ucs2+0x706/0x730
[ 125.176193][ T6021] Read of size 1 at addr ffffc90003bffcc8 by task syz.0.17/6021
[ 125.183836][ T6021]
[ 125.186160][ T6021] CPU: 1 UID: 0 PID: 6021 Comm: syz.0.17 Not tainted syzkaller #0 PREEMPT(full)
[ 125.186198][ T6021] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[ 125.186217][ T6021] Call Trace:
[ 125.186228][ T6021]
[ 125.186239][ T6021] dump_stack_lvl+0x116/0x1f0
[ 125.186292][ T6021] print_report+0xcd/0x630
[ 125.186333][ T6021] ? srso_alias_return_thunk+0x5/0xfbef5
[ 125.186372][ T6021] ? __virt_addr_valid+0x81/0x610
[ 125.186409][ T6021] ? exfat_nls_to_ucs2+0x706/0x730
[ 125.186439][ T6021] kasan_report+0xe0/0x110
[ 125.186486][ T6021] ? exfat_nls_to_ucs2+0x706/0x730
[ 125.186521][ T6021] exfat_nls_to_ucs2+0x706/0x730
[ 125.186556][ T6021] ? __pfx_exfat_nls_to_ucs2+0x10/0x10
[ 125.186586][ T6021] ? srso_alias_return_thunk+0x5/0xfbef5
[ 125.186656][ T6021] ? find_held_lock+0x2b/0x80
[ 125.186707][ T6021] ? __might_fault+0xe3/0x190
[ 125.186736][ T6021] ? __might_fault+0xe3/0x190
[ 125.186764][ T6021] ? srso_alias_return_thunk+0x5/0xfbef5
[ 125.186808][ T6021] exfat_nls_to_utf16+0xa6/0xf0
[ 125.186843][ T6021] exfat_ioctl_set_volume_label+0x15d/0x230
[ 125.186881][ T6021] ? __pfx_exfat_ioctl_set_volume_label+0x10/0x10
[ 125.186918][ T6021] ? __lock_acquire+0xb8a/0x1c90
[ 125.186989][ T6021] ? srso_alias_return_thunk+0x5/0xfbef5
[ 125.187029][ T6021] ? kasan_quarantine_put+0x10a/0x240
[ 125.187063][ T6021] ? srso_alias_return_thunk+0x5/0xfbef5
[ 125.187101][ T6021] ? lockdep_hardirqs_on+0x7c/0x110
[ 125.187150][ T6021] ? srso_alias_return_thunk+0x5/0xfbef5
[ 125.187190][ T6021] ? srso_alias_return_thunk+0x5/0xfbef5
[ 125.187229][ T6021] ? find_held_lock+0x2b/0x80
[ 125.187297][ T6021] ? srso_alias_return_thunk+0x5/0xfbef5
[ 125.187336][ T6021] ? __sanitizer_cov_trace_switch+0x54/0x90
[ 125.187393][ T6021] exfat_ioctl+0x929/0x1630
[ 125.187431][ T6021] ? __pfx_exfat_ioctl+0x10/0x10
[ 125.187469][ T6021] ? __pfx_do_sys_openat2+0x10/0x10
[ 125.187518][ T6021] ? srso_alias_return_thunk+0x5/0xfbef5
[ 125.187556][ T6021] ? srso_alias_return_thunk+0x5/0xfbef5
[ 125.187595][ T6021] ? hook_file_ioctl_common+0x145/0x410
[ 125.187641][ T6021] ? srso_alias_return_thunk+0x5/0xfbef5
[ 125.187681][ T6021] ? __pfx___x64_sys_futex+0x10/0x10
[ 125.187725][ T6021] ? __pfx_exfat_ioctl+0x10/0x10
[ 125.187762][ T6021] __x64_sys_ioctl+0x18e/0x210
[ 125.187814][ T6021] do_syscall_64+0xcd/0xfa0
[ 125.187865][ T6021] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 125.187897][ T6021] RIP: 0033:0x7fe42fd8eec9
[ 125.187922][ T6021] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 125.187953][ T6021] RSP: 002b:00007fffed42a368 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 125.187982][ T6021] RAX: ffffffffffffffda RBX: 00007fe42ffe5fa0 RCX: 00007fe42fd8eec9
[ 125.188004][ T6021] RDX: 00002000000001c0 RSI: 0000000041009432 RDI: 0000000000000004
[ 125.188024][ T6021] RBP: 00007fe42fe11f91 R08: 0000000000000000 R09: 0000000000000000
[ 125.188044][ T6021] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 125.188064][ T6021] R13: 00007fe42ffe5fa0 R14: 00007fe42ffe5fa0 R15: 0000000000000003
[ 125.188096][ T6021]
[ 125.188107][ T6021]
[ 125.494216][ T6021] The buggy address belongs to stack of task syz.0.17/6021
[ 125.501404][ T6021] and is located at offset 960 in frame:
[ 125.507118][ T6021] exfat_ioctl_set_volume_label+0x0/0x230
[ 125.512848][ T6021]
[ 125.515160][ T6021] This frame has 3 objects:
[ 125.519652][ T6021] [32, 36) 'lossy'
[ 125.519673][ T6021] [48, 568) 'uniname'
[ 125.523471][ T6021] [704, 960) 'label'
[ 125.527535][ T6021]
[ 125.533803][ T6021] The buggy address belongs to a vmalloc virtual mapping
[ 125.540822][ T6021] The buggy address belongs to the physical page:
[ 125.547219][ T6021] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff888078a99fc0 pfn:0x78a99
[ 125.557297][ T6021] memcg:ffff888031b53b02
[ 125.561541][ T6021] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[ 125.568676][ T6021] raw: 00fff00000000000 0000000000000000 dead000000000122 0000000000000000
[ 125.577270][ T6021] raw: ffff888078a99fc0 0000000000000000 00000001ffffffff ffff888031b53b02
[ 125.585852][ T6021] page dumped because: kasan: bad access detected
[ 125.592259][ T6021] page_owner tracks the page as allocated
[ 125.597963][ T6021] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2dc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_ZERO|__GFP_NOWARN), pid 12, tgid 12 (kworker/u8:0), ts 124467106609, free_ts 124465932009
[ 125.617078][ T6021] post_alloc_hook+0x1c0/0x230
[ 125.621870][ T6021] get_page_from_freelist+0x10a3/0x3a30
[ 125.627443][ T6021] __alloc_frozen_pages_noprof+0x25f/0x2470
[ 125.633353][ T6021] alloc_pages_mpol+0x1fb/0x550
[ 125.638220][ T6021] alloc_pages_noprof+0x131/0x390
[ 125.643259][ T6021] __vmalloc_node_range_noprof+0x6f8/0x1480
[ 125.649168][ T6021] __vmalloc_node_noprof+0xad/0xf0
[ 125.654396][ T6021] copy_process+0x2c77/0x76a0
[ 125.659079][ T6021] kernel_clone+0xfc/0x930
[ 125.663495][ T6021] user_mode_thread+0xc8/0x110
[ 125.668258][ T6021] call_usermodehelper_exec_work+0x6b/0x170
[ 125.674258][ T6021] process_one_work+0x9cf/0x1b70
[ 125.679214][ T6021] worker_thread+0x6c8/0xf10
[ 125.683825][ T6021] kthread+0x3c5/0x780
[ 125.687903][ T6021] ret_from_fork+0x675/0x7d0
[ 125.692507][ T6021] ret_from_fork_asm+0x1a/0x30
[ 125.697276][ T6021] page last free pid 5944 tgid 5944 stack trace:
[ 125.703678][ T6021] __free_frozen_pages+0x7df/0x1160
[ 125.708892][ T6021] __put_partials+0x130/0x170
[ 125.713589][ T6021] qlist_free_all+0x4d/0x120
[ 125.718182][ T6021] kasan_quarantine_reduce+0x195/0x1e0
[ 125.723736][ T6021] __kasan_slab_alloc+0x69/0x90
[ 125.728598][ T6021] kmem_cache_alloc_node_noprof+0x28a/0x770
[ 125.734681][ T6021] __alloc_skb+0x2b2/0x380
[ 125.739113][ T6021] netlink_alloc_large_skb+0x69/0x140
[ 125.744508][ T6021] netlink_sendmsg+0x698/0xdd0
[ 125.749272][ T6021] __sys_sendto+0x4a3/0x520
[ 125.753784][ T6021] __x64_sys_sendto+0xe0/0x1c0
[ 125.758562][ T6021] do_syscall_64+0xcd/0xfa0
[ 125.763169][ T6021] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 125.769065][ T6021]
[ 125.771377][ T6021] Memory state around the buggy address:
[ 125.776997][ T6021] ffffc90003bffb80: f2 f2 f2 f2 f2 f2 f2 f2 f2 00 00 00 00 00 00 00
[ 125.785059][ T6021] ffffc90003bffc00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 125.793119][ T6021] >ffffc90003bffc80: 00 00 00 00 00 00 00 00 00 f3 f3 f3 f3 f3 f3 f3
[ 125.801173][ T6021] ^
[ 125.807580][ T6021] ffffc90003bffd00: f3 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 125.815663][ T6021] ffffc90003bffd80: 00 00 00 00 f1 f1 f1 f1 f1 f1 00 00 00 f2 f2 f2
[ 125.823715][ T6021] ==================================================================
[ 125.861946][ T52] Bluetooth: hci0: command tx timeout
[ 125.888833][ T6021] Disabling lock debugging due to kernel taint
2025/10/12 12:52:38 executed programs: 3
[ 125.986248][ T6025] loop0: detected capacity change from 0 to 256
[ 125.994683][ T6025] exfat: Deprecated parameter 'namecase'
[ 126.029182][ T6025] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x5441951d, utbl_chksum : 0xe619d30d)
[ 126.065686][ T6025] ==================================================================
[ 126.073784][ T6025] BUG: KASAN: stack-out-of-bounds in exfat_nls_to_ucs2+0x706/0x730
[ 126.081704][ T6025] Read of size 1 at addr ffffc90003bffcc8 by task syz.0.18/6025
[ 126.089349][ T6025]
[ 126.091687][ T6025] CPU: 1 UID: 0 PID: 6025 Comm: syz.0.18 Tainted: G B syzkaller #0 PREEMPT(full)
[ 126.091740][ T6025] Tainted: [B]=BAD_PAGE
[ 126.091753][ T6025] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[ 126.091775][ T6025] Call Trace:
[ 126.091786][ T6025]
[ 126.091799][ T6025] dump_stack_lvl+0x116/0x1f0
[ 126.091859][ T6025] print_report+0xcd/0x630
[ 126.091904][ T6025] ? srso_alias_return_thunk+0x5/0xfbef5
[ 126.091949][ T6025] ? __virt_addr_valid+0x81/0x610
[ 126.091991][ T6025] ? exfat_nls_to_ucs2+0x706/0x730
[ 126.092024][ T6025] kasan_report+0xe0/0x110
[ 126.092091][ T6025] ? exfat_nls_to_ucs2+0x706/0x730
[ 126.092130][ T6025] exfat_nls_to_ucs2+0x706/0x730
[ 126.092170][ T6025] ? __pfx_exfat_nls_to_ucs2+0x10/0x10
[ 126.092236][ T6025] ? __might_fault+0xe3/0x190
[ 126.092269][ T6025] ? srso_alias_return_thunk+0x5/0xfbef5
[ 126.092313][ T6025] ? rcu_is_watching+0x12/0xc0
[ 126.092347][ T6025] ? srso_alias_return_thunk+0x5/0xfbef5
[ 126.092390][ T6025] ? lock_release+0x201/0x2f0
[ 126.092439][ T6025] exfat_nls_to_utf16+0xa6/0xf0
[ 126.092483][ T6025] exfat_ioctl_set_volume_label+0x15d/0x230
[ 126.092524][ T6025] ? __pfx_exfat_ioctl_set_volume_label+0x10/0x10
[ 126.092566][ T6025] ? __sanitizer_cov_trace_switch+0x54/0x90
[ 126.092660][ T6025] ? srso_alias_return_thunk+0x5/0xfbef5
[ 126.092703][ T6025] ? rcu_is_watching+0x12/0xc0
[ 126.092736][ T6025] ? srso_alias_return_thunk+0x5/0xfbef5
[ 126.092779][ T6025] ? trace_irq_enable.constprop.0+0xd4/0x120
[ 126.092817][ T6025] ? srso_alias_return_thunk+0x5/0xfbef5
[ 126.092883][ T6025] ? srso_alias_return_thunk+0x5/0xfbef5
[ 126.092926][ T6025] ? __sanitizer_cov_trace_switch+0x54/0x90
[ 126.092989][ T6025] exfat_ioctl+0x929/0x1630
[ 126.093031][ T6025] ? __pfx_exfat_ioctl+0x10/0x10
[ 126.093069][ T6025] ? __pfx_do_sys_openat2+0x10/0x10
[ 126.093124][ T6025] ? srso_alias_return_thunk+0x5/0xfbef5
[ 126.093168][ T6025] ? srso_alias_return_thunk+0x5/0xfbef5
[ 126.093211][ T6025] ? hook_file_ioctl_common+0x145/0x410
[ 126.093263][ T6025] ? srso_alias_return_thunk+0x5/0xfbef5
[ 126.093307][ T6025] ? __pfx___x64_sys_futex+0x10/0x10
[ 126.093357][ T6025] ? __pfx_exfat_ioctl+0x10/0x10
[ 126.093398][ T6025] __x64_sys_ioctl+0x18e/0x210
[ 126.093465][ T6025] do_syscall_64+0xcd/0xfa0
[ 126.093523][ T6025] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 126.093559][ T6025] RIP: 0033:0x7fe42fd8eec9
[ 126.093586][ T6025] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 126.093622][ T6025] RSP: 002b:00007fffed42a368 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 126.093655][ T6025] RAX: ffffffffffffffda RBX: 00007fe42ffe5fa0 RCX: 00007fe42fd8eec9
[ 126.093680][ T6025] RDX: 00002000000001c0 RSI: 0000000041009432 RDI: 0000000000000004
[ 126.093704][ T6025] RBP: 00007fe42fe11f91 R08: 0000000000000000 R09: 0000000000000000
[ 126.093726][ T6025] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 126.093748][ T6025] R13: 00007fe42ffe5fa0 R14: 00007fe42ffe5fa0 R15: 0000000000000003
[ 126.093783][ T6025]
[ 126.093796][ T6025]
[ 126.396023][ T6025] The buggy address belongs to stack of task syz.0.18/6025
[ 126.403209][ T6025] and is located at offset 960 in frame:
[ 126.408911][ T6025] exfat_ioctl_set_volume_label+0x0/0x230
[ 126.414641][ T6025]
[ 126.416950][ T6025] This frame has 3 objects:
[ 126.421437][ T6025] [32, 36) 'lossy'
[ 126.421464][ T6025] [48, 568) 'uniname'
[ 126.425266][ T6025] [704, 960) 'label'
[ 126.429321][ T6025]
[ 126.435587][ T6025] The buggy address belongs to a vmalloc virtual mapping
[ 126.442610][ T6025] The buggy address belongs to the physical page:
[ 126.449007][ T6025] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff888078a99fc0 pfn:0x78a99
[ 126.459068][ T6025] memcg:ffff888031b53b02
[ 126.463301][ T6025] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[ 126.470419][ T6025] raw: 00fff00000000000 0000000000000000 dead000000000122 0000000000000000
[ 126.479096][ T6025] raw: ffff888078a99fc0 0000000000000000 00000001ffffffff ffff888031b53b02
[ 126.487670][ T6025] page dumped because: kasan: bad access detected
[ 126.494071][ T6025] page_owner tracks the page as allocated
[ 126.499771][ T6025] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2dc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_ZERO|__GFP_NOWARN), pid 12, tgid 12 (kworker/u8:0), ts 124467106609, free_ts 124465932009
[ 126.518805][ T6025] post_alloc_hook+0x1c0/0x230
[ 126.523603][ T6025] get_page_from_freelist+0x10a3/0x3a30
[ 126.529185][ T6025] __alloc_frozen_pages_noprof+0x25f/0x2470
[ 126.535080][ T6025] alloc_pages_mpol+0x1fb/0x550
[ 126.539945][ T6025] alloc_pages_noprof+0x131/0x390
[ 126.544993][ T6025] __vmalloc_node_range_noprof+0x6f8/0x1480
[ 126.550905][ T6025] __vmalloc_node_noprof+0xad/0xf0
[ 126.556037][ T6025] copy_process+0x2c77/0x76a0
[ 126.560715][ T6025] kernel_clone+0xfc/0x930
[ 126.565129][ T6025] user_mode_thread+0xc8/0x110
[ 126.569891][ T6025] call_usermodehelper_exec_work+0x6b/0x170
[ 126.575831][ T6025] process_one_work+0x9cf/0x1b70
[ 126.580785][ T6025] worker_thread+0x6c8/0xf10
[ 126.585388][ T6025] kthread+0x3c5/0x780
[ 126.589471][ T6025] ret_from_fork+0x675/0x7d0
[ 126.594066][ T6025] ret_from_fork_asm+0x1a/0x30
[ 126.598833][ T6025] page last free pid 5944 tgid 5944 stack trace:
[ 126.605152][ T6025] __free_frozen_pages+0x7df/0x1160
[ 126.610365][ T6025] __put_partials+0x130/0x170
[ 126.615062][ T6025] qlist_free_all+0x4d/0x120
[ 126.619654][ T6025] kasan_quarantine_reduce+0x195/0x1e0
[ 126.625118][ T6025] __kasan_slab_alloc+0x69/0x90
[ 126.629976][ T6025] kmem_cache_alloc_node_noprof+0x28a/0x770
[ 126.635868][ T6025] __alloc_skb+0x2b2/0x380
[ 126.640305][ T6025] netlink_alloc_large_skb+0x69/0x140
[ 126.645702][ T6025] netlink_sendmsg+0x698/0xdd0
[ 126.650472][ T6025] __sys_sendto+0x4a3/0x520
[ 126.654989][ T6025] __x64_sys_sendto+0xe0/0x1c0
[ 126.659769][ T6025] do_syscall_64+0xcd/0xfa0
[ 126.664290][ T6025] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 126.670185][ T6025]
[ 126.672498][ T6025] Memory state around the buggy address:
[ 126.678120][ T6025] ffffc90003bffb80: f2 f2 f2 f2 f2 f2 f2 f2 f2 00 00 00 00 00 00 00
[ 126.686178][ T6025] ffffc90003bffc00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 126.694236][ T6025] >ffffc90003bffc80: 00 00 00 00 00 00 00 00 00 f3 f3 f3 f3 f3 f3 f3
[ 126.702286][ T6025] ^
[ 126.708686][ T6025] ffffc90003bffd00: f3 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 126.716743][ T6025] ffffc90003bffd80: 00 00 00 00 f1 f1 f1 f1 f1 f1 00 00 00 f2 f2 f2
[ 126.724794][ T6025] ==================================================================
[ 126.837535][ T6036] loop0: detected capacity change from 0 to 256
[ 126.859312][ T6036] exfat: Deprecated parameter 'namecase'
[ 126.888575][ T6036] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x5441951d, utbl_chksum : 0xe619d30d)
[ 126.914527][ T6036] ==================================================================
[ 126.922599][ T6036] BUG: KASAN: stack-out-of-bounds in exfat_nls_to_ucs2+0x706/0x730
[ 126.930851][ T6036] Read of size 1 at addr ffffc9000e30fcc8 by task syz.0.19/6036
[ 126.938487][ T6036]
[ 126.940823][ T6036] CPU: 1 UID: 0 PID: 6036 Comm: syz.0.19 Tainted: G B syzkaller #0 PREEMPT(full)
[ 126.940883][ T6036] Tainted: [B]=BAD_PAGE
[ 126.940896][ T6036] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[ 126.940918][ T6036] Call Trace:
[ 126.940928][ T6036]
[ 126.940941][ T6036] dump_stack_lvl+0x116/0x1f0
[ 126.940999][ T6036] print_report+0xcd/0x630
[ 126.941044][ T6036] ? srso_alias_return_thunk+0x5/0xfbef5
[ 126.941089][ T6036] ? __virt_addr_valid+0x81/0x610
[ 126.941130][ T6036] ? exfat_nls_to_ucs2+0x706/0x730
[ 126.941163][ T6036] kasan_report+0xe0/0x110
[ 126.941209][ T6036] ? exfat_nls_to_ucs2+0x706/0x730
[ 126.941248][ T6036] exfat_nls_to_ucs2+0x706/0x730
[ 126.941287][ T6036] ? __pfx_exfat_nls_to_ucs2+0x10/0x10
[ 126.941352][ T6036] ? __might_fault+0xe3/0x190
[ 126.941385][ T6036] ? srso_alias_return_thunk+0x5/0xfbef5
[ 126.941428][ T6036] ? rcu_is_watching+0x12/0xc0
[ 126.941470][ T6036] ? srso_alias_return_thunk+0x5/0xfbef5
[ 126.941514][ T6036] ? lock_release+0x201/0x2f0
[ 126.941563][ T6036] exfat_nls_to_utf16+0xa6/0xf0
[ 126.941599][ T6036] exfat_ioctl_set_volume_label+0x15d/0x230
[ 126.941640][ T6036] ? __pfx_exfat_ioctl_set_volume_label+0x10/0x10
[ 126.941681][ T6036] ? __sanitizer_cov_trace_switch+0x54/0x90
[ 126.941774][ T6036] ? srso_alias_return_thunk+0x5/0xfbef5
[ 126.941817][ T6036] ? rcu_is_watching+0x12/0xc0
[ 126.941850][ T6036] ? srso_alias_return_thunk+0x5/0xfbef5
[ 126.941893][ T6036] ? trace_irq_enable.constprop.0+0xd4/0x120
[ 126.941930][ T6036] ? srso_alias_return_thunk+0x5/0xfbef5
[ 126.941996][ T6036] ? srso_alias_return_thunk+0x5/0xfbef5
[ 126.942039][ T6036] ? __sanitizer_cov_trace_switch+0x54/0x90
[ 126.942100][ T6036] exfat_ioctl+0x929/0x1630
[ 126.942142][ T6036] ? __pfx_exfat_ioctl+0x10/0x10
[ 126.942180][ T6036] ? __pfx_do_sys_openat2+0x10/0x10
[ 126.942235][ T6036] ? srso_alias_return_thunk+0x5/0xfbef5
[ 126.942281][ T6036] ? srso_alias_return_thunk+0x5/0xfbef5
[ 126.942320][ T6036] ? hook_file_ioctl_common+0x145/0x410
[ 126.942366][ T6036] ? srso_alias_return_thunk+0x5/0xfbef5
[ 126.942405][ T6036] ? __pfx___x64_sys_futex+0x10/0x10
[ 126.942450][ T6036] ? __pfx_exfat_ioctl+0x10/0x10
[ 126.942491][ T6036] __x64_sys_ioctl+0x18e/0x210
[ 126.942544][ T6036] do_syscall_64+0xcd/0xfa0
[ 126.942595][ T6036] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 126.942627][ T6036] RIP: 0033:0x7fe42fd8eec9
[ 126.942650][ T6036] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 126.942682][ T6036] RSP: 002b:00007fffed42a368 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 126.942712][ T6036] RAX: ffffffffffffffda RBX: 00007fe42ffe5fa0 RCX: 00007fe42fd8eec9
[ 126.942733][ T6036] RDX: 00002000000001c0 RSI: 0000000041009432 RDI: 0000000000000004
[ 126.942754][ T6036] RBP: 00007fe42fe11f91 R08: 0000000000000000 R09: 0000000000000000
[ 126.942774][ T6036] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 126.942793][ T6036] R13: 00007fe42ffe5fa0 R14: 00007fe42ffe5fa0 R15: 0000000000000003
[ 126.942824][ T6036]
[ 126.942835][ T6036]
[ 127.244884][ T6036] The buggy address belongs to stack of task syz.0.19/6036
[ 127.252080][ T6036] and is located at offset 960 in frame:
[ 127.257785][ T6036] exfat_ioctl_set_volume_label+0x0/0x230
[ 127.263514][ T6036]
[ 127.265822][ T6036] This frame has 3 objects:
[ 127.270309][ T6036] [32, 36) 'lossy'
[ 127.270329][ T6036] [48, 568) 'uniname'
[ 127.274127][ T6036] [704, 960) 'label'
[ 127.278181][ T6036]
[ 127.284463][ T6036] The buggy address belongs to a vmalloc virtual mapping
[ 127.291478][ T6036] The buggy address belongs to the physical page:
[ 127.297870][ T6036] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x5a9d1
[ 127.306623][ T6036] memcg:ffff888031b53b02
[ 127.310845][ T6036] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[ 127.318057][ T6036] raw: 00fff00000000000 0000000000000000 dead000000000122 0000000000000000
[ 127.326641][ T6036] raw: 0000000000000000 0000000000000000 00000001ffffffff ffff888031b53b02
[ 127.335239][ T6036] page dumped because: kasan: bad access detected
[ 127.341724][ T6036] page_owner tracks the page as allocated
[ 127.347428][ T6036] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2dc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_ZERO|__GFP_NOWARN), pid 5856, tgid 5856 (syz-executor), ts 115514515637, free_ts 115507067194
[ 127.366870][ T6036] post_alloc_hook+0x1c0/0x230
[ 127.371659][ T6036] get_page_from_freelist+0x10a3/0x3a30
[ 127.377317][ T6036] __alloc_frozen_pages_noprof+0x25f/0x2470
[ 127.383209][ T6036] alloc_pages_mpol+0x1fb/0x550
[ 127.388070][ T6036] alloc_pages_noprof+0x131/0x390
[ 127.393104][ T6036] __vmalloc_node_range_noprof+0x6f8/0x1480
[ 127.399012][ T6036] __vmalloc_node_noprof+0xad/0xf0
[ 127.404137][ T6036] copy_process+0x2c77/0x76a0
[ 127.408815][ T6036] kernel_clone+0xfc/0x930
[ 127.413250][ T6036] __do_sys_clone+0xce/0x120
[ 127.417846][ T6036] do_syscall_64+0xcd/0xfa0
[ 127.422373][ T6036] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 127.428272][ T6036] page last free pid 5851 tgid 5851 stack trace:
[ 127.434589][ T6036] __free_frozen_pages+0x7df/0x1160
[ 127.439801][ T6036] vfree+0x1fd/0xb50
[ 127.443703][ T6036] kcov_close+0x34/0x60
[ 127.447873][ T6036] __fput+0x402/0xb70
[ 127.451865][ T6036] task_work_run+0x150/0x240
[ 127.456468][ T6036] do_exit+0x86f/0x2bf0
[ 127.460625][ T6036] do_group_exit+0xd3/0x2a0
[ 127.465130][ T6036] get_signal+0x2671/0x26d0
[ 127.469631][ T6036] arch_do_signal_or_restart+0x8f/0x7c0
[ 127.475214][ T6036] exit_to_user_mode_loop+0x85/0x130
[ 127.480518][ T6036] do_syscall_64+0x426/0xfa0
[ 127.485125][ T6036] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 127.491026][ T6036]
[ 127.493333][ T6036] Memory state around the buggy address:
[ 127.498956][ T6036] ffffc9000e30fb80: f2 f2 f2 f2 f2 f2 f2 f2 f2 00 00 00 00 00 00 00
[ 127.507009][ T6036] ffffc9000e30fc00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 127.515065][ T6036] >ffffc9000e30fc80: 00 00 00 00 00 00 00 00 00 f3 f3 f3 f3 f3 f3 f3
[ 127.523115][ T6036] ^
[ 127.529515][ T6036] ffffc9000e30fd00: f3 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 127.537575][ T6036] ffffc9000e30fd80: 00 00 00 00 f1 f1 f1 f1 f1 f1 00 00 00 f2 f2 f2
[ 127.545631][ T6036] ==================================================================
[ 127.587021][ T6039] loop0: detected capacity change from 0 to 256
[ 127.599439][ T6039] exfat: Deprecated parameter 'namecase'
[ 127.634582][ T6039] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x5441951d, utbl_chksum : 0xe619d30d)
[ 127.650194][ T6039] ==================================================================
[ 127.658277][ T6039] BUG: KASAN: stack-out-of-bounds in exfat_nls_to_ucs2+0x706/0x730
[ 127.666190][ T6039] Read of size 1 at addr ffffc90003bffcc8 by task syz.0.20/6039
[ 127.673843][ T6039]
[ 127.676175][ T6039] CPU: 1 UID: 0 PID: 6039 Comm: syz.0.20 Tainted: G B syzkaller #0 PREEMPT(full)
[ 127.676230][ T6039] Tainted: [B]=BAD_PAGE
[ 127.676242][ T6039] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[ 127.676263][ T6039] Call Trace:
[ 127.676274][ T6039]
[ 127.676286][ T6039] dump_stack_lvl+0x116/0x1f0
[ 127.676342][ T6039] print_report+0xcd/0x630
[ 127.676386][ T6039] ? srso_alias_return_thunk+0x5/0xfbef5
[ 127.676429][ T6039] ? __virt_addr_valid+0x81/0x610
[ 127.676468][ T6039] ? exfat_nls_to_ucs2+0x706/0x730
[ 127.676500][ T6039] kasan_report+0xe0/0x110
[ 127.676545][ T6039] ? exfat_nls_to_ucs2+0x706/0x730
[ 127.676582][ T6039] exfat_nls_to_ucs2+0x706/0x730
[ 127.676620][ T6039] ? __pfx_exfat_nls_to_ucs2+0x10/0x10
[ 127.676685][ T6039] ? __might_fault+0xe3/0x190
[ 127.676720][ T6039] ? srso_alias_return_thunk+0x5/0xfbef5
[ 127.676762][ T6039] ? rcu_is_watching+0x12/0xc0
[ 127.676794][ T6039] ? srso_alias_return_thunk+0x5/0xfbef5
[ 127.676840][ T6039] ? lock_release+0x201/0x2f0
[ 127.676887][ T6039] exfat_nls_to_utf16+0xa6/0xf0
[ 127.676922][ T6039] exfat_ioctl_set_volume_label+0x15d/0x230
[ 127.676961][ T6039] ? __pfx_exfat_ioctl_set_volume_label+0x10/0x10
[ 127.677002][ T6039] ? __sanitizer_cov_trace_switch+0x54/0x90
[ 127.677093][ T6039] ? srso_alias_return_thunk+0x5/0xfbef5
[ 127.677135][ T6039] ? rcu_is_watching+0x12/0xc0
[ 127.677166][ T6039] ? srso_alias_return_thunk+0x5/0xfbef5
[ 127.677215][ T6039] ? trace_irq_enable.constprop.0+0xd4/0x120
[ 127.677252][ T6039] ? srso_alias_return_thunk+0x5/0xfbef5
[ 127.677315][ T6039] ? srso_alias_return_thunk+0x5/0xfbef5
[ 127.677357][ T6039] ? __sanitizer_cov_trace_switch+0x54/0x90
[ 127.677418][ T6039] exfat_ioctl+0x929/0x1630
[ 127.677457][ T6039] ? __pfx_exfat_ioctl+0x10/0x10
[ 127.677494][ T6039] ? __pfx_do_sys_openat2+0x10/0x10
[ 127.677547][ T6039] ? srso_alias_return_thunk+0x5/0xfbef5
[ 127.677589][ T6039] ? srso_alias_return_thunk+0x5/0xfbef5
[ 127.677630][ T6039] ? hook_file_ioctl_common+0x145/0x410
[ 127.677680][ T6039] ? srso_alias_return_thunk+0x5/0xfbef5
[ 127.677723][ T6039] ? __pfx___x64_sys_futex+0x10/0x10
[ 127.677771][ T6039] ? __pfx_exfat_ioctl+0x10/0x10
[ 127.677810][ T6039] __x64_sys_ioctl+0x18e/0x210
[ 127.677867][ T6039] do_syscall_64+0xcd/0xfa0
[ 127.677922][ T6039] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 127.677957][ T6039] RIP: 0033:0x7fe42fd8eec9
[ 127.677982][ T6039] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 127.678016][ T6039] RSP: 002b:00007fffed42a368 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 127.678048][ T6039] RAX: ffffffffffffffda RBX: 00007fe42ffe5fa0 RCX: 00007fe42fd8eec9
[ 127.678072][ T6039] RDX: 00002000000001c0 RSI: 0000000041009432 RDI: 0000000000000004
[ 127.678094][ T6039] RBP: 00007fe42fe11f91 R08: 0000000000000000 R09: 0000000000000000
[ 127.678116][ T6039] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 127.678138][ T6039] R13: 00007fe42ffe5fa0 R14: 00007fe42ffe5fa0 R15: 0000000000000003
[ 127.678171][ T6039]
[ 127.678183][ T6039]
[ 127.980747][ T6039] The buggy address belongs to stack of task syz.0.20/6039
[ 127.987921][ T6039] and is located at offset 960 in frame:
[ 127.993627][ T6039] exfat_ioctl_set_volume_label+0x0/0x230
[ 127.999355][ T6039]
[ 128.001661][ T6039] This frame has 3 objects:
[ 128.006144][ T6039] [32, 36) 'lossy'
[ 128.006162][ T6039] [48, 568) 'uniname'
[ 128.009951][ T6039] [704, 960) 'label'
[ 128.013998][ T6039]
[ 128.020276][ T6039] The buggy address belongs to a vmalloc virtual mapping
[ 128.027303][ T6039] The buggy address belongs to the physical page:
[ 128.033697][ T6039] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff888078a99fc0 pfn:0x78a99
[ 128.043760][ T6039] memcg:ffff888031b53b02
[ 128.047980][ T6039] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[ 128.055084][ T6039] raw: 00fff00000000000 0000000000000000 dead000000000122 0000000000000000
[ 128.063671][ T6039] raw: ffff888078a99fc0 0000000000000000 00000001ffffffff ffff888031b53b02
[ 128.072239][ T6039] page dumped because: kasan: bad access detected
[ 128.078639][ T6039] page_owner tracks the page as allocated
[ 128.084332][ T6039] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2dc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_ZERO|__GFP_NOWARN), pid 12, tgid 12 (kworker/u8:0), ts 124467106609, free_ts 124465932009
[ 128.103346][ T6039] post_alloc_hook+0x1c0/0x230
[ 128.108299][ T6039] get_page_from_freelist+0x10a3/0x3a30
[ 128.113891][ T6039] __alloc_frozen_pages_noprof+0x25f/0x2470
[ 128.119782][ T6039] alloc_pages_mpol+0x1fb/0x550
[ 128.124635][ T6039] alloc_pages_noprof+0x131/0x390
[ 128.129918][ T6039] __vmalloc_node_range_noprof+0x6f8/0x1480
[ 128.135817][ T6039] __vmalloc_node_noprof+0xad/0xf0
[ 128.140931][ T6039] copy_process+0x2c77/0x76a0
[ 128.145622][ T6039] kernel_clone+0xfc/0x930
[ 128.150053][ T6039] user_mode_thread+0xc8/0x110
[ 128.154814][ T6039] call_usermodehelper_exec_work+0x6b/0x170
[ 128.160715][ T6039] process_one_work+0x9cf/0x1b70
[ 128.165662][ T6039] worker_thread+0x6c8/0xf10
[ 128.170353][ T6039] kthread+0x3c5/0x780
[ 128.174424][ T6039] ret_from_fork+0x675/0x7d0
[ 128.179099][ T6039] ret_from_fork_asm+0x1a/0x30
[ 128.183868][ T6039] page last free pid 5944 tgid 5944 stack trace:
[ 128.190177][ T6039] __free_frozen_pages+0x7df/0x1160
[ 128.195389][ T6039] __put_partials+0x130/0x170
[ 128.200181][ T6039] qlist_free_all+0x4d/0x120
[ 128.204777][ T6039] kasan_quarantine_reduce+0x195/0x1e0
[ 128.210237][ T6039] __kasan_slab_alloc+0x69/0x90
[ 128.215097][ T6039] kmem_cache_alloc_node_noprof+0x28a/0x770
[ 128.220985][ T6039] __alloc_skb+0x2b2/0x380
[ 128.225435][ T6039] netlink_alloc_large_skb+0x69/0x140
[ 128.230908][ T6039] netlink_sendmsg+0x698/0xdd0
[ 128.235684][ T6039] __sys_sendto+0x4a3/0x520
[ 128.240277][ T6039] __x64_sys_sendto+0xe0/0x1c0
[ 128.245065][ T6039] do_syscall_64+0xcd/0xfa0
[ 128.249607][ T6039] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 128.255504][ T6039]
[ 128.257821][ T6039] Memory state around the buggy address:
[ 128.263439][ T6039] ffffc90003bffb80: f2 f2 f2 f2 f2 f2 f2 f2 f2 00 00 00 00 00 00 00
[ 128.271496][ T6039] ffffc90003bffc00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 128.279552][ T6039] >ffffc90003bffc80: 00 00 00 00 00 00 00 00 00 f3 f3 f3 f3 f3 f3 f3
[ 128.287600][ T6039] ^
[ 128.294108][ T6039] ffffc90003bffd00: f3 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 128.302158][ T6039] ffffc90003bffd80: 00 00 00 00 f1 f1 f1 f1 f1 f1 00 00 00 f2 f2 f2
[ 128.310209][ T6039] ==================================================================
[ 128.321784][ T52] Bluetooth: hci0: command tx timeout
[ 128.355896][ T6040] loop0: detected capacity change from 0 to 256
[ 128.363533][ T6040] exfat: Deprecated parameter 'namecase'
[ 128.375709][ T6040] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x5441951d, utbl_chksum : 0xe619d30d)
[ 128.389924][ T6040] ==================================================================
[ 128.398257][ T6040] BUG: KASAN: stack-out-of-bounds in exfat_nls_to_ucs2+0x706/0x730
[ 128.406171][ T6040] Read of size 1 at addr ffffc9000e30fcc8 by task syz.0.21/6040
[ 128.413811][ T6040]
[ 128.416148][ T6040] CPU: 0 UID: 0 PID: 6040 Comm: syz.0.21 Tainted: G B syzkaller #0 PREEMPT(full)
[ 128.416200][ T6040] Tainted: [B]=BAD_PAGE
[ 128.416213][ T6040] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[ 128.416234][ T6040] Call Trace:
[ 128.416245][ T6040]
[ 128.416258][ T6040] dump_stack_lvl+0x116/0x1f0
[ 128.416315][ T6040] print_report+0xcd/0x630
[ 128.416360][ T6040] ? srso_alias_return_thunk+0x5/0xfbef5
[ 128.416405][ T6040] ? __virt_addr_valid+0x81/0x610
[ 128.416445][ T6040] ? exfat_nls_to_ucs2+0x706/0x730
[ 128.416486][ T6040] kasan_report+0xe0/0x110
[ 128.416532][ T6040] ? exfat_nls_to_ucs2+0x706/0x730
[ 128.416571][ T6040] exfat_nls_to_ucs2+0x706/0x730
[ 128.416611][ T6040] ? __pfx_exfat_nls_to_ucs2+0x10/0x10
[ 128.416677][ T6040] ? __might_fault+0xe3/0x190
[ 128.416709][ T6040] ? srso_alias_return_thunk+0x5/0xfbef5
[ 128.416753][ T6040] ? rcu_is_watching+0x12/0xc0
[ 128.416787][ T6040] ? srso_alias_return_thunk+0x5/0xfbef5
[ 128.416834][ T6040] ? lock_release+0x201/0x2f0
[ 128.416884][ T6040] exfat_nls_to_utf16+0xa6/0xf0
[ 128.416919][ T6040] exfat_ioctl_set_volume_label+0x15d/0x230
[ 128.416960][ T6040] ? __pfx_exfat_ioctl_set_volume_label+0x10/0x10
[ 128.417002][ T6040] ? __sanitizer_cov_trace_switch+0x54/0x90
[ 128.417095][ T6040] ? srso_alias_return_thunk+0x5/0xfbef5
[ 128.417139][ T6040] ? rcu_is_watching+0x12/0xc0
[ 128.417172][ T6040] ? srso_alias_return_thunk+0x5/0xfbef5
[ 128.417215][ T6040] ? trace_irq_enable.constprop.0+0xd4/0x120
[ 128.417253][ T6040] ? srso_alias_return_thunk+0x5/0xfbef5
[ 128.417319][ T6040] ? srso_alias_return_thunk+0x5/0xfbef5
[ 128.417362][ T6040] ? __sanitizer_cov_trace_switch+0x54/0x90
[ 128.417425][ T6040] exfat_ioctl+0x929/0x1630
[ 128.417473][ T6040] ? __pfx_exfat_ioctl+0x10/0x10
[ 128.417511][ T6040] ? __pfx_do_sys_openat2+0x10/0x10
[ 128.417565][ T6040] ? srso_alias_return_thunk+0x5/0xfbef5
[ 128.417608][ T6040] ? srso_alias_return_thunk+0x5/0xfbef5
[ 128.417652][ T6040] ? hook_file_ioctl_common+0x145/0x410
[ 128.417703][ T6040] ? srso_alias_return_thunk+0x5/0xfbef5
[ 128.417747][ T6040] ? __pfx___x64_sys_futex+0x10/0x10
[ 128.417797][ T6040] ? __pfx_exfat_ioctl+0x10/0x10
[ 128.417838][ T6040] __x64_sys_ioctl+0x18e/0x210
[ 128.417896][ T6040] do_syscall_64+0xcd/0xfa0
[ 128.417953][ T6040] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 128.417989][ T6040] RIP: 0033:0x7fe42fd8eec9
[ 128.418016][ T6040] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 128.418052][ T6040] RSP: 002b:00007fffed42a368 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 128.418085][ T6040] RAX: ffffffffffffffda RBX: 00007fe42ffe5fa0 RCX: 00007fe42fd8eec9
[ 128.418109][ T6040] RDX: 00002000000001c0 RSI: 0000000041009432 RDI: 0000000000000004
[ 128.418132][ T6040] RBP: 00007fe42fe11f91 R08: 0000000000000000 R09: 0000000000000000
[ 128.418155][ T6040] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 128.418177][ T6040] R13: 00007fe42ffe5fa0 R14: 00007fe42ffe5fa0 R15: 0000000000000003
[ 128.418212][ T6040]
[ 128.418224][ T6040]
[ 128.720569][ T6040] The buggy address belongs to stack of task syz.0.21/6040
[ 128.727862][ T6040] and is located at offset 960 in frame:
[ 128.733565][ T6040] exfat_ioctl_set_volume_label+0x0/0x230
[ 128.739400][ T6040]
[ 128.741709][ T6040] This frame has 3 objects:
[ 128.746192][ T6040] [32, 36) 'lossy'
[ 128.746213][ T6040] [48, 568) 'uniname'
[ 128.750005][ T6040] [704, 960) 'label'
[ 128.754165][ T6040]
[ 128.760489][ T6040] The buggy address belongs to a vmalloc virtual mapping
[ 128.767516][ T6040] The buggy address belongs to the physical page:
[ 128.773917][ T6040] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x5a9d1
[ 128.782667][ T6040] memcg:ffff888031b53b02
[ 128.786889][ T6040] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[ 128.794279][ T6040] raw: 00fff00000000000 0000000000000000 dead000000000122 0000000000000000
[ 128.802860][ T6040] raw: 0000000000000000 0000000000000000 00000001ffffffff ffff888031b53b02
[ 128.811441][ T6040] page dumped because: kasan: bad access detected
[ 128.817861][ T6040] page_owner tracks the page as allocated
[ 128.823560][ T6040] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2dc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_ZERO|__GFP_NOWARN), pid 5856, tgid 5856 (syz-executor), ts 115514515637, free_ts 115507067194
[ 128.843013][ T6040] post_alloc_hook+0x1c0/0x230
[ 128.847789][ T6040] get_page_from_freelist+0x10a3/0x3a30
[ 128.853433][ T6040] __alloc_frozen_pages_noprof+0x25f/0x2470
[ 128.859325][ T6040] alloc_pages_mpol+0x1fb/0x550
[ 128.864182][ T6040] alloc_pages_noprof+0x131/0x390
[ 128.869213][ T6040] __vmalloc_node_range_noprof+0x6f8/0x1480
[ 128.875113][ T6040] __vmalloc_node_noprof+0xad/0xf0
[ 128.880230][ T6040] copy_process+0x2c77/0x76a0
[ 128.884899][ T6040] kernel_clone+0xfc/0x930
[ 128.889311][ T6040] __do_sys_clone+0xce/0x120
[ 128.893897][ T6040] do_syscall_64+0xcd/0xfa0
[ 128.898411][ T6040] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 128.904300][ T6040] page last free pid 5851 tgid 5851 stack trace:
[ 128.910631][ T6040] __free_frozen_pages+0x7df/0x1160
[ 128.915894][ T6040] vfree+0x1fd/0xb50
[ 128.919816][ T6040] kcov_close+0x34/0x60
[ 128.923985][ T6040] __fput+0x402/0xb70
[ 128.928009][ T6040] task_work_run+0x150/0x240
[ 128.932719][ T6040] do_exit+0x86f/0x2bf0
[ 128.936872][ T6040] do_group_exit+0xd3/0x2a0
[ 128.941373][ T6040] get_signal+0x2671/0x26d0
[ 128.945866][ T6040] arch_do_signal_or_restart+0x8f/0x7c0
[ 128.951425][ T6040] exit_to_user_mode_loop+0x85/0x130
[ 128.956737][ T6040] do_syscall_64+0x426/0xfa0
[ 128.961378][ T6040] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 128.967267][ T6040]
[ 128.969833][ T6040] Memory state around the buggy address:
[ 128.975449][ T6040] ffffc9000e30fb80: f2 f2 f2 f2 f2 f2 f2 f2 f2 00 00 00 00 00 00 00
[ 128.983511][ T6040] ffffc9000e30fc00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 128.991571][ T6040] >ffffc9000e30fc80: 00 00 00 00 00 00 00 00 00 f3 f3 f3 f3 f3 f3 f3
[ 128.999621][ T6040] ^
[ 129.006021][ T6040] ffffc9000e30fd00: f3 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 129.014071][ T6040] ffffc9000e30fd80: 00 00 00 00 f1 f1 f1 f1 f1 f1 00 00 00 f2 f2 f2
[ 129.022211][ T6040] ==================================================================
[ 129.061941][ T6041] loop0: detected capacity change from 0 to 256
[ 129.069074][ T6041] exfat: Deprecated parameter 'namecase'
[ 129.084480][ T6041] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x5441951d, utbl_chksum : 0xe619d30d)
[ 129.102665][ T6041] ==================================================================
[ 129.110749][ T6041] BUG: KASAN: stack-out-of-bounds in exfat_nls_to_ucs2+0x706/0x730
[ 129.118751][ T6041] Read of size 1 at addr ffffc90003bffcc8 by task syz.0.22/6041
[ 129.126444][ T6041]
[ 129.128790][ T6041] CPU: 0 UID: 0 PID: 6041 Comm: syz.0.22 Tainted: G B syzkaller #0 PREEMPT(full)
[ 129.128829][ T6041] Tainted: [B]=BAD_PAGE
[ 129.128839][ T6041] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[ 129.128854][ T6041] Call Trace:
[ 129.128863][ T6041]
[ 129.128873][ T6041] dump_stack_lvl+0x116/0x1f0
[ 129.128916][ T6041] print_report+0xcd/0x630
[ 129.128950][ T6041] ? srso_alias_return_thunk+0x5/0xfbef5
[ 129.128983][ T6041] ? __virt_addr_valid+0x81/0x610
[ 129.129013][ T6041] ? exfat_nls_to_ucs2+0x706/0x730
[ 129.129038][ T6041] kasan_report+0xe0/0x110
[ 129.129073][ T6041] ? exfat_nls_to_ucs2+0x706/0x730
[ 129.129102][ T6041] exfat_nls_to_ucs2+0x706/0x730
[ 129.129131][ T6041] ? __pfx_exfat_nls_to_ucs2+0x10/0x10
[ 129.129182][ T6041] ? __might_fault+0xe3/0x190
[ 129.129217][ T6041] ? srso_alias_return_thunk+0x5/0xfbef5
[ 129.129249][ T6041] ? rcu_is_watching+0x12/0xc0
[ 129.129274][ T6041] ? srso_alias_return_thunk+0x5/0xfbef5
[ 129.129306][ T6041] ? lock_release+0x201/0x2f0
[ 129.129342][ T6041] exfat_nls_to_utf16+0xa6/0xf0
[ 129.129369][ T6041] exfat_ioctl_set_volume_label+0x15d/0x230
[ 129.129399][ T6041] ? __pfx_exfat_ioctl_set_volume_label+0x10/0x10
[ 129.129430][ T6041] ? __sanitizer_cov_trace_switch+0x54/0x90
[ 129.129500][ T6041] ? srso_alias_return_thunk+0x5/0xfbef5
[ 129.129532][ T6041] ? rcu_is_watching+0x12/0xc0
[ 129.129556][ T6041] ? srso_alias_return_thunk+0x5/0xfbef5
[ 129.129588][ T6041] ? trace_irq_enable.constprop.0+0xd4/0x120
[ 129.129616][ T6041] ? srso_alias_return_thunk+0x5/0xfbef5
[ 129.129665][ T6041] ? srso_alias_return_thunk+0x5/0xfbef5
[ 129.129697][ T6041] ? __sanitizer_cov_trace_switch+0x54/0x90
[ 129.129744][ T6041] exfat_ioctl+0x929/0x1630
[ 129.129775][ T6041] ? __pfx_exfat_ioctl+0x10/0x10
[ 129.129803][ T6041] ? __pfx_do_sys_openat2+0x10/0x10
[ 129.129843][ T6041] ? srso_alias_return_thunk+0x5/0xfbef5
[ 129.129875][ T6041] ? srso_alias_return_thunk+0x5/0xfbef5
[ 129.129907][ T6041] ? hook_file_ioctl_common+0x145/0x410
[ 129.129945][ T6041] ? srso_alias_return_thunk+0x5/0xfbef5
[ 129.129978][ T6041] ? __pfx___x64_sys_futex+0x10/0x10
[ 129.130015][ T6041] ? __pfx_exfat_ioctl+0x10/0x10
[ 129.130045][ T6041] __x64_sys_ioctl+0x18e/0x210
[ 129.130095][ T6041] do_syscall_64+0xcd/0xfa0
[ 129.130137][ T6041] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 129.130164][ T6041] RIP: 0033:0x7fe42fd8eec9
[ 129.130184][ T6041] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 129.130242][ T6041] RSP: 002b:00007fffed42a368 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 129.130267][ T6041] RAX: ffffffffffffffda RBX: 00007fe42ffe5fa0 RCX: 00007fe42fd8eec9
[ 129.130285][ T6041] RDX: 00002000000001c0 RSI: 0000000041009432 RDI: 0000000000000004
[ 129.130302][ T6041] RBP: 00007fe42fe11f91 R08: 0000000000000000 R09: 0000000000000000
[ 129.130318][ T6041] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 129.130334][ T6041] R13: 00007fe42ffe5fa0 R14: 00007fe42ffe5fa0 R15: 0000000000000003
[ 129.130360][ T6041]
[ 129.130370][ T6041]
[ 129.433174][ T6041] The buggy address belongs to stack of task syz.0.22/6041
[ 129.440365][ T6041] and is located at offset 960 in frame:
[ 129.446068][ T6041] exfat_ioctl_set_volume_label+0x0/0x230
[ 129.451799][ T6041]
[ 129.454112][ T6041] This frame has 3 objects:
[ 129.458600][ T6041] [32, 36) 'lossy'
[ 129.458621][ T6041] [48, 568) 'uniname'
[ 129.462417][ T6041] [704, 960) 'label'
[ 129.466476][ T6041]
[ 129.472735][ T6041] The buggy address belongs to a vmalloc virtual mapping
[ 129.479840][ T6041] The buggy address belongs to the physical page:
[ 129.486240][ T6041] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff888078a99fc0 pfn:0x78a99
[ 129.496302][ T6041] memcg:ffff888031b53b02
[ 129.500533][ T6041] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[ 129.507999][ T6041] raw: 00fff00000000000 0000000000000000 dead000000000122 0000000000000000
[ 129.516585][ T6041] raw: ffff888078a99fc0 0000000000000000 00000001ffffffff ffff888031b53b02
[ 129.525165][ T6041] page dumped because: kasan: bad access detected
[ 129.531572][ T6041] page_owner tracks the page as allocated
[ 129.537272][ T6041] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2dc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_ZERO|__GFP_NOWARN), pid 12, tgid 12 (kworker/u8:0), ts 124467106609, free_ts 124465932009
[ 129.556391][ T6041] post_alloc_hook+0x1c0/0x230
[ 129.561181][ T6041] get_page_from_freelist+0x10a3/0x3a30
[ 129.566764][ T6041] __alloc_frozen_pages_noprof+0x25f/0x2470
[ 129.572662][ T6041] alloc_pages_mpol+0x1fb/0x550
[ 129.577522][ T6041] alloc_pages_noprof+0x131/0x390
[ 129.582554][ T6041] __vmalloc_node_range_noprof+0x6f8/0x1480
[ 129.588461][ T6041] __vmalloc_node_noprof+0xad/0xf0
[ 129.593584][ T6041] copy_process+0x2c77/0x76a0
[ 129.598261][ T6041] kernel_clone+0xfc/0x930
[ 129.602677][ T6041] user_mode_thread+0xc8/0x110
[ 129.607438][ T6041] call_usermodehelper_exec_work+0x6b/0x170
[ 129.613349][ T6041] process_one_work+0x9cf/0x1b70
[ 129.618388][ T6041] worker_thread+0x6c8/0xf10
[ 129.622991][ T6041] kthread+0x3c5/0x780
[ 129.627074][ T6041] ret_from_fork+0x675/0x7d0
[ 129.631671][ T6041] ret_from_fork_asm+0x1a/0x30
[ 129.636439][ T6041] page last free pid 5944 tgid 5944 stack trace:
[ 129.642755][ T6041] __free_frozen_pages+0x7df/0x1160
[ 129.647983][ T6041] __put_partials+0x130/0x170
[ 129.652676][ T6041] qlist_free_all+0x4d/0x120
[ 129.657266][ T6041] kasan_quarantine_reduce+0x195/0x1e0
[ 129.662727][ T6041] __kasan_slab_alloc+0x69/0x90
[ 129.667586][ T6041] kmem_cache_alloc_node_noprof+0x28a/0x770
[ 129.673479][ T6041] __alloc_skb+0x2b2/0x380
[ 129.677905][ T6041] netlink_alloc_large_skb+0x69/0x140
[ 129.683297][ T6041] netlink_sendmsg+0x698/0xdd0
[ 129.688056][ T6041] __sys_sendto+0x4a3/0x520
[ 129.692568][ T6041] __x64_sys_sendto+0xe0/0x1c0
[ 129.697340][ T6041] do_syscall_64+0xcd/0xfa0
[ 129.701858][ T6041] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 129.707752][ T6041]
[ 129.710076][ T6041] Memory state around the buggy address:
[ 129.715694][ T6041] ffffc90003bffb80: f2 f2 f2 f2 f2 f2 f2 f2 f2 00 00 00 00 00 00 00
[ 129.723756][ T6041] ffffc90003bffc00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 129.731818][ T6041] >ffffc90003bffc80: 00 00 00 00 00 00 00 00 00 f3 f3 f3 f3 f3 f3 f3
[ 129.739874][ T6041] ^
[ 129.746280][ T6041] ffffc90003bffd00: f3 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 129.754338][ T6041] ffffc90003bffd80: 00 00 00 00 f1 f1 f1 f1 f1 f1 00 00 00 f2 f2 f2
[ 129.762390][ T6041] ==================================================================
[ 129.799889][ T6042] loop0: detected capacity change from 0 to 256
[ 129.809908][ T6042] exfat: Deprecated parameter 'namecase'
[ 129.825278][ T6042] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x5441951d, utbl_chksum : 0xe619d30d)
[ 129.839820][ T6042] ==================================================================
[ 129.847897][ T6042] BUG: KASAN: stack-out-of-bounds in exfat_nls_to_ucs2+0x706/0x730
[ 129.855810][ T6042] Read of size 1 at addr ffffc900030c7cc8 by task syz.0.23/6042
[ 129.863451][ T6042]
[ 129.865785][ T6042] CPU: 0 UID: 0 PID: 6042 Comm: syz.0.23 Tainted: G B syzkaller #0 PREEMPT(full)
[ 129.865836][ T6042] Tainted: [B]=BAD_PAGE
[ 129.865848][ T6042] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[ 129.865869][ T6042] Call Trace:
[ 129.865880][ T6042]
[ 129.865893][ T6042] dump_stack_lvl+0x116/0x1f0
[ 129.865951][ T6042] print_report+0xcd/0x630
[ 129.865995][ T6042] ? srso_alias_return_thunk+0x5/0xfbef5
[ 129.866039][ T6042] ? __virt_addr_valid+0x81/0x610
[ 129.866079][ T6042] ? exfat_nls_to_ucs2+0x706/0x730
[ 129.866113][ T6042] kasan_report+0xe0/0x110
[ 129.866158][ T6042] ? exfat_nls_to_ucs2+0x706/0x730
[ 129.866196][ T6042] exfat_nls_to_ucs2+0x706/0x730
[ 129.866250][ T6042] ? __pfx_exfat_nls_to_ucs2+0x10/0x10
[ 129.866315][ T6042] ? __might_fault+0xe3/0x190
[ 129.866347][ T6042] ? srso_alias_return_thunk+0x5/0xfbef5
[ 129.866390][ T6042] ? rcu_is_watching+0x12/0xc0
[ 129.866423][ T6042] ? srso_alias_return_thunk+0x5/0xfbef5
[ 129.866465][ T6042] ? lock_release+0x201/0x2f0
[ 129.866513][ T6042] exfat_nls_to_utf16+0xa6/0xf0
[ 129.866549][ T6042] exfat_ioctl_set_volume_label+0x15d/0x230
[ 129.866590][ T6042] ? __pfx_exfat_ioctl_set_volume_label+0x10/0x10
[ 129.866631][ T6042] ? __sanitizer_cov_trace_switch+0x54/0x90
[ 129.866723][ T6042] ? srso_alias_return_thunk+0x5/0xfbef5
[ 129.866766][ T6042] ? rcu_is_watching+0x12/0xc0
[ 129.866798][ T6042] ? srso_alias_return_thunk+0x5/0xfbef5
[ 129.866845][ T6042] ? trace_irq_enable.constprop.0+0xd4/0x120
[ 129.866882][ T6042] ? srso_alias_return_thunk+0x5/0xfbef5
[ 129.866947][ T6042] ? srso_alias_return_thunk+0x5/0xfbef5
[ 129.866990][ T6042] ? __sanitizer_cov_trace_switch+0x54/0x90
[ 129.867052][ T6042] exfat_ioctl+0x929/0x1630
[ 129.867094][ T6042] ? __pfx_exfat_ioctl+0x10/0x10
[ 129.867131][ T6042] ? __pfx_do_sys_openat2+0x10/0x10
[ 129.867185][ T6042] ? srso_alias_return_thunk+0x5/0xfbef5
[ 129.867234][ T6042] ? srso_alias_return_thunk+0x5/0xfbef5
[ 129.867277][ T6042] ? hook_file_ioctl_common+0x145/0x410
[ 129.867328][ T6042] ? srso_alias_return_thunk+0x5/0xfbef5
[ 129.867372][ T6042] ? __pfx___x64_sys_futex+0x10/0x10
[ 129.867421][ T6042] ? __pfx_exfat_ioctl+0x10/0x10
[ 129.867461][ T6042] __x64_sys_ioctl+0x18e/0x210
[ 129.867519][ T6042] do_syscall_64+0xcd/0xfa0
[ 129.867576][ T6042] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 129.867612][ T6042] RIP: 0033:0x7fe42fd8eec9
[ 129.867638][ T6042] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 129.867673][ T6042] RSP: 002b:00007fffed42a368 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 129.867706][ T6042] RAX: ffffffffffffffda RBX: 00007fe42ffe5fa0 RCX: 00007fe42fd8eec9
[ 129.867731][ T6042] RDX: 00002000000001c0 RSI: 0000000041009432 RDI: 0000000000000004
[ 129.867754][ T6042] RBP: 00007fe42fe11f91 R08: 0000000000000000 R09: 0000000000000000
[ 129.867776][ T6042] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 129.867798][ T6042] R13: 00007fe42ffe5fa0 R14: 00007fe42ffe5fa0 R15: 0000000000000003
[ 129.867830][ T6042]
[ 129.867842][ T6042]
[ 130.169955][ T6042] The buggy address belongs to stack of task syz.0.23/6042
[ 130.177139][ T6042] and is located at offset 960 in frame:
[ 130.182841][ T6042] exfat_ioctl_set_volume_label+0x0/0x230
[ 130.188571][ T6042]
[ 130.190879][ T6042] This frame has 3 objects:
[ 130.195369][ T6042] [32, 36) 'lossy'
[ 130.195390][ T6042] [48, 568) 'uniname'
[ 130.199187][ T6042] [704, 960) 'label'
[ 130.203243][ T6042]
[ 130.209500][ T6042] The buggy address belongs to a 8-page vmalloc region starting at 0xffffc900030c0000 allocated at kernel_clone+0xfc/0x930
[ 130.222285][ T6042] The buggy address belongs to the physical page:
[ 130.228688][ T6042] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff888000000000 pfn:0x7489c
[ 130.238746][ T6042] memcg:ffff888031b53b02
[ 130.242976][ T6042] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[ 130.250092][ T6042] raw: 00fff00000000000 0000000000000000 dead000000000122 0000000000000000
[ 130.258677][ T6042] raw: ffff888000000000 0000000000000000 00000001ffffffff ffff888031b53b02
[ 130.267253][ T6042] page dumped because: kasan: bad access detected
[ 130.273653][ T6042] page_owner tracks the page as allocated
[ 130.279352][ T6042] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2dc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_ZERO|__GFP_NOWARN), pid 6024, tgid 6024 (dhcpcd-run-hook), ts 126880279174, free_ts 126834369285
[ 130.298991][ T6042] post_alloc_hook+0x1c0/0x230
[ 130.303782][ T6042] get_page_from_freelist+0x10a3/0x3a30
[ 130.309349][ T6042] __alloc_frozen_pages_noprof+0x25f/0x2470
[ 130.315243][ T6042] alloc_pages_mpol+0x1fb/0x550
[ 130.320107][ T6042] alloc_pages_noprof+0x131/0x390
[ 130.325143][ T6042] __vmalloc_node_range_noprof+0x6f8/0x1480
[ 130.331051][ T6042] __vmalloc_node_noprof+0xad/0xf0
[ 130.336175][ T6042] copy_process+0x2c77/0x76a0
[ 130.340855][ T6042] kernel_clone+0xfc/0x930
[ 130.345274][ T6042] __do_sys_clone+0xce/0x120
[ 130.349866][ T6042] do_syscall_64+0xcd/0xfa0
[ 130.354388][ T6042] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 130.360294][ T6042] page last free pid 15 tgid 15 stack trace:
[ 130.366269][ T6042] __free_frozen_pages+0x7df/0x1160
[ 130.371488][ T6042] tlb_remove_table_rcu+0x121/0x320
[ 130.376705][ T6042] rcu_core+0x79c/0x1530
[ 130.380969][ T6042] handle_softirqs+0x219/0x8e0
[ 130.385753][ T6042] run_ksoftirqd+0x3a/0x60
[ 130.390193][ T6042] smpboot_thread_fn+0x3f7/0xae0
[ 130.395140][ T6042] kthread+0x3c5/0x780
[ 130.399225][ T6042] ret_from_fork+0x675/0x7d0
[ 130.403825][ T6042] ret_from_fork_asm+0x1a/0x30
[ 130.408598][ T6042]
[ 130.410911][ T6042] Memory state around the buggy address:
[ 130.416529][ T6042] ffffc900030c7b80: f2 f2 f2 f2 f2 f2 f2 f2 f2 00 00 00 00 00 00 00
[ 130.424589][ T6042] ffffc900030c7c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 130.432653][ T6042] >ffffc900030c7c80: 00 00 00 00 00 00 00 00 00 f3 f3 f3 f3 f3 f3 f3
[ 130.440706][ T6042] ^
[ 130.447110][ T6042] ffffc900030c7d00: f3 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 130.455169][ T6042] ffffc900030c7d80: 00 00 00 00 f1 f1 f1 f1 f1 f1 00 00 00 f2 f2 f2
[ 130.463229][ T6042] ==================================================================
[ 130.471607][ T52] Bluetooth: hci0: command tx timeout
[ 130.508264][ T6043] loop0: detected capacity change from 0 to 256
[ 130.523991][ T6043] exfat: Deprecated parameter 'namecase'
[ 130.536489][ T6043] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x5441951d, utbl_chksum : 0xe619d30d)
[ 130.550663][ T6043] ==================================================================
[ 130.558733][ T6043] BUG: KASAN: stack-out-of-bounds in exfat_nls_to_ucs2+0x706/0x730
[ 130.566643][ T6043] Read of size 1 at addr ffffc90003107cc8 by task syz.0.24/6043
[ 130.574287][ T6043]
[ 130.576620][ T6043] CPU: 0 UID: 0 PID: 6043 Comm: syz.0.24 Tainted: G B syzkaller #0 PREEMPT(full)
[ 130.576671][ T6043] Tainted: [B]=BAD_PAGE
[ 130.576684][ T6043] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[ 130.576706][ T6043] Call Trace:
[ 130.576717][ T6043]
[ 130.576729][ T6043] dump_stack_lvl+0x116/0x1f0
[ 130.576787][ T6043] print_report+0xcd/0x630
[ 130.576830][ T6043] ? srso_alias_return_thunk+0x5/0xfbef5
[ 130.576875][ T6043] ? __virt_addr_valid+0x81/0x610
[ 130.576916][ T6043] ? exfat_nls_to_ucs2+0x706/0x730
[ 130.576948][ T6043] kasan_report+0xe0/0x110
[ 130.576994][ T6043] ? exfat_nls_to_ucs2+0x706/0x730
[ 130.577032][ T6043] exfat_nls_to_ucs2+0x706/0x730
[ 130.577070][ T6043] ? __pfx_exfat_nls_to_ucs2+0x10/0x10
[ 130.577137][ T6043] ? __might_fault+0xe3/0x190
[ 130.577169][ T6043] ? srso_alias_return_thunk+0x5/0xfbef5
[ 130.577212][ T6043] ? rcu_is_watching+0x12/0xc0
[ 130.577246][ T6043] ? srso_alias_return_thunk+0x5/0xfbef5
[ 130.577288][ T6043] ? lock_release+0x201/0x2f0
[ 130.577336][ T6043] exfat_nls_to_utf16+0xa6/0xf0
[ 130.577373][ T6043] exfat_ioctl_set_volume_label+0x15d/0x230
[ 130.577414][ T6043] ? __pfx_exfat_ioctl_set_volume_label+0x10/0x10
[ 130.577465][ T6043] ? __sanitizer_cov_trace_switch+0x54/0x90
[ 130.577558][ T6043] ? srso_alias_return_thunk+0x5/0xfbef5
[ 130.577601][ T6043] ? rcu_is_watching+0x12/0xc0
[ 130.577633][ T6043] ? srso_alias_return_thunk+0x5/0xfbef5
[ 130.577676][ T6043] ? trace_irq_enable.constprop.0+0xd4/0x120
[ 130.577712][ T6043] ? srso_alias_return_thunk+0x5/0xfbef5
[ 130.577775][ T6043] ? srso_alias_return_thunk+0x5/0xfbef5
[ 130.577819][ T6043] ? __sanitizer_cov_trace_switch+0x54/0x90
[ 130.577882][ T6043] exfat_ioctl+0x929/0x1630
[ 130.577935][ T6043] ? __pfx_exfat_ioctl+0x10/0x10
[ 130.577973][ T6043] ? __pfx_do_sys_openat2+0x10/0x10
[ 130.578026][ T6043] ? srso_alias_return_thunk+0x5/0xfbef5
[ 130.578069][ T6043] ? srso_alias_return_thunk+0x5/0xfbef5
[ 130.578112][ T6043] ? hook_file_ioctl_common+0x145/0x410
[ 130.578164][ T6043] ? srso_alias_return_thunk+0x5/0xfbef5
[ 130.578208][ T6043] ? __pfx___x64_sys_futex+0x10/0x10
[ 130.578257][ T6043] ? __pfx_exfat_ioctl+0x10/0x10
[ 130.578298][ T6043] __x64_sys_ioctl+0x18e/0x210
[ 130.578356][ T6043] do_syscall_64+0xcd/0xfa0
[ 130.578414][ T6043] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 130.578450][ T6043] RIP: 0033:0x7fe42fd8eec9
[ 130.578483][ T6043] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 130.578518][ T6043] RSP: 002b:00007fffed42a368 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 130.578552][ T6043] RAX: ffffffffffffffda RBX: 00007fe42ffe5fa0 RCX: 00007fe42fd8eec9
[ 130.578576][ T6043] RDX: 00002000000001c0 RSI: 0000000041009432 RDI: 0000000000000004
[ 130.578598][ T6043] RBP: 00007fe42fe11f91 R08: 0000000000000000 R09: 0000000000000000
[ 130.578621][ T6043] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 130.578643][ T6043] R13: 00007fe42ffe5fa0 R14: 00007fe42ffe5fa0 R15: 0000000000000003
[ 130.578679][ T6043]
[ 130.578691][ T6043]
[ 130.880851][ T6043] The buggy address belongs to stack of task syz.0.24/6043
[ 130.888037][ T6043] and is located at offset 960 in frame:
[ 130.893742][ T6043] exfat_ioctl_set_volume_label+0x0/0x230
[ 130.899476][ T6043]
[ 130.901787][ T6043] This frame has 3 objects:
[ 130.906280][ T6043] [32, 36) 'lossy'
[ 130.906300][ T6043] [48, 568) 'uniname'
[ 130.910096][ T6043] [704, 960) 'label'
[ 130.914152][ T6043]
[ 130.920411][ T6043] The buggy address belongs to a 8-page vmalloc region starting at 0xffffc90003100000 allocated at kernel_clone+0xfc/0x930
[ 130.933207][ T6043] The buggy address belongs to the physical page:
[ 130.939609][ T6043] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff888000000000 pfn:0x7746a
[ 130.949671][ T6043] memcg:ffff888031b53b02
[ 130.953900][ T6043] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[ 130.961023][ T6043] raw: 00fff00000000000 0000000000000000 dead000000000122 0000000000000000
[ 130.969612][ T6043] raw: ffff888000000000 0000000000000000 00000001ffffffff ffff888031b53b02
[ 130.978189][ T6043] page dumped because: kasan: bad access detected
[ 130.984595][ T6043] page_owner tracks the page as allocated
[ 130.990301][ T6043] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2dc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_ZERO|__GFP_NOWARN), pid 6010, tgid 6010 (dhcpcd-run-hook), ts 125113909073, free_ts 125092796184
[ 131.009938][ T6043] post_alloc_hook+0x1c0/0x230
[ 131.014731][ T6043] get_page_from_freelist+0x10a3/0x3a30
[ 131.020302][ T6043] __alloc_frozen_pages_noprof+0x25f/0x2470
[ 131.026202][ T6043] alloc_pages_mpol+0x1fb/0x550
[ 131.031064][ T6043] alloc_pages_noprof+0x131/0x390
[ 131.036101][ T6043] __vmalloc_node_range_noprof+0x6f8/0x1480
[ 131.042010][ T6043] __vmalloc_node_noprof+0xad/0xf0
[ 131.047228][ T6043] copy_process+0x2c77/0x76a0
[ 131.051906][ T6043] kernel_clone+0xfc/0x930
[ 131.056323][ T6043] __do_sys_clone+0xce/0x120
[ 131.060912][ T6043] do_syscall_64+0xcd/0xfa0
[ 131.065432][ T6043] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 131.071333][ T6043] page last free pid 6020 tgid 6020 stack trace:
[ 131.077647][ T6043] __free_frozen_pages+0x7df/0x1160
[ 131.082858][ T6043] tlb_remove_table_rcu+0x121/0x320
[ 131.088072][ T6043] rcu_core+0x79c/0x1530
[ 131.092333][ T6043] handle_softirqs+0x219/0x8e0
[ 131.097120][ T6043] __irq_exit_rcu+0x109/0x170
[ 131.101818][ T6043] irq_exit_rcu+0x9/0x30
[ 131.106060][ T6043] sysvec_apic_timer_interrupt+0xa4/0xc0
[ 131.111713][ T6043] asm_sysvec_apic_timer_interrupt+0x1a/0x20
[ 131.117697][ T6043]
[ 131.120019][ T6043] Memory state around the buggy address:
[ 131.125638][ T6043] ffffc90003107b80: f2 f2 f2 f2 f2 f2 f2 f2 f2 00 00 00 00 00 00 00
[ 131.133704][ T6043] ffffc90003107c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 131.141762][ T6043] >ffffc90003107c80: 00 00 00 00 00 00 00 00 00 f3 f3 f3 f3 f3 f3 f3
[ 131.149816][ T6043] ^
[ 131.156218][ T6043] ffffc90003107d00: f3 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 131.164275][ T6043] ffffc90003107d80: 00 00 00 00 f1 f1 f1 f1 f1 f1 00 00 00 f2 f2 f2
[ 131.172328][ T6043] ==================================================================
2025/10/12 12:52:43 executed programs: 10
[ 131.230836][ T6044] loop0: detected capacity change from 0 to 256
[ 131.238555][ T6044] exfat: Deprecated parameter 'namecase'
[ 131.253216][ T6044] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x5441951d, utbl_chksum : 0xe619d30d)
[ 131.269638][ T6044] ==================================================================
[ 131.277710][ T6044] BUG: KASAN: stack-out-of-bounds in exfat_nls_to_ucs2+0x706/0x730
[ 131.285622][ T6044] Read of size 1 at addr ffffc9000e30fcc8 by task syz.0.25/6044
[ 131.293259][ T6044]
[ 131.295592][ T6044] CPU: 0 UID: 0 PID: 6044 Comm: syz.0.25 Tainted: G B syzkaller #0 PREEMPT(full)
[ 131.295642][ T6044] Tainted: [B]=BAD_PAGE
[ 131.295655][ T6044] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[ 131.295676][ T6044] Call Trace:
[ 131.295686][ T6044]
[ 131.295698][ T6044] dump_stack_lvl+0x116/0x1f0
[ 131.295755][ T6044] print_report+0xcd/0x630
[ 131.295799][ T6044] ? srso_alias_return_thunk+0x5/0xfbef5
[ 131.295842][ T6044] ? __virt_addr_valid+0x81/0x610
[ 131.295883][ T6044] ? exfat_nls_to_ucs2+0x706/0x730
[ 131.295915][ T6044] kasan_report+0xe0/0x110
[ 131.295961][ T6044] ? exfat_nls_to_ucs2+0x706/0x730
[ 131.295999][ T6044] exfat_nls_to_ucs2+0x706/0x730
[ 131.296038][ T6044] ? __pfx_exfat_nls_to_ucs2+0x10/0x10
[ 131.296130][ T6044] ? __might_fault+0xe3/0x190
[ 131.296163][ T6044] ? srso_alias_return_thunk+0x5/0xfbef5
[ 131.296211][ T6044] ? rcu_is_watching+0x12/0xc0
[ 131.296244][ T6044] ? srso_alias_return_thunk+0x5/0xfbef5
[ 131.296286][ T6044] ? lock_release+0x201/0x2f0
[ 131.296334][ T6044] exfat_nls_to_utf16+0xa6/0xf0
[ 131.296369][ T6044] exfat_ioctl_set_volume_label+0x15d/0x230
[ 131.296410][ T6044] ? __pfx_exfat_ioctl_set_volume_label+0x10/0x10
[ 131.296450][ T6044] ? __sanitizer_cov_trace_switch+0x54/0x90
[ 131.296540][ T6044] ? srso_alias_return_thunk+0x5/0xfbef5
[ 131.296583][ T6044] ? rcu_is_watching+0x12/0xc0
[ 131.296615][ T6044] ? srso_alias_return_thunk+0x5/0xfbef5
[ 131.296657][ T6044] ? trace_irq_enable.constprop.0+0xd4/0x120
[ 131.296694][ T6044] ? srso_alias_return_thunk+0x5/0xfbef5
[ 131.296759][ T6044] ? srso_alias_return_thunk+0x5/0xfbef5
[ 131.296801][ T6044] ? __sanitizer_cov_trace_switch+0x54/0x90
[ 131.296862][ T6044] exfat_ioctl+0x929/0x1630
[ 131.296904][ T6044] ? __pfx_exfat_ioctl+0x10/0x10
[ 131.296941][ T6044] ? __pfx_do_sys_openat2+0x10/0x10
[ 131.296995][ T6044] ? srso_alias_return_thunk+0x5/0xfbef5
[ 131.297038][ T6044] ? srso_alias_return_thunk+0x5/0xfbef5
[ 131.297091][ T6044] ? hook_file_ioctl_common+0x145/0x410
[ 131.297142][ T6044] ? srso_alias_return_thunk+0x5/0xfbef5
[ 131.297186][ T6044] ? __pfx___x64_sys_futex+0x10/0x10
[ 131.297243][ T6044] ? __pfx_exfat_ioctl+0x10/0x10
[ 131.297282][ T6044] __x64_sys_ioctl+0x18e/0x210
[ 131.297340][ T6044] do_syscall_64+0xcd/0xfa0
[ 131.297396][ T6044] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 131.297432][ T6044] RIP: 0033:0x7fe42fd8eec9
[ 131.297459][ T6044] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 131.297494][ T6044] RSP: 002b:00007fffed42a368 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 131.297527][ T6044] RAX: ffffffffffffffda RBX: 00007fe42ffe5fa0 RCX: 00007fe42fd8eec9
[ 131.297551][ T6044] RDX: 00002000000001c0 RSI: 0000000041009432 RDI: 0000000000000004
[ 131.297574][ T6044] RBP: 00007fe42fe11f91 R08: 0000000000000000 R09: 0000000000000000
[ 131.297596][ T6044] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 131.297618][ T6044] R13: 00007fe42ffe5fa0 R14: 00007fe42ffe5fa0 R15: 0000000000000003
[ 131.297653][ T6044]
[ 131.297666][ T6044]
[ 131.600415][ T6044] The buggy address belongs to stack of task syz.0.25/6044
[ 131.607680][ T6044] and is located at offset 960 in frame:
[ 131.613405][ T6044] exfat_ioctl_set_volume_label+0x0/0x230
[ 131.619126][ T6044]
[ 131.621435][ T6044] This frame has 3 objects:
[ 131.625990][ T6044] [32, 36) 'lossy'
[ 131.626010][ T6044] [48, 568) 'uniname'
[ 131.629811][ T6044] [704, 960) 'label'
[ 131.633869][ T6044]
[ 131.640139][ T6044] The buggy address belongs to a vmalloc virtual mapping
[ 131.647153][ T6044] The buggy address belongs to the physical page:
[ 131.653545][ T6044] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x5a9d1
[ 131.662294][ T6044] memcg:ffff888031b53b02
[ 131.666545][ T6044] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[ 131.673652][ T6044] raw: 00fff00000000000 0000000000000000 dead000000000122 0000000000000000
[ 131.682231][ T6044] raw: 0000000000000000 0000000000000000 00000001ffffffff ffff888031b53b02
[ 131.690796][ T6044] page dumped because: kasan: bad access detected
[ 131.697191][ T6044] page_owner tracks the page as allocated
[ 131.702903][ T6044] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2dc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_ZERO|__GFP_NOWARN), pid 5856, tgid 5856 (syz-executor), ts 115514515637, free_ts 115507067194
[ 131.722269][ T6044] post_alloc_hook+0x1c0/0x230
[ 131.727051][ T6044] get_page_from_freelist+0x10a3/0x3a30
[ 131.732608][ T6044] __alloc_frozen_pages_noprof+0x25f/0x2470
[ 131.738494][ T6044] alloc_pages_mpol+0x1fb/0x550
[ 131.743348][ T6044] alloc_pages_noprof+0x131/0x390
[ 131.748374][ T6044] __vmalloc_node_range_noprof+0x6f8/0x1480
[ 131.754271][ T6044] __vmalloc_node_noprof+0xad/0xf0
[ 131.759389][ T6044] copy_process+0x2c77/0x76a0
[ 131.764091][ T6044] kernel_clone+0xfc/0x930
[ 131.768499][ T6044] __do_sys_clone+0xce/0x120
[ 131.773092][ T6044] do_syscall_64+0xcd/0xfa0
[ 131.777602][ T6044] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 131.783503][ T6044] page last free pid 5851 tgid 5851 stack trace:
[ 131.789831][ T6044] __free_frozen_pages+0x7df/0x1160
[ 131.795033][ T6044] vfree+0x1fd/0xb50
[ 131.798927][ T6044] kcov_close+0x34/0x60
[ 131.803089][ T6044] __fput+0x402/0xb70
[ 131.807072][ T6044] task_work_run+0x150/0x240
[ 131.811662][ T6044] do_exit+0x86f/0x2bf0
[ 131.815817][ T6044] do_group_exit+0xd3/0x2a0
[ 131.820313][ T6044] get_signal+0x2671/0x26d0
[ 131.824802][ T6044] arch_do_signal_or_restart+0x8f/0x7c0
[ 131.830355][ T6044] exit_to_user_mode_loop+0x85/0x130
[ 131.835665][ T6044] do_syscall_64+0x426/0xfa0
[ 131.840265][ T6044] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 131.846236][ T6044]
[ 131.848542][ T6044] Memory state around the buggy address:
[ 131.854156][ T6044] ffffc9000e30fb80: f2 f2 f2 f2 f2 f2 f2 f2 f2 00 00 00 00 00 00 00
[ 131.862211][ T6044] ffffc9000e30fc00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 131.870266][ T6044] >ffffc9000e30fc80: 00 00 00 00 00 00 00 00 00 f3 f3 f3 f3 f3 f3 f3
[ 131.878317][ T6044] ^
[ 131.884715][ T6044] ffffc9000e30fd00: f3 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 131.892763][ T6044] ffffc9000e30fd80: 00 00 00 00 f1 f1 f1 f1 f1 f1 00 00 00 f2 f2 f2
[ 131.900812][ T6044] ==================================================================
[ 131.945035][ T6045] loop0: detected capacity change from 0 to 256
[ 131.953478][ T6045] exfat: Deprecated parameter 'namecase'
[ 131.966106][ T6045] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x5441951d, utbl_chksum : 0xe619d30d)
[ 131.982130][ T6045] ==================================================================
[ 131.990214][ T6045] BUG: KASAN: stack-out-of-bounds in exfat_nls_to_ucs2+0x706/0x730
[ 131.998129][ T6045] Read of size 1 at addr ffffc900030e7cc8 by task syz.0.26/6045
[ 132.005763][ T6045]
[ 132.008091][ T6045] CPU: 0 UID: 0 PID: 6045 Comm: syz.0.26 Tainted: G B syzkaller #0 PREEMPT(full)
[ 132.008140][ T6045] Tainted: [B]=BAD_PAGE
[ 132.008154][ T6045] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[ 132.008173][ T6045] Call Trace:
[ 132.008184][ T6045]
[ 132.008195][ T6045] dump_stack_lvl+0x116/0x1f0
[ 132.008251][ T6045] print_report+0xcd/0x630
[ 132.008293][ T6045] ? srso_alias_return_thunk+0x5/0xfbef5
[ 132.008336][ T6045] ? __virt_addr_valid+0x81/0x610
[ 132.008376][ T6045] ? exfat_nls_to_ucs2+0x706/0x730
[ 132.008408][ T6045] kasan_report+0xe0/0x110
[ 132.008459][ T6045] ? exfat_nls_to_ucs2+0x706/0x730
[ 132.008496][ T6045] exfat_nls_to_ucs2+0x706/0x730
[ 132.008533][ T6045] ? __pfx_exfat_nls_to_ucs2+0x10/0x10
[ 132.008597][ T6045] ? __might_fault+0xe3/0x190
[ 132.008629][ T6045] ? srso_alias_return_thunk+0x5/0xfbef5
[ 132.008669][ T6045] ? rcu_is_watching+0x12/0xc0
[ 132.008702][ T6045] ? srso_alias_return_thunk+0x5/0xfbef5
[ 132.008746][ T6045] ? lock_release+0x201/0x2f0
[ 132.008795][ T6045] exfat_nls_to_utf16+0xa6/0xf0
[ 132.008831][ T6045] exfat_ioctl_set_volume_label+0x15d/0x230
[ 132.008872][ T6045] ? __pfx_exfat_ioctl_set_volume_label+0x10/0x10
[ 132.008914][ T6045] ? __sanitizer_cov_trace_switch+0x54/0x90
[ 132.009008][ T6045] ? srso_alias_return_thunk+0x5/0xfbef5
[ 132.009051][ T6045] ? rcu_is_watching+0x12/0xc0
[ 132.009083][ T6045] ? srso_alias_return_thunk+0x5/0xfbef5
[ 132.009127][ T6045] ? trace_irq_enable.constprop.0+0xd4/0x120
[ 132.009165][ T6045] ? srso_alias_return_thunk+0x5/0xfbef5
[ 132.009230][ T6045] ? srso_alias_return_thunk+0x5/0xfbef5
[ 132.009273][ T6045] ? __sanitizer_cov_trace_switch+0x54/0x90
[ 132.009335][ T6045] exfat_ioctl+0x929/0x1630
[ 132.009376][ T6045] ? __pfx_exfat_ioctl+0x10/0x10
[ 132.009413][ T6045] ? __pfx_do_sys_openat2+0x10/0x10
[ 132.009475][ T6045] ? srso_alias_return_thunk+0x5/0xfbef5
[ 132.009517][ T6045] ? srso_alias_return_thunk+0x5/0xfbef5
[ 132.009560][ T6045] ? hook_file_ioctl_common+0x145/0x410
[ 132.009611][ T6045] ? srso_alias_return_thunk+0x5/0xfbef5
[ 132.009654][ T6045] ? __pfx___x64_sys_futex+0x10/0x10
[ 132.009704][ T6045] ? __pfx_exfat_ioctl+0x10/0x10
[ 132.009744][ T6045] __x64_sys_ioctl+0x18e/0x210
[ 132.009796][ T6045] do_syscall_64+0xcd/0xfa0
[ 132.009839][ T6045] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 132.009866][ T6045] RIP: 0033:0x7fe42fd8eec9
[ 132.009886][ T6045] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 132.009912][ T6045] RSP: 002b:00007fffed42a368 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 132.009936][ T6045] RAX: ffffffffffffffda RBX: 00007fe42ffe5fa0 RCX: 00007fe42fd8eec9
[ 132.009954][ T6045] RDX: 00002000000001c0 RSI: 0000000041009432 RDI: 0000000000000004
[ 132.009971][ T6045] RBP: 00007fe42fe11f91 R08: 0000000000000000 R09: 0000000000000000
[ 132.009988][ T6045] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 132.010004][ T6045] R13: 00007fe42ffe5fa0 R14: 00007fe42ffe5fa0 R15: 0000000000000003
[ 132.010030][ T6045]
[ 132.010039][ T6045]
[ 132.312375][ T6045] The buggy address belongs to stack of task syz.0.26/6045
[ 132.319645][ T6045] and is located at offset 960 in frame:
[ 132.325348][ T6045] exfat_ioctl_set_volume_label+0x0/0x230
[ 132.331077][ T6045]
[ 132.333389][ T6045] This frame has 3 objects:
[ 132.337876][ T6045] [32, 36) 'lossy'
[ 132.337897][ T6045] [48, 568) 'uniname'
[ 132.341691][ T6045] [704, 960) 'label'
[ 132.345744][ T6045]
[ 132.352005][ T6045] The buggy address belongs to a 8-page vmalloc region starting at 0xffffc900030e0000 allocated at kernel_clone+0xfc/0x930
[ 132.364800][ T6045] The buggy address belongs to the physical page:
[ 132.371198][ T6045] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff888074844ee0 pfn:0x74844
[ 132.381264][ T6045] memcg:ffff888031b53b02
[ 132.385490][ T6045] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[ 132.392608][ T6045] raw: 00fff00000000000 0000000000000000 dead000000000122 0000000000000000
[ 132.401191][ T6045] raw: ffff888074844ee0 0000000000000000 00000001ffffffff ffff888031b53b02
[ 132.409769][ T6045] page dumped because: kasan: bad access detected
[ 132.416174][ T6045] page_owner tracks the page as allocated
[ 132.421877][ T6045] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2dc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_ZERO|__GFP_NOWARN), pid 6024, tgid 6024 (dhcpcd-run-hook), ts 125984591298, free_ts 125973011464
[ 132.441516][ T6045] post_alloc_hook+0x1c0/0x230
[ 132.446310][ T6045] get_page_from_freelist+0x10a3/0x3a30
[ 132.451884][ T6045] __alloc_frozen_pages_noprof+0x25f/0x2470
[ 132.457777][ T6045] alloc_pages_mpol+0x1fb/0x550
[ 132.462637][ T6045] alloc_pages_noprof+0x131/0x390
[ 132.467672][ T6045] __vmalloc_node_range_noprof+0x6f8/0x1480
[ 132.473580][ T6045] __vmalloc_node_noprof+0xad/0xf0
[ 132.478700][ T6045] copy_process+0x2c77/0x76a0
[ 132.483375][ T6045] kernel_clone+0xfc/0x930
[ 132.487794][ T6045] __do_sys_clone+0xce/0x120
[ 132.492386][ T6045] do_syscall_64+0xcd/0xfa0
[ 132.496908][ T6045] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 132.502801][ T6045] page last free pid 15 tgid 15 stack trace:
[ 132.508771][ T6045] __free_frozen_pages+0x7df/0x1160
[ 132.513999][ T6045] rcu_core+0x79c/0x1530
[ 132.518263][ T6045] handle_softirqs+0x219/0x8e0
[ 132.523044][ T6045] run_ksoftirqd+0x3a/0x60
[ 132.527478][ T6045] smpboot_thread_fn+0x3f7/0xae0
[ 132.532423][ T6045] kthread+0x3c5/0x780
[ 132.536500][ T6045] ret_from_fork+0x675/0x7d0
[ 132.541098][ T6045] ret_from_fork_asm+0x1a/0x30
[ 132.545953][ T6045]
[ 132.548276][ T6045] Memory state around the buggy address:
[ 132.553898][ T6045] ffffc900030e7b80: f2 f2 f2 f2 f2 f2 f2 f2 f2 00 00 00 00 00 00 00
[ 132.562043][ T6045] ffffc900030e7c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 132.570098][ T6045] >ffffc900030e7c80: 00 00 00 00 00 00 00 00 00 f3 f3 f3 f3 f3 f3 f3
[ 132.578150][ T6045] ^
[ 132.584556][ T6045] ffffc900030e7d00: f3 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 132.592613][ T6045] ffffc900030e7d80: 00 00 00 00 f1 f1 f1 f1 f1 f1 00 00 00 f2 f2 f2
[ 132.600749][ T6045] ==================================================================
[ 132.635673][ T6046] loop0: detected capacity change from 0 to 256
[ 132.645276][ T6046] exfat: Deprecated parameter 'namecase'
[ 132.657901][ T6046] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x5441951d, utbl_chksum : 0xe619d30d)
[ 132.671954][ T6046] ==================================================================
[ 132.680020][ T6046] BUG: KASAN: stack-out-of-bounds in exfat_nls_to_ucs2+0x706/0x730
[ 132.687926][ T6046] Read of size 1 at addr ffffc90003107cc8 by task syz.0.27/6046
[ 132.695560][ T6046]
[ 132.697890][ T6046] CPU: 0 UID: 0 PID: 6046 Comm: syz.0.27 Tainted: G B syzkaller #0 PREEMPT(full)
[ 132.697942][ T6046] Tainted: [B]=BAD_PAGE
[ 132.697955][ T6046] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[ 132.697976][ T6046] Call Trace:
[ 132.697987][ T6046]
[ 132.698000][ T6046] dump_stack_lvl+0x116/0x1f0
[ 132.698057][ T6046] print_report+0xcd/0x630
[ 132.698101][ T6046] ? srso_alias_return_thunk+0x5/0xfbef5
[ 132.698147][ T6046] ? __virt_addr_valid+0x81/0x610
[ 132.698187][ T6046] ? exfat_nls_to_ucs2+0x706/0x730
[ 132.698220][ T6046] kasan_report+0xe0/0x110
[ 132.698266][ T6046] ? exfat_nls_to_ucs2+0x706/0x730
[ 132.698305][ T6046] exfat_nls_to_ucs2+0x706/0x730
[ 132.698344][ T6046] ? __pfx_exfat_nls_to_ucs2+0x10/0x10
[ 132.698410][ T6046] ? __might_fault+0xe3/0x190
[ 132.698443][ T6046] ? srso_alias_return_thunk+0x5/0xfbef5
[ 132.698493][ T6046] ? rcu_is_watching+0x12/0xc0
[ 132.698527][ T6046] ? srso_alias_return_thunk+0x5/0xfbef5
[ 132.698570][ T6046] ? lock_release+0x201/0x2f0
[ 132.698618][ T6046] exfat_nls_to_utf16+0xa6/0xf0
[ 132.698655][ T6046] exfat_ioctl_set_volume_label+0x15d/0x230
[ 132.698696][ T6046] ? __pfx_exfat_ioctl_set_volume_label+0x10/0x10
[ 132.698738][ T6046] ? __sanitizer_cov_trace_switch+0x54/0x90
[ 132.698832][ T6046] ? srso_alias_return_thunk+0x5/0xfbef5
[ 132.698876][ T6046] ? rcu_is_watching+0x12/0xc0
[ 132.698909][ T6046] ? srso_alias_return_thunk+0x5/0xfbef5
[ 132.698952][ T6046] ? trace_irq_enable.constprop.0+0xd4/0x120
[ 132.698990][ T6046] ? srso_alias_return_thunk+0x5/0xfbef5
[ 132.699055][ T6046] ? srso_alias_return_thunk+0x5/0xfbef5
[ 132.699099][ T6046] ? __sanitizer_cov_trace_switch+0x54/0x90
[ 132.699163][ T6046] exfat_ioctl+0x929/0x1630
[ 132.699206][ T6046] ? __pfx_exfat_ioctl+0x10/0x10
[ 132.699244][ T6046] ? __pfx_do_sys_openat2+0x10/0x10
[ 132.699299][ T6046] ? srso_alias_return_thunk+0x5/0xfbef5
[ 132.699343][ T6046] ? srso_alias_return_thunk+0x5/0xfbef5
[ 132.699386][ T6046] ? hook_file_ioctl_common+0x145/0x410
[ 132.699438][ T6046] ? srso_alias_return_thunk+0x5/0xfbef5
[ 132.699489][ T6046] ? __pfx___x64_sys_futex+0x10/0x10
[ 132.699539][ T6046] ? __pfx_exfat_ioctl+0x10/0x10
[ 132.699580][ T6046] __x64_sys_ioctl+0x18e/0x210
[ 132.699638][ T6046] do_syscall_64+0xcd/0xfa0
[ 132.699695][ T6046] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 132.699731][ T6046] RIP: 0033:0x7fe42fd8eec9
[ 132.699758][ T6046] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 132.699793][ T6046] RSP: 002b:00007fffed42a368 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 132.699826][ T6046] RAX: ffffffffffffffda RBX: 00007fe42ffe5fa0 RCX: 00007fe42fd8eec9
[ 132.699850][ T6046] RDX: 00002000000001c0 RSI: 0000000041009432 RDI: 0000000000000004
[ 132.699874][ T6046] RBP: 00007fe42fe11f91 R08: 0000000000000000 R09: 0000000000000000
[ 132.699897][ T6046] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 132.699919][ T6046] R13: 00007fe42ffe5fa0 R14: 00007fe42ffe5fa0 R15: 0000000000000003
[ 132.699954][ T6046]
[ 132.699966][ T6046]
[ 133.002766][ T6046] The buggy address belongs to stack of task syz.0.27/6046
[ 133.010086][ T6046] and is located at offset 960 in frame:
[ 133.015789][ T6046] exfat_ioctl_set_volume_label+0x0/0x230
[ 133.021519][ T6046]
[ 133.023832][ T6046] This frame has 3 objects:
[ 133.028321][ T6046] [32, 36) 'lossy'
[ 133.028341][ T6046] [48, 568) 'uniname'
[ 133.032136][ T6046] [704, 960) 'label'
[ 133.036279][ T6046]
[ 133.042542][ T6046] The buggy address belongs to a 8-page vmalloc region starting at 0xffffc90003100000 allocated at kernel_clone+0xfc/0x930
[ 133.055417][ T6046] The buggy address belongs to the physical page:
[ 133.061827][ T6046] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff888000000000 pfn:0x7746a
[ 133.072063][ T6046] memcg:ffff888031b53b02
[ 133.076305][ T6046] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[ 133.083510][ T6046] raw: 00fff00000000000 0000000000000000 dead000000000122 0000000000000000
[ 133.092109][ T6046] raw: ffff888000000000 0000000000000000 00000001ffffffff ffff888031b53b02
[ 133.100681][ T6046] page dumped because: kasan: bad access detected
[ 133.107077][ T6046] page_owner tracks the page as allocated
[ 133.112775][ T6046] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2dc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_ZERO|__GFP_NOWARN), pid 6010, tgid 6010 (dhcpcd-run-hook), ts 125113909073, free_ts 125092796184
[ 133.132585][ T6046] post_alloc_hook+0x1c0/0x230
[ 133.137384][ T6046] get_page_from_freelist+0x10a3/0x3a30
[ 133.142967][ T6046] __alloc_frozen_pages_noprof+0x25f/0x2470
[ 133.148858][ T6046] alloc_pages_mpol+0x1fb/0x550
[ 133.153717][ T6046] alloc_pages_noprof+0x131/0x390
[ 133.158757][ T6046] __vmalloc_node_range_noprof+0x6f8/0x1480
[ 133.164671][ T6046] __vmalloc_node_noprof+0xad/0xf0
[ 133.169793][ T6046] copy_process+0x2c77/0x76a0
[ 133.174468][ T6046] kernel_clone+0xfc/0x930
[ 133.178881][ T6046] __do_sys_clone+0xce/0x120
[ 133.183471][ T6046] do_syscall_64+0xcd/0xfa0
[ 133.187990][ T6046] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 133.193880][ T6046] page last free pid 6020 tgid 6020 stack trace:
[ 133.200369][ T6046] __free_frozen_pages+0x7df/0x1160
[ 133.205583][ T6046] tlb_remove_table_rcu+0x121/0x320
[ 133.210796][ T6046] rcu_core+0x79c/0x1530
[ 133.215053][ T6046] handle_softirqs+0x219/0x8e0
[ 133.219923][ T6046] __irq_exit_rcu+0x109/0x170
[ 133.224625][ T6046] irq_exit_rcu+0x9/0x30
[ 133.228865][ T6046] sysvec_apic_timer_interrupt+0xa4/0xc0
[ 133.234514][ T6046] asm_sysvec_apic_timer_interrupt+0x1a/0x20
[ 133.240586][ T6046]
[ 133.242897][ T6046] Memory state around the buggy address:
[ 133.248514][ T6046] ffffc90003107b80: f2 f2 f2 f2 f2 f2 f2 f2 f2 00 00 00 00 00 00 00
[ 133.256566][ T6046] ffffc90003107c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 133.264657][ T6046] >ffffc90003107c80: 00 00 00 00 00 00 00 00 00 f3 f3 f3 f3 f3 f3 f3
[ 133.272707][ T6046] ^
[ 133.279107][ T6046] ffffc90003107d00: f3 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 133.287162][ T6046] ffffc90003107d80: 00 00 00 00 f1 f1 f1 f1 f1 f1 00 00 00 f2 f2 f2
[ 133.295215][ T6046] ==================================================================
[ 133.331108][ T6047] loop0: detected capacity change from 0 to 256
[ 133.341879][ T6047] exfat: Deprecated parameter 'namecase'
[ 133.371145][ T6047] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x5441951d, utbl_chksum : 0xe619d30d)
[ 133.385531][ T6047] ==================================================================
[ 133.393597][ T6047] BUG: KASAN: stack-out-of-bounds in exfat_nls_to_ucs2+0x706/0x730
[ 133.401509][ T6047] Read of size 1 at addr ffffc900030e7cc8 by task syz.0.28/6047
[ 133.409146][ T6047]
[ 133.411483][ T6047] CPU: 0 UID: 0 PID: 6047 Comm: syz.0.28 Tainted: G B syzkaller #0 PREEMPT(full)
[ 133.411535][ T6047] Tainted: [B]=BAD_PAGE
[ 133.411548][ T6047] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[ 133.411569][ T6047] Call Trace:
[ 133.411580][ T6047]
[ 133.411592][ T6047] dump_stack_lvl+0x116/0x1f0
[ 133.411650][ T6047] print_report+0xcd/0x630
[ 133.411694][ T6047] ? srso_alias_return_thunk+0x5/0xfbef5
[ 133.411738][ T6047] ? __virt_addr_valid+0x81/0x610
[ 133.411778][ T6047] ? exfat_nls_to_ucs2+0x706/0x730
[ 133.411811][ T6047] kasan_report+0xe0/0x110
[ 133.411857][ T6047] ? exfat_nls_to_ucs2+0x706/0x730
[ 133.411895][ T6047] exfat_nls_to_ucs2+0x706/0x730
[ 133.411934][ T6047] ? __pfx_exfat_nls_to_ucs2+0x10/0x10
[ 133.412000][ T6047] ? __might_fault+0xe3/0x190
[ 133.412032][ T6047] ? srso_alias_return_thunk+0x5/0xfbef5
[ 133.412091][ T6047] ? rcu_is_watching+0x12/0xc0
[ 133.412125][ T6047] ? srso_alias_return_thunk+0x5/0xfbef5
[ 133.412168][ T6047] ? lock_release+0x201/0x2f0
[ 133.412217][ T6047] exfat_nls_to_utf16+0xa6/0xf0
[ 133.412253][ T6047] exfat_ioctl_set_volume_label+0x15d/0x230
[ 133.412296][ T6047] ? __pfx_exfat_ioctl_set_volume_label+0x10/0x10
[ 133.412338][ T6047] ? __sanitizer_cov_trace_switch+0x54/0x90
[ 133.412447][ T6047] ? srso_alias_return_thunk+0x5/0xfbef5
[ 133.412497][ T6047] ? rcu_is_watching+0x12/0xc0
[ 133.412530][ T6047] ? srso_alias_return_thunk+0x5/0xfbef5
[ 133.412574][ T6047] ? trace_irq_enable.constprop.0+0xd4/0x120
[ 133.412612][ T6047] ? srso_alias_return_thunk+0x5/0xfbef5
[ 133.412678][ T6047] ? srso_alias_return_thunk+0x5/0xfbef5
[ 133.412722][ T6047] ? __sanitizer_cov_trace_switch+0x54/0x90
[ 133.412785][ T6047] exfat_ioctl+0x929/0x1630
[ 133.412827][ T6047] ? __pfx_exfat_ioctl+0x10/0x10
[ 133.412866][ T6047] ? __pfx_do_sys_openat2+0x10/0x10
[ 133.412921][ T6047] ? srso_alias_return_thunk+0x5/0xfbef5
[ 133.412965][ T6047] ? srso_alias_return_thunk+0x5/0xfbef5
[ 133.413009][ T6047] ? hook_file_ioctl_common+0x145/0x410
[ 133.413060][ T6047] ? srso_alias_return_thunk+0x5/0xfbef5
[ 133.413104][ T6047] ? __pfx___x64_sys_futex+0x10/0x10
[ 133.413155][ T6047] ? __pfx_exfat_ioctl+0x10/0x10
[ 133.413196][ T6047] __x64_sys_ioctl+0x18e/0x210
[ 133.413255][ T6047] do_syscall_64+0xcd/0xfa0
[ 133.413313][ T6047] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 133.413349][ T6047] RIP: 0033:0x7fe42fd8eec9
[ 133.413375][ T6047] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 133.413411][ T6047] RSP: 002b:00007fffed42a368 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 133.413444][ T6047] RAX: ffffffffffffffda RBX: 00007fe42ffe5fa0 RCX: 00007fe42fd8eec9
[ 133.413477][ T6047] RDX: 00002000000001c0 RSI: 0000000041009432 RDI: 0000000000000004
[ 133.413500][ T6047] RBP: 00007fe42fe11f91 R08: 0000000000000000 R09: 0000000000000000
[ 133.413523][ T6047] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 133.413546][ T6047] R13: 00007fe42ffe5fa0 R14: 00007fe42ffe5fa0 R15: 0000000000000003
[ 133.413581][ T6047]
[ 133.413594][ T6047]
[ 133.716173][ T6047] The buggy address belongs to stack of task syz.0.28/6047
[ 133.723359][ T6047] and is located at offset 960 in frame:
[ 133.729060][ T6047] exfat_ioctl_set_volume_label+0x0/0x230
[ 133.734788][ T6047]
[ 133.737101][ T6047] This frame has 3 objects:
[ 133.741592][ T6047] [32, 36) 'lossy'
[ 133.741614][ T6047] [48, 568) 'uniname'
[ 133.745417][ T6047] [704, 960) 'label'
[ 133.749473][ T6047]
[ 133.755901][ T6047] The buggy address belongs to a 8-page vmalloc region starting at 0xffffc900030e0000 allocated at kernel_clone+0xfc/0x930
[ 133.768681][ T6047] The buggy address belongs to the physical page:
[ 133.775079][ T6047] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff888074844ee0 pfn:0x74844
[ 133.785141][ T6047] memcg:ffff888031b53b02
[ 133.789370][ T6047] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[ 133.796487][ T6047] raw: 00fff00000000000 0000000000000000 dead000000000122 0000000000000000
[ 133.805084][ T6047] raw: ffff888074844ee0 0000000000000000 00000001ffffffff ffff888031b53b02
[ 133.813664][ T6047] page dumped because: kasan: bad access detected
[ 133.820065][ T6047] page_owner tracks the page as allocated
[ 133.825780][ T6047] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2dc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_ZERO|__GFP_NOWARN), pid 6024, tgid 6024 (dhcpcd-run-hook), ts 125984591298, free_ts 125973011464
[ 133.845428][ T6047] post_alloc_hook+0x1c0/0x230
[ 133.850221][ T6047] get_page_from_freelist+0x10a3/0x3a30
[ 133.855788][ T6047] __alloc_frozen_pages_noprof+0x25f/0x2470
[ 133.861682][ T6047] alloc_pages_mpol+0x1fb/0x550
[ 133.866543][ T6047] alloc_pages_noprof+0x131/0x390
[ 133.871575][ T6047] __vmalloc_node_range_noprof+0x6f8/0x1480
[ 133.877658][ T6047] __vmalloc_node_noprof+0xad/0xf0
[ 133.882780][ T6047] copy_process+0x2c77/0x76a0
[ 133.887459][ T6047] kernel_clone+0xfc/0x930
[ 133.891870][ T6047] __do_sys_clone+0xce/0x120
[ 133.896456][ T6047] do_syscall_64+0xcd/0xfa0
[ 133.900987][ T6047] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 133.906967][ T6047] page last free pid 15 tgid 15 stack trace:
[ 133.912935][ T6047] __free_frozen_pages+0x7df/0x1160
[ 133.918149][ T6047] rcu_core+0x79c/0x1530
[ 133.922410][ T6047] handle_softirqs+0x219/0x8e0
[ 133.927197][ T6047] run_ksoftirqd+0x3a/0x60
[ 133.931633][ T6047] smpboot_thread_fn+0x3f7/0xae0
[ 133.936577][ T6047] kthread+0x3c5/0x780
[ 133.940652][ T6047] ret_from_fork+0x675/0x7d0
[ 133.945338][ T6047] ret_from_fork_asm+0x1a/0x30
[ 133.950108][ T6047]
[ 133.952420][ T6047] Memory state around the buggy address:
[ 133.958041][ T6047] ffffc900030e7b80: f2 f2 f2 f2 f2 f2 f2 f2 f2 00 00 00 00 00 00 00
[ 133.966184][ T6047] ffffc900030e7c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 133.974241][ T6047] >ffffc900030e7c80: 00 00 00 00 00 00 00 00 00 f3 f3 f3 f3 f3 f3 f3
[ 133.982293][ T6047] ^
[ 133.988701][ T6047] ffffc900030e7d00: f3 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 133.996843][ T6047] ffffc900030e7d80: 00 00 00 00 f1 f1 f1 f1 f1 f1 00 00 00 f2 f2 f2
[ 134.004894][ T6047] ==================================================================
[ 134.066469][ T6050] loop0: detected capacity change from 0 to 256
[ 134.087035][ T6050] exfat: Deprecated parameter 'namecase'
[ 134.099121][ T6050] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x5441951d, utbl_chksum : 0xe619d30d)
[ 134.126034][ T6050] ==================================================================
[ 134.134138][ T6050] BUG: KASAN: stack-out-of-bounds in exfat_nls_to_ucs2+0x706/0x730
[ 134.142043][ T6050] Read of size 1 at addr ffffc900030b7cc8 by task syz.0.29/6050
[ 134.149680][ T6050]
[ 134.152000][ T6050] CPU: 0 UID: 0 PID: 6050 Comm: syz.0.29 Tainted: G B syzkaller #0 PREEMPT(full)
[ 134.152039][ T6050] Tainted: [B]=BAD_PAGE
[ 134.152049][ T6050] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[ 134.152065][ T6050] Call Trace:
[ 134.152089][ T6050]
[ 134.152101][ T6050] dump_stack_lvl+0x116/0x1f0
[ 134.152146][ T6050] print_report+0xcd/0x630
[ 134.152180][ T6050] ? srso_alias_return_thunk+0x5/0xfbef5
[ 134.152214][ T6050] ? __virt_addr_valid+0x81/0x610
[ 134.152244][ T6050] ? exfat_nls_to_ucs2+0x706/0x730
[ 134.152269][ T6050] kasan_report+0xe0/0x110
[ 134.152303][ T6050] ? exfat_nls_to_ucs2+0x706/0x730
[ 134.152332][ T6050] exfat_nls_to_ucs2+0x706/0x730
[ 134.152361][ T6050] ? __pfx_exfat_nls_to_ucs2+0x10/0x10
[ 134.152411][ T6050] ? __might_fault+0xe3/0x190
[ 134.152435][ T6050] ? srso_alias_return_thunk+0x5/0xfbef5
[ 134.152467][ T6050] ? rcu_is_watching+0x12/0xc0
[ 134.152492][ T6050] ? srso_alias_return_thunk+0x5/0xfbef5
[ 134.152528][ T6050] ? lock_release+0x201/0x2f0
[ 134.152565][ T6050] exfat_nls_to_utf16+0xa6/0xf0
[ 134.152592][ T6050] exfat_ioctl_set_volume_label+0x15d/0x230
[ 134.152623][ T6050] ? __pfx_exfat_ioctl_set_volume_label+0x10/0x10
[ 134.152654][ T6050] ? __sanitizer_cov_trace_switch+0x54/0x90
[ 134.152724][ T6050] ? srso_alias_return_thunk+0x5/0xfbef5
[ 134.152756][ T6050] ? rcu_is_watching+0x12/0xc0
[ 134.152780][ T6050] ? srso_alias_return_thunk+0x5/0xfbef5
[ 134.152812][ T6050] ? trace_irq_enable.constprop.0+0xd4/0x120
[ 134.152840][ T6050] ? srso_alias_return_thunk+0x5/0xfbef5
[ 134.152889][ T6050] ? srso_alias_return_thunk+0x5/0xfbef5
[ 134.152921][ T6050] ? __sanitizer_cov_trace_switch+0x54/0x90
[ 134.152967][ T6050] exfat_ioctl+0x929/0x1630
[ 134.152999][ T6050] ? __pfx_exfat_ioctl+0x10/0x10
[ 134.153027][ T6050] ? __pfx_do_sys_openat2+0x10/0x10
[ 134.153068][ T6050] ? srso_alias_return_thunk+0x5/0xfbef5
[ 134.153099][ T6050] ? srso_alias_return_thunk+0x5/0xfbef5
[ 134.153131][ T6050] ? hook_file_ioctl_common+0x145/0x410
[ 134.153170][ T6050] ? srso_alias_return_thunk+0x5/0xfbef5
[ 134.153202][ T6050] ? __pfx___x64_sys_futex+0x10/0x10
[ 134.153240][ T6050] ? __pfx_exfat_ioctl+0x10/0x10
[ 134.153270][ T6050] __x64_sys_ioctl+0x18e/0x210
[ 134.153313][ T6050] do_syscall_64+0xcd/0xfa0
[ 134.153356][ T6050] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 134.153383][ T6050] RIP: 0033:0x7fe42fd8eec9
[ 134.153405][ T6050] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 134.153431][ T6050] RSP: 002b:00007fffed42a368 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 134.153455][ T6050] RAX: ffffffffffffffda RBX: 00007fe42ffe5fa0 RCX: 00007fe42fd8eec9
[ 134.153473][ T6050] RDX: 00002000000001c0 RSI: 0000000041009432 RDI: 0000000000000004
[ 134.153490][ T6050] RBP: 00007fe42fe11f91 R08: 0000000000000000 R09: 0000000000000000
[ 134.153506][ T6050] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 134.153523][ T6050] R13: 00007fe42ffe5fa0 R14: 00007fe42ffe5fa0 R15: 0000000000000003
[ 134.153555][ T6050]
[ 134.153564][ T6050]
[ 134.455987][ T6050] The buggy address belongs to stack of task syz.0.29/6050
[ 134.463166][ T6050] and is located at offset 960 in frame:
[ 134.468887][ T6050] exfat_ioctl_set_volume_label+0x0/0x230
[ 134.474606][ T6050]
[ 134.476908][ T6050] This frame has 3 objects:
[ 134.481389][ T6050] [32, 36) 'lossy'
[ 134.481408][ T6050] [48, 568) 'uniname'
[ 134.485209][ T6050] [704, 960) 'label'
[ 134.489261][ T6050]
[ 134.495513][ T6050] The buggy address belongs to a 8-page vmalloc region starting at 0xffffc900030b0000 allocated at kernel_clone+0xfc/0x930
[ 134.508314][ T6050] The buggy address belongs to the physical page:
[ 134.514707][ T6050] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff88805b2073c0 pfn:0x5b207
[ 134.524760][ T6050] memcg:ffff888031b53b02
[ 134.528982][ T6050] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[ 134.536125][ T6050] raw: 00fff00000000000 0000000000000000 dead000000000122 0000000000000000
[ 134.544714][ T6050] raw: ffff88805b2073c0 0000000000000000 00000001ffffffff ffff888031b53b02
[ 134.553291][ T6050] page dumped because: kasan: bad access detected
[ 134.559687][ T6050] page_owner tracks the page as allocated
[ 134.565383][ T6050] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2dc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_ZERO|__GFP_NOWARN), pid 5488, tgid 5488 (dhcpcd), ts 134019195526, free_ts 131221863875
[ 134.584221][ T6050] post_alloc_hook+0x1c0/0x230
[ 134.588993][ T6050] get_page_from_freelist+0x10a3/0x3a30
[ 134.594548][ T6050] __alloc_frozen_pages_noprof+0x25f/0x2470
[ 134.600458][ T6050] alloc_pages_mpol+0x1fb/0x550
[ 134.605310][ T6050] alloc_pages_noprof+0x131/0x390
[ 134.610338][ T6050] __vmalloc_node_range_noprof+0x6f8/0x1480
[ 134.616240][ T6050] __vmalloc_node_noprof+0xad/0xf0
[ 134.621355][ T6050] copy_process+0x2c77/0x76a0
[ 134.626024][ T6050] kernel_clone+0xfc/0x930
[ 134.630432][ T6050] __do_sys_clone+0xce/0x120
[ 134.635020][ T6050] do_syscall_64+0xcd/0xfa0
[ 134.639532][ T6050] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 134.645420][ T6050] page last free pid 5193 tgid 5193 stack trace:
[ 134.651730][ T6050] __free_frozen_pages+0x7df/0x1160
[ 134.656931][ T6050] tlb_remove_table_rcu+0x121/0x320
[ 134.662171][ T6050] rcu_core+0x79c/0x1530
[ 134.666424][ T6050] handle_softirqs+0x219/0x8e0
[ 134.671193][ T6050] __irq_exit_rcu+0x109/0x170
[ 134.675882][ T6050] irq_exit_rcu+0x9/0x30
[ 134.680110][ T6050] sysvec_apic_timer_interrupt+0x57/0xc0
[ 134.685769][ T6050] asm_sysvec_apic_timer_interrupt+0x1a/0x20
[ 134.691745][ T6050]
[ 134.694055][ T6050] Memory state around the buggy address:
[ 134.699664][ T6050] ffffc900030b7b80: f2 f2 f2 f2 f2 f2 f2 f2 f2 00 00 00 00 00 00 00
[ 134.707735][ T6050] ffffc900030b7c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 134.715786][ T6050] >ffffc900030b7c80: 00 00 00 00 00 00 00 00 00 f3 f3 f3 f3 f3 f3 f3
[ 134.724003][ T6050] ^
[ 134.730416][ T6050] ffffc900030b7d00: f3 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 134.738489][ T6050] ffffc900030b7d80: 00 00 00 00 f1 f1 f1 f1 f1 f1 00 00 00 f2 f2 f2
[ 134.746560][ T6050] ==================================================================
[ 134.806777][ T6053] loop0: detected capacity change from 0 to 256
[ 134.818677][ T6053] exfat: Deprecated parameter 'namecase'
[ 134.843734][ T6053] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x5441951d, utbl_chksum : 0xe619d30d)
[ 134.857580][ T6053] ==================================================================
[ 134.865649][ T6053] BUG: KASAN: stack-out-of-bounds in exfat_nls_to_ucs2+0x706/0x730
[ 134.873552][ T6053] Read of size 1 at addr ffffc9000e30fcc8 by task syz.0.30/6053
[ 134.881354][ T6053]
[ 134.883936][ T6053] CPU: 0 UID: 0 PID: 6053 Comm: syz.0.30 Tainted: G B syzkaller #0 PREEMPT(full)
[ 134.883982][ T6053] Tainted: [B]=BAD_PAGE
[ 134.883993][ T6053] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[ 134.884012][ T6053] Call Trace:
[ 134.884024][ T6053]
[ 134.884035][ T6053] dump_stack_lvl+0x116/0x1f0
[ 134.884087][ T6053] print_report+0xcd/0x630
[ 134.884126][ T6053] ? srso_alias_return_thunk+0x5/0xfbef5
[ 134.884166][ T6053] ? __virt_addr_valid+0x81/0x610
[ 134.884203][ T6053] ? exfat_nls_to_ucs2+0x706/0x730
[ 134.884238][ T6053] kasan_report+0xe0/0x110
[ 134.884279][ T6053] ? exfat_nls_to_ucs2+0x706/0x730
[ 134.884313][ T6053] exfat_nls_to_ucs2+0x706/0x730
[ 134.884348][ T6053] ? __pfx_exfat_nls_to_ucs2+0x10/0x10
[ 134.884407][ T6053] ? __might_fault+0xe3/0x190
[ 134.884435][ T6053] ? srso_alias_return_thunk+0x5/0xfbef5
[ 134.884474][ T6053] ? rcu_is_watching+0x12/0xc0
[ 134.884504][ T6053] ? srso_alias_return_thunk+0x5/0xfbef5
[ 134.884542][ T6053] ? lock_release+0x201/0x2f0
[ 134.884585][ T6053] exfat_nls_to_utf16+0xa6/0xf0
[ 134.884617][ T6053] exfat_ioctl_set_volume_label+0x15d/0x230
[ 134.884654][ T6053] ? __pfx_exfat_ioctl_set_volume_label+0x10/0x10
[ 134.884691][ T6053] ? __sanitizer_cov_trace_switch+0x54/0x90
[ 134.884774][ T6053] ? srso_alias_return_thunk+0x5/0xfbef5
[ 134.884812][ T6053] ? rcu_is_watching+0x12/0xc0
[ 134.884841][ T6053] ? srso_alias_return_thunk+0x5/0xfbef5
[ 134.884879][ T6053] ? trace_irq_enable.constprop.0+0xd4/0x120
[ 134.884912][ T6053] ? srso_alias_return_thunk+0x5/0xfbef5
[ 134.884970][ T6053] ? srso_alias_return_thunk+0x5/0xfbef5
[ 134.885008][ T6053] ? __sanitizer_cov_trace_switch+0x54/0x90
[ 134.885063][ T6053] exfat_ioctl+0x929/0x1630
[ 134.885101][ T6053] ? __pfx_exfat_ioctl+0x10/0x10
[ 134.885134][ T6053] ? __pfx_do_sys_openat2+0x10/0x10
[ 134.885183][ T6053] ? srso_alias_return_thunk+0x5/0xfbef5
[ 134.885227][ T6053] ? srso_alias_return_thunk+0x5/0xfbef5
[ 134.885265][ T6053] ? hook_file_ioctl_common+0x145/0x410
[ 134.885311][ T6053] ? srso_alias_return_thunk+0x5/0xfbef5
[ 134.885350][ T6053] ? __pfx___x64_sys_futex+0x10/0x10
[ 134.885394][ T6053] ? __pfx_exfat_ioctl+0x10/0x10
[ 134.885430][ T6053] __x64_sys_ioctl+0x18e/0x210
[ 134.885483][ T6053] do_syscall_64+0xcd/0xfa0
[ 134.885534][ T6053] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 134.885566][ T6053] RIP: 0033:0x7fe42fd8eec9
[ 134.885590][ T6053] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 134.885621][ T6053] RSP: 002b:00007fffed42a368 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 134.885651][ T6053] RAX: ffffffffffffffda RBX: 00007fe42ffe5fa0 RCX: 00007fe42fd8eec9
[ 134.885672][ T6053] RDX: 00002000000001c0 RSI: 0000000041009432 RDI: 0000000000000004
[ 134.885693][ T6053] RBP: 00007fe42fe11f91 R08: 0000000000000000 R09: 0000000000000000
[ 134.885713][ T6053] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 134.885732][ T6053] R13: 00007fe42ffe5fa0 R14: 00007fe42ffe5fa0 R15: 0000000000000003
[ 134.885763][ T6053]
[ 134.885774][ T6053]
[ 135.189974][ T6053] The buggy address belongs to stack of task syz.0.30/6053
[ 135.197263][ T6053] and is located at offset 960 in frame:
[ 135.202968][ T6053] exfat_ioctl_set_volume_label+0x0/0x230