[ 101.535348][ T50] cfg80211: failed to load regulatory.db
Warning: Permanently added '10.128.0.229' (ED25519) to the list of known hosts.
2025/10/12 11:05:25 parsed 1 programs
[ 111.251837][ T5837] cgroup: Unknown subsys name 'net'
[ 111.427716][ T5837] cgroup: Unknown subsys name 'cpuset'
[ 111.437745][ T5837] cgroup: Unknown subsys name 'rlimit'
[ 113.201389][ T5837] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k
[ 115.821105][ T5844] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[ 118.779627][ T5890] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 118.790649][ T5890] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 118.799383][ T5890] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 118.809018][ T5890] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 118.817399][ T5890] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 119.196410][ T69] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 119.205596][ T69] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 119.274263][ T61] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 119.283312][ T61] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 120.371343][ T5909] chnl_net:caif_netlink_parms(): no params data found
[ 120.477422][ T5909] bridge0: port 1(bridge_slave_0) entered blocking state
[ 120.484775][ T5909] bridge0: port 1(bridge_slave_0) entered disabled state
[ 120.493819][ T5909] bridge_slave_0: entered allmulticast mode
[ 120.501993][ T5909] bridge_slave_0: entered promiscuous mode
[ 120.513426][ T5909] bridge0: port 2(bridge_slave_1) entered blocking state
[ 120.520524][ T5909] bridge0: port 2(bridge_slave_1) entered disabled state
[ 120.527801][ T5909] bridge_slave_1: entered allmulticast mode
[ 120.535544][ T5909] bridge_slave_1: entered promiscuous mode
[ 120.579706][ T5909] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 120.592285][ T5909] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 120.634992][ T5909] team0: Port device team_slave_0 added
[ 120.644091][ T5909] team0: Port device team_slave_1 added
[ 120.685956][ T5909] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 120.693407][ T5909] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 120.719448][ T5909] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 120.733346][ T5909] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 120.740318][ T5909] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 120.767149][ T5909] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 120.825137][ T5909] hsr_slave_0: entered promiscuous mode
[ 120.832523][ T5909] hsr_slave_1: entered promiscuous mode
[ 121.015316][ T5909] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 121.028491][ T5909] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 121.040143][ T5909] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 121.051097][ T5909] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 121.090167][ T5909] bridge0: port 2(bridge_slave_1) entered blocking state
[ 121.097450][ T5909] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 121.105539][ T5909] bridge0: port 1(bridge_slave_0) entered blocking state
[ 121.112717][ T5909] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 121.179563][ T5909] 8021q: adding VLAN 0 to HW filter on device bond0
[ 121.199356][ T61] bridge0: port 1(bridge_slave_0) entered disabled state
[ 121.208494][ T61] bridge0: port 2(bridge_slave_1) entered disabled state
[ 121.230597][ T5909] 8021q: adding VLAN 0 to HW filter on device team0
[ 121.244648][ T61] bridge0: port 1(bridge_slave_0) entered blocking state
[ 121.251798][ T61] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 121.266872][ T1150] bridge0: port 2(bridge_slave_1) entered blocking state
[ 121.274075][ T1150] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 121.588105][ T5909] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 121.674857][ T5909] veth0_vlan: entered promiscuous mode
[ 121.689051][ T5909] veth1_vlan: entered promiscuous mode
[ 121.722907][ T5909] veth0_macvtap: entered promiscuous mode
[ 121.734260][ T5909] veth1_macvtap: entered promiscuous mode
[ 121.755896][ T5909] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 121.771144][ T5909] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 121.798924][ T61] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 121.809050][ T61] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 121.827030][ T61] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 121.836624][ T1150] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 122.000418][ T69] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 122.070740][ T69] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 122.147742][ T69] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 122.226030][ T69] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
2025/10/12 11:05:42 executed programs: 0
[ 122.743420][ T53] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 122.751178][ T53] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 122.760483][ T53] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 122.769021][ T53] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 122.777714][ T53] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 123.001146][ T5938] chnl_net:caif_netlink_parms(): no params data found
[ 123.105201][ T5938] bridge0: port 1(bridge_slave_0) entered blocking state
[ 123.112530][ T5938] bridge0: port 1(bridge_slave_0) entered disabled state
[ 123.119698][ T5938] bridge_slave_0: entered allmulticast mode
[ 123.127627][ T5938] bridge_slave_0: entered promiscuous mode
[ 123.136221][ T5938] bridge0: port 2(bridge_slave_1) entered blocking state
[ 123.143687][ T5938] bridge0: port 2(bridge_slave_1) entered disabled state
[ 123.150869][ T5938] bridge_slave_1: entered allmulticast mode
[ 123.159309][ T5938] bridge_slave_1: entered promiscuous mode
[ 123.208281][ T5938] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 123.224306][ T5938] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 123.270250][ T5938] team0: Port device team_slave_0 added
[ 123.282806][ T5938] team0: Port device team_slave_1 added
[ 123.323888][ T5938] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 123.330884][ T5938] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 123.357275][ T5938] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 123.373756][ T5938] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 123.380704][ T5938] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 123.406642][ T5938] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 123.468399][ T5938] hsr_slave_0: entered promiscuous mode
[ 123.475205][ T5938] hsr_slave_1: entered promiscuous mode
[ 123.481610][ T5938] debugfs: 'hsr0' already exists in 'hsr'
[ 123.487465][ T5938] Cannot create hsr debugfs directory
[ 124.763455][ T69] bridge_slave_1: left allmulticast mode
[ 124.769211][ T69] bridge_slave_1: left promiscuous mode
[ 124.776710][ T69] bridge0: port 2(bridge_slave_1) entered disabled state
[ 124.788368][ T69] bridge_slave_0: left allmulticast mode
[ 124.795023][ T69] bridge_slave_0: left promiscuous mode
[ 124.800768][ T69] bridge0: port 1(bridge_slave_0) entered disabled state
[ 124.812466][ T5890] Bluetooth: hci0: command tx timeout
[ 125.025870][ T69] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 125.039136][ T69] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 125.049870][ T69] bond0 (unregistering): Released all slaves
[ 125.154918][ T69] hsr_slave_0: left promiscuous mode
[ 125.161139][ T69] hsr_slave_1: left promiscuous mode
[ 125.167825][ T69] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 125.175611][ T69] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 125.185775][ T69] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 125.193503][ T69] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 125.216527][ T69] veth1_macvtap: left promiscuous mode
[ 125.222294][ T69] veth0_macvtap: left promiscuous mode
[ 125.228284][ T69] veth1_vlan: left promiscuous mode
[ 125.235059][ T69] veth0_vlan: left promiscuous mode
[ 125.670817][ T69] team0 (unregistering): Port device team_slave_1 removed
[ 125.709725][ T69] team0 (unregistering): Port device team_slave_0 removed
[ 126.228729][ T5938] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 126.240577][ T5938] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 126.263708][ T5938] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 126.282316][ T5938] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 126.590464][ T5938] 8021q: adding VLAN 0 to HW filter on device bond0
[ 126.619924][ T5938] 8021q: adding VLAN 0 to HW filter on device team0
[ 126.635674][ T13] bridge0: port 1(bridge_slave_0) entered blocking state
[ 126.642883][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 126.676221][ T13] bridge0: port 2(bridge_slave_1) entered blocking state
[ 126.683425][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 126.891660][ T5890] Bluetooth: hci0: command tx timeout
[ 126.960046][ T5938] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 127.017117][ T5938] veth0_vlan: entered promiscuous mode
[ 127.029902][ T5938] veth1_vlan: entered promiscuous mode
[ 127.065521][ T5938] veth0_macvtap: entered promiscuous mode
[ 127.075483][ T5938] veth1_macvtap: entered promiscuous mode
[ 127.096355][ T5938] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 127.113559][ T5938] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 127.128320][ T13] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 127.137415][ T13] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 127.148530][ T13] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 127.157367][ T13] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 127.227115][ T69] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 127.241320][ T69] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 127.273181][ T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 127.281038][ T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 127.343346][ T5986] loop0: detected capacity change from 0 to 256
[ 127.351089][ T5986] exfat: Deprecated parameter 'namecase'
[ 127.377295][ T5986] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x5441951d, utbl_chksum : 0xe619d30d)
[ 127.393803][ T5986] ==================================================================
[ 127.401879][ T5986] BUG: KASAN: stack-out-of-bounds in exfat_nls_to_ucs2+0x706/0x730
[ 127.409879][ T5986] Read of size 1 at addr ffffc90003d0fcc8 by task syz.0.17/5986
[ 127.417514][ T5986]
[ 127.419845][ T5986] CPU: 1 UID: 0 PID: 5986 Comm: syz.0.17 Not tainted syzkaller #0 PREEMPT(full)
[ 127.419888][ T5986] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[ 127.419910][ T5986] Call Trace:
[ 127.419922][ T5986]
[ 127.419934][ T5986] dump_stack_lvl+0x116/0x1f0
[ 127.419993][ T5986] print_report+0xcd/0x630
[ 127.420037][ T5986] ? srso_alias_return_thunk+0x5/0xfbef5
[ 127.420083][ T5986] ? __virt_addr_valid+0x81/0x610
[ 127.420124][ T5986] ? exfat_nls_to_ucs2+0x706/0x730
[ 127.420157][ T5986] kasan_report+0xe0/0x110
[ 127.420203][ T5986] ? exfat_nls_to_ucs2+0x706/0x730
[ 127.420242][ T5986] exfat_nls_to_ucs2+0x706/0x730
[ 127.420282][ T5986] ? __pfx_exfat_nls_to_ucs2+0x10/0x10
[ 127.420314][ T5986] ? srso_alias_return_thunk+0x5/0xfbef5
[ 127.420392][ T5986] ? find_held_lock+0x2b/0x80
[ 127.420450][ T5986] ? __might_fault+0xe3/0x190
[ 127.420482][ T5986] ? __might_fault+0xe3/0x190
[ 127.420514][ T5986] ? srso_alias_return_thunk+0x5/0xfbef5
[ 127.420563][ T5986] exfat_nls_to_utf16+0xa6/0xf0
[ 127.420599][ T5986] exfat_ioctl_set_volume_label+0x15d/0x230
[ 127.420648][ T5986] ? __pfx_exfat_ioctl_set_volume_label+0x10/0x10
[ 127.420689][ T5986] ? __lock_acquire+0xb8a/0x1c90
[ 127.420769][ T5986] ? srso_alias_return_thunk+0x5/0xfbef5
[ 127.420813][ T5986] ? kasan_quarantine_put+0x10a/0x240
[ 127.420851][ T5986] ? srso_alias_return_thunk+0x5/0xfbef5
[ 127.420893][ T5986] ? lockdep_hardirqs_on+0x7c/0x110
[ 127.420947][ T5986] ? srso_alias_return_thunk+0x5/0xfbef5
[ 127.420993][ T5986] ? srso_alias_return_thunk+0x5/0xfbef5
[ 127.421036][ T5986] ? find_held_lock+0x2b/0x80
[ 127.421112][ T5986] ? srso_alias_return_thunk+0x5/0xfbef5
[ 127.421154][ T5986] ? __sanitizer_cov_trace_switch+0x54/0x90
[ 127.421217][ T5986] exfat_ioctl+0x929/0x1630
[ 127.421260][ T5986] ? __pfx_exfat_ioctl+0x10/0x10
[ 127.421298][ T5986] ? __pfx_do_sys_openat2+0x10/0x10
[ 127.421351][ T5986] ? srso_alias_return_thunk+0x5/0xfbef5
[ 127.421393][ T5986] ? srso_alias_return_thunk+0x5/0xfbef5
[ 127.421436][ T5986] ? hook_file_ioctl_common+0x145/0x410
[ 127.421488][ T5986] ? srso_alias_return_thunk+0x5/0xfbef5
[ 127.421532][ T5986] ? __pfx___x64_sys_futex+0x10/0x10
[ 127.421583][ T5986] ? __pfx_exfat_ioctl+0x10/0x10
[ 127.421630][ T5986] __x64_sys_ioctl+0x18e/0x210
[ 127.421689][ T5986] do_syscall_64+0xcd/0xfa0
[ 127.421745][ T5986] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 127.421781][ T5986] RIP: 0033:0x7fe4e2b8eec9
[ 127.421808][ T5986] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 127.421843][ T5986] RSP: 002b:00007ffe7bb2e508 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 127.421876][ T5986] RAX: ffffffffffffffda RBX: 00007fe4e2de5fa0 RCX: 00007fe4e2b8eec9
[ 127.421900][ T5986] RDX: 00002000000001c0 RSI: 0000000041009432 RDI: 0000000000000004
[ 127.421923][ T5986] RBP: 00007fe4e2c11f91 R08: 0000000000000000 R09: 0000000000000000
[ 127.421945][ T5986] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 127.421967][ T5986] R13: 00007fe4e2de5fa0 R14: 00007fe4e2de5fa0 R15: 0000000000000003
[ 127.422002][ T5986]
[ 127.422014][ T5986]
[ 127.727378][ T5986] The buggy address belongs to stack of task syz.0.17/5986
[ 127.734566][ T5986] and is located at offset 960 in frame:
[ 127.740267][ T5986] exfat_ioctl_set_volume_label+0x0/0x230
[ 127.745991][ T5986]
[ 127.748298][ T5986] This frame has 3 objects:
[ 127.752789][ T5986] [32, 36) 'lossy'
[ 127.752815][ T5986] [48, 568) 'uniname'
[ 127.756639][ T5986] [704, 960) 'label'
[ 127.760690][ T5986]
[ 127.766941][ T5986] The buggy address belongs to a vmalloc virtual mapping
[ 127.774129][ T5986] The buggy address belongs to the physical page:
[ 127.780520][ T5986] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x440f7
[ 127.789269][ T5986] memcg:ffff888025d68d82
[ 127.793494][ T5986] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[ 127.800606][ T5986] raw: 00fff00000000000 0000000000000000 dead000000000122 0000000000000000
[ 127.809187][ T5986] raw: 0000000000000000 0000000000000000 00000001ffffffff ffff888025d68d82
[ 127.817754][ T5986] page dumped because: kasan: bad access detected
[ 127.824149][ T5986] page_owner tracks the page as allocated
[ 127.829847][ T5986] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2dc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_ZERO|__GFP_NOWARN), pid 5962, tgid 5962 (dhcpcd-run-hook), ts 126357224602, free_ts 126208698308
[ 127.849469][ T5986] post_alloc_hook+0x1c0/0x230
[ 127.854257][ T5986] get_page_from_freelist+0x10a3/0x3a30
[ 127.859825][ T5986] __alloc_frozen_pages_noprof+0x25f/0x2470
[ 127.865715][ T5986] alloc_pages_mpol+0x1fb/0x550
[ 127.870572][ T5986] alloc_pages_noprof+0x131/0x390
[ 127.875612][ T5986] __vmalloc_node_range_noprof+0x6f8/0x1480
[ 127.881541][ T5986] __vmalloc_node_noprof+0xad/0xf0
[ 127.886661][ T5986] copy_process+0x2c77/0x76a0
[ 127.891334][ T5986] kernel_clone+0xfc/0x930
[ 127.895745][ T5986] __do_sys_clone+0xce/0x120
[ 127.900338][ T5986] do_syscall_64+0xcd/0xfa0
[ 127.904856][ T5986] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 127.910754][ T5986] page last free pid 50 tgid 50 stack trace:
[ 127.916719][ T5986] __free_frozen_pages+0x7df/0x1160
[ 127.921929][ T5986] vfree+0x1fd/0xb50
[ 127.925828][ T5986] delayed_vfree_work+0x56/0x70
[ 127.930689][ T5986] process_one_work+0x9cf/0x1b70
[ 127.935677][ T5986] worker_thread+0x6c8/0xf10
[ 127.940273][ T5986] kthread+0x3c5/0x780
[ 127.944347][ T5986] ret_from_fork+0x675/0x7d0
[ 127.948942][ T5986] ret_from_fork_asm+0x1a/0x30
[ 127.953710][ T5986]
[ 127.956027][ T5986] Memory state around the buggy address:
[ 127.961643][ T5986] ffffc90003d0fb80: f2 f2 f2 f2 f2 f2 f2 f2 f2 00 00 00 00 00 00 00
[ 127.969691][ T5986] ffffc90003d0fc00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 127.977741][ T5986] >ffffc90003d0fc80: 00 00 00 00 00 00 00 00 00 f3 f3 f3 f3 f3 f3 f3
[ 127.985790][ T5986] ^
[ 127.992191][ T5986] ffffc90003d0fd00: f3 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 128.000245][ T5986] ffffc90003d0fd80: 00 00 00 00 f1 f1 f1 f1 f1 f1 00 00 00 f2 f2 f2
[ 128.008298][ T5986] ==================================================================
[ 128.031732][ T5986] Disabling lock debugging due to kernel taint
2025/10/12 11:05:47 executed programs: 3
[ 128.064193][ T5987] loop0: detected capacity change from 0 to 256
[ 128.073229][ T5987] exfat: Deprecated parameter 'namecase'
[ 128.086566][ T5987] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x5441951d, utbl_chksum : 0xe619d30d)
[ 128.104741][ T5987] ==================================================================
[ 128.112811][ T5987] BUG: KASAN: stack-out-of-bounds in exfat_nls_to_ucs2+0x706/0x730
[ 128.120729][ T5987] Read of size 1 at addr ffffc90003cffcc8 by task syz.0.18/5987
[ 128.128366][ T5987]
[ 128.130701][ T5987] CPU: 1 UID: 0 PID: 5987 Comm: syz.0.18 Tainted: G B syzkaller #0 PREEMPT(full)
[ 128.130754][ T5987] Tainted: [B]=BAD_PAGE
[ 128.130766][ T5987] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[ 128.130787][ T5987] Call Trace:
[ 128.130798][ T5987]
[ 128.130811][ T5987] dump_stack_lvl+0x116/0x1f0
[ 128.130869][ T5987] print_report+0xcd/0x630
[ 128.130914][ T5987] ? srso_alias_return_thunk+0x5/0xfbef5
[ 128.130959][ T5987] ? __virt_addr_valid+0x81/0x610
[ 128.130999][ T5987] ? exfat_nls_to_ucs2+0x706/0x730
[ 128.131032][ T5987] kasan_report+0xe0/0x110
[ 128.131077][ T5987] ? exfat_nls_to_ucs2+0x706/0x730
[ 128.131115][ T5987] exfat_nls_to_ucs2+0x706/0x730
[ 128.131155][ T5987] ? __pfx_exfat_nls_to_ucs2+0x10/0x10
[ 128.131221][ T5987] ? __might_fault+0xe3/0x190
[ 128.131254][ T5987] ? srso_alias_return_thunk+0x5/0xfbef5
[ 128.131297][ T5987] ? rcu_is_watching+0x12/0xc0
[ 128.131330][ T5987] ? srso_alias_return_thunk+0x5/0xfbef5
[ 128.131372][ T5987] ? lock_release+0x201/0x2f0
[ 128.131421][ T5987] exfat_nls_to_utf16+0xa6/0xf0
[ 128.131458][ T5987] exfat_ioctl_set_volume_label+0x15d/0x230
[ 128.131500][ T5987] ? __pfx_exfat_ioctl_set_volume_label+0x10/0x10
[ 128.131542][ T5987] ? __sanitizer_cov_trace_switch+0x54/0x90
[ 128.131643][ T5987] ? srso_alias_return_thunk+0x5/0xfbef5
[ 128.131685][ T5987] ? rcu_is_watching+0x12/0xc0
[ 128.131717][ T5987] ? srso_alias_return_thunk+0x5/0xfbef5
[ 128.131760][ T5987] ? trace_irq_enable.constprop.0+0xd4/0x120
[ 128.131799][ T5987] ? srso_alias_return_thunk+0x5/0xfbef5
[ 128.131864][ T5987] ? srso_alias_return_thunk+0x5/0xfbef5
[ 128.131906][ T5987] ? __sanitizer_cov_trace_switch+0x54/0x90
[ 128.131969][ T5987] exfat_ioctl+0x929/0x1630
[ 128.132010][ T5987] ? __pfx_exfat_ioctl+0x10/0x10
[ 128.132048][ T5987] ? __pfx_do_sys_openat2+0x10/0x10
[ 128.132103][ T5987] ? srso_alias_return_thunk+0x5/0xfbef5
[ 128.132145][ T5987] ? srso_alias_return_thunk+0x5/0xfbef5
[ 128.132188][ T5987] ? hook_file_ioctl_common+0x145/0x410
[ 128.132244][ T5987] ? srso_alias_return_thunk+0x5/0xfbef5
[ 128.132288][ T5987] ? __pfx___x64_sys_futex+0x10/0x10
[ 128.132338][ T5987] ? __pfx_exfat_ioctl+0x10/0x10
[ 128.132378][ T5987] __x64_sys_ioctl+0x18e/0x210
[ 128.132435][ T5987] do_syscall_64+0xcd/0xfa0
[ 128.132492][ T5987] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 128.132528][ T5987] RIP: 0033:0x7fe4e2b8eec9
[ 128.132555][ T5987] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 128.132591][ T5987] RSP: 002b:00007ffe7bb2e508 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 128.132632][ T5987] RAX: ffffffffffffffda RBX: 00007fe4e2de5fa0 RCX: 00007fe4e2b8eec9
[ 128.132656][ T5987] RDX: 00002000000001c0 RSI: 0000000041009432 RDI: 0000000000000004
[ 128.132679][ T5987] RBP: 00007fe4e2c11f91 R08: 0000000000000000 R09: 0000000000000000
[ 128.132701][ T5987] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 128.132723][ T5987] R13: 00007fe4e2de5fa0 R14: 00007fe4e2de5fa0 R15: 0000000000000003
[ 128.132758][ T5987]
[ 128.132770][ T5987]
[ 128.435034][ T5987] The buggy address belongs to stack of task syz.0.18/5987
[ 128.442221][ T5987] and is located at offset 960 in frame:
[ 128.447926][ T5987] exfat_ioctl_set_volume_label+0x0/0x230
[ 128.453659][ T5987]
[ 128.455970][ T5987] This frame has 3 objects:
[ 128.460456][ T5987] [32, 36) 'lossy'
[ 128.460477][ T5987] [48, 568) 'uniname'
[ 128.464446][ T5987] [704, 960) 'label'
[ 128.468500][ T5987]
[ 128.474818][ T5987] The buggy address belongs to a vmalloc virtual mapping
[ 128.481835][ T5987] The buggy address belongs to the physical page:
[ 128.488229][ T5987] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff888077c14ee0 pfn:0x77c14
[ 128.498286][ T5987] memcg:ffff888025d68d82
[ 128.502525][ T5987] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[ 128.509650][ T5987] raw: 00fff00000000000 0000000000000000 dead000000000122 0000000000000000
[ 128.518234][ T5987] raw: ffff888077c14ee0 0000000000000000 00000001ffffffff ffff888025d68d82
[ 128.526807][ T5987] page dumped because: kasan: bad access detected
[ 128.533204][ T5987] page_owner tracks the page as allocated
[ 128.538903][ T5987] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2dc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_ZERO|__GFP_NOWARN), pid 5938, tgid 5938 (syz-executor), ts 128054386725, free_ts 128043043962
[ 128.558275][ T5987] post_alloc_hook+0x1c0/0x230
[ 128.563065][ T5987] get_page_from_freelist+0x10a3/0x3a30
[ 128.568638][ T5987] __alloc_frozen_pages_noprof+0x25f/0x2470
[ 128.574533][ T5987] alloc_pages_mpol+0x1fb/0x550
[ 128.579392][ T5987] alloc_pages_noprof+0x131/0x390
[ 128.584425][ T5987] __vmalloc_node_range_noprof+0x6f8/0x1480
[ 128.590423][ T5987] __vmalloc_node_noprof+0xad/0xf0
[ 128.595549][ T5987] copy_process+0x2c77/0x76a0
[ 128.600317][ T5987] kernel_clone+0xfc/0x930
[ 128.604731][ T5987] __do_sys_clone+0xce/0x120
[ 128.609317][ T5987] do_syscall_64+0xcd/0xfa0
[ 128.613836][ T5987] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 128.619733][ T5987] page last free pid 15 tgid 15 stack trace:
[ 128.625786][ T5987] __free_frozen_pages+0x7df/0x1160
[ 128.630997][ T5987] rcu_core+0x79c/0x1530
[ 128.635260][ T5987] handle_softirqs+0x219/0x8e0
[ 128.640051][ T5987] run_ksoftirqd+0x3a/0x60
[ 128.644484][ T5987] smpboot_thread_fn+0x3f7/0xae0
[ 128.649425][ T5987] kthread+0x3c5/0x780
[ 128.653506][ T5987] ret_from_fork+0x675/0x7d0
[ 128.658109][ T5987] ret_from_fork_asm+0x1a/0x30
[ 128.662880][ T5987]
[ 128.665191][ T5987] Memory state around the buggy address:
[ 128.670809][ T5987] ffffc90003cffb80: f2 f2 f2 f2 f2 f2 f2 f2 f2 00 00 00 00 00 00 00
[ 128.678866][ T5987] ffffc90003cffc00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 128.686928][ T5987] >ffffc90003cffc80: 00 00 00 00 00 00 00 00 00 f3 f3 f3 f3 f3 f3 f3
[ 128.694977][ T5987] ^
[ 128.701376][ T5987] ffffc90003cffd00: f3 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 128.709430][ T5987] ffffc90003cffd80: 00 00 00 00 f1 f1 f1 f1 f1 f1 00 00 00 f2 f2 f2
[ 128.717479][ T5987] ==================================================================
[ 128.785272][ T5988] loop0: detected capacity change from 0 to 256
[ 128.793248][ T5988] exfat: Deprecated parameter 'namecase'
[ 128.806179][ T5988] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x5441951d, utbl_chksum : 0xe619d30d)
[ 128.822236][ T5988] ==================================================================
[ 128.830307][ T5988] BUG: KASAN: stack-out-of-bounds in exfat_nls_to_ucs2+0x706/0x730
[ 128.838222][ T5988] Read of size 1 at addr ffffc9000398fcc8 by task syz.0.19/5988
[ 128.845858][ T5988]
[ 128.848176][ T5988] CPU: 0 UID: 0 PID: 5988 Comm: syz.0.19 Tainted: G B syzkaller #0 PREEMPT(full)
[ 128.848219][ T5988] Tainted: [B]=BAD_PAGE
[ 128.848231][ T5988] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[ 128.848249][ T5988] Call Trace:
[ 128.848260][ T5988]
[ 128.848271][ T5988] dump_stack_lvl+0x116/0x1f0
[ 128.848323][ T5988] print_report+0xcd/0x630
[ 128.848361][ T5988] ? srso_alias_return_thunk+0x5/0xfbef5
[ 128.848400][ T5988] ? __virt_addr_valid+0x81/0x610
[ 128.848436][ T5988] ? exfat_nls_to_ucs2+0x706/0x730
[ 128.848466][ T5988] kasan_report+0xe0/0x110
[ 128.848505][ T5988] ? exfat_nls_to_ucs2+0x706/0x730
[ 128.848540][ T5988] exfat_nls_to_ucs2+0x706/0x730
[ 128.848575][ T5988] ? __pfx_exfat_nls_to_ucs2+0x10/0x10
[ 128.848641][ T5988] ? __might_fault+0xe3/0x190
[ 128.848670][ T5988] ? srso_alias_return_thunk+0x5/0xfbef5
[ 128.848707][ T5988] ? rcu_is_watching+0x12/0xc0
[ 128.848737][ T5988] ? srso_alias_return_thunk+0x5/0xfbef5
[ 128.848774][ T5988] ? lock_release+0x201/0x2f0
[ 128.848816][ T5988] exfat_nls_to_utf16+0xa6/0xf0
[ 128.848848][ T5988] exfat_ioctl_set_volume_label+0x15d/0x230
[ 128.848883][ T5988] ? __pfx_exfat_ioctl_set_volume_label+0x10/0x10
[ 128.848920][ T5988] ? __sanitizer_cov_trace_switch+0x54/0x90
[ 128.849003][ T5988] ? srso_alias_return_thunk+0x5/0xfbef5
[ 128.849041][ T5988] ? rcu_is_watching+0x12/0xc0
[ 128.849069][ T5988] ? srso_alias_return_thunk+0x5/0xfbef5
[ 128.849107][ T5988] ? trace_irq_enable.constprop.0+0xd4/0x120
[ 128.849140][ T5988] ? srso_alias_return_thunk+0x5/0xfbef5
[ 128.849198][ T5988] ? srso_alias_return_thunk+0x5/0xfbef5
[ 128.849235][ T5988] ? __sanitizer_cov_trace_switch+0x54/0x90
[ 128.849290][ T5988] exfat_ioctl+0x929/0x1630
[ 128.849326][ T5988] ? __pfx_exfat_ioctl+0x10/0x10
[ 128.849359][ T5988] ? __pfx_do_sys_openat2+0x10/0x10
[ 128.849406][ T5988] ? srso_alias_return_thunk+0x5/0xfbef5
[ 128.849444][ T5988] ? srso_alias_return_thunk+0x5/0xfbef5
[ 128.849481][ T5988] ? hook_file_ioctl_common+0x145/0x410
[ 128.849525][ T5988] ? srso_alias_return_thunk+0x5/0xfbef5
[ 128.849564][ T5988] ? __pfx___x64_sys_futex+0x10/0x10
[ 128.849607][ T5988] ? __pfx_exfat_ioctl+0x10/0x10
[ 128.849645][ T5988] __x64_sys_ioctl+0x18e/0x210
[ 128.849695][ T5988] do_syscall_64+0xcd/0xfa0
[ 128.849744][ T5988] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 128.849776][ T5988] RIP: 0033:0x7fe4e2b8eec9
[ 128.849799][ T5988] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 128.849830][ T5988] RSP: 002b:00007ffe7bb2e508 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 128.849859][ T5988] RAX: ffffffffffffffda RBX: 00007fe4e2de5fa0 RCX: 00007fe4e2b8eec9
[ 128.849880][ T5988] RDX: 00002000000001c0 RSI: 0000000041009432 RDI: 0000000000000004
[ 128.849900][ T5988] RBP: 00007fe4e2c11f91 R08: 0000000000000000 R09: 0000000000000000
[ 128.849920][ T5988] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 128.849940][ T5988] R13: 00007fe4e2de5fa0 R14: 00007fe4e2de5fa0 R15: 0000000000000003
[ 128.849971][ T5988]
[ 128.849982][ T5988]
[ 128.971601][ T5890] Bluetooth: hci0: command tx timeout
[ 128.973643][ T5988] The buggy address belongs to stack of task syz.0.19/5988
[ 128.973666][ T5988] and is located at offset 960 in frame:
[ 129.170525][ T5988] exfat_ioctl_set_volume_label+0x0/0x230
[ 129.176252][ T5988]
[ 129.178561][ T5988] This frame has 3 objects:
[ 129.183051][ T5988] [32, 36) 'lossy'
[ 129.183071][ T5988] [48, 568) 'uniname'
[ 129.186859][ T5988] [704, 960) 'label'
[ 129.190912][ T5988]
[ 129.197165][ T5988] The buggy address belongs to a vmalloc virtual mapping
[ 129.204179][ T5988] The buggy address belongs to the physical page:
[ 129.210576][ T5988] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff88802778e500 pfn:0x2778e
[ 129.220667][ T5988] memcg:ffff888025d68d82
[ 129.224919][ T5988] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[ 129.232029][ T5988] raw: 00fff00000000000 0000000000000000 dead000000000122 0000000000000000
[ 129.240612][ T5988] raw: ffff88802778e500 0000000000000000 00000001ffffffff ffff888025d68d82
[ 129.249187][ T5988] page dumped because: kasan: bad access detected
[ 129.255584][ T5988] page_owner tracks the page as allocated
[ 129.261277][ T5988] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2dc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_ZERO|__GFP_NOWARN), pid 5966, tgid 5966 (dhcpcd-run-hook), ts 126259699203, free_ts 126105386158
[ 129.280996][ T5988] post_alloc_hook+0x1c0/0x230
[ 129.285777][ T5988] get_page_from_freelist+0x10a3/0x3a30
[ 129.291333][ T5988] __alloc_frozen_pages_noprof+0x25f/0x2470
[ 129.297226][ T5988] alloc_pages_mpol+0x1fb/0x550
[ 129.302081][ T5988] alloc_pages_noprof+0x131/0x390
[ 129.307368][ T5988] __vmalloc_node_range_noprof+0x6f8/0x1480
[ 129.313271][ T5988] __vmalloc_node_noprof+0xad/0xf0
[ 129.318388][ T5988] copy_process+0x2c77/0x76a0
[ 129.323063][ T5988] kernel_clone+0xfc/0x930
[ 129.327473][ T5988] __do_sys_clone+0xce/0x120
[ 129.332066][ T5988] do_syscall_64+0xcd/0xfa0
[ 129.336588][ T5988] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 129.342479][ T5988] page last free pid 44 tgid 44 stack trace:
[ 129.348471][ T5988] __free_frozen_pages+0x7df/0x1160
[ 129.353693][ T5988] vfree+0x1fd/0xb50
[ 129.357594][ T5988] delayed_vfree_work+0x56/0x70
[ 129.362451][ T5988] process_one_work+0x9cf/0x1b70
[ 129.367423][ T5988] worker_thread+0x6c8/0xf10
[ 129.372021][ T5988] kthread+0x3c5/0x780
[ 129.376094][ T5988] ret_from_fork+0x675/0x7d0
[ 129.380690][ T5988] ret_from_fork_asm+0x1a/0x30
[ 129.385449][ T5988]
[ 129.387752][ T5988] Memory state around the buggy address:
[ 129.393366][ T5988] ffffc9000398fb80: f2 f2 f2 f2 f2 f2 f2 f2 f2 00 00 00 00 00 00 00
[ 129.401419][ T5988] ffffc9000398fc00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 129.409486][ T5988] >ffffc9000398fc80: 00 00 00 00 00 00 00 00 00 f3 f3 f3 f3 f3 f3 f3
[ 129.417549][ T5988] ^
[ 129.424039][ T5988] ffffc9000398fd00: f3 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 129.432095][ T5988] ffffc9000398fd80: 00 00 00 00 f1 f1 f1 f1 f1 f1 00 00 00 f2 f2 f2
[ 129.440146][ T5988] ==================================================================
[ 129.490936][ T5989] loop0: detected capacity change from 0 to 256
[ 129.498072][ T5989] exfat: Deprecated parameter 'namecase'
[ 129.513718][ T5989] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x5441951d, utbl_chksum : 0xe619d30d)
[ 129.527391][ T5989] ==================================================================
[ 129.535441][ T5989] BUG: KASAN: stack-out-of-bounds in exfat_nls_to_ucs2+0x706/0x730
[ 129.543338][ T5989] Read of size 1 at addr ffffc90003cffcc8 by task syz.0.20/5989
[ 129.550954][ T5989]
[ 129.553270][ T5989] CPU: 1 UID: 0 PID: 5989 Comm: syz.0.20 Tainted: G B syzkaller #0 PREEMPT(full)
[ 129.553314][ T5989] Tainted: [B]=BAD_PAGE
[ 129.553325][ T5989] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[ 129.553344][ T5989] Call Trace:
[ 129.553354][ T5989]
[ 129.553365][ T5989] dump_stack_lvl+0x116/0x1f0
[ 129.553414][ T5989] print_report+0xcd/0x630
[ 129.553452][ T5989] ? srso_alias_return_thunk+0x5/0xfbef5
[ 129.553489][ T5989] ? __virt_addr_valid+0x81/0x610
[ 129.553532][ T5989] ? exfat_nls_to_ucs2+0x706/0x730
[ 129.553561][ T5989] kasan_report+0xe0/0x110
[ 129.553600][ T5989] ? exfat_nls_to_ucs2+0x706/0x730
[ 129.553634][ T5989] exfat_nls_to_ucs2+0x706/0x730
[ 129.553669][ T5989] ? __pfx_exfat_nls_to_ucs2+0x10/0x10
[ 129.553730][ T5989] ? __might_fault+0xe3/0x190
[ 129.553758][ T5989] ? srso_alias_return_thunk+0x5/0xfbef5
[ 129.553795][ T5989] ? rcu_is_watching+0x12/0xc0
[ 129.553824][ T5989] ? srso_alias_return_thunk+0x5/0xfbef5
[ 129.553862][ T5989] ? lock_release+0x201/0x2f0
[ 129.553908][ T5989] exfat_nls_to_utf16+0xa6/0xf0
[ 129.553940][ T5989] exfat_ioctl_set_volume_label+0x15d/0x230
[ 129.553975][ T5989] ? __pfx_exfat_ioctl_set_volume_label+0x10/0x10
[ 129.554011][ T5989] ? __sanitizer_cov_trace_switch+0x54/0x90
[ 129.554092][ T5989] ? srso_alias_return_thunk+0x5/0xfbef5
[ 129.554129][ T5989] ? rcu_is_watching+0x12/0xc0
[ 129.554158][ T5989] ? srso_alias_return_thunk+0x5/0xfbef5
[ 129.554194][ T5989] ? trace_irq_enable.constprop.0+0xd4/0x120
[ 129.554227][ T5989] ? srso_alias_return_thunk+0x5/0xfbef5
[ 129.554285][ T5989] ? srso_alias_return_thunk+0x5/0xfbef5
[ 129.554322][ T5989] ? __sanitizer_cov_trace_switch+0x54/0x90
[ 129.554375][ T5989] exfat_ioctl+0x929/0x1630
[ 129.554411][ T5989] ? __pfx_exfat_ioctl+0x10/0x10
[ 129.554444][ T5989] ? __pfx_do_sys_openat2+0x10/0x10
[ 129.554489][ T5989] ? srso_alias_return_thunk+0x5/0xfbef5
[ 129.554532][ T5989] ? srso_alias_return_thunk+0x5/0xfbef5
[ 129.554569][ T5989] ? hook_file_ioctl_common+0x145/0x410
[ 129.554613][ T5989] ? srso_alias_return_thunk+0x5/0xfbef5
[ 129.554651][ T5989] ? __pfx___x64_sys_futex+0x10/0x10
[ 129.554693][ T5989] ? __pfx_exfat_ioctl+0x10/0x10
[ 129.554728][ T5989] __x64_sys_ioctl+0x18e/0x210
[ 129.554776][ T5989] do_syscall_64+0xcd/0xfa0
[ 129.554822][ T5989] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 129.554855][ T5989] RIP: 0033:0x7fe4e2b8eec9
[ 129.554880][ T5989] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 129.554911][ T5989] RSP: 002b:00007ffe7bb2e508 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 129.554939][ T5989] RAX: ffffffffffffffda RBX: 00007fe4e2de5fa0 RCX: 00007fe4e2b8eec9
[ 129.554960][ T5989] RDX: 00002000000001c0 RSI: 0000000041009432 RDI: 0000000000000004
[ 129.554981][ T5989] RBP: 00007fe4e2c11f91 R08: 0000000000000000 R09: 0000000000000000
[ 129.555000][ T5989] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 129.555020][ T5989] R13: 00007fe4e2de5fa0 R14: 00007fe4e2de5fa0 R15: 0000000000000003
[ 129.555051][ T5989]
[ 129.555062][ T5989]
[ 129.857103][ T5989] The buggy address belongs to stack of task syz.0.20/5989
[ 129.864639][ T5989] and is located at offset 960 in frame:
[ 129.870342][ T5989] exfat_ioctl_set_volume_label+0x0/0x230
[ 129.876080][ T5989]
[ 129.878444][ T5989] This frame has 3 objects:
[ 129.882936][ T5989] [32, 36) 'lossy'
[ 129.882955][ T5989] [48, 568) 'uniname'
[ 129.886744][ T5989] [704, 960) 'label'
[ 129.890791][ T5989]
[ 129.897041][ T5989] The buggy address belongs to a vmalloc virtual mapping
[ 129.904055][ T5989] The buggy address belongs to the physical page:
[ 129.910452][ T5989] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff888077c14ee0 pfn:0x77c14
[ 129.920511][ T5989] memcg:ffff888025d68d82
[ 129.924737][ T5989] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[ 129.931847][ T5989] raw: 00fff00000000000 0000000000000000 dead000000000122 0000000000000000
[ 129.940423][ T5989] raw: ffff888077c14ee0 0000000000000000 00000001ffffffff ffff888025d68d82
[ 129.948996][ T5989] page dumped because: kasan: bad access detected
[ 129.955398][ T5989] page_owner tracks the page as allocated
[ 129.961097][ T5989] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2dc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_ZERO|__GFP_NOWARN), pid 5938, tgid 5938 (syz-executor), ts 128054386725, free_ts 128043043962
[ 129.980458][ T5989] post_alloc_hook+0x1c0/0x230
[ 129.985238][ T5989] get_page_from_freelist+0x10a3/0x3a30
[ 129.990884][ T5989] __alloc_frozen_pages_noprof+0x25f/0x2470
[ 129.996774][ T5989] alloc_pages_mpol+0x1fb/0x550
[ 130.001645][ T5989] alloc_pages_noprof+0x131/0x390
[ 130.006682][ T5989] __vmalloc_node_range_noprof+0x6f8/0x1480
[ 130.012581][ T5989] __vmalloc_node_noprof+0xad/0xf0
[ 130.017711][ T5989] copy_process+0x2c77/0x76a0
[ 130.022385][ T5989] kernel_clone+0xfc/0x930
[ 130.026798][ T5989] __do_sys_clone+0xce/0x120
[ 130.031383][ T5989] do_syscall_64+0xcd/0xfa0
[ 130.036015][ T5989] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 130.041905][ T5989] page last free pid 15 tgid 15 stack trace:
[ 130.047872][ T5989] __free_frozen_pages+0x7df/0x1160
[ 130.053079][ T5989] rcu_core+0x79c/0x1530
[ 130.057335][ T5989] handle_softirqs+0x219/0x8e0
[ 130.062105][ T5989] run_ksoftirqd+0x3a/0x60
[ 130.066532][ T5989] smpboot_thread_fn+0x3f7/0xae0
[ 130.071470][ T5989] kthread+0x3c5/0x780
[ 130.075547][ T5989] ret_from_fork+0x675/0x7d0
[ 130.080137][ T5989] ret_from_fork_asm+0x1a/0x30
[ 130.084913][ T5989]
[ 130.087225][ T5989] Memory state around the buggy address:
[ 130.092837][ T5989] ffffc90003cffb80: f2 f2 f2 f2 f2 f2 f2 f2 f2 00 00 00 00 00 00 00
[ 130.100887][ T5989] ffffc90003cffc00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 130.108936][ T5989] >ffffc90003cffc80: 00 00 00 00 00 00 00 00 00 f3 f3 f3 f3 f3 f3 f3
[ 130.116984][ T5989] ^
[ 130.123384][ T5989] ffffc90003cffd00: f3 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 130.131439][ T5989] ffffc90003cffd80: 00 00 00 00 f1 f1 f1 f1 f1 f1 00 00 00 f2 f2 f2
[ 130.139503][ T5989] ==================================================================
[ 130.174209][ T5990] loop0: detected capacity change from 0 to 256
[ 130.189509][ T5990] exfat: Deprecated parameter 'namecase'
[ 130.200508][ T5990] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x5441951d, utbl_chksum : 0xe619d30d)
[ 130.214977][ T5990] ==================================================================
[ 130.223051][ T5990] BUG: KASAN: stack-out-of-bounds in exfat_nls_to_ucs2+0x706/0x730
[ 130.230968][ T5990] Read of size 1 at addr ffffc9000398fcc8 by task syz.0.21/5990
[ 130.238610][ T5990]
[ 130.241203][ T5990] CPU: 0 UID: 0 PID: 5990 Comm: syz.0.21 Tainted: G B syzkaller #0 PREEMPT(full)
[ 130.241255][ T5990] Tainted: [B]=BAD_PAGE
[ 130.241268][ T5990] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[ 130.241289][ T5990] Call Trace:
[ 130.241300][ T5990]
[ 130.241313][ T5990] dump_stack_lvl+0x116/0x1f0
[ 130.241372][ T5990] print_report+0xcd/0x630
[ 130.241418][ T5990] ? srso_alias_return_thunk+0x5/0xfbef5
[ 130.241463][ T5990] ? __virt_addr_valid+0x81/0x610
[ 130.241503][ T5990] ? exfat_nls_to_ucs2+0x706/0x730
[ 130.241535][ T5990] kasan_report+0xe0/0x110
[ 130.241581][ T5990] ? exfat_nls_to_ucs2+0x706/0x730
[ 130.241620][ T5990] exfat_nls_to_ucs2+0x706/0x730
[ 130.241659][ T5990] ? __pfx_exfat_nls_to_ucs2+0x10/0x10
[ 130.241726][ T5990] ? __might_fault+0xe3/0x190
[ 130.241758][ T5990] ? srso_alias_return_thunk+0x5/0xfbef5
[ 130.241802][ T5990] ? rcu_is_watching+0x12/0xc0
[ 130.241836][ T5990] ? srso_alias_return_thunk+0x5/0xfbef5
[ 130.241885][ T5990] ? lock_release+0x201/0x2f0
[ 130.241934][ T5990] exfat_nls_to_utf16+0xa6/0xf0
[ 130.241970][ T5990] exfat_ioctl_set_volume_label+0x15d/0x230
[ 130.242011][ T5990] ? __pfx_exfat_ioctl_set_volume_label+0x10/0x10
[ 130.242054][ T5990] ? __sanitizer_cov_trace_switch+0x54/0x90
[ 130.242147][ T5990] ? srso_alias_return_thunk+0x5/0xfbef5
[ 130.242191][ T5990] ? rcu_is_watching+0x12/0xc0
[ 130.242223][ T5990] ? srso_alias_return_thunk+0x5/0xfbef5
[ 130.242267][ T5990] ? trace_irq_enable.constprop.0+0xd4/0x120
[ 130.242305][ T5990] ? srso_alias_return_thunk+0x5/0xfbef5
[ 130.242370][ T5990] ? srso_alias_return_thunk+0x5/0xfbef5
[ 130.242414][ T5990] ? __sanitizer_cov_trace_switch+0x54/0x90
[ 130.242479][ T5990] exfat_ioctl+0x929/0x1630
[ 130.242542][ T5990] ? __pfx_exfat_ioctl+0x10/0x10
[ 130.242581][ T5990] ? __pfx_do_sys_openat2+0x10/0x10
[ 130.242636][ T5990] ? srso_alias_return_thunk+0x5/0xfbef5
[ 130.242679][ T5990] ? srso_alias_return_thunk+0x5/0xfbef5
[ 130.242722][ T5990] ? hook_file_ioctl_common+0x145/0x410
[ 130.242775][ T5990] ? srso_alias_return_thunk+0x5/0xfbef5
[ 130.242820][ T5990] ? __pfx___x64_sys_futex+0x10/0x10
[ 130.242870][ T5990] ? __pfx_exfat_ioctl+0x10/0x10
[ 130.242917][ T5990] __x64_sys_ioctl+0x18e/0x210
[ 130.242977][ T5990] do_syscall_64+0xcd/0xfa0
[ 130.243035][ T5990] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 130.243071][ T5990] RIP: 0033:0x7fe4e2b8eec9
[ 130.243098][ T5990] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 130.243134][ T5990] RSP: 002b:00007ffe7bb2e508 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 130.243169][ T5990] RAX: ffffffffffffffda RBX: 00007fe4e2de5fa0 RCX: 00007fe4e2b8eec9
[ 130.243193][ T5990] RDX: 00002000000001c0 RSI: 0000000041009432 RDI: 0000000000000004
[ 130.243217][ T5990] RBP: 00007fe4e2c11f91 R08: 0000000000000000 R09: 0000000000000000
[ 130.243240][ T5990] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 130.243262][ T5990] R13: 00007fe4e2de5fa0 R14: 00007fe4e2de5fa0 R15: 0000000000000003
[ 130.243297][ T5990]
[ 130.243309][ T5990]
[ 130.545957][ T5990] The buggy address belongs to stack of task syz.0.21/5990
[ 130.553231][ T5990] and is located at offset 960 in frame:
[ 130.559020][ T5990] exfat_ioctl_set_volume_label+0x0/0x230
[ 130.564753][ T5990]
[ 130.567060][ T5990] This frame has 3 objects:
[ 130.571551][ T5990] [32, 36) 'lossy'
[ 130.571578][ T5990] [48, 568) 'uniname'
[ 130.575390][ T5990] [704, 960) 'label'
[ 130.579442][ T5990]
[ 130.585696][ T5990] The buggy address belongs to a vmalloc virtual mapping
[ 130.592798][ T5990] The buggy address belongs to the physical page:
[ 130.599195][ T5990] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff88802778e500 pfn:0x2778e
[ 130.609338][ T5990] memcg:ffff888025d68d82
[ 130.613562][ T5990] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[ 130.620680][ T5990] raw: 00fff00000000000 0000000000000000 dead000000000122 0000000000000000
[ 130.629258][ T5990] raw: ffff88802778e500 0000000000000000 00000001ffffffff ffff888025d68d82
[ 130.637825][ T5990] page dumped because: kasan: bad access detected
[ 130.644311][ T5990] page_owner tracks the page as allocated
[ 130.650007][ T5990] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2dc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_ZERO|__GFP_NOWARN), pid 5966, tgid 5966 (dhcpcd-run-hook), ts 126259699203, free_ts 126105386158
[ 130.669645][ T5990] post_alloc_hook+0x1c0/0x230
[ 130.674430][ T5990] get_page_from_freelist+0x10a3/0x3a30
[ 130.680000][ T5990] __alloc_frozen_pages_noprof+0x25f/0x2470
[ 130.685898][ T5990] alloc_pages_mpol+0x1fb/0x550
[ 130.690755][ T5990] alloc_pages_noprof+0x131/0x390
[ 130.695786][ T5990] __vmalloc_node_range_noprof+0x6f8/0x1480
[ 130.701695][ T5990] __vmalloc_node_noprof+0xad/0xf0
[ 130.706815][ T5990] copy_process+0x2c77/0x76a0
[ 130.711495][ T5990] kernel_clone+0xfc/0x930
[ 130.715936][ T5990] __do_sys_clone+0xce/0x120
[ 130.720523][ T5990] do_syscall_64+0xcd/0xfa0
[ 130.725042][ T5990] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 130.731021][ T5990] page last free pid 44 tgid 44 stack trace:
[ 130.737002][ T5990] __free_frozen_pages+0x7df/0x1160
[ 130.742229][ T5990] vfree+0x1fd/0xb50
[ 130.746255][ T5990] delayed_vfree_work+0x56/0x70
[ 130.751113][ T5990] process_one_work+0x9cf/0x1b70
[ 130.756066][ T5990] worker_thread+0x6c8/0xf10
[ 130.760697][ T5990] kthread+0x3c5/0x780
[ 130.764775][ T5990] ret_from_fork+0x675/0x7d0
[ 130.769377][ T5990] ret_from_fork_asm+0x1a/0x30
[ 130.774142][ T5990]
[ 130.776449][ T5990] Memory state around the buggy address:
[ 130.782063][ T5990] ffffc9000398fb80: f2 f2 f2 f2 f2 f2 f2 f2 f2 00 00 00 00 00 00 00
[ 130.790115][ T5990] ffffc9000398fc00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 130.798167][ T5990] >ffffc9000398fc80: 00 00 00 00 00 00 00 00 00 f3 f3 f3 f3 f3 f3 f3
[ 130.806221][ T5990] ^
[ 130.812621][ T5990] ffffc9000398fd00: f3 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 130.820674][ T5990] ffffc9000398fd80: 00 00 00 00 f1 f1 f1 f1 f1 f1 00 00 00 f2 f2 f2
[ 130.828721][ T5990] ==================================================================
[ 130.866598][ T5991] loop0: detected capacity change from 0 to 256
[ 130.875054][ T5991] exfat: Deprecated parameter 'namecase'
[ 130.896187][ T5991] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x5441951d, utbl_chksum : 0xe619d30d)
[ 130.910635][ T5991] ==================================================================
[ 130.918791][ T5991] BUG: KASAN: stack-out-of-bounds in exfat_nls_to_ucs2+0x706/0x730
[ 130.926698][ T5991] Read of size 1 at addr ffffc90003cffcc8 by task syz.0.22/5991
[ 130.934342][ T5991]
[ 130.936676][ T5991] CPU: 0 UID: 0 PID: 5991 Comm: syz.0.22 Tainted: G B syzkaller #0 PREEMPT(full)
[ 130.936734][ T5991] Tainted: [B]=BAD_PAGE
[ 130.936747][ T5991] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[ 130.936769][ T5991] Call Trace:
[ 130.936780][ T5991]
[ 130.936792][ T5991] dump_stack_lvl+0x116/0x1f0
[ 130.936853][ T5991] print_report+0xcd/0x630
[ 130.936897][ T5991] ? srso_alias_return_thunk+0x5/0xfbef5
[ 130.936943][ T5991] ? __virt_addr_valid+0x81/0x610
[ 130.936984][ T5991] ? exfat_nls_to_ucs2+0x706/0x730
[ 130.937017][ T5991] kasan_report+0xe0/0x110
[ 130.937062][ T5991] ? exfat_nls_to_ucs2+0x706/0x730
[ 130.937101][ T5991] exfat_nls_to_ucs2+0x706/0x730
[ 130.937140][ T5991] ? __pfx_exfat_nls_to_ucs2+0x10/0x10
[ 130.937207][ T5991] ? __might_fault+0xe3/0x190
[ 130.937239][ T5991] ? srso_alias_return_thunk+0x5/0xfbef5
[ 130.937282][ T5991] ? rcu_is_watching+0x12/0xc0
[ 130.937316][ T5991] ? srso_alias_return_thunk+0x5/0xfbef5
[ 130.937359][ T5991] ? lock_release+0x201/0x2f0
[ 130.937407][ T5991] exfat_nls_to_utf16+0xa6/0xf0
[ 130.937444][ T5991] exfat_ioctl_set_volume_label+0x15d/0x230
[ 130.937484][ T5991] ? __pfx_exfat_ioctl_set_volume_label+0x10/0x10
[ 130.937525][ T5991] ? __sanitizer_cov_trace_switch+0x54/0x90
[ 130.937622][ T5991] ? srso_alias_return_thunk+0x5/0xfbef5
[ 130.937665][ T5991] ? rcu_is_watching+0x12/0xc0
[ 130.937697][ T5991] ? srso_alias_return_thunk+0x5/0xfbef5
[ 130.937746][ T5991] ? trace_irq_enable.constprop.0+0xd4/0x120
[ 130.937783][ T5991] ? srso_alias_return_thunk+0x5/0xfbef5
[ 130.937848][ T5991] ? srso_alias_return_thunk+0x5/0xfbef5
[ 130.937891][ T5991] ? __sanitizer_cov_trace_switch+0x54/0x90
[ 130.937948][ T5991] exfat_ioctl+0x929/0x1630
[ 130.937990][ T5991] ? __pfx_exfat_ioctl+0x10/0x10
[ 130.938027][ T5991] ? __pfx_do_sys_openat2+0x10/0x10
[ 130.938082][ T5991] ? srso_alias_return_thunk+0x5/0xfbef5
[ 130.938125][ T5991] ? srso_alias_return_thunk+0x5/0xfbef5
[ 130.938169][ T5991] ? hook_file_ioctl_common+0x145/0x410
[ 130.938221][ T5991] ? srso_alias_return_thunk+0x5/0xfbef5
[ 130.938264][ T5991] ? __pfx___x64_sys_futex+0x10/0x10
[ 130.938314][ T5991] ? __pfx_exfat_ioctl+0x10/0x10
[ 130.938354][ T5991] __x64_sys_ioctl+0x18e/0x210
[ 130.938412][ T5991] do_syscall_64+0xcd/0xfa0
[ 130.938469][ T5991] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 130.938504][ T5991] RIP: 0033:0x7fe4e2b8eec9
[ 130.938530][ T5991] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 130.938565][ T5991] RSP: 002b:00007ffe7bb2e508 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 130.938598][ T5991] RAX: ffffffffffffffda RBX: 00007fe4e2de5fa0 RCX: 00007fe4e2b8eec9
[ 130.938621][ T5991] RDX: 00002000000001c0 RSI: 0000000041009432 RDI: 0000000000000004
[ 130.938645][ T5991] RBP: 00007fe4e2c11f91 R08: 0000000000000000 R09: 0000000000000000
[ 130.938667][ T5991] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 130.938690][ T5991] R13: 00007fe4e2de5fa0 R14: 00007fe4e2de5fa0 R15: 0000000000000003
[ 130.938731][ T5991]
[ 130.938743][ T5991]
[ 131.241338][ T5991] The buggy address belongs to stack of task syz.0.22/5991
[ 131.248529][ T5991] and is located at offset 960 in frame:
[ 131.254232][ T5991] exfat_ioctl_set_volume_label+0x0/0x230
[ 131.259967][ T5991]
[ 131.262278][ T5991] This frame has 3 objects:
[ 131.266768][ T5991] [32, 36) 'lossy'
[ 131.266789][ T5991] [48, 568) 'uniname'
[ 131.270586][ T5991] [704, 960) 'label'
[ 131.274641][ T5991]
[ 131.280901][ T5991] The buggy address belongs to a vmalloc virtual mapping
[ 131.287921][ T5991] The buggy address belongs to the physical page:
[ 131.294408][ T5991] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff888077c14ee0 pfn:0x77c14
[ 131.304474][ T5991] memcg:ffff888025d68d82
[ 131.308704][ T5991] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[ 131.315824][ T5991] raw: 00fff00000000000 0000000000000000 dead000000000122 0000000000000000
[ 131.324427][ T5991] raw: ffff888077c14ee0 0000000000000000 00000001ffffffff ffff888025d68d82
[ 131.332999][ T5991] page dumped because: kasan: bad access detected
[ 131.339398][ T5991] page_owner tracks the page as allocated
[ 131.345184][ T5991] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2dc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_ZERO|__GFP_NOWARN), pid 5938, tgid 5938 (syz-executor), ts 128054386725, free_ts 128043043962
[ 131.364823][ T5991] post_alloc_hook+0x1c0/0x230
[ 131.369623][ T5991] get_page_from_freelist+0x10a3/0x3a30
[ 131.375191][ T5991] __alloc_frozen_pages_noprof+0x25f/0x2470
[ 131.381086][ T5991] alloc_pages_mpol+0x1fb/0x550
[ 131.385948][ T5991] alloc_pages_noprof+0x131/0x390
[ 131.390985][ T5991] __vmalloc_node_range_noprof+0x6f8/0x1480
[ 131.396898][ T5991] __vmalloc_node_noprof+0xad/0xf0
[ 131.402029][ T5991] copy_process+0x2c77/0x76a0
[ 131.406708][ T5991] kernel_clone+0xfc/0x930
[ 131.411121][ T5991] __do_sys_clone+0xce/0x120
[ 131.415712][ T5991] do_syscall_64+0xcd/0xfa0
[ 131.420235][ T5991] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 131.426137][ T5991] page last free pid 15 tgid 15 stack trace:
[ 131.432124][ T5991] __free_frozen_pages+0x7df/0x1160
[ 131.437370][ T5991] rcu_core+0x79c/0x1530
[ 131.441681][ T5991] handle_softirqs+0x219/0x8e0
[ 131.446469][ T5991] run_ksoftirqd+0x3a/0x60
[ 131.450908][ T5991] smpboot_thread_fn+0x3f7/0xae0
[ 131.455950][ T5991] kthread+0x3c5/0x780
[ 131.460049][ T5991] ret_from_fork+0x675/0x7d0
[ 131.464651][ T5991] ret_from_fork_asm+0x1a/0x30
[ 131.469425][ T5991]
[ 131.471799][ T5991] Memory state around the buggy address:
[ 131.477448][ T5991] ffffc90003cffb80: f2 f2 f2 f2 f2 f2 f2 f2 f2 00 00 00 00 00 00 00
[ 131.485510][ T5991] ffffc90003cffc00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 131.493566][ T5991] >ffffc90003cffc80: 00 00 00 00 00 00 00 00 00 f3 f3 f3 f3 f3 f3 f3
[ 131.501617][ T5991] ^
[ 131.508025][ T5991] ffffc90003cffd00: f3 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 131.516166][ T5991] ffffc90003cffd80: 00 00 00 00 f1 f1 f1 f1 f1 f1 00 00 00 f2 f2 f2
[ 131.524218][ T5991] ==================================================================
[ 131.540595][ T5890] Bluetooth: hci0: command tx timeout
[ 131.568704][ T5992] loop0: detected capacity change from 0 to 256
[ 131.576865][ T5992] exfat: Deprecated parameter 'namecase'
[ 131.590454][ T5992] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x5441951d, utbl_chksum : 0xe619d30d)
[ 131.604127][ T5992] ==================================================================
[ 131.612190][ T5992] BUG: KASAN: stack-out-of-bounds in exfat_nls_to_ucs2+0x706/0x730
[ 131.620191][ T5992] Read of size 1 at addr ffffc90003cffcc8 by task syz.0.23/5992
[ 131.627826][ T5992]
[ 131.630160][ T5992] CPU: 1 UID: 0 PID: 5992 Comm: syz.0.23 Tainted: G B syzkaller #0 PREEMPT(full)
[ 131.630211][ T5992] Tainted: [B]=BAD_PAGE
[ 131.630225][ T5992] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[ 131.630247][ T5992] Call Trace:
[ 131.630259][ T5992]
[ 131.630272][ T5992] dump_stack_lvl+0x116/0x1f0
[ 131.630334][ T5992] print_report+0xcd/0x630
[ 131.630381][ T5992] ? srso_alias_return_thunk+0x5/0xfbef5
[ 131.630426][ T5992] ? __virt_addr_valid+0x81/0x610
[ 131.630468][ T5992] ? exfat_nls_to_ucs2+0x706/0x730
[ 131.630501][ T5992] kasan_report+0xe0/0x110
[ 131.630546][ T5992] ? exfat_nls_to_ucs2+0x706/0x730
[ 131.630585][ T5992] exfat_nls_to_ucs2+0x706/0x730
[ 131.630624][ T5992] ? __pfx_exfat_nls_to_ucs2+0x10/0x10
[ 131.630691][ T5992] ? __might_fault+0xe3/0x190
[ 131.630725][ T5992] ? srso_alias_return_thunk+0x5/0xfbef5
[ 131.630778][ T5992] ? rcu_is_watching+0x12/0xc0
[ 131.630811][ T5992] ? srso_alias_return_thunk+0x5/0xfbef5
[ 131.630853][ T5992] ? lock_release+0x201/0x2f0
[ 131.630902][ T5992] exfat_nls_to_utf16+0xa6/0xf0
[ 131.630939][ T5992] exfat_ioctl_set_volume_label+0x15d/0x230
[ 131.630980][ T5992] ? __pfx_exfat_ioctl_set_volume_label+0x10/0x10
[ 131.631021][ T5992] ? __sanitizer_cov_trace_switch+0x54/0x90
[ 131.631115][ T5992] ? srso_alias_return_thunk+0x5/0xfbef5
[ 131.631157][ T5992] ? rcu_is_watching+0x12/0xc0
[ 131.631190][ T5992] ? srso_alias_return_thunk+0x5/0xfbef5
[ 131.631233][ T5992] ? trace_irq_enable.constprop.0+0xd4/0x120
[ 131.631272][ T5992] ? srso_alias_return_thunk+0x5/0xfbef5
[ 131.631337][ T5992] ? srso_alias_return_thunk+0x5/0xfbef5
[ 131.631380][ T5992] ? __sanitizer_cov_trace_switch+0x54/0x90
[ 131.631442][ T5992] exfat_ioctl+0x929/0x1630
[ 131.631484][ T5992] ? __pfx_exfat_ioctl+0x10/0x10
[ 131.631522][ T5992] ? __pfx_do_sys_openat2+0x10/0x10
[ 131.631577][ T5992] ? srso_alias_return_thunk+0x5/0xfbef5
[ 131.631621][ T5992] ? srso_alias_return_thunk+0x5/0xfbef5
[ 131.631663][ T5992] ? hook_file_ioctl_common+0x145/0x410
[ 131.631715][ T5992] ? srso_alias_return_thunk+0x5/0xfbef5
[ 131.631766][ T5992] ? __pfx___x64_sys_futex+0x10/0x10
[ 131.631816][ T5992] ? __pfx_exfat_ioctl+0x10/0x10
[ 131.631857][ T5992] __x64_sys_ioctl+0x18e/0x210
[ 131.631916][ T5992] do_syscall_64+0xcd/0xfa0
[ 131.631973][ T5992] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 131.632009][ T5992] RIP: 0033:0x7fe4e2b8eec9
[ 131.632035][ T5992] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 131.632069][ T5992] RSP: 002b:00007ffe7bb2e508 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 131.632102][ T5992] RAX: ffffffffffffffda RBX: 00007fe4e2de5fa0 RCX: 00007fe4e2b8eec9
[ 131.632127][ T5992] RDX: 00002000000001c0 RSI: 0000000041009432 RDI: 0000000000000004
[ 131.632150][ T5992] RBP: 00007fe4e2c11f91 R08: 0000000000000000 R09: 0000000000000000
[ 131.632173][ T5992] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 131.632195][ T5992] R13: 00007fe4e2de5fa0 R14: 00007fe4e2de5fa0 R15: 0000000000000003
[ 131.632234][ T5992]
[ 131.632246][ T5992]
[ 131.934945][ T5992] The buggy address belongs to stack of task syz.0.23/5992
[ 131.942122][ T5992] and is located at offset 960 in frame:
[ 131.947828][ T5992] exfat_ioctl_set_volume_label+0x0/0x230
[ 131.953727][ T5992]
[ 131.956035][ T5992] This frame has 3 objects:
[ 131.960518][ T5992] [32, 36) 'lossy'
[ 131.960538][ T5992] [48, 568) 'uniname'
[ 131.964381][ T5992] [704, 960) 'label'
[ 131.968431][ T5992]
[ 131.974718][ T5992] The buggy address belongs to a vmalloc virtual mapping
[ 131.981928][ T5992] The buggy address belongs to the physical page:
[ 131.988321][ T5992] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff888077c14ee0 pfn:0x77c14
[ 131.998378][ T5992] memcg:ffff888025d68d82
[ 132.002602][ T5992] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[ 132.009717][ T5992] raw: 00fff00000000000 0000000000000000 dead000000000122 0000000000000000
[ 132.018386][ T5992] raw: ffff888077c14ee0 0000000000000000 00000001ffffffff ffff888025d68d82
[ 132.026953][ T5992] page dumped because: kasan: bad access detected
[ 132.033349][ T5992] page_owner tracks the page as allocated
[ 132.039049][ T5992] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2dc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_ZERO|__GFP_NOWARN), pid 5938, tgid 5938 (syz-executor), ts 128054386725, free_ts 128043043962
[ 132.058508][ T5992] post_alloc_hook+0x1c0/0x230
[ 132.063290][ T5992] get_page_from_freelist+0x10a3/0x3a30
[ 132.068853][ T5992] __alloc_frozen_pages_noprof+0x25f/0x2470
[ 132.074742][ T5992] alloc_pages_mpol+0x1fb/0x550
[ 132.079608][ T5992] alloc_pages_noprof+0x131/0x390
[ 132.084647][ T5992] __vmalloc_node_range_noprof+0x6f8/0x1480
[ 132.090550][ T5992] __vmalloc_node_noprof+0xad/0xf0
[ 132.095675][ T5992] copy_process+0x2c77/0x76a0
[ 132.100350][ T5992] kernel_clone+0xfc/0x930
[ 132.104764][ T5992] __do_sys_clone+0xce/0x120
[ 132.109350][ T5992] do_syscall_64+0xcd/0xfa0
[ 132.113865][ T5992] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 132.119754][ T5992] page last free pid 15 tgid 15 stack trace:
[ 132.125715][ T5992] __free_frozen_pages+0x7df/0x1160
[ 132.130923][ T5992] rcu_core+0x79c/0x1530
[ 132.135179][ T5992] handle_softirqs+0x219/0x8e0
[ 132.139954][ T5992] run_ksoftirqd+0x3a/0x60
[ 132.144379][ T5992] smpboot_thread_fn+0x3f7/0xae0
[ 132.149312][ T5992] kthread+0x3c5/0x780
[ 132.153383][ T5992] ret_from_fork+0x675/0x7d0
[ 132.157975][ T5992] ret_from_fork_asm+0x1a/0x30
[ 132.162739][ T5992]
[ 132.165052][ T5992] Memory state around the buggy address:
[ 132.170675][ T5992] ffffc90003cffb80: f2 f2 f2 f2 f2 f2 f2 f2 f2 00 00 00 00 00 00 00
[ 132.178730][ T5992] ffffc90003cffc00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 132.186778][ T5992] >ffffc90003cffc80: 00 00 00 00 00 00 00 00 00 f3 f3 f3 f3 f3 f3 f3
[ 132.194822][ T5992] ^
[ 132.201220][ T5992] ffffc90003cffd00: f3 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 132.209358][ T5992] ffffc90003cffd80: 00 00 00 00 f1 f1 f1 f1 f1 f1 00 00 00 f2 f2 f2
[ 132.217406][ T5992] ==================================================================
[ 132.254119][ T5993] loop0: detected capacity change from 0 to 256
[ 132.263499][ T5993] exfat: Deprecated parameter 'namecase'
[ 132.277439][ T5993] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x5441951d, utbl_chksum : 0xe619d30d)
[ 132.292390][ T5993] ==================================================================
[ 132.300461][ T5993] BUG: KASAN: stack-out-of-bounds in exfat_nls_to_ucs2+0x706/0x730
[ 132.308370][ T5993] Read of size 1 at addr ffffc90003cffcc8 by task syz.0.24/5993
[ 132.316007][ T5993]
[ 132.318337][ T5993] CPU: 0 UID: 0 PID: 5993 Comm: syz.0.24 Tainted: G B syzkaller #0 PREEMPT(full)
[ 132.318388][ T5993] Tainted: [B]=BAD_PAGE
[ 132.318401][ T5993] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[ 132.318423][ T5993] Call Trace:
[ 132.318434][ T5993]
[ 132.318447][ T5993] dump_stack_lvl+0x116/0x1f0
[ 132.318504][ T5993] print_report+0xcd/0x630
[ 132.318550][ T5993] ? srso_alias_return_thunk+0x5/0xfbef5
[ 132.318595][ T5993] ? __virt_addr_valid+0x81/0x610
[ 132.318636][ T5993] ? exfat_nls_to_ucs2+0x706/0x730
[ 132.318664][ T5993] kasan_report+0xe0/0x110
[ 132.318710][ T5993] ? exfat_nls_to_ucs2+0x706/0x730
[ 132.318748][ T5993] exfat_nls_to_ucs2+0x706/0x730
[ 132.318788][ T5993] ? __pfx_exfat_nls_to_ucs2+0x10/0x10
[ 132.318855][ T5993] ? __might_fault+0xe3/0x190
[ 132.318892][ T5993] ? srso_alias_return_thunk+0x5/0xfbef5
[ 132.318935][ T5993] ? rcu_is_watching+0x12/0xc0
[ 132.318968][ T5993] ? srso_alias_return_thunk+0x5/0xfbef5
[ 132.319011][ T5993] ? lock_release+0x201/0x2f0
[ 132.319059][ T5993] exfat_nls_to_utf16+0xa6/0xf0
[ 132.319095][ T5993] exfat_ioctl_set_volume_label+0x15d/0x230
[ 132.319136][ T5993] ? __pfx_exfat_ioctl_set_volume_label+0x10/0x10
[ 132.319177][ T5993] ? __sanitizer_cov_trace_switch+0x54/0x90
[ 132.319270][ T5993] ? srso_alias_return_thunk+0x5/0xfbef5
[ 132.319314][ T5993] ? rcu_is_watching+0x12/0xc0
[ 132.319346][ T5993] ? srso_alias_return_thunk+0x5/0xfbef5
[ 132.319389][ T5993] ? trace_irq_enable.constprop.0+0xd4/0x120
[ 132.319427][ T5993] ? srso_alias_return_thunk+0x5/0xfbef5
[ 132.319492][ T5993] ? srso_alias_return_thunk+0x5/0xfbef5
[ 132.319535][ T5993] ? __sanitizer_cov_trace_switch+0x54/0x90
[ 132.319598][ T5993] exfat_ioctl+0x929/0x1630
[ 132.319640][ T5993] ? __pfx_exfat_ioctl+0x10/0x10
[ 132.319679][ T5993] ? __pfx_do_sys_openat2+0x10/0x10
[ 132.319732][ T5993] ? srso_alias_return_thunk+0x5/0xfbef5
[ 132.319776][ T5993] ? srso_alias_return_thunk+0x5/0xfbef5
[ 132.319819][ T5993] ? hook_file_ioctl_common+0x145/0x410
[ 132.319871][ T5993] ? srso_alias_return_thunk+0x5/0xfbef5
[ 132.319921][ T5993] ? __pfx___x64_sys_futex+0x10/0x10
[ 132.319972][ T5993] ? __pfx_exfat_ioctl+0x10/0x10
[ 132.320013][ T5993] __x64_sys_ioctl+0x18e/0x210
[ 132.320072][ T5993] do_syscall_64+0xcd/0xfa0
[ 132.320129][ T5993] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 132.320166][ T5993] RIP: 0033:0x7fe4e2b8eec9
[ 132.320192][ T5993] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 132.320228][ T5993] RSP: 002b:00007ffe7bb2e508 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 132.320261][ T5993] RAX: ffffffffffffffda RBX: 00007fe4e2de5fa0 RCX: 00007fe4e2b8eec9
[ 132.320286][ T5993] RDX: 00002000000001c0 RSI: 0000000041009432 RDI: 0000000000000004
[ 132.320309][ T5993] RBP: 00007fe4e2c11f91 R08: 0000000000000000 R09: 0000000000000000
[ 132.320331][ T5993] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 132.320353][ T5993] R13: 00007fe4e2de5fa0 R14: 00007fe4e2de5fa0 R15: 0000000000000003
[ 132.320388][ T5993]
[ 132.320399][ T5993]
[ 132.622817][ T5993] The buggy address belongs to stack of task syz.0.24/5993
[ 132.630004][ T5993] and is located at offset 960 in frame:
[ 132.635877][ T5993] exfat_ioctl_set_volume_label+0x0/0x230
[ 132.641610][ T5993]
[ 132.643921][ T5993] This frame has 3 objects:
[ 132.648406][ T5993] [32, 36) 'lossy'
[ 132.648425][ T5993] [48, 568) 'uniname'
[ 132.652219][ T5993] [704, 960) 'label'
[ 132.656276][ T5993]
[ 132.662539][ T5993] The buggy address belongs to a vmalloc virtual mapping
[ 132.669552][ T5993] The buggy address belongs to the physical page:
[ 132.675942][ T5993] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff888077c14ee0 pfn:0x77c14
[ 132.685998][ T5993] memcg:ffff888025d68d82
[ 132.690221][ T5993] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[ 132.697505][ T5993] raw: 00fff00000000000 0000000000000000 dead000000000122 0000000000000000
[ 132.706081][ T5993] raw: ffff888077c14ee0 0000000000000000 00000001ffffffff ffff888025d68d82
[ 132.714651][ T5993] page dumped because: kasan: bad access detected
[ 132.721046][ T5993] page_owner tracks the page as allocated
[ 132.726742][ T5993] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2dc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_ZERO|__GFP_NOWARN), pid 5938, tgid 5938 (syz-executor), ts 128054386725, free_ts 128043043962
[ 132.746105][ T5993] post_alloc_hook+0x1c0/0x230
[ 132.750898][ T5993] get_page_from_freelist+0x10a3/0x3a30
[ 132.756464][ T5993] __alloc_frozen_pages_noprof+0x25f/0x2470
[ 132.762368][ T5993] alloc_pages_mpol+0x1fb/0x550
[ 132.767225][ T5993] alloc_pages_noprof+0x131/0x390
[ 132.772250][ T5993] __vmalloc_node_range_noprof+0x6f8/0x1480
[ 132.778153][ T5993] __vmalloc_node_noprof+0xad/0xf0
[ 132.783270][ T5993] copy_process+0x2c77/0x76a0
[ 132.787940][ T5993] kernel_clone+0xfc/0x930
[ 132.792350][ T5993] __do_sys_clone+0xce/0x120
[ 132.796936][ T5993] do_syscall_64+0xcd/0xfa0
[ 132.801538][ T5993] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 132.807432][ T5993] page last free pid 15 tgid 15 stack trace:
[ 132.813392][ T5993] __free_frozen_pages+0x7df/0x1160
[ 132.818599][ T5993] rcu_core+0x79c/0x1530
[ 132.822855][ T5993] handle_softirqs+0x219/0x8e0
[ 132.827719][ T5993] run_ksoftirqd+0x3a/0x60
[ 132.832412][ T5993] smpboot_thread_fn+0x3f7/0xae0
[ 132.837348][ T5993] kthread+0x3c5/0x780
[ 132.841429][ T5993] ret_from_fork+0x675/0x7d0
[ 132.846040][ T5993] ret_from_fork_asm+0x1a/0x30
[ 132.850806][ T5993]
[ 132.853116][ T5993] Memory state around the buggy address:
[ 132.858731][ T5993] ffffc90003cffb80: f2 f2 f2 f2 f2 f2 f2 f2 f2 00 00 00 00 00 00 00
[ 132.866785][ T5993] ffffc90003cffc00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 132.874834][ T5993] >ffffc90003cffc80: 00 00 00 00 00 00 00 00 00 f3 f3 f3 f3 f3 f3 f3
[ 132.882884][ T5993] ^
[ 132.889368][ T5993] ffffc90003cffd00: f3 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 132.897419][ T5993] ffffc90003cffd80: 00 00 00 00 f1 f1 f1 f1 f1 f1 00 00 00 f2 f2 f2
[ 132.905465][ T5993] ==================================================================
[ 132.952500][ T5994] loop0: detected capacity change from 0 to 256
[ 132.960366][ T5994] exfat: Deprecated parameter 'namecase'
[ 132.976529][ T5994] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x5441951d, utbl_chksum : 0xe619d30d)
[ 132.993212][ T5994] ==================================================================
[ 133.001279][ T5994] BUG: KASAN: stack-out-of-bounds in exfat_nls_to_ucs2+0x706/0x730
[ 133.009191][ T5994] Read of size 1 at addr ffffc90003d0fcc8 by task syz.0.25/5994
[ 133.016915][ T5994]
[ 133.019257][ T5994] CPU: 0 UID: 0 PID: 5994 Comm: syz.0.25 Tainted: G B syzkaller #0 PREEMPT(full)
[ 133.019308][ T5994] Tainted: [B]=BAD_PAGE
[ 133.019321][ T5994] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[ 133.019343][ T5994] Call Trace:
[ 133.019355][ T5994]
[ 133.019367][ T5994] dump_stack_lvl+0x116/0x1f0
[ 133.019426][ T5994] print_report+0xcd/0x630
[ 133.019471][ T5994] ? srso_alias_return_thunk+0x5/0xfbef5
[ 133.019516][ T5994] ? __virt_addr_valid+0x81/0x610
[ 133.019557][ T5994] ? exfat_nls_to_ucs2+0x706/0x730
[ 133.019590][ T5994] kasan_report+0xe0/0x110
[ 133.019635][ T5994] ? exfat_nls_to_ucs2+0x706/0x730
[ 133.019673][ T5994] exfat_nls_to_ucs2+0x706/0x730
[ 133.019712][ T5994] ? __pfx_exfat_nls_to_ucs2+0x10/0x10
[ 133.019783][ T5994] ? __might_fault+0xe3/0x190
[ 133.019816][ T5994] ? srso_alias_return_thunk+0x5/0xfbef5
[ 133.019858][ T5994] ? rcu_is_watching+0x12/0xc0
[ 133.019892][ T5994] ? srso_alias_return_thunk+0x5/0xfbef5
[ 133.019935][ T5994] ? lock_release+0x201/0x2f0
[ 133.019984][ T5994] exfat_nls_to_utf16+0xa6/0xf0
[ 133.020018][ T5994] exfat_ioctl_set_volume_label+0x15d/0x230
[ 133.020060][ T5994] ? __pfx_exfat_ioctl_set_volume_label+0x10/0x10
[ 133.020101][ T5994] ? __sanitizer_cov_trace_switch+0x54/0x90
[ 133.020195][ T5994] ? srso_alias_return_thunk+0x5/0xfbef5
[ 133.020238][ T5994] ? rcu_is_watching+0x12/0xc0
[ 133.020270][ T5994] ? srso_alias_return_thunk+0x5/0xfbef5
[ 133.020313][ T5994] ? trace_irq_enable.constprop.0+0xd4/0x120
[ 133.020351][ T5994] ? srso_alias_return_thunk+0x5/0xfbef5
[ 133.020416][ T5994] ? srso_alias_return_thunk+0x5/0xfbef5
[ 133.020459][ T5994] ? __sanitizer_cov_trace_switch+0x54/0x90
[ 133.020522][ T5994] exfat_ioctl+0x929/0x1630
[ 133.020565][ T5994] ? __pfx_exfat_ioctl+0x10/0x10
[ 133.020604][ T5994] ? __pfx_do_sys_openat2+0x10/0x10
[ 133.020658][ T5994] ? srso_alias_return_thunk+0x5/0xfbef5
[ 133.020700][ T5994] ? srso_alias_return_thunk+0x5/0xfbef5
[ 133.020752][ T5994] ? hook_file_ioctl_common+0x145/0x410
[ 133.020803][ T5994] ? srso_alias_return_thunk+0x5/0xfbef5
[ 133.020847][ T5994] ? __pfx___x64_sys_futex+0x10/0x10
[ 133.020899][ T5994] ? __pfx_exfat_ioctl+0x10/0x10
[ 133.020942][ T5994] __x64_sys_ioctl+0x18e/0x210
[ 133.021003][ T5994] do_syscall_64+0xcd/0xfa0
[ 133.021062][ T5994] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 133.021100][ T5994] RIP: 0033:0x7fe4e2b8eec9
[ 133.021127][ T5994] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 133.021164][ T5994] RSP: 002b:00007ffe7bb2e508 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 133.021199][ T5994] RAX: ffffffffffffffda RBX: 00007fe4e2de5fa0 RCX: 00007fe4e2b8eec9
[ 133.021224][ T5994] RDX: 00002000000001c0 RSI: 0000000041009432 RDI: 0000000000000004
[ 133.021246][ T5994] RBP: 00007fe4e2c11f91 R08: 0000000000000000 R09: 0000000000000000
[ 133.021269][ T5994] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 133.021291][ T5994] R13: 00007fe4e2de5fa0 R14: 00007fe4e2de5fa0 R15: 0000000000000003
[ 133.021328][ T5994]
[ 133.021341][ T5994]
[ 133.323510][ T5994] The buggy address belongs to stack of task syz.0.25/5994
[ 133.330687][ T5994] and is located at offset 960 in frame:
[ 133.336383][ T5994] exfat_ioctl_set_volume_label+0x0/0x230
[ 133.342103][ T5994]
[ 133.344409][ T5994] This frame has 3 objects:
[ 133.348911][ T5994] [32, 36) 'lossy'
[ 133.348929][ T5994] [48, 568) 'uniname'
[ 133.352721][ T5994] [704, 960) 'label'
[ 133.356771][ T5994]
[ 133.363024][ T5994] The buggy address belongs to a vmalloc virtual mapping
[ 133.370037][ T5994] The buggy address belongs to the physical page:
[ 133.376433][ T5994] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x440f7
[ 133.385360][ T5994] memcg:ffff888025d68d82
[ 133.389582][ T5994] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[ 133.396687][ T5994] raw: 00fff00000000000 0000000000000000 dead000000000122 0000000000000000
[ 133.405297][ T5994] raw: 0000000000000000 0000000000000000 00000001ffffffff ffff888025d68d82
[ 133.413870][ T5994] page dumped because: kasan: bad access detected
[ 133.420261][ T5994] page_owner tracks the page as allocated
[ 133.425959][ T5994] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2dc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_ZERO|__GFP_NOWARN), pid 5962, tgid 5962 (dhcpcd-run-hook), ts 126357224602, free_ts 126208698308
[ 133.446030][ T5994] post_alloc_hook+0x1c0/0x230
[ 133.450813][ T5994] get_page_from_freelist+0x10a3/0x3a30
[ 133.456377][ T5994] __alloc_frozen_pages_noprof+0x25f/0x2470
[ 133.462274][ T5994] alloc_pages_mpol+0x1fb/0x550
[ 133.467150][ T5994] alloc_pages_noprof+0x131/0x390
[ 133.472181][ T5994] __vmalloc_node_range_noprof+0x6f8/0x1480
[ 133.478088][ T5994] __vmalloc_node_noprof+0xad/0xf0
[ 133.483227][ T5994] copy_process+0x2c77/0x76a0
[ 133.487896][ T5994] kernel_clone+0xfc/0x930
[ 133.492306][ T5994] __do_sys_clone+0xce/0x120
[ 133.496885][ T5994] do_syscall_64+0xcd/0xfa0
[ 133.501401][ T5994] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 133.507297][ T5994] page last free pid 50 tgid 50 stack trace:
[ 133.513259][ T5994] __free_frozen_pages+0x7df/0x1160
[ 133.518476][ T5994] vfree+0x1fd/0xb50
[ 133.522371][ T5994] delayed_vfree_work+0x56/0x70
[ 133.527223][ T5994] process_one_work+0x9cf/0x1b70
[ 133.532182][ T5994] worker_thread+0x6c8/0xf10
[ 133.536814][ T5994] kthread+0x3c5/0x780
[ 133.540883][ T5994] ret_from_fork+0x675/0x7d0
[ 133.545479][ T5994] ret_from_fork_asm+0x1a/0x30
[ 133.550238][ T5994]
[ 133.552544][ T5994] Memory state around the buggy address:
[ 133.558161][ T5994] ffffc90003d0fb80: f2 f2 f2 f2 f2 f2 f2 f2 f2 00 00 00 00 00 00 00
[ 133.566216][ T5994] ffffc90003d0fc00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 133.574270][ T5994] >ffffc90003d0fc80: 00 00 00 00 00 00 00 00 00 f3 f3 f3 f3 f3 f3 f3
[ 133.582332][ T5994] ^
[ 133.588749][ T5994] ffffc90003d0fd00: f3 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 133.596809][ T5994] ffffc90003d0fd80: 00 00 00 00 f1 f1 f1 f1 f1 f1 00 00 00 f2 f2 f2
[ 133.604865][ T5994] ==================================================================
2025/10/12 11:05:53 executed programs: 11
[ 133.651973][ T5995] loop0: detected capacity change from 0 to 256
[ 133.669127][ T5995] exfat: Deprecated parameter 'namecase'
[ 133.685260][ T5995] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x5441951d, utbl_chksum : 0xe619d30d)
[ 133.700361][ T5995] ==================================================================
[ 133.708429][ T5995] BUG: KASAN: stack-out-of-bounds in exfat_nls_to_ucs2+0x706/0x730
[ 133.716340][ T5995] Read of size 1 at addr ffffc90003d0fcc8 by task syz.0.26/5995
[ 133.723979][ T5995]
[ 133.726315][ T5995] CPU: 0 UID: 0 PID: 5995 Comm: syz.0.26 Tainted: G B syzkaller #0 PREEMPT(full)
[ 133.726367][ T5995] Tainted: [B]=BAD_PAGE
[ 133.726379][ T5995] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[ 133.726401][ T5995] Call Trace:
[ 133.726412][ T5995]
[ 133.726424][ T5995] dump_stack_lvl+0x116/0x1f0
[ 133.726482][ T5995] print_report+0xcd/0x630
[ 133.726527][ T5995] ? srso_alias_return_thunk+0x5/0xfbef5
[ 133.726571][ T5995] ? __virt_addr_valid+0x81/0x610
[ 133.726612][ T5995] ? exfat_nls_to_ucs2+0x706/0x730
[ 133.726644][ T5995] kasan_report+0xe0/0x110
[ 133.726691][ T5995] ? exfat_nls_to_ucs2+0x706/0x730
[ 133.726730][ T5995] exfat_nls_to_ucs2+0x706/0x730
[ 133.726769][ T5995] ? __pfx_exfat_nls_to_ucs2+0x10/0x10
[ 133.726836][ T5995] ? __might_fault+0xe3/0x190
[ 133.726868][ T5995] ? srso_alias_return_thunk+0x5/0xfbef5
[ 133.726918][ T5995] ? rcu_is_watching+0x12/0xc0
[ 133.726952][ T5995] ? srso_alias_return_thunk+0x5/0xfbef5
[ 133.726995][ T5995] ? lock_release+0x201/0x2f0
[ 133.727044][ T5995] exfat_nls_to_utf16+0xa6/0xf0
[ 133.727081][ T5995] exfat_ioctl_set_volume_label+0x15d/0x230
[ 133.727122][ T5995] ? __pfx_exfat_ioctl_set_volume_label+0x10/0x10
[ 133.727165][ T5995] ? __sanitizer_cov_trace_switch+0x54/0x90
[ 133.727258][ T5995] ? srso_alias_return_thunk+0x5/0xfbef5
[ 133.727302][ T5995] ? rcu_is_watching+0x12/0xc0
[ 133.727336][ T5995] ? srso_alias_return_thunk+0x5/0xfbef5
[ 133.727379][ T5995] ? trace_irq_enable.constprop.0+0xd4/0x120
[ 133.727417][ T5995] ? srso_alias_return_thunk+0x5/0xfbef5
[ 133.727483][ T5995] ? srso_alias_return_thunk+0x5/0xfbef5
[ 133.727527][ T5995] ? __sanitizer_cov_trace_switch+0x54/0x90
[ 133.727591][ T5995] exfat_ioctl+0x929/0x1630
[ 133.727633][ T5995] ? __pfx_exfat_ioctl+0x10/0x10
[ 133.727670][ T5995] ? __pfx_do_sys_openat2+0x10/0x10
[ 133.727722][ T5995] ? srso_alias_return_thunk+0x5/0xfbef5
[ 133.727766][ T5995] ? srso_alias_return_thunk+0x5/0xfbef5
[ 133.727809][ T5995] ? hook_file_ioctl_common+0x145/0x410
[ 133.727862][ T5995] ? srso_alias_return_thunk+0x5/0xfbef5
[ 133.727914][ T5995] ? __pfx___x64_sys_futex+0x10/0x10
[ 133.727966][ T5995] ? __pfx_exfat_ioctl+0x10/0x10
[ 133.728006][ T5995] __x64_sys_ioctl+0x18e/0x210
[ 133.728066][ T5995] do_syscall_64+0xcd/0xfa0
[ 133.728123][ T5995] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 133.728160][ T5995] RIP: 0033:0x7fe4e2b8eec9
[ 133.728186][ T5995] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 133.728222][ T5995] RSP: 002b:00007ffe7bb2e508 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 133.728256][ T5995] RAX: ffffffffffffffda RBX: 00007fe4e2de5fa0 RCX: 00007fe4e2b8eec9
[ 133.728281][ T5995] RDX: 00002000000001c0 RSI: 0000000041009432 RDI: 0000000000000004
[ 133.728304][ T5995] RBP: 00007fe4e2c11f91 R08: 0000000000000000 R09: 0000000000000000
[ 133.728327][ T5995] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 133.728349][ T5995] R13: 00007fe4e2de5fa0 R14: 00007fe4e2de5fa0 R15: 0000000000000003
[ 133.728385][ T5995]
[ 133.728397][ T5995]
[ 134.030764][ T5995] The buggy address belongs to stack of task syz.0.26/5995
[ 134.037951][ T5995] and is located at offset 960 in frame:
[ 134.043662][ T5995] exfat_ioctl_set_volume_label+0x0/0x230
[ 134.049397][ T5995]
[ 134.051708][ T5995] This frame has 3 objects:
[ 134.056200][ T5995] [32, 36) 'lossy'
[ 134.056221][ T5995] [48, 568) 'uniname'
[ 134.060016][ T5995] [704, 960) 'label'
[ 134.064073][ T5995]
[ 134.070335][ T5995] The buggy address belongs to a vmalloc virtual mapping
[ 134.077354][ T5995] The buggy address belongs to the physical page:
[ 134.083760][ T5995] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x440f7
[ 134.092517][ T5995] memcg:ffff888025d68d82
[ 134.096747][ T5995] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[ 134.103954][ T5995] raw: 00fff00000000000 0000000000000000 dead000000000122 0000000000000000
[ 134.112610][ T5995] raw: 0000000000000000 0000000000000000 00000001ffffffff ffff888025d68d82
[ 134.121358][ T5995] page dumped because: kasan: bad access detected
[ 134.127758][ T5995] page_owner tracks the page as allocated
[ 134.133457][ T5995] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2dc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_ZERO|__GFP_NOWARN), pid 5962, tgid 5962 (dhcpcd-run-hook), ts 126357224602, free_ts 126208698308
[ 134.153098][ T5995] post_alloc_hook+0x1c0/0x230
[ 134.158062][ T5995] get_page_from_freelist+0x10a3/0x3a30
[ 134.163655][ T5995] __alloc_frozen_pages_noprof+0x25f/0x2470
[ 134.169548][ T5995] alloc_pages_mpol+0x1fb/0x550
[ 134.174407][ T5995] alloc_pages_noprof+0x131/0x390
[ 134.179440][ T5995] __vmalloc_node_range_noprof+0x6f8/0x1480
[ 134.185347][ T5995] __vmalloc_node_noprof+0xad/0xf0
[ 134.190471][ T5995] copy_process+0x2c77/0x76a0
[ 134.195147][ T5995] kernel_clone+0xfc/0x930
[ 134.199563][ T5995] __do_sys_clone+0xce/0x120
[ 134.204153][ T5995] do_syscall_64+0xcd/0xfa0
[ 134.208677][ T5995] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 134.214571][ T5995] page last free pid 50 tgid 50 stack trace:
[ 134.220538][ T5995] __free_frozen_pages+0x7df/0x1160
[ 134.225760][ T5995] vfree+0x1fd/0xb50
[ 134.229688][ T5995] delayed_vfree_work+0x56/0x70
[ 134.234558][ T5995] process_one_work+0x9cf/0x1b70
[ 134.239514][ T5995] worker_thread+0x6c8/0xf10
[ 134.244117][ T5995] kthread+0x3c5/0x780
[ 134.248194][ T5995] ret_from_fork+0x675/0x7d0
[ 134.252790][ T5995] ret_from_fork_asm+0x1a/0x30
[ 134.257559][ T5995]
[ 134.259868][ T5995] Memory state around the buggy address:
[ 134.265491][ T5995] ffffc90003d0fb80: f2 f2 f2 f2 f2 f2 f2 f2 f2 00 00 00 00 00 00 00
[ 134.273637][ T5995] ffffc90003d0fc00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 134.281783][ T5995] >ffffc90003d0fc80: 00 00 00 00 00 00 00 00 00 f3 f3 f3 f3 f3 f3 f3
[ 134.289832][ T5995] ^
[ 134.296319][ T5995] ffffc90003d0fd00: f3 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 134.304376][ T5995] ffffc90003d0fd80: 00 00 00 00 f1 f1 f1 f1 f1 f1 00 00 00 f2 f2 f2
[ 134.312426][ T5995] ==================================================================
[ 134.364366][ T5997] loop0: detected capacity change from 0 to 256
[ 134.372709][ T5997] exfat: Deprecated parameter 'namecase'
[ 134.386344][ T5997] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x5441951d, utbl_chksum : 0xe619d30d)
[ 134.399975][ T5997] ==================================================================
[ 134.408038][ T5997] BUG: KASAN: stack-out-of-bounds in exfat_nls_to_ucs2+0x706/0x730
[ 134.416033][ T5997] Read of size 1 at addr ffffc9000391fcc8 by task syz.0.27/5997
[ 134.423668][ T5997]
[ 134.425998][ T5997] CPU: 1 UID: 0 PID: 5997 Comm: syz.0.27 Tainted: G B syzkaller #0 PREEMPT(full)
[ 134.426049][ T5997] Tainted: [B]=BAD_PAGE
[ 134.426062][ T5997] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[ 134.426082][ T5997] Call Trace:
[ 134.426093][ T5997]
[ 134.426106][ T5997] dump_stack_lvl+0x116/0x1f0
[ 134.426164][ T5997] print_report+0xcd/0x630
[ 134.426208][ T5997] ? srso_alias_return_thunk+0x5/0xfbef5
[ 134.426253][ T5997] ? __virt_addr_valid+0x81/0x610
[ 134.426293][ T5997] ? exfat_nls_to_ucs2+0x706/0x730
[ 134.426326][ T5997] kasan_report+0xe0/0x110
[ 134.426372][ T5997] ? exfat_nls_to_ucs2+0x706/0x730
[ 134.426410][ T5997] exfat_nls_to_ucs2+0x706/0x730
[ 134.426449][ T5997] ? __pfx_exfat_nls_to_ucs2+0x10/0x10
[ 134.426525][ T5997] ? __might_fault+0xe3/0x190
[ 134.426558][ T5997] ? srso_alias_return_thunk+0x5/0xfbef5
[ 134.426601][ T5997] ? rcu_is_watching+0x12/0xc0
[ 134.426639][ T5997] ? srso_alias_return_thunk+0x5/0xfbef5
[ 134.426682][ T5997] ? lock_release+0x201/0x2f0
[ 134.426731][ T5997] exfat_nls_to_utf16+0xa6/0xf0
[ 134.426767][ T5997] exfat_ioctl_set_volume_label+0x15d/0x230
[ 134.426807][ T5997] ? __pfx_exfat_ioctl_set_volume_label+0x10/0x10
[ 134.426848][ T5997] ? __sanitizer_cov_trace_switch+0x54/0x90
[ 134.426942][ T5997] ? srso_alias_return_thunk+0x5/0xfbef5
[ 134.426985][ T5997] ? rcu_is_watching+0x12/0xc0
[ 134.427017][ T5997] ? srso_alias_return_thunk+0x5/0xfbef5
[ 134.427060][ T5997] ? trace_irq_enable.constprop.0+0xd4/0x120
[ 134.427098][ T5997] ? srso_alias_return_thunk+0x5/0xfbef5
[ 134.427163][ T5997] ? srso_alias_return_thunk+0x5/0xfbef5
[ 134.427206][ T5997] ? __sanitizer_cov_trace_switch+0x54/0x90
[ 134.427269][ T5997] exfat_ioctl+0x929/0x1630
[ 134.427311][ T5997] ? __pfx_exfat_ioctl+0x10/0x10
[ 134.427348][ T5997] ? __pfx_do_sys_openat2+0x10/0x10
[ 134.427402][ T5997] ? srso_alias_return_thunk+0x5/0xfbef5
[ 134.427445][ T5997] ? srso_alias_return_thunk+0x5/0xfbef5
[ 134.427487][ T5997] ? hook_file_ioctl_common+0x145/0x410
[ 134.427551][ T5997] ? srso_alias_return_thunk+0x5/0xfbef5
[ 134.427595][ T5997] ? __pfx___x64_sys_futex+0x10/0x10
[ 134.427678][ T5997] ? __pfx_exfat_ioctl+0x10/0x10
[ 134.427718][ T5997] __x64_sys_ioctl+0x18e/0x210
[ 134.427777][ T5997] do_syscall_64+0xcd/0xfa0
[ 134.427834][ T5997] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 134.427870][ T5997] RIP: 0033:0x7fe4e2b8eec9
[ 134.427895][ T5997] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 134.427930][ T5997] RSP: 002b:00007ffe7bb2e508 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 134.427963][ T5997] RAX: ffffffffffffffda RBX: 00007fe4e2de5fa0 RCX: 00007fe4e2b8eec9
[ 134.427987][ T5997] RDX: 00002000000001c0 RSI: 0000000041009432 RDI: 0000000000000004
[ 134.428010][ T5997] RBP: 00007fe4e2c11f91 R08: 0000000000000000 R09: 0000000000000000
[ 134.428033][ T5997] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 134.428055][ T5997] R13: 00007fe4e2de5fa0 R14: 00007fe4e2de5fa0 R15: 0000000000000003
[ 134.428091][ T5997]
[ 134.428102][ T5997]
[ 134.730972][ T5997] The buggy address belongs to stack of task syz.0.27/5997
[ 134.738155][ T5997] and is located at offset 960 in frame:
[ 134.743869][ T5997] exfat_ioctl_set_volume_label+0x0/0x230
[ 134.749596][ T5997]
[ 134.751905][ T5997] This frame has 3 objects:
[ 134.756392][ T5997] [32, 36) 'lossy'
[ 134.756412][ T5997] [48, 568) 'uniname'
[ 134.760295][ T5997] [704, 960) 'label'
[ 134.764351][ T5997]
[ 134.770602][ T5997] The buggy address belongs to a vmalloc virtual mapping
[ 134.777621][ T5997] The buggy address belongs to the physical page:
[ 134.784019][ T5997] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff88807c8e8000 pfn:0x7c8e8
[ 134.794077][ T5997] memcg:ffff888025d68d82
[ 134.798297][ T5997] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[ 134.805406][ T5997] raw: 00fff00000000000 0000000000000000 dead000000000122 0000000000000000
[ 134.814070][ T5997] raw: ffff88807c8e8000 0000000000000000 00000001ffffffff ffff888025d68d82
[ 134.822649][ T5997] page dumped because: kasan: bad access detected
[ 134.829044][ T5997] page_owner tracks the page as allocated
[ 134.834738][ T5997] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2dc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_ZERO|__GFP_NOWARN), pid 5488, tgid 5488 (dhcpcd), ts 134332701608, free_ts 132946196828
[ 134.853586][ T5997] post_alloc_hook+0x1c0/0x230
[ 134.858378][ T5997] get_page_from_freelist+0x10a3/0x3a30
[ 134.863944][ T5997] __alloc_frozen_pages_noprof+0x25f/0x2470
[ 134.869834][ T5997] alloc_pages_mpol+0x1fb/0x550
[ 134.874692][ T5997] alloc_pages_noprof+0x131/0x390
[ 134.879718][ T5997] __vmalloc_node_range_noprof+0x6f8/0x1480
[ 134.885651][ T5997] __vmalloc_node_noprof+0xad/0xf0
[ 134.890774][ T5997] copy_process+0x2c77/0x76a0
[ 134.895448][ T5997] kernel_clone+0xfc/0x930
[ 134.899858][ T5997] __do_sys_clone+0xce/0x120
[ 134.904438][ T5997] do_syscall_64+0xcd/0xfa0
[ 134.908951][ T5997] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 134.914835][ T5997] page last free pid 5839 tgid 5839 stack trace:
[ 134.921143][ T5997] __free_frozen_pages+0x7df/0x1160
[ 134.926346][ T5997] qlist_free_all+0x4d/0x120
[ 134.930934][ T5997] kasan_quarantine_reduce+0x195/0x1e0
[ 134.936393][ T5997] __kasan_slab_alloc+0x69/0x90
[ 134.941239][ T5997] kmem_cache_alloc_lru_noprof+0x254/0x6e0
[ 134.947033][ T5997] shmem_alloc_inode+0x25/0x50
[ 134.951975][ T5997] alloc_inode+0x64/0x240
[ 134.956311][ T5997] new_inode+0x22/0x1c0
[ 134.960481][ T5997] shmem_get_inode+0x19a/0xfb0
[ 134.965252][ T5997] shmem_mknod+0x1a8/0x450
[ 134.969669][ T5997] lookup_open.isra.0+0x11d3/0x1580
[ 134.975035][ T5997] path_openat+0x893/0x2cb0
[ 134.979537][ T5997] do_filp_open+0x20b/0x470
[ 134.984121][ T5997] do_sys_openat2+0x11b/0x1d0
[ 134.988807][ T5997] __x64_sys_openat+0x174/0x210
[ 134.993669][ T5997] do_syscall_64+0xcd/0xfa0
[ 134.998277][ T5997]
[ 135.000601][ T5997] Memory state around the buggy address:
[ 135.006231][ T5997] ffffc9000391fb80: f2 f2 f2 f2 f2 f2 f2 f2 f2 00 00 00 00 00 00 00
[ 135.014296][ T5997] ffffc9000391fc00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 135.022351][ T5997] >ffffc9000391fc80: 00 00 00 00 00 00 00 00 00 f3 f3 f3 f3 f3 f3 f3
[ 135.030394][ T5997] ^
[ 135.036788][ T5997] ffffc9000391fd00: f3 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 135.044852][ T5997] ffffc9000391fd80: 00 00 00 00 f1 f1 f1 f1 f1 f1 00 00 00 f2 f2 f2
[ 135.052908][ T5997] ==================================================================
[ 135.103225][ T5999] loop0: detected capacity change from 0 to 256
[ 135.111154][ T5999] exfat: Deprecated parameter 'namecase'
[ 135.125866][ T5999] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x5441951d, utbl_chksum : 0xe619d30d)
[ 135.139787][ T5999] ==================================================================
[ 135.147850][ T5999] BUG: KASAN: stack-out-of-bounds in exfat_nls_to_ucs2+0x706/0x730
[ 135.155765][ T5999] Read of size 1 at addr ffffc9000391fcc8 by task syz.0.28/5999
[ 135.163406][ T5999]
[ 135.165736][ T5999] CPU: 1 UID: 0 PID: 5999 Comm: syz.0.28 Tainted: G B syzkaller #0 PREEMPT(full)
[ 135.165788][ T5999] Tainted: [B]=BAD_PAGE
[ 135.165800][ T5999] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[ 135.165821][ T5999] Call Trace:
[ 135.165833][ T5999]
[ 135.165845][ T5999] dump_stack_lvl+0x116/0x1f0
[ 135.165902][ T5999] print_report+0xcd/0x630
[ 135.165948][ T5999] ? srso_alias_return_thunk+0x5/0xfbef5
[ 135.165993][ T5999] ? __virt_addr_valid+0x81/0x610
[ 135.166034][ T5999] ? exfat_nls_to_ucs2+0x706/0x730
[ 135.166067][ T5999] kasan_report+0xe0/0x110
[ 135.166112][ T5999] ? exfat_nls_to_ucs2+0x706/0x730
[ 135.166151][ T5999] exfat_nls_to_ucs2+0x706/0x730
[ 135.166189][ T5999] ? __pfx_exfat_nls_to_ucs2+0x10/0x10
[ 135.166256][ T5999] ? __might_fault+0xe3/0x190
[ 135.166288][ T5999] ? srso_alias_return_thunk+0x5/0xfbef5
[ 135.166331][ T5999] ? rcu_is_watching+0x12/0xc0
[ 135.166364][ T5999] ? srso_alias_return_thunk+0x5/0xfbef5
[ 135.166407][ T5999] ? lock_release+0x201/0x2f0
[ 135.166457][ T5999] exfat_nls_to_utf16+0xa6/0xf0
[ 135.166494][ T5999] exfat_ioctl_set_volume_label+0x15d/0x230
[ 135.166535][ T5999] ? __pfx_exfat_ioctl_set_volume_label+0x10/0x10
[ 135.166576][ T5999] ? __sanitizer_cov_trace_switch+0x54/0x90
[ 135.166676][ T5999] ? srso_alias_return_thunk+0x5/0xfbef5
[ 135.166720][ T5999] ? rcu_is_watching+0x12/0xc0
[ 135.166753][ T5999] ? srso_alias_return_thunk+0x5/0xfbef5
[ 135.166796][ T5999] ? trace_irq_enable.constprop.0+0xd4/0x120
[ 135.166833][ T5999] ? srso_alias_return_thunk+0x5/0xfbef5
[ 135.166897][ T5999] ? srso_alias_return_thunk+0x5/0xfbef5
[ 135.166939][ T5999] ? __sanitizer_cov_trace_switch+0x54/0x90
[ 135.167001][ T5999] exfat_ioctl+0x929/0x1630
[ 135.167044][ T5999] ? __pfx_exfat_ioctl+0x10/0x10
[ 135.167081][ T5999] ? __pfx_do_sys_openat2+0x10/0x10
[ 135.167135][ T5999] ? srso_alias_return_thunk+0x5/0xfbef5
[ 135.167178][ T5999] ? srso_alias_return_thunk+0x5/0xfbef5
[ 135.167220][ T5999] ? hook_file_ioctl_common+0x145/0x410
[ 135.167272][ T5999] ? srso_alias_return_thunk+0x5/0xfbef5
[ 135.167316][ T5999] ? __pfx___x64_sys_futex+0x10/0x10
[ 135.167364][ T5999] ? __pfx_exfat_ioctl+0x10/0x10
[ 135.167404][ T5999] __x64_sys_ioctl+0x18e/0x210
[ 135.167464][ T5999] do_syscall_64+0xcd/0xfa0
[ 135.167521][ T5999] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 135.167557][ T5999] RIP: 0033:0x7fe4e2b8eec9
[ 135.167584][ T5999] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 135.167619][ T5999] RSP: 002b:00007ffe7bb2e508 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 135.167658][ T5999] RAX: ffffffffffffffda RBX: 00007fe4e2de5fa0 RCX: 00007fe4e2b8eec9
[ 135.167682][ T5999] RDX: 00002000000001c0 RSI: 0000000041009432 RDI: 0000000000000004
[ 135.167705][ T5999] RBP: 00007fe4e2c11f91 R08: 0000000000000000 R09: 0000000000000000
[ 135.167728][ T5999] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 135.167750][ T5999] R13: 00007fe4e2de5fa0 R14: 00007fe4e2de5fa0 R15: 0000000000000003
[ 135.167785][ T5999]
[ 135.167797][ T5999]
[ 135.469687][ T5999] The buggy address belongs to stack of task syz.0.28/5999
[ 135.476873][ T5999] and is located at offset 960 in frame:
[ 135.482578][ T5999] exfat_ioctl_set_volume_label+0x0/0x230
[ 135.488309][ T5999]
[ 135.490617][ T5999] This frame has 3 objects:
[ 135.495106][ T5999] [32, 36) 'lossy'
[ 135.495127][ T5999] [48, 568) 'uniname'
[ 135.498925][ T5999] [704, 960) 'label'
[ 135.502980][ T5999]
[ 135.509242][ T5999] The buggy address belongs to a vmalloc virtual mapping
[ 135.516261][ T5999] The buggy address belongs to the physical page:
[ 135.522746][ T5999] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff88807c8e8000 pfn:0x7c8e8
[ 135.532804][ T5999] memcg:ffff888025d68d82
[ 135.537028][ T5999] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[ 135.544147][ T5999] raw: 00fff00000000000 0000000000000000 dead000000000122 0000000000000000
[ 135.552735][ T5999] raw: ffff88807c8e8000 0000000000000000 00000001ffffffff ffff888025d68d82
[ 135.561309][ T5999] page dumped because: kasan: bad access detected
[ 135.567708][ T5999] page_owner tracks the page as allocated
[ 135.573406][ T5999] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2dc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_ZERO|__GFP_NOWARN), pid 5488, tgid 5488 (dhcpcd), ts 134332701608, free_ts 132946196828
[ 135.592260][ T5999] post_alloc_hook+0x1c0/0x230
[ 135.597052][ T5999] get_page_from_freelist+0x10a3/0x3a30
[ 135.602626][ T5999] __alloc_frozen_pages_noprof+0x25f/0x2470
[ 135.608519][ T5999] alloc_pages_mpol+0x1fb/0x550
[ 135.613379][ T5999] alloc_pages_noprof+0x131/0x390
[ 135.618415][ T5999] __vmalloc_node_range_noprof+0x6f8/0x1480
[ 135.624323][ T5999] __vmalloc_node_noprof+0xad/0xf0
[ 135.629540][ T5999] copy_process+0x2c77/0x76a0
[ 135.634225][ T5999] kernel_clone+0xfc/0x930
[ 135.638641][ T5999] __do_sys_clone+0xce/0x120
[ 135.643230][ T5999] do_syscall_64+0xcd/0xfa0
[ 135.647751][ T5999] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 135.653647][ T5999] page last free pid 5839 tgid 5839 stack trace:
[ 135.659961][ T5999] __free_frozen_pages+0x7df/0x1160
[ 135.665175][ T5999] qlist_free_all+0x4d/0x120
[ 135.669771][ T5999] kasan_quarantine_reduce+0x195/0x1e0
[ 135.675232][ T5999] __kasan_slab_alloc+0x69/0x90
[ 135.680089][ T5999] kmem_cache_alloc_lru_noprof+0x254/0x6e0
[ 135.685898][ T5999] shmem_alloc_inode+0x25/0x50
[ 135.690668][ T5999] alloc_inode+0x64/0x240
[ 135.695015][ T5999] new_inode+0x22/0x1c0
[ 135.699189][ T5999] shmem_get_inode+0x19a/0xfb0
[ 135.703961][ T5999] shmem_mknod+0x1a8/0x450
[ 135.708389][ T5999] lookup_open.isra.0+0x11d3/0x1580
[ 135.713585][ T5999] path_openat+0x893/0x2cb0
[ 135.718093][ T5999] do_filp_open+0x20b/0x470
[ 135.722600][ T5999] do_sys_openat2+0x11b/0x1d0
[ 135.727292][ T5999] __x64_sys_openat+0x174/0x210
[ 135.732162][ T5999] do_syscall_64+0xcd/0xfa0
[ 135.736705][ T5999]
[ 135.739016][ T5999] Memory state around the buggy address:
[ 135.744636][ T5999] ffffc9000391fb80: f2 f2 f2 f2 f2 f2 f2 f2 f2 00 00 00 00 00 00 00
[ 135.752692][ T5999] ffffc9000391fc00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 135.760746][ T5999] >ffffc9000391fc80: 00 00 00 00 00 00 00 00 00 f3 f3 f3 f3 f3 f3 f3
[ 135.768882][ T5999] ^
[ 135.775460][ T5999] ffffc9000391fd00: f3 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 135.783514][ T5999] ffffc9000391fd80: 00 00 00 00 f1 f1 f1 f1 f1 f1 00 00 00 f2 f2 f2
[ 135.791566][ T5999] ==================================================================
[ 135.827425][ T6000] loop0: detected capacity change from 0 to 256
[ 135.838854][ T6000] exfat: Deprecated parameter 'namecase'
[ 135.864699][ T6000] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x5441951d, utbl_chksum : 0xe619d30d)
[ 135.878478][ T6000] ==================================================================
[ 135.886541][ T6000] BUG: KASAN: stack-out-of-bounds in exfat_nls_to_ucs2+0x706/0x730
[ 135.894449][ T6000] Read of size 1 at addr ffffc9000398fcc8 by task syz.0.29/6000
[ 135.902083][ T6000]
[ 135.904415][ T6000] CPU: 0 UID: 0 PID: 6000 Comm: syz.0.29 Tainted: G B syzkaller #0 PREEMPT(full)
[ 135.904468][ T6000] Tainted: [B]=BAD_PAGE
[ 135.904481][ T6000] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[ 135.904502][ T6000] Call Trace:
[ 135.904513][ T6000]
[ 135.904526][ T6000] dump_stack_lvl+0x116/0x1f0
[ 135.904583][ T6000] print_report+0xcd/0x630
[ 135.904628][ T6000] ? srso_alias_return_thunk+0x5/0xfbef5
[ 135.904681][ T6000] ? __virt_addr_valid+0x81/0x610
[ 135.904723][ T6000] ? exfat_nls_to_ucs2+0x706/0x730
[ 135.904757][ T6000] kasan_report+0xe0/0x110
[ 135.904803][ T6000] ? exfat_nls_to_ucs2+0x706/0x730
[ 135.904842][ T6000] exfat_nls_to_ucs2+0x706/0x730
[ 135.904880][ T6000] ? __pfx_exfat_nls_to_ucs2+0x10/0x10
[ 135.904945][ T6000] ? __might_fault+0xe3/0x190
[ 135.904978][ T6000] ? srso_alias_return_thunk+0x5/0xfbef5
[ 135.905022][ T6000] ? rcu_is_watching+0x12/0xc0
[ 135.905056][ T6000] ? srso_alias_return_thunk+0x5/0xfbef5
[ 135.905098][ T6000] ? lock_release+0x201/0x2f0
[ 135.905147][ T6000] exfat_nls_to_utf16+0xa6/0xf0
[ 135.905183][ T6000] exfat_ioctl_set_volume_label+0x15d/0x230
[ 135.905224][ T6000] ? __pfx_exfat_ioctl_set_volume_label+0x10/0x10
[ 135.905265][ T6000] ? __sanitizer_cov_trace_switch+0x54/0x90
[ 135.905359][ T6000] ? srso_alias_return_thunk+0x5/0xfbef5
[ 135.905403][ T6000] ? rcu_is_watching+0x12/0xc0
[ 135.905435][ T6000] ? srso_alias_return_thunk+0x5/0xfbef5
[ 135.905478][ T6000] ? trace_irq_enable.constprop.0+0xd4/0x120
[ 135.905516][ T6000] ? srso_alias_return_thunk+0x5/0xfbef5
[ 135.905580][ T6000] ? srso_alias_return_thunk+0x5/0xfbef5
[ 135.905623][ T6000] ? __sanitizer_cov_trace_switch+0x54/0x90
[ 135.905692][ T6000] exfat_ioctl+0x929/0x1630
[ 135.905733][ T6000] ? __pfx_exfat_ioctl+0x10/0x10
[ 135.905771][ T6000] ? __pfx_do_sys_openat2+0x10/0x10
[ 135.905825][ T6000] ? srso_alias_return_thunk+0x5/0xfbef5
[ 135.905868][ T6000] ? srso_alias_return_thunk+0x5/0xfbef5
[ 135.905909][ T6000] ? hook_file_ioctl_common+0x145/0x410
[ 135.905961][ T6000] ? srso_alias_return_thunk+0x5/0xfbef5
[ 135.906005][ T6000] ? __pfx___x64_sys_futex+0x10/0x10
[ 135.906055][ T6000] ? __pfx_exfat_ioctl+0x10/0x10
[ 135.906095][ T6000] __x64_sys_ioctl+0x18e/0x210
[ 135.906153][ T6000] do_syscall_64+0xcd/0xfa0
[ 135.906209][ T6000] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 135.906245][ T6000] RIP: 0033:0x7fe4e2b8eec9
[ 135.906272][ T6000] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 135.906306][ T6000] RSP: 002b:00007ffe7bb2e508 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 135.906339][ T6000] RAX: ffffffffffffffda RBX: 00007fe4e2de5fa0 RCX: 00007fe4e2b8eec9
[ 135.906364][ T6000] RDX: 00002000000001c0 RSI: 0000000041009432 RDI: 0000000000000004
[ 135.906387][ T6000] RBP: 00007fe4e2c11f91 R08: 0000000000000000 R09: 0000000000000000
[ 135.906410][ T6000] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 135.906431][ T6000] R13: 00007fe4e2de5fa0 R14: 00007fe4e2de5fa0 R15: 0000000000000003
[ 135.906466][ T6000]
[ 135.906478][ T6000]
[ 136.208987][ T6000] The buggy address belongs to stack of task syz.0.29/6000
[ 136.216169][ T6000] and is located at offset 960 in frame:
[ 136.221868][ T6000] exfat_ioctl_set_volume_label+0x0/0x230
[ 136.227595][ T6000]
[ 136.229904][ T6000] This frame has 3 objects:
[ 136.234390][ T6000] [32, 36) 'lossy'
[ 136.234412][ T6000] [48, 568) 'uniname'
[ 136.238215][ T6000] [704, 960) 'label'
[ 136.242266][ T6000]
[ 136.248513][ T6000] The buggy address belongs to a vmalloc virtual mapping
[ 136.255526][ T6000] The buggy address belongs to the physical page:
[ 136.261920][ T6000] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff88802778e500 pfn:0x2778e
[ 136.271978][ T6000] memcg:ffff888025d68d82
[ 136.276200][ T6000] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[ 136.283351][ T6000] raw: 00fff00000000000 0000000000000000 dead000000000122 0000000000000000
[ 136.291934][ T6000] raw: ffff88802778e500 0000000000000000 00000001ffffffff ffff888025d68d82
[ 136.300506][ T6000] page dumped because: kasan: bad access detected
[ 136.306904][ T6000] page_owner tracks the page as allocated
[ 136.312607][ T6000] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2dc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_ZERO|__GFP_NOWARN), pid 5966, tgid 5966 (dhcpcd-run-hook), ts 126259699203, free_ts 126105386158
[ 136.332347][ T6000] post_alloc_hook+0x1c0/0x230
[ 136.337126][ T6000] get_page_from_freelist+0x10a3/0x3a30
[ 136.342695][ T6000] __alloc_frozen_pages_noprof+0x25f/0x2470
[ 136.348586][ T6000] alloc_pages_mpol+0x1fb/0x550
[ 136.353449][ T6000] alloc_pages_noprof+0x131/0x390
[ 136.358480][ T6000] __vmalloc_node_range_noprof+0x6f8/0x1480
[ 136.364385][ T6000] __vmalloc_node_noprof+0xad/0xf0
[ 136.369506][ T6000] copy_process+0x2c77/0x76a0
[ 136.374178][ T6000] kernel_clone+0xfc/0x930
[ 136.378590][ T6000] __do_sys_clone+0xce/0x120
[ 136.383178][ T6000] do_syscall_64+0xcd/0xfa0
[ 136.387704][ T6000] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 136.393599][ T6000] page last free pid 44 tgid 44 stack trace:
[ 136.399563][ T6000] __free_frozen_pages+0x7df/0x1160
[ 136.404771][ T6000] vfree+0x1fd/0xb50
[ 136.408673][ T6000] delayed_vfree_work+0x56/0x70
[ 136.413708][ T6000] process_one_work+0x9cf/0x1b70
[ 136.418672][ T6000] worker_thread+0x6c8/0xf10
[ 136.423271][ T6000] kthread+0x3c5/0x780
[ 136.427349][ T6000] ret_from_fork+0x675/0x7d0
[ 136.431947][ T6000] ret_from_fork_asm+0x1a/0x30
[ 136.436715][ T6000]
[ 136.439023][ T6000] Memory state around the buggy address:
[ 136.444649][ T6000] ffffc9000398fb80: f2 f2 f2 f2 f2 f2 f2 f2 f2 00 00 00 00 00 00 00
[ 136.452704][ T6000] ffffc9000398fc00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 136.460754][ T6000] >ffffc9000398fc80: 00 00 00 00 00 00 00 00 00 f3 f3 f3 f3 f3 f3 f3
[ 136.468802][ T6000] ^
[ 136.475200][ T6000] ffffc9000398fd00: f3 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 136.483252][ T6000] ffffc9000398fd80: 00 00 00 00 f1 f1 f1 f1 f1 f1 00 00 00 f2 f2 f2
[ 136.491315][ T6000] ==================================================================
[ 136.536201][ T6004] loop0: detected capacity change from 0 to 256
[ 136.545438][ T6004] exfat: Deprecated parameter 'namecase'
[ 136.568522][ T6004] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x5441951d, utbl_chksum : 0xe619d30d)
[ 136.586461][ T6004] ==================================================================
[ 136.594524][ T6004] BUG: KASAN: stack-out-of-bounds in exfat_nls_to_ucs2+0x706/0x730
[ 136.602435][ T6004] Read of size 1 at addr ffffc9000391fcc8 by task syz.0.30/6004
[ 136.610074][ T6004]
[ 136.612405][ T6004] CPU: 1 UID: 0 PID: 6004 Comm: syz.0.30 Tainted: G B syzkaller #0 PREEMPT(full)
[ 136.612457][ T6004] Tainted: [B]=BAD_PAGE
[ 136.612469][ T6004] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[ 136.612491][ T6004] Call Trace:
[ 136.612502][ T6004]
[ 136.612514][ T6004] dump_stack_lvl+0x116/0x1f0
[ 136.612572][ T6004] print_report+0xcd/0x630
[ 136.612616][ T6004] ? srso_alias_return_thunk+0x5/0xfbef5
[ 136.612660][ T6004] ? __virt_addr_valid+0x81/0x610
[ 136.612702][ T6004] ? exfat_nls_to_ucs2+0x706/0x730
[ 136.612741][ T6004] kasan_report+0xe0/0x110
[ 136.612786][ T6004] ? exfat_nls_to_ucs2+0x706/0x730
[ 136.612825][ T6004] exfat_nls_to_ucs2+0x706/0x730
[ 136.612864][ T6004] ? __pfx_exfat_nls_to_ucs2+0x10/0x10
[ 136.612930][ T6004] ? __might_fault+0xe3/0x190
[ 136.612962][ T6004] ? srso_alias_return_thunk+0x5/0xfbef5
[ 136.613004][ T6004] ? rcu_is_watching+0x12/0xc0
[ 136.613038][ T6004] ? srso_alias_return_thunk+0x5/0xfbef5
[ 136.613081][ T6004] ? lock_release+0x201/0x2f0
[ 136.613129][ T6004] exfat_nls_to_utf16+0xa6/0xf0
[ 136.613165][ T6004] exfat_ioctl_set_volume_label+0x15d/0x230
[ 136.613206][ T6004] ? __pfx_exfat_ioctl_set_volume_label+0x10/0x10
[ 136.613247][ T6004] ? __sanitizer_cov_trace_switch+0x54/0x90
[ 136.613340][ T6004] ? srso_alias_return_thunk+0x5/0xfbef5
[ 136.613382][ T6004] ? rcu_is_watching+0x12/0xc0
[ 136.613415][ T6004] ? srso_alias_return_thunk+0x5/0xfbef5
[ 136.613458][ T6004] ? trace_irq_enable.constprop.0+0xd4/0x120
[ 136.613494][ T6004] ? srso_alias_return_thunk+0x5/0xfbef5
[ 136.613559][ T6004] ? srso_alias_return_thunk+0x5/0xfbef5
[ 136.613601][ T6004] ? __sanitizer_cov_trace_switch+0x54/0x90
[ 136.613664][ T6004] exfat_ioctl+0x929/0x1630
[ 136.613706][ T6004] ? __pfx_exfat_ioctl+0x10/0x10
[ 136.613751][ T6004] ? __pfx_do_sys_openat2+0x10/0x10
[ 136.613805][ T6004] ? srso_alias_return_thunk+0x5/0xfbef5
[ 136.613847][ T6004] ? srso_alias_return_thunk+0x5/0xfbef5
[ 136.613890][ T6004] ? hook_file_ioctl_common+0x145/0x410
[ 136.613942][ T6004] ? srso_alias_return_thunk+0x5/0xfbef5
[ 136.613985][ T6004] ? __pfx___x64_sys_futex+0x10/0x10
[ 136.614035][ T6004] ? __pfx_exfat_ioctl+0x10/0x10
[ 136.614074][ T6004] __x64_sys_ioctl+0x18e/0x210
[ 136.614133][ T6004] do_syscall_64+0xcd/0xfa0
[ 136.614190][ T6004] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 136.614225][ T6004] RIP: 0033:0x7fe4e2b8eec9
[ 136.614251][ T6004] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 136.614286][ T6004] RSP: 002b:00007ffe7bb2e508 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 136.614319][ T6004] RAX: ffffffffffffffda RBX: 00007fe4e2de5fa0 RCX: 00007fe4e2b8eec9
[ 136.614344][ T6004] RDX: 00002000000001c0 RSI: 0000000041009432 RDI: 0000000000000004
[ 136.614367][ T6004] RBP: 00007fe4e2c11f91 R08: 0000000000000000 R09: 0000000000000000
[ 136.614390][ T6004] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 136.614412][ T6004] R13: 00007fe4e2de5fa0 R14: 00007fe4e2de5fa0 R15: 0000000000000003
[ 136.614447][ T6004]
[ 136.614459][ T6004]
[ 136.916516][ T6004] The buggy address belongs to stack of task syz.0.30/6004
[ 136.923695][ T6004] and is located at offset 960 in frame:
[ 136.929396][ T6004] exfat_ioctl_set_volume_label+0x0/0x230
[ 136.935119][ T6004]
[ 136.937422][ T6004] This frame has 3 objects:
[ 136.941912][ T6004] [32, 36) 'lossy'
[ 136.941941][ T6004] [48, 568) 'uniname'
[ 136.945747][ T6004] [704, 960) 'label'
[ 136.949800][ T6004]
[ 136.956087][ T6004] The buggy address belongs to a vmalloc virtual mapping
[ 136.963098][ T6004] The buggy address belongs to the physical page:
[ 136.969491][ T6004] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff88807c8e8000 pfn:0x7c8e8
[ 136.979573][ T6004] memcg:ffff888025d68d82
[ 136.983806][ T6004] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[ 136.990955][ T6004] raw: 00fff00000000000 0000000000000000 dead000000000122 0000000000000000
[ 136.999535][ T6004] raw: ffff88807c8e8000 0000000000000000 00000001ffffffff ffff888025d68d82
[ 137.008102][ T6004] page dumped because: kasan: bad access detected
[ 137.014495][ T6004] page_owner tracks the page as allocated
[ 137.020190][ T6004] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2dc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_ZERO|__GFP_NOWARN), pid 5488, tgid 5488 (dhcpcd), ts 134332701608, free_ts 132946196828
[ 137.039129][ T6004] post_alloc_hook+0x1c0/0x230
[ 137.043928][ T6004] get_page_from_freelist+0x10a3/0x3a30
[ 137.049554][ T6004] __alloc_frozen_pages_noprof+0x25f/0x2470
[ 137.055446][ T6004] alloc_pages_mpol+0x1fb/0x550
[ 137.060313][ T6004] alloc_pages_noprof+0x131/0x390
[ 137.065343][ T6004] __vmalloc_node_range_noprof+0x6f8/0x1480
[ 137.071247][ T6004] __vmalloc_node_noprof+0xad/0xf0
[ 137.076368][ T6004] copy_process+0x2c77/0x76a0
[ 137.081039][ T6004] kernel_clone+0xfc/0x930
[ 137.085450][ T6004] __do_sys_clone+0xce/0x120
[ 137.090029][ T6004] do_syscall_64+0xcd/0xfa0
[ 137.094549][ T6004] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 137.100436][ T6004] page last free pid 5839 tgid 5839 stack trace:
[ 137.106748][ T6004] __free_frozen_pages+0x7df/0x1160
[ 137.111961][ T6004] qlist_free_all+0x4d/0x120
[ 137.116724][ T6004] kasan_quarantine_reduce+0x195/0x1e0
[ 137.122180][ T6004] __kasan_slab_alloc+0x69/0x90
[ 137.127031][ T6004] kmem_cache_alloc_lru_noprof+0x254/0x6e0
[ 137.132829][ T6004] shmem_alloc_inode+0x25/0x50
[ 137.137591][ T6004] alloc_inode+0x64/0x240
[ 137.141924][ T6004] new_inode+0x22/0x1c0
[ 137.146090][ T6004] shmem_get_inode+0x19a/0xfb0
[ 137.150880][ T6004] shmem_mknod+0x1a8/0x450
[ 137.155301][ T6004] lookup_open.isra.0+0x11d3/0x1580
[ 137.160490][ T6004] path_openat+0x893/0x2cb0
[ 137.165076][ T6004] do_filp_open+0x20b/0x470
[ 137.169573][ T6004] do_sys_openat2+0x11b/0x1d0
[ 137.174252][ T6004] __x64_sys_openat+0x174/0x210
[ 137.179115][ T6004] do_syscall_64+0xcd/0xfa0
[ 137.183626][ T6004]
[ 137.185934][ T6004] Memory state around the buggy address:
[ 137.191762][ T6004] ffffc9000391fb80: f2 f2 f2 f2 f2 f2 f2 f2 f2 00 00 00 00 00 00 00
[ 137.199817][ T6004] ffffc9000391fc00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 137.207889][ T6004] >ffffc9000391fc80: 00 00 00 00 00 00 00 00 00 f3 f3 f3 f3 f3 f3 f3
[ 137.216107][ T6004] ^
[ 137.222506][ T6004] ffffc9000391fd00: f3 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 137.230586][ T6004] ffffc9000391fd80: 00 00 00 00 f1 f1 f1 f1 f1 f1 00 00 00 f2 f2 f2
[ 137.238652][ T6004] ==================================================================
[ 137.283027][ T6006] loop0: detected capacity change from 0 to 256
[ 137.298805][ T6006] exfat: Deprecated parameter 'namecase'
[ 137.311027][ T6006] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x5441951d, utbl_chksum : 0xe619d30d)
[ 137.332559][ T6006] ==================================================================
[ 137.340624][ T6006] BUG: KASAN: stack-out-of-bounds in exfat_nls_to_ucs2+0x706/0x730
[ 137.348548][ T6006] Read of size 1 at addr ffffc9000398fcc8 by task syz.0.31/6006
[ 137.356224][ T6006]
[ 137.358556][ T6006] CPU: 1 UID: 0 PID: 6006 Comm: syz.0.31 Tainted: G B syzkaller #0 PREEMPT(full)
[ 137.358608][ T6006] Tainted: [B]=BAD_PAGE
[ 137.358621][ T6006] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[ 137.358648][ T6006] Call Trace:
[ 137.358660][ T6006]
[ 137.358672][ T6006] dump_stack_lvl+0x116/0x1f0
[ 137.358731][ T6006] print_report+0xcd/0x630
[ 137.358776][ T6006] ? srso_alias_return_thunk+0x5/0xfbef5
[ 137.358820][ T6006] ? __virt_addr_valid+0x81/0x610
[ 137.358860][ T6006] ? exfat_nls_to_ucs2+0x706/0x730
[ 137.358894][ T6006] kasan_report+0xe0/0x110
[ 137.358939][ T6006] ? exfat_nls_to_ucs2+0x706/0x730
[ 137.358978][ T6006] exfat_nls_to_ucs2+0x706/0x730