[ 101.596014][ T9] cfg80211: failed to load regulatory.db
Warning: Permanently added '10.128.1.6' (ED25519) to the list of known hosts.
2025/10/12 13:41:36 parsed 1 programs
[ 113.178294][ T5830] cgroup: Unknown subsys name 'net'
[ 113.298624][ T5830] cgroup: Unknown subsys name 'cpuset'
[ 113.309035][ T5830] cgroup: Unknown subsys name 'rlimit'
[ 115.084917][ T5830] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k
[ 117.804034][ T5843] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[ 118.641477][ T1109] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 118.651772][ T1109] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 118.688318][ T37] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 118.697289][ T37] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 122.602962][ T5906] chnl_net:caif_netlink_parms(): no params data found
[ 122.707716][ T5906] bridge0: port 1(bridge_slave_0) entered blocking state
[ 122.715492][ T5906] bridge0: port 1(bridge_slave_0) entered disabled state
[ 122.722865][ T5906] bridge_slave_0: entered allmulticast mode
[ 122.730772][ T5906] bridge_slave_0: entered promiscuous mode
[ 122.741814][ T5906] bridge0: port 2(bridge_slave_1) entered blocking state
[ 122.749158][ T5906] bridge0: port 2(bridge_slave_1) entered disabled state
[ 122.756412][ T5906] bridge_slave_1: entered allmulticast mode
[ 122.764414][ T5906] bridge_slave_1: entered promiscuous mode
[ 122.804638][ T5906] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 122.817820][ T5906] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 122.859864][ T5906] team0: Port device team_slave_0 added
[ 122.868308][ T5906] team0: Port device team_slave_1 added
[ 122.913443][ T5906] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 122.920418][ T5906] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 122.947330][ T5906] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 122.960935][ T5906] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 122.967994][ T5906] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 122.994673][ T5906] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 123.063184][ T5906] hsr_slave_0: entered promiscuous mode
[ 123.072195][ T5906] hsr_slave_1: entered promiscuous mode
[ 123.358834][ T5906] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 123.375871][ T5906] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 123.387463][ T5906] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 123.399335][ T5906] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 123.500125][ T5906] 8021q: adding VLAN 0 to HW filter on device bond0
[ 123.531423][ T5906] 8021q: adding VLAN 0 to HW filter on device team0
[ 123.548672][ T147] bridge0: port 1(bridge_slave_0) entered blocking state
[ 123.556034][ T147] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 123.573426][ T12] bridge0: port 2(bridge_slave_1) entered blocking state
[ 123.580650][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 123.850139][ T5906] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 123.901910][ T5906] veth0_vlan: entered promiscuous mode
[ 123.914403][ T5906] veth1_vlan: entered promiscuous mode
[ 123.950288][ T5906] veth0_macvtap: entered promiscuous mode
[ 123.962326][ T5906] veth1_macvtap: entered promiscuous mode
[ 123.984347][ T5906] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 124.005214][ T5906] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 124.022233][ T147] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 124.032398][ T147] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 124.049989][ T147] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 124.059210][ T147] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 124.217769][ T12] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 124.233760][ T5929] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 124.242034][ T5929] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 124.250325][ T5929] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 124.259315][ T5929] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 124.267703][ T5929] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 124.300898][ T12] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 124.355967][ T12] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 124.424156][ T12] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
2025/10/12 13:41:53 executed programs: 0
[ 124.970098][ T5929] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 124.979430][ T5929] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 124.987529][ T5929] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 124.996609][ T5929] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 125.005119][ T5929] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 125.238639][ T5938] chnl_net:caif_netlink_parms(): no params data found
[ 125.351519][ T5938] bridge0: port 1(bridge_slave_0) entered blocking state
[ 125.359248][ T5938] bridge0: port 1(bridge_slave_0) entered disabled state
[ 125.367101][ T5938] bridge_slave_0: entered allmulticast mode
[ 125.375002][ T5938] bridge_slave_0: entered promiscuous mode
[ 125.386173][ T5938] bridge0: port 2(bridge_slave_1) entered blocking state
[ 125.393308][ T5938] bridge0: port 2(bridge_slave_1) entered disabled state
[ 125.400452][ T5938] bridge_slave_1: entered allmulticast mode
[ 125.408347][ T5938] bridge_slave_1: entered promiscuous mode
[ 125.453851][ T5938] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 125.467567][ T5938] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 125.512701][ T5938] team0: Port device team_slave_0 added
[ 125.523801][ T5938] team0: Port device team_slave_1 added
[ 125.565130][ T5938] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 125.572088][ T5938] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 125.598452][ T5938] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 125.612515][ T5938] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 125.620748][ T5938] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 125.646689][ T5938] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 125.706748][ T5938] hsr_slave_0: entered promiscuous mode
[ 125.713940][ T5938] hsr_slave_1: entered promiscuous mode
[ 125.720319][ T5938] debugfs: 'hsr0' already exists in 'hsr'
[ 125.727221][ T5938] Cannot create hsr debugfs directory
[ 127.033363][ T5142] Bluetooth: hci0: command tx timeout
[ 127.120965][ T12] bridge_slave_1: left allmulticast mode
[ 127.128328][ T12] bridge_slave_1: left promiscuous mode
[ 127.135077][ T12] bridge0: port 2(bridge_slave_1) entered disabled state
[ 127.151052][ T12] bridge_slave_0: left allmulticast mode
[ 127.157713][ T12] bridge_slave_0: left promiscuous mode
[ 127.163617][ T12] bridge0: port 1(bridge_slave_0) entered disabled state
[ 127.429818][ T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 127.441360][ T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 127.452146][ T12] bond0 (unregistering): Released all slaves
[ 127.574776][ T12] hsr_slave_0: left promiscuous mode
[ 127.581216][ T12] hsr_slave_1: left promiscuous mode
[ 127.591586][ T12] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 127.602845][ T12] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 127.611286][ T12] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 127.619529][ T12] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 127.644474][ T12] veth1_macvtap: left promiscuous mode
[ 127.650178][ T12] veth0_macvtap: left promiscuous mode
[ 127.657829][ T12] veth1_vlan: left promiscuous mode
[ 127.663357][ T12] veth0_vlan: left promiscuous mode
[ 128.112186][ T12] team0 (unregistering): Port device team_slave_1 removed
[ 128.150064][ T12] team0 (unregistering): Port device team_slave_0 removed
[ 128.605629][ T5938] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 128.626392][ T5938] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 128.639926][ T5938] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 128.653852][ T5938] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 128.918392][ T5938] 8021q: adding VLAN 0 to HW filter on device bond0
[ 129.016876][ T5938] 8021q: adding VLAN 0 to HW filter on device team0
[ 129.032128][ T1109] bridge0: port 1(bridge_slave_0) entered blocking state
[ 129.039325][ T1109] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 129.058693][ T1109] bridge0: port 2(bridge_slave_1) entered blocking state
[ 129.065920][ T1109] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 129.114270][ T5142] Bluetooth: hci0: command tx timeout
[ 129.399971][ T5938] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 129.449600][ T5938] veth0_vlan: entered promiscuous mode
[ 129.464172][ T5938] veth1_vlan: entered promiscuous mode
[ 129.497832][ T5938] veth0_macvtap: entered promiscuous mode
[ 129.507769][ T5938] veth1_macvtap: entered promiscuous mode
[ 129.529254][ T5938] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 129.545479][ T5938] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 129.566713][ T147] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 129.575817][ T147] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 129.585789][ T147] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 129.595557][ T147] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 129.666186][ T147] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 129.675523][ T147] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 129.711152][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 129.719861][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 129.785545][ T5984] loop0: detected capacity change from 0 to 256
[ 129.794793][ T5984] exfat: Deprecated parameter 'namecase'
[ 129.814907][ T5984] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x5441951d, utbl_chksum : 0xe619d30d)
[ 129.831215][ T5984] ==================================================================
[ 129.839279][ T5984] BUG: KASAN: stack-out-of-bounds in exfat_nls_to_ucs2+0x706/0x730
[ 129.847179][ T5984] Read of size 1 at addr ffffc9000383fcc8 by task syz.0.17/5984
[ 129.854800][ T5984]
[ 129.857115][ T5984] CPU: 1 UID: 0 PID: 5984 Comm: syz.0.17 Not tainted syzkaller #0 PREEMPT(full)
[ 129.857161][ T5984] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[ 129.857184][ T5984] Call Trace:
[ 129.857196][ T5984]
[ 129.857210][ T5984] dump_stack_lvl+0x116/0x1f0
[ 129.857274][ T5984] print_report+0xcd/0x630
[ 129.857324][ T5984] ? srso_alias_return_thunk+0x5/0xfbef5
[ 129.857373][ T5984] ? __virt_addr_valid+0x81/0x610
[ 129.857418][ T5984] ? exfat_nls_to_ucs2+0x706/0x730
[ 129.857453][ T5984] kasan_report+0xe0/0x110
[ 129.857504][ T5984] ? exfat_nls_to_ucs2+0x706/0x730
[ 129.857548][ T5984] exfat_nls_to_ucs2+0x706/0x730
[ 129.857592][ T5984] ? __pfx_exfat_nls_to_ucs2+0x10/0x10
[ 129.857628][ T5984] ? srso_alias_return_thunk+0x5/0xfbef5
[ 129.857716][ T5984] ? find_held_lock+0x2b/0x80
[ 129.857782][ T5984] ? __might_fault+0xe3/0x190
[ 129.857818][ T5984] ? __might_fault+0xe3/0x190
[ 129.857852][ T5984] ? srso_alias_return_thunk+0x5/0xfbef5
[ 129.857907][ T5984] exfat_nls_to_utf16+0xa6/0xf0
[ 129.857948][ T5984] exfat_ioctl_set_volume_label+0x15d/0x230
[ 129.857993][ T5984] ? __pfx_exfat_ioctl_set_volume_label+0x10/0x10
[ 129.858039][ T5984] ? __lock_acquire+0xb8a/0x1c90
[ 129.858128][ T5984] ? srso_alias_return_thunk+0x5/0xfbef5
[ 129.858178][ T5984] ? kasan_quarantine_put+0x10a/0x240
[ 129.858219][ T5984] ? srso_alias_return_thunk+0x5/0xfbef5
[ 129.858266][ T5984] ? lockdep_hardirqs_on+0x7c/0x110
[ 129.858325][ T5984] ? srso_alias_return_thunk+0x5/0xfbef5
[ 129.858374][ T5984] ? srso_alias_return_thunk+0x5/0xfbef5
[ 129.858422][ T5984] ? find_held_lock+0x2b/0x80
[ 129.858507][ T5984] ? srso_alias_return_thunk+0x5/0xfbef5
[ 129.858554][ T5984] ? __sanitizer_cov_trace_switch+0x54/0x90
[ 129.858625][ T5984] exfat_ioctl+0x929/0x1630
[ 129.858672][ T5984] ? __pfx_exfat_ioctl+0x10/0x10
[ 129.858713][ T5984] ? __pfx_do_sys_openat2+0x10/0x10
[ 129.858775][ T5984] ? srso_alias_return_thunk+0x5/0xfbef5
[ 129.858822][ T5984] ? srso_alias_return_thunk+0x5/0xfbef5
[ 129.858869][ T5984] ? hook_file_ioctl_common+0x145/0x410
[ 129.858925][ T5984] ? srso_alias_return_thunk+0x5/0xfbef5
[ 129.858974][ T5984] ? __pfx___x64_sys_futex+0x10/0x10
[ 129.859029][ T5984] ? __pfx_exfat_ioctl+0x10/0x10
[ 129.859073][ T5984] __x64_sys_ioctl+0x18e/0x210
[ 129.859137][ T5984] do_syscall_64+0xcd/0xfa0
[ 129.859198][ T5984] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 129.859238][ T5984] RIP: 0033:0x7fbf7418eec9
[ 129.859266][ T5984] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 129.859305][ T5984] RSP: 002b:00007ffd30025cd8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 129.859341][ T5984] RAX: ffffffffffffffda RBX: 00007fbf743e5fa0 RCX: 00007fbf7418eec9
[ 129.859367][ T5984] RDX: 00002000000001c0 RSI: 0000000041009432 RDI: 0000000000000004
[ 129.859392][ T5984] RBP: 00007fbf74211f91 R08: 0000000000000000 R09: 0000000000000000
[ 129.859416][ T5984] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 129.859440][ T5984] R13: 00007fbf743e5fa0 R14: 00007fbf743e5fa0 R15: 0000000000000003
[ 129.859480][ T5984]
[ 129.859493][ T5984]
[ 130.165006][ T5984] The buggy address belongs to stack of task syz.0.17/5984
[ 130.172184][ T5984] and is located at offset 960 in frame:
[ 130.177887][ T5984] exfat_ioctl_set_volume_label+0x0/0x230
[ 130.183622][ T5984]
[ 130.185929][ T5984] This frame has 3 objects:
[ 130.190418][ T5984] [32, 36) 'lossy'
[ 130.190443][ T5984] [48, 568) 'uniname'
[ 130.194240][ T5984] [704, 960) 'label'
[ 130.198290][ T5984]
[ 130.204542][ T5984] The buggy address belongs to a vmalloc virtual mapping
[ 130.211562][ T5984] The buggy address belongs to the physical page:
[ 130.217954][ T5984] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff888078e7c000 pfn:0x78e7c
[ 130.228018][ T5984] memcg:ffff88803262e802
[ 130.232240][ T5984] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[ 130.239351][ T5984] raw: 00fff00000000000 0000000000000000 dead000000000122 0000000000000000
[ 130.247932][ T5984] raw: ffff888078e7c000 0000000000000000 00000001ffffffff ffff88803262e802
[ 130.256499][ T5984] page dumped because: kasan: bad access detected
[ 130.262902][ T5984] page_owner tracks the page as allocated
[ 130.268601][ T5984] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2dc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_ZERO|__GFP_NOWARN), pid 5950, tgid 5950 (dhcpcd-run-hook), ts 127646754846, free_ts 127600338916
[ 130.288227][ T5984] post_alloc_hook+0x1c0/0x230
[ 130.293010][ T5984] get_page_from_freelist+0x10a3/0x3a30
[ 130.298569][ T5984] __alloc_frozen_pages_noprof+0x25f/0x2470
[ 130.304458][ T5984] alloc_pages_mpol+0x1fb/0x550
[ 130.309315][ T5984] alloc_pages_noprof+0x131/0x390
[ 130.314349][ T5984] __vmalloc_node_range_noprof+0x6f8/0x1480
[ 130.320281][ T5984] __vmalloc_node_noprof+0xad/0xf0
[ 130.325396][ T5984] copy_process+0x2c77/0x76a0
[ 130.330065][ T5984] kernel_clone+0xfc/0x930
[ 130.334473][ T5984] __do_sys_clone+0xce/0x120
[ 130.339055][ T5984] do_syscall_64+0xcd/0xfa0
[ 130.343571][ T5984] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 130.349514][ T5984] page last free pid 12 tgid 12 stack trace:
[ 130.355478][ T5984] __free_frozen_pages+0x7df/0x1160
[ 130.360688][ T5984] rcu_core+0x79c/0x1530
[ 130.364947][ T5984] handle_softirqs+0x219/0x8e0
[ 130.369735][ T5984] __irq_exit_rcu+0x109/0x170
[ 130.374436][ T5984] irq_exit_rcu+0x9/0x30
[ 130.378683][ T5984] sysvec_call_function_single+0xa4/0xc0
[ 130.384332][ T5984] asm_sysvec_call_function_single+0x1a/0x20
[ 130.390317][ T5984]
[ 130.392633][ T5984] Memory state around the buggy address:
[ 130.398264][ T5984] ffffc9000383fb80: f2 f2 f2 f2 f2 f2 f2 f2 f2 00 00 00 00 00 00 00
[ 130.406313][ T5984] ffffc9000383fc00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 130.414364][ T5984] >ffffc9000383fc80: 00 00 00 00 00 00 00 00 00 f3 f3 f3 f3 f3 f3 f3
[ 130.422411][ T5984] ^
[ 130.428810][ T5984] ffffc9000383fd00: f3 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 130.436866][ T5984] ffffc9000383fd80: 00 00 00 00 f1 f1 f1 f1 f1 f1 00 00 00 f2 f2 f2
[ 130.444913][ T5984] ==================================================================
[ 130.473244][ T5984] Disabling lock debugging due to kernel taint
2025/10/12 13:41:58 executed programs: 3
[ 130.506880][ T5985] loop0: detected capacity change from 0 to 256
[ 130.522690][ T5985] exfat: Deprecated parameter 'namecase'
[ 130.538582][ T5985] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x5441951d, utbl_chksum : 0xe619d30d)
[ 130.552495][ T5985] ==================================================================
[ 130.560566][ T5985] BUG: KASAN: stack-out-of-bounds in exfat_nls_to_ucs2+0x706/0x730
[ 130.568496][ T5985] Read of size 1 at addr ffffc9000383fcc8 by task syz.0.18/5985
[ 130.576132][ T5985]
[ 130.578463][ T5985] CPU: 0 UID: 0 PID: 5985 Comm: syz.0.18 Tainted: G B syzkaller #0 PREEMPT(full)
[ 130.578515][ T5985] Tainted: [B]=BAD_PAGE
[ 130.578528][ T5985] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[ 130.578549][ T5985] Call Trace:
[ 130.578561][ T5985]
[ 130.578574][ T5985] dump_stack_lvl+0x116/0x1f0
[ 130.578635][ T5985] print_report+0xcd/0x630
[ 130.578681][ T5985] ? srso_alias_return_thunk+0x5/0xfbef5
[ 130.578726][ T5985] ? __virt_addr_valid+0x81/0x610
[ 130.578768][ T5985] ? exfat_nls_to_ucs2+0x706/0x730
[ 130.578802][ T5985] kasan_report+0xe0/0x110
[ 130.578849][ T5985] ? exfat_nls_to_ucs2+0x706/0x730
[ 130.578888][ T5985] exfat_nls_to_ucs2+0x706/0x730
[ 130.578927][ T5985] ? __pfx_exfat_nls_to_ucs2+0x10/0x10
[ 130.578994][ T5985] ? __might_fault+0xe3/0x190
[ 130.579030][ T5985] ? srso_alias_return_thunk+0x5/0xfbef5
[ 130.579075][ T5985] ? rcu_is_watching+0x12/0xc0
[ 130.579110][ T5985] ? srso_alias_return_thunk+0x5/0xfbef5
[ 130.579153][ T5985] ? lock_release+0x201/0x2f0
[ 130.579203][ T5985] exfat_nls_to_utf16+0xa6/0xf0
[ 130.579240][ T5985] exfat_ioctl_set_volume_label+0x15d/0x230
[ 130.579281][ T5985] ? __pfx_exfat_ioctl_set_volume_label+0x10/0x10
[ 130.579323][ T5985] ? __sanitizer_cov_trace_switch+0x54/0x90
[ 130.579420][ T5985] ? srso_alias_return_thunk+0x5/0xfbef5
[ 130.579464][ T5985] ? rcu_is_watching+0x12/0xc0
[ 130.579497][ T5985] ? srso_alias_return_thunk+0x5/0xfbef5
[ 130.579540][ T5985] ? trace_irq_enable.constprop.0+0xd4/0x120
[ 130.579579][ T5985] ? srso_alias_return_thunk+0x5/0xfbef5
[ 130.579645][ T5985] ? srso_alias_return_thunk+0x5/0xfbef5
[ 130.579688][ T5985] ? __sanitizer_cov_trace_switch+0x54/0x90
[ 130.579752][ T5985] exfat_ioctl+0x929/0x1630
[ 130.579795][ T5985] ? __pfx_exfat_ioctl+0x10/0x10
[ 130.579832][ T5985] ? __pfx_do_sys_openat2+0x10/0x10
[ 130.579890][ T5985] ? srso_alias_return_thunk+0x5/0xfbef5
[ 130.579934][ T5985] ? srso_alias_return_thunk+0x5/0xfbef5
[ 130.579977][ T5985] ? hook_file_ioctl_common+0x145/0x410
[ 130.580033][ T5985] ? srso_alias_return_thunk+0x5/0xfbef5
[ 130.580080][ T5985] ? __pfx___x64_sys_futex+0x10/0x10
[ 130.580132][ T5985] ? __pfx_exfat_ioctl+0x10/0x10
[ 130.580174][ T5985] __x64_sys_ioctl+0x18e/0x210
[ 130.580238][ T5985] do_syscall_64+0xcd/0xfa0
[ 130.580298][ T5985] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 130.580335][ T5985] RIP: 0033:0x7fbf7418eec9
[ 130.580362][ T5985] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 130.580398][ T5985] RSP: 002b:00007ffd30025cd8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 130.580432][ T5985] RAX: ffffffffffffffda RBX: 00007fbf743e5fa0 RCX: 00007fbf7418eec9
[ 130.580457][ T5985] RDX: 00002000000001c0 RSI: 0000000041009432 RDI: 0000000000000004
[ 130.580481][ T5985] RBP: 00007fbf74211f91 R08: 0000000000000000 R09: 0000000000000000
[ 130.580504][ T5985] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 130.580527][ T5985] R13: 00007fbf743e5fa0 R14: 00007fbf743e5fa0 R15: 0000000000000003
[ 130.580564][ T5985]
[ 130.580576][ T5985]
[ 130.882940][ T5985] The buggy address belongs to stack of task syz.0.18/5985
[ 130.890126][ T5985] and is located at offset 960 in frame:
[ 130.895828][ T5985] exfat_ioctl_set_volume_label+0x0/0x230
[ 130.901561][ T5985]
[ 130.903876][ T5985] This frame has 3 objects:
[ 130.908377][ T5985] [32, 36) 'lossy'
[ 130.908396][ T5985] [48, 568) 'uniname'
[ 130.912187][ T5985] [704, 960) 'label'
[ 130.916239][ T5985]
[ 130.922489][ T5985] The buggy address belongs to a vmalloc virtual mapping
[ 130.929511][ T5985] The buggy address belongs to the physical page:
[ 130.935903][ T5985] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff888078e7c000 pfn:0x78e7c
[ 130.945959][ T5985] memcg:ffff88803262e802
[ 130.950182][ T5985] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[ 130.957295][ T5985] raw: 00fff00000000000 0000000000000000 dead000000000122 0000000000000000
[ 130.965966][ T5985] raw: ffff888078e7c000 0000000000000000 00000001ffffffff ffff88803262e802
[ 130.974538][ T5985] page dumped because: kasan: bad access detected
[ 130.980937][ T5985] page_owner tracks the page as allocated
[ 130.986645][ T5985] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2dc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_ZERO|__GFP_NOWARN), pid 5950, tgid 5950 (dhcpcd-run-hook), ts 127646754846, free_ts 127600338916
[ 131.006282][ T5985] post_alloc_hook+0x1c0/0x230
[ 131.011075][ T5985] get_page_from_freelist+0x10a3/0x3a30
[ 131.016673][ T5985] __alloc_frozen_pages_noprof+0x25f/0x2470
[ 131.022576][ T5985] alloc_pages_mpol+0x1fb/0x550
[ 131.027467][ T5985] alloc_pages_noprof+0x131/0x390
[ 131.032499][ T5985] __vmalloc_node_range_noprof+0x6f8/0x1480
[ 131.038422][ T5985] __vmalloc_node_noprof+0xad/0xf0
[ 131.043551][ T5985] copy_process+0x2c77/0x76a0
[ 131.048228][ T5985] kernel_clone+0xfc/0x930
[ 131.052654][ T5985] __do_sys_clone+0xce/0x120
[ 131.057261][ T5985] do_syscall_64+0xcd/0xfa0
[ 131.061782][ T5985] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 131.067673][ T5985] page last free pid 12 tgid 12 stack trace:
[ 131.073655][ T5985] __free_frozen_pages+0x7df/0x1160
[ 131.078863][ T5985] rcu_core+0x79c/0x1530
[ 131.083126][ T5985] handle_softirqs+0x219/0x8e0
[ 131.087903][ T5985] __irq_exit_rcu+0x109/0x170
[ 131.092600][ T5985] irq_exit_rcu+0x9/0x30
[ 131.096846][ T5985] sysvec_call_function_single+0xa4/0xc0
[ 131.102493][ T5985] asm_sysvec_call_function_single+0x1a/0x20
[ 131.108489][ T5985]
[ 131.110799][ T5985] Memory state around the buggy address:
[ 131.116416][ T5985] ffffc9000383fb80: f2 f2 f2 f2 f2 f2 f2 f2 f2 00 00 00 00 00 00 00
[ 131.124473][ T5985] ffffc9000383fc00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 131.132524][ T5985] >ffffc9000383fc80: 00 00 00 00 00 00 00 00 00 f3 f3 f3 f3 f3 f3 f3
[ 131.140589][ T5985] ^
[ 131.146990][ T5985] ffffc9000383fd00: f3 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 131.155331][ T5985] ffffc9000383fd80: 00 00 00 00 f1 f1 f1 f1 f1 f1 00 00 00 f2 f2 f2
[ 131.163405][ T5985] ==================================================================
[ 131.194892][ T5142] Bluetooth: hci0: command tx timeout
[ 131.209229][ T5986] loop0: detected capacity change from 0 to 256
[ 131.223318][ T5986] exfat: Deprecated parameter 'namecase'
[ 131.236280][ T5986] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x5441951d, utbl_chksum : 0xe619d30d)
[ 131.255757][ T5986] ==================================================================
[ 131.263916][ T5986] BUG: KASAN: stack-out-of-bounds in exfat_nls_to_ucs2+0x706/0x730
[ 131.271830][ T5986] Read of size 1 at addr ffffc9000383fcc8 by task syz.0.19/5986
[ 131.279469][ T5986]
[ 131.281807][ T5986] CPU: 1 UID: 0 PID: 5986 Comm: syz.0.19 Tainted: G B syzkaller #0 PREEMPT(full)
[ 131.281863][ T5986] Tainted: [B]=BAD_PAGE
[ 131.281877][ T5986] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[ 131.281900][ T5986] Call Trace:
[ 131.281912][ T5986]
[ 131.281926][ T5986] dump_stack_lvl+0x116/0x1f0
[ 131.281991][ T5986] print_report+0xcd/0x630
[ 131.282045][ T5986] ? srso_alias_return_thunk+0x5/0xfbef5
[ 131.282094][ T5986] ? __virt_addr_valid+0x81/0x610
[ 131.282139][ T5986] ? exfat_nls_to_ucs2+0x706/0x730
[ 131.282176][ T5986] kasan_report+0xe0/0x110
[ 131.282225][ T5986] ? exfat_nls_to_ucs2+0x706/0x730
[ 131.282266][ T5986] exfat_nls_to_ucs2+0x706/0x730
[ 131.282309][ T5986] ? __pfx_exfat_nls_to_ucs2+0x10/0x10
[ 131.282379][ T5986] ? __might_fault+0xe3/0x190
[ 131.282414][ T5986] ? srso_alias_return_thunk+0x5/0xfbef5
[ 131.282460][ T5986] ? rcu_is_watching+0x12/0xc0
[ 131.282496][ T5986] ? srso_alias_return_thunk+0x5/0xfbef5
[ 131.282543][ T5986] ? lock_release+0x201/0x2f0
[ 131.282597][ T5986] exfat_nls_to_utf16+0xa6/0xf0
[ 131.282636][ T5986] exfat_ioctl_set_volume_label+0x15d/0x230
[ 131.282680][ T5986] ? __pfx_exfat_ioctl_set_volume_label+0x10/0x10
[ 131.282725][ T5986] ? __sanitizer_cov_trace_switch+0x54/0x90
[ 131.282829][ T5986] ? srso_alias_return_thunk+0x5/0xfbef5
[ 131.282876][ T5986] ? rcu_is_watching+0x12/0xc0
[ 131.282911][ T5986] ? srso_alias_return_thunk+0x5/0xfbef5
[ 131.282956][ T5986] ? trace_irq_enable.constprop.0+0xd4/0x120
[ 131.282996][ T5986] ? srso_alias_return_thunk+0x5/0xfbef5
[ 131.283071][ T5986] ? srso_alias_return_thunk+0x5/0xfbef5
[ 131.283117][ T5986] ? __sanitizer_cov_trace_switch+0x54/0x90
[ 131.283184][ T5986] exfat_ioctl+0x929/0x1630
[ 131.283229][ T5986] ? __pfx_exfat_ioctl+0x10/0x10
[ 131.283269][ T5986] ? __pfx_do_sys_openat2+0x10/0x10
[ 131.283328][ T5986] ? srso_alias_return_thunk+0x5/0xfbef5
[ 131.283375][ T5986] ? srso_alias_return_thunk+0x5/0xfbef5
[ 131.283422][ T5986] ? hook_file_ioctl_common+0x145/0x410
[ 131.283477][ T5986] ? srso_alias_return_thunk+0x5/0xfbef5
[ 131.283524][ T5986] ? __pfx___x64_sys_futex+0x10/0x10
[ 131.283579][ T5986] ? __pfx_exfat_ioctl+0x10/0x10
[ 131.283622][ T5986] __x64_sys_ioctl+0x18e/0x210
[ 131.283685][ T5986] do_syscall_64+0xcd/0xfa0
[ 131.283746][ T5986] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 131.283785][ T5986] RIP: 0033:0x7fbf7418eec9
[ 131.283813][ T5986] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 131.283851][ T5986] RSP: 002b:00007ffd30025cd8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 131.283887][ T5986] RAX: ffffffffffffffda RBX: 00007fbf743e5fa0 RCX: 00007fbf7418eec9
[ 131.283913][ T5986] RDX: 00002000000001c0 RSI: 0000000041009432 RDI: 0000000000000004
[ 131.283937][ T5986] RBP: 00007fbf74211f91 R08: 0000000000000000 R09: 0000000000000000
[ 131.283961][ T5986] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 131.283985][ T5986] R13: 00007fbf743e5fa0 R14: 00007fbf743e5fa0 R15: 0000000000000003
[ 131.284023][ T5986]
[ 131.284041][ T5986]
[ 131.588787][ T5986] The buggy address belongs to stack of task syz.0.19/5986
[ 131.595970][ T5986] and is located at offset 960 in frame:
[ 131.601674][ T5986] exfat_ioctl_set_volume_label+0x0/0x230
[ 131.607400][ T5986]
[ 131.609708][ T5986] This frame has 3 objects:
[ 131.614201][ T5986] [32, 36) 'lossy'
[ 131.614223][ T5986] [48, 568) 'uniname'
[ 131.618024][ T5986] [704, 960) 'label'
[ 131.622077][ T5986]
[ 131.628333][ T5986] The buggy address belongs to a vmalloc virtual mapping
[ 131.635349][ T5986] The buggy address belongs to the physical page:
[ 131.641749][ T5986] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff888078e7c000 pfn:0x78e7c
[ 131.651811][ T5986] memcg:ffff88803262e802
[ 131.656037][ T5986] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[ 131.663162][ T5986] raw: 00fff00000000000 0000000000000000 dead000000000122 0000000000000000
[ 131.671839][ T5986] raw: ffff888078e7c000 0000000000000000 00000001ffffffff ffff88803262e802
[ 131.680416][ T5986] page dumped because: kasan: bad access detected
[ 131.686819][ T5986] page_owner tracks the page as allocated
[ 131.692516][ T5986] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2dc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_ZERO|__GFP_NOWARN), pid 5950, tgid 5950 (dhcpcd-run-hook), ts 127646754846, free_ts 127600338916
[ 131.712177][ T5986] post_alloc_hook+0x1c0/0x230
[ 131.716970][ T5986] get_page_from_freelist+0x10a3/0x3a30
[ 131.722542][ T5986] __alloc_frozen_pages_noprof+0x25f/0x2470
[ 131.728459][ T5986] alloc_pages_mpol+0x1fb/0x550
[ 131.733316][ T5986] alloc_pages_noprof+0x131/0x390
[ 131.738345][ T5986] __vmalloc_node_range_noprof+0x6f8/0x1480
[ 131.744259][ T5986] __vmalloc_node_noprof+0xad/0xf0
[ 131.749377][ T5986] copy_process+0x2c77/0x76a0
[ 131.754134][ T5986] kernel_clone+0xfc/0x930
[ 131.758544][ T5986] __do_sys_clone+0xce/0x120
[ 131.763128][ T5986] do_syscall_64+0xcd/0xfa0
[ 131.767653][ T5986] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 131.773544][ T5986] page last free pid 12 tgid 12 stack trace:
[ 131.779510][ T5986] __free_frozen_pages+0x7df/0x1160
[ 131.787212][ T5986] rcu_core+0x79c/0x1530
[ 131.791649][ T5986] handle_softirqs+0x219/0x8e0
[ 131.796436][ T5986] __irq_exit_rcu+0x109/0x170
[ 131.801136][ T5986] irq_exit_rcu+0x9/0x30
[ 131.805379][ T5986] sysvec_call_function_single+0xa4/0xc0
[ 131.811030][ T5986] asm_sysvec_call_function_single+0x1a/0x20
[ 131.817025][ T5986]
[ 131.819338][ T5986] Memory state around the buggy address:
[ 131.824958][ T5986] ffffc9000383fb80: f2 f2 f2 f2 f2 f2 f2 f2 f2 00 00 00 00 00 00 00
[ 131.833018][ T5986] ffffc9000383fc00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 131.841088][ T5986] >ffffc9000383fc80: 00 00 00 00 00 00 00 00 00 f3 f3 f3 f3 f3 f3 f3
[ 131.849143][ T5986] ^
[ 131.855544][ T5986] ffffc9000383fd00: f3 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 131.863597][ T5986] ffffc9000383fd80: 00 00 00 00 f1 f1 f1 f1 f1 f1 00 00 00 f2 f2 f2
[ 131.871646][ T5986] ==================================================================
[ 131.918016][ T5987] loop0: detected capacity change from 0 to 256
[ 131.927305][ T5987] exfat: Deprecated parameter 'namecase'
[ 131.940807][ T5987] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x5441951d, utbl_chksum : 0xe619d30d)
[ 131.957482][ T5987] ==================================================================
[ 131.965564][ T5987] BUG: KASAN: stack-out-of-bounds in exfat_nls_to_ucs2+0x706/0x730
[ 131.973569][ T5987] Read of size 1 at addr ffffc90004037cc8 by task syz.0.20/5987
[ 131.981227][ T5987]
[ 131.983570][ T5987] CPU: 0 UID: 0 PID: 5987 Comm: syz.0.20 Tainted: G B syzkaller #0 PREEMPT(full)
[ 131.983621][ T5987] Tainted: [B]=BAD_PAGE
[ 131.983634][ T5987] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[ 131.983655][ T5987] Call Trace:
[ 131.983667][ T5987]
[ 131.983679][ T5987] dump_stack_lvl+0x116/0x1f0
[ 131.983738][ T5987] print_report+0xcd/0x630
[ 131.983789][ T5987] ? srso_alias_return_thunk+0x5/0xfbef5
[ 131.983832][ T5987] ? __virt_addr_valid+0x81/0x610
[ 131.983872][ T5987] ? exfat_nls_to_ucs2+0x706/0x730
[ 131.983905][ T5987] kasan_report+0xe0/0x110
[ 131.983951][ T5987] ? exfat_nls_to_ucs2+0x706/0x730
[ 131.983989][ T5987] exfat_nls_to_ucs2+0x706/0x730
[ 131.984027][ T5987] ? __pfx_exfat_nls_to_ucs2+0x10/0x10
[ 131.984092][ T5987] ? __might_fault+0xe3/0x190
[ 131.984124][ T5987] ? srso_alias_return_thunk+0x5/0xfbef5
[ 131.984167][ T5987] ? rcu_is_watching+0x12/0xc0
[ 131.984201][ T5987] ? srso_alias_return_thunk+0x5/0xfbef5
[ 131.984243][ T5987] ? lock_release+0x201/0x2f0
[ 131.984291][ T5987] exfat_nls_to_utf16+0xa6/0xf0
[ 131.984327][ T5987] exfat_ioctl_set_volume_label+0x15d/0x230
[ 131.984368][ T5987] ? __pfx_exfat_ioctl_set_volume_label+0x10/0x10
[ 131.984409][ T5987] ? __sanitizer_cov_trace_switch+0x54/0x90
[ 131.984503][ T5987] ? srso_alias_return_thunk+0x5/0xfbef5
[ 131.984546][ T5987] ? rcu_is_watching+0x12/0xc0
[ 131.984578][ T5987] ? srso_alias_return_thunk+0x5/0xfbef5
[ 131.984620][ T5987] ? trace_irq_enable.constprop.0+0xd4/0x120
[ 131.984658][ T5987] ? srso_alias_return_thunk+0x5/0xfbef5
[ 131.984722][ T5987] ? srso_alias_return_thunk+0x5/0xfbef5
[ 131.984765][ T5987] ? __sanitizer_cov_trace_switch+0x54/0x90
[ 131.984832][ T5987] exfat_ioctl+0x929/0x1630
[ 131.984873][ T5987] ? __pfx_exfat_ioctl+0x10/0x10
[ 131.984910][ T5987] ? __pfx_do_sys_openat2+0x10/0x10
[ 131.984967][ T5987] ? srso_alias_return_thunk+0x5/0xfbef5
[ 131.985010][ T5987] ? srso_alias_return_thunk+0x5/0xfbef5
[ 131.985053][ T5987] ? hook_file_ioctl_common+0x145/0x410
[ 131.985106][ T5987] ? srso_alias_return_thunk+0x5/0xfbef5
[ 131.985152][ T5987] ? __pfx___x64_sys_futex+0x10/0x10
[ 131.985213][ T5987] ? __pfx_exfat_ioctl+0x10/0x10
[ 131.985256][ T5987] __x64_sys_ioctl+0x18e/0x210
[ 131.985320][ T5987] do_syscall_64+0xcd/0xfa0
[ 131.985383][ T5987] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 131.985421][ T5987] RIP: 0033:0x7fbf7418eec9
[ 131.985449][ T5987] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 131.985486][ T5987] RSP: 002b:00007ffd30025cd8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 131.985520][ T5987] RAX: ffffffffffffffda RBX: 00007fbf743e5fa0 RCX: 00007fbf7418eec9
[ 131.985546][ T5987] RDX: 00002000000001c0 RSI: 0000000041009432 RDI: 0000000000000004
[ 131.985571][ T5987] RBP: 00007fbf74211f91 R08: 0000000000000000 R09: 0000000000000000
[ 131.985595][ T5987] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 131.985619][ T5987] R13: 00007fbf743e5fa0 R14: 00007fbf743e5fa0 R15: 0000000000000003
[ 131.985656][ T5987]
[ 131.985668][ T5987]
[ 132.288778][ T5987] The buggy address belongs to stack of task syz.0.20/5987
[ 132.295968][ T5987] and is located at offset 960 in frame:
[ 132.301676][ T5987] exfat_ioctl_set_volume_label+0x0/0x230
[ 132.307414][ T5987]
[ 132.309731][ T5987] This frame has 3 objects:
[ 132.314231][ T5987] [32, 36) 'lossy'
[ 132.314254][ T5987] [48, 568) 'uniname'
[ 132.318051][ T5987] [704, 960) 'label'
[ 132.322109][ T5987]
[ 132.328373][ T5987] The buggy address belongs to a 8-page vmalloc region starting at 0xffffc90004030000 allocated at kernel_clone+0xfc/0x930
[ 132.341169][ T5987] The buggy address belongs to the physical page:
[ 132.347571][ T5987] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x75357
[ 132.356325][ T5987] memcg:ffff88803262e802
[ 132.360550][ T5987] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[ 132.367668][ T5987] raw: 00fff00000000000 0000000000000000 dead000000000122 0000000000000000
[ 132.376251][ T5987] raw: 0000000000000000 0000000000000000 00000001ffffffff ffff88803262e802
[ 132.384822][ T5987] page dumped because: kasan: bad access detected
[ 132.391395][ T5987] page_owner tracks the page as allocated
[ 132.397091][ T5987] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2dc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_ZERO|__GFP_NOWARN), pid 2, tgid 2 (kthreadd), ts 123416163217, free_ts 122496064687
[ 132.415592][ T5987] post_alloc_hook+0x1c0/0x230
[ 132.420388][ T5987] get_page_from_freelist+0x10a3/0x3a30
[ 132.425967][ T5987] __alloc_frozen_pages_noprof+0x25f/0x2470
[ 132.431867][ T5987] alloc_pages_mpol+0x1fb/0x550
[ 132.436731][ T5987] alloc_pages_noprof+0x131/0x390
[ 132.441772][ T5987] __vmalloc_node_range_noprof+0x6f8/0x1480
[ 132.447709][ T5987] __vmalloc_node_noprof+0xad/0xf0
[ 132.452839][ T5987] copy_process+0x2c77/0x76a0
[ 132.457516][ T5987] kernel_clone+0xfc/0x930
[ 132.461928][ T5987] kernel_thread+0xd7/0x120
[ 132.466435][ T5987] kthreadd+0x503/0x800
[ 132.470612][ T5987] ret_from_fork+0x675/0x7d0
[ 132.475211][ T5987] ret_from_fork_asm+0x1a/0x30
[ 132.479979][ T5987] page last free pid 5901 tgid 5901 stack trace:
[ 132.486297][ T5987] __free_frozen_pages+0x7df/0x1160
[ 132.491523][ T5987] vfree+0x1fd/0xb50
[ 132.495427][ T5987] kcov_close+0x34/0x60
[ 132.499615][ T5987] __fput+0x402/0xb70
[ 132.503620][ T5987] task_work_run+0x150/0x240
[ 132.508245][ T5987] do_exit+0x86f/0x2bf0
[ 132.512411][ T5987] do_group_exit+0xd3/0x2a0
[ 132.516923][ T5987] get_signal+0x2671/0x26d0
[ 132.521421][ T5987] arch_do_signal_or_restart+0x8f/0x7c0
[ 132.526984][ T5987] exit_to_user_mode_loop+0x85/0x130
[ 132.532291][ T5987] do_syscall_64+0x426/0xfa0
[ 132.536896][ T5987] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 132.542798][ T5987]
[ 132.545113][ T5987] Memory state around the buggy address:
[ 132.550732][ T5987] ffffc90004037b80: f2 f2 f2 f2 f2 f2 f2 f2 f2 00 00 00 00 00 00 00
[ 132.558799][ T5987] ffffc90004037c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 132.566860][ T5987] >ffffc90004037c80: 00 00 00 00 00 00 00 00 00 f3 f3 f3 f3 f3 f3 f3
[ 132.574916][ T5987] ^
[ 132.581319][ T5987] ffffc90004037d00: f3 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 132.589374][ T5987] ffffc90004037d80: 00 00 00 00 f1 f1 f1 f1 f1 f1 00 00 00 f2 f2 f2
[ 132.597516][ T5987] ==================================================================
[ 132.639070][ T5988] loop0: detected capacity change from 0 to 256
[ 132.655973][ T5988] exfat: Deprecated parameter 'namecase'
[ 132.684377][ T5988] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x5441951d, utbl_chksum : 0xe619d30d)
[ 132.698417][ T5988] ==================================================================
[ 132.706486][ T5988] BUG: KASAN: stack-out-of-bounds in exfat_nls_to_ucs2+0x706/0x730
[ 132.714395][ T5988] Read of size 1 at addr ffffc90004037cc8 by task syz.0.21/5988
[ 132.722023][ T5988]
[ 132.724360][ T5988] CPU: 0 UID: 0 PID: 5988 Comm: syz.0.21 Tainted: G B syzkaller #0 PREEMPT(full)
[ 132.724435][ T5988] Tainted: [B]=BAD_PAGE
[ 132.724453][ T5988] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[ 132.724484][ T5988] Call Trace:
[ 132.724499][ T5988]
[ 132.724516][ T5988] dump_stack_lvl+0x116/0x1f0
[ 132.724597][ T5988] print_report+0xcd/0x630
[ 132.724661][ T5988] ? srso_alias_return_thunk+0x5/0xfbef5
[ 132.724724][ T5988] ? __virt_addr_valid+0x81/0x610
[ 132.724800][ T5988] ? exfat_nls_to_ucs2+0x706/0x730
[ 132.724846][ T5988] kasan_report+0xe0/0x110
[ 132.724913][ T5988] ? exfat_nls_to_ucs2+0x706/0x730
[ 132.724968][ T5988] exfat_nls_to_ucs2+0x706/0x730
[ 132.725024][ T5988] ? __pfx_exfat_nls_to_ucs2+0x10/0x10
[ 132.725120][ T5988] ? __might_fault+0xe3/0x190
[ 132.725165][ T5988] ? srso_alias_return_thunk+0x5/0xfbef5
[ 132.725218][ T5988] ? rcu_is_watching+0x12/0xc0
[ 132.725256][ T5988] ? srso_alias_return_thunk+0x5/0xfbef5
[ 132.725304][ T5988] ? lock_release+0x201/0x2f0
[ 132.725359][ T5988] exfat_nls_to_utf16+0xa6/0xf0
[ 132.725399][ T5988] exfat_ioctl_set_volume_label+0x15d/0x230
[ 132.725445][ T5988] ? __pfx_exfat_ioctl_set_volume_label+0x10/0x10
[ 132.725492][ T5988] ? __sanitizer_cov_trace_switch+0x54/0x90
[ 132.725598][ T5988] ? srso_alias_return_thunk+0x5/0xfbef5
[ 132.725647][ T5988] ? rcu_is_watching+0x12/0xc0
[ 132.725683][ T5988] ? srso_alias_return_thunk+0x5/0xfbef5
[ 132.725732][ T5988] ? trace_irq_enable.constprop.0+0xd4/0x120
[ 132.725778][ T5988] ? srso_alias_return_thunk+0x5/0xfbef5
[ 132.725853][ T5988] ? srso_alias_return_thunk+0x5/0xfbef5
[ 132.725902][ T5988] ? __sanitizer_cov_trace_switch+0x54/0x90
[ 132.725973][ T5988] exfat_ioctl+0x929/0x1630
[ 132.726021][ T5988] ? __pfx_exfat_ioctl+0x10/0x10
[ 132.726064][ T5988] ? __pfx_do_sys_openat2+0x10/0x10
[ 132.726124][ T5988] ? srso_alias_return_thunk+0x5/0xfbef5
[ 132.726173][ T5988] ? srso_alias_return_thunk+0x5/0xfbef5
[ 132.726222][ T5988] ? hook_file_ioctl_common+0x145/0x410
[ 132.726279][ T5988] ? srso_alias_return_thunk+0x5/0xfbef5
[ 132.726329][ T5988] ? __pfx___x64_sys_futex+0x10/0x10
[ 132.726385][ T5988] ? __pfx_exfat_ioctl+0x10/0x10
[ 132.726430][ T5988] __x64_sys_ioctl+0x18e/0x210
[ 132.726496][ T5988] do_syscall_64+0xcd/0xfa0
[ 132.726559][ T5988] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 132.726599][ T5988] RIP: 0033:0x7fbf7418eec9
[ 132.726628][ T5988] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 132.726667][ T5988] RSP: 002b:00007ffd30025cd8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 132.726703][ T5988] RAX: ffffffffffffffda RBX: 00007fbf743e5fa0 RCX: 00007fbf7418eec9
[ 132.726731][ T5988] RDX: 00002000000001c0 RSI: 0000000041009432 RDI: 0000000000000004
[ 132.726757][ T5988] RBP: 00007fbf74211f91 R08: 0000000000000000 R09: 0000000000000000
[ 132.726785][ T5988] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 132.726810][ T5988] R13: 00007fbf743e5fa0 R14: 00007fbf743e5fa0 R15: 0000000000000003
[ 132.726850][ T5988]
[ 132.726863][ T5988]
[ 133.029489][ T5988] The buggy address belongs to stack of task syz.0.21/5988
[ 133.036687][ T5988] and is located at offset 960 in frame:
[ 133.042390][ T5988] exfat_ioctl_set_volume_label+0x0/0x230
[ 133.048127][ T5988]
[ 133.050443][ T5988] This frame has 3 objects:
[ 133.054941][ T5988] [32, 36) 'lossy'
[ 133.054963][ T5988] [48, 568) 'uniname'
[ 133.058765][ T5988] [704, 960) 'label'
[ 133.062825][ T5988]
[ 133.069101][ T5988] The buggy address belongs to a 8-page vmalloc region starting at 0xffffc90004030000 allocated at kernel_clone+0xfc/0x930
[ 133.081899][ T5988] The buggy address belongs to the physical page:
[ 133.088305][ T5988] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x75357
[ 133.097071][ T5988] memcg:ffff88803262e802
[ 133.101306][ T5988] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[ 133.108435][ T5988] raw: 00fff00000000000 0000000000000000 dead000000000122 0000000000000000
[ 133.117037][ T5988] raw: 0000000000000000 0000000000000000 00000001ffffffff ffff88803262e802
[ 133.125878][ T5988] page dumped because: kasan: bad access detected
[ 133.132368][ T5988] page_owner tracks the page as allocated
[ 133.138073][ T5988] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2dc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_ZERO|__GFP_NOWARN), pid 2, tgid 2 (kthreadd), ts 123416163217, free_ts 122496064687
[ 133.156586][ T5988] post_alloc_hook+0x1c0/0x230
[ 133.161383][ T5988] get_page_from_freelist+0x10a3/0x3a30
[ 133.166956][ T5988] __alloc_frozen_pages_noprof+0x25f/0x2470
[ 133.172858][ T5988] alloc_pages_mpol+0x1fb/0x550
[ 133.177724][ T5988] alloc_pages_noprof+0x131/0x390
[ 133.182761][ T5988] __vmalloc_node_range_noprof+0x6f8/0x1480
[ 133.188681][ T5988] __vmalloc_node_noprof+0xad/0xf0
[ 133.193807][ T5988] copy_process+0x2c77/0x76a0
[ 133.198483][ T5988] kernel_clone+0xfc/0x930
[ 133.202903][ T5988] kernel_thread+0xd7/0x120
[ 133.207414][ T5988] kthreadd+0x503/0x800
[ 133.211587][ T5988] ret_from_fork+0x675/0x7d0
[ 133.216189][ T5988] ret_from_fork_asm+0x1a/0x30
[ 133.220958][ T5988] page last free pid 5901 tgid 5901 stack trace:
[ 133.227277][ T5988] __free_frozen_pages+0x7df/0x1160
[ 133.232500][ T5988] vfree+0x1fd/0xb50
[ 133.236416][ T5988] kcov_close+0x34/0x60
[ 133.240593][ T5988] __fput+0x402/0xb70
[ 133.244604][ T5988] task_work_run+0x150/0x240
[ 133.249217][ T5988] do_exit+0x86f/0x2bf0
[ 133.253376][ T5988] do_group_exit+0xd3/0x2a0
[ 133.257884][ T5988] get_signal+0x2671/0x26d0
[ 133.262383][ T5988] arch_do_signal_or_restart+0x8f/0x7c0
[ 133.267957][ T5988] exit_to_user_mode_loop+0x85/0x130
[ 133.273264][ T5988] do_syscall_64+0x426/0xfa0
[ 133.277875][ T5988] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 133.283776][ T5988]
[ 133.286090][ T5988] Memory state around the buggy address:
[ 133.291712][ T5988] ffffc90004037b80: f2 f2 f2 f2 f2 f2 f2 f2 f2 00 00 00 00 00 00 00
[ 133.299779][ T5988] ffffc90004037c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 133.307840][ T5988] >ffffc90004037c80: 00 00 00 00 00 00 00 00 00 f3 f3 f3 f3 f3 f3 f3
[ 133.315896][ T5988] ^
[ 133.322305][ T5988] ffffc90004037d00: f3 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 133.330364][ T5988] ffffc90004037d80: 00 00 00 00 f1 f1 f1 f1 f1 f1 00 00 00 f2 f2 f2
[ 133.338414][ T5988] ==================================================================
[ 133.348347][ T5142] Bluetooth: hci0: command tx timeout
[ 133.394030][ T5989] loop0: detected capacity change from 0 to 256
[ 133.401669][ T5989] exfat: Deprecated parameter 'namecase'
[ 133.414645][ T5989] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x5441951d, utbl_chksum : 0xe619d30d)
[ 133.429976][ T5989] ==================================================================
[ 133.438066][ T5989] BUG: KASAN: stack-out-of-bounds in exfat_nls_to_ucs2+0x706/0x730
[ 133.445979][ T5989] Read of size 1 at addr ffffc90004037cc8 by task syz.0.22/5989
[ 133.453631][ T5989]
[ 133.455967][ T5989] CPU: 0 UID: 0 PID: 5989 Comm: syz.0.22 Tainted: G B syzkaller #0 PREEMPT(full)
[ 133.456029][ T5989] Tainted: [B]=BAD_PAGE
[ 133.456042][ T5989] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[ 133.456065][ T5989] Call Trace:
[ 133.456077][ T5989]
[ 133.456090][ T5989] dump_stack_lvl+0x116/0x1f0
[ 133.456155][ T5989] print_report+0xcd/0x630
[ 133.456203][ T5989] ? srso_alias_return_thunk+0x5/0xfbef5
[ 133.456251][ T5989] ? __virt_addr_valid+0x81/0x610
[ 133.456295][ T5989] ? exfat_nls_to_ucs2+0x706/0x730
[ 133.456331][ T5989] kasan_report+0xe0/0x110
[ 133.456379][ T5989] ? exfat_nls_to_ucs2+0x706/0x730
[ 133.456419][ T5989] exfat_nls_to_ucs2+0x706/0x730
[ 133.456461][ T5989] ? __pfx_exfat_nls_to_ucs2+0x10/0x10
[ 133.456530][ T5989] ? __might_fault+0xe3/0x190
[ 133.456565][ T5989] ? srso_alias_return_thunk+0x5/0xfbef5
[ 133.456610][ T5989] ? rcu_is_watching+0x12/0xc0
[ 133.456645][ T5989] ? srso_alias_return_thunk+0x5/0xfbef5
[ 133.456688][ T5989] ? lock_release+0x201/0x2f0
[ 133.456739][ T5989] exfat_nls_to_utf16+0xa6/0xf0
[ 133.456776][ T5989] exfat_ioctl_set_volume_label+0x15d/0x230
[ 133.456820][ T5989] ? __pfx_exfat_ioctl_set_volume_label+0x10/0x10
[ 133.456863][ T5989] ? __sanitizer_cov_trace_switch+0x54/0x90
[ 133.456964][ T5989] ? srso_alias_return_thunk+0x5/0xfbef5
[ 133.457015][ T5989] ? rcu_is_watching+0x12/0xc0
[ 133.457050][ T5989] ? srso_alias_return_thunk+0x5/0xfbef5
[ 133.457095][ T5989] ? trace_irq_enable.constprop.0+0xd4/0x120
[ 133.457135][ T5989] ? srso_alias_return_thunk+0x5/0xfbef5
[ 133.457204][ T5989] ? srso_alias_return_thunk+0x5/0xfbef5
[ 133.457249][ T5989] ? __sanitizer_cov_trace_switch+0x54/0x90
[ 133.457316][ T5989] exfat_ioctl+0x929/0x1630
[ 133.457362][ T5989] ? __pfx_exfat_ioctl+0x10/0x10
[ 133.457402][ T5989] ? __pfx_do_sys_openat2+0x10/0x10
[ 133.457465][ T5989] ? srso_alias_return_thunk+0x5/0xfbef5
[ 133.457510][ T5989] ? srso_alias_return_thunk+0x5/0xfbef5
[ 133.457555][ T5989] ? hook_file_ioctl_common+0x145/0x410
[ 133.457611][ T5989] ? srso_alias_return_thunk+0x5/0xfbef5
[ 133.457657][ T5989] ? __pfx___x64_sys_futex+0x10/0x10
[ 133.457710][ T5989] ? __pfx_exfat_ioctl+0x10/0x10
[ 133.457753][ T5989] __x64_sys_ioctl+0x18e/0x210
[ 133.457819][ T5989] do_syscall_64+0xcd/0xfa0
[ 133.457884][ T5989] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 133.457922][ T5989] RIP: 0033:0x7fbf7418eec9
[ 133.457950][ T5989] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 133.457987][ T5989] RSP: 002b:00007ffd30025cd8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 133.458028][ T5989] RAX: ffffffffffffffda RBX: 00007fbf743e5fa0 RCX: 00007fbf7418eec9
[ 133.458054][ T5989] RDX: 00002000000001c0 RSI: 0000000041009432 RDI: 0000000000000004
[ 133.458079][ T5989] RBP: 00007fbf74211f91 R08: 0000000000000000 R09: 0000000000000000
[ 133.458103][ T5989] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 133.458126][ T5989] R13: 00007fbf743e5fa0 R14: 00007fbf743e5fa0 R15: 0000000000000003
[ 133.458163][ T5989]
[ 133.458176][ T5989]
[ 133.760164][ T5989] The buggy address belongs to stack of task syz.0.22/5989
[ 133.767345][ T5989] and is located at offset 960 in frame:
[ 133.773053][ T5989] exfat_ioctl_set_volume_label+0x0/0x230
[ 133.778820][ T5989]
[ 133.781129][ T5989] This frame has 3 objects:
[ 133.785794][ T5989] [32, 36) 'lossy'
[ 133.785816][ T5989] [48, 568) 'uniname'
[ 133.789610][ T5989] [704, 960) 'label'
[ 133.793660][ T5989]
[ 133.799915][ T5989] The buggy address belongs to a 8-page vmalloc region starting at 0xffffc90004030000 allocated at kernel_clone+0xfc/0x930
[ 133.812703][ T5989] The buggy address belongs to the physical page:
[ 133.819096][ T5989] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x75357
[ 133.827854][ T5989] memcg:ffff88803262e802
[ 133.832081][ T5989] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[ 133.839196][ T5989] raw: 00fff00000000000 0000000000000000 dead000000000122 0000000000000000
[ 133.847778][ T5989] raw: 0000000000000000 0000000000000000 00000001ffffffff ffff88803262e802
[ 133.856344][ T5989] page dumped because: kasan: bad access detected
[ 133.862743][ T5989] page_owner tracks the page as allocated
[ 133.868458][ T5989] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2dc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_ZERO|__GFP_NOWARN), pid 2, tgid 2 (kthreadd), ts 123416163217, free_ts 122496064687
[ 133.886962][ T5989] post_alloc_hook+0x1c0/0x230
[ 133.891748][ T5989] get_page_from_freelist+0x10a3/0x3a30
[ 133.897313][ T5989] __alloc_frozen_pages_noprof+0x25f/0x2470
[ 133.903204][ T5989] alloc_pages_mpol+0x1fb/0x550
[ 133.908063][ T5989] alloc_pages_noprof+0x131/0x390
[ 133.913096][ T5989] __vmalloc_node_range_noprof+0x6f8/0x1480
[ 133.919040][ T5989] __vmalloc_node_noprof+0xad/0xf0
[ 133.924168][ T5989] copy_process+0x2c77/0x76a0
[ 133.928852][ T5989] kernel_clone+0xfc/0x930
[ 133.933262][ T5989] kernel_thread+0xd7/0x120
[ 133.937761][ T5989] kthreadd+0x503/0x800
[ 133.941929][ T5989] ret_from_fork+0x675/0x7d0
[ 133.946536][ T5989] ret_from_fork_asm+0x1a/0x30
[ 133.951303][ T5989] page last free pid 5901 tgid 5901 stack trace:
[ 133.957623][ T5989] __free_frozen_pages+0x7df/0x1160
[ 133.962846][ T5989] vfree+0x1fd/0xb50
[ 133.966752][ T5989] kcov_close+0x34/0x60
[ 133.970932][ T5989] __fput+0x402/0xb70
[ 133.974926][ T5989] task_work_run+0x150/0x240
[ 133.979529][ T5989] do_exit+0x86f/0x2bf0
[ 133.983696][ T5989] do_group_exit+0xd3/0x2a0
[ 133.988302][ T5989] get_signal+0x2671/0x26d0
[ 133.992805][ T5989] arch_do_signal_or_restart+0x8f/0x7c0
[ 133.998373][ T5989] exit_to_user_mode_loop+0x85/0x130
[ 134.003672][ T5989] do_syscall_64+0x426/0xfa0
[ 134.008270][ T5989] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 134.014168][ T5989]
[ 134.016481][ T5989] Memory state around the buggy address:
[ 134.022097][ T5989] ffffc90004037b80: f2 f2 f2 f2 f2 f2 f2 f2 f2 00 00 00 00 00 00 00
[ 134.030153][ T5989] ffffc90004037c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 134.038207][ T5989] >ffffc90004037c80: 00 00 00 00 00 00 00 00 00 f3 f3 f3 f3 f3 f3 f3
[ 134.046259][ T5989] ^
[ 134.052661][ T5989] ffffc90004037d00: f3 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 134.060715][ T5989] ffffc90004037d80: 00 00 00 00 f1 f1 f1 f1 f1 f1 00 00 00 f2 f2 f2
[ 134.068772][ T5989] ==================================================================
[ 134.105613][ T5990] loop0: detected capacity change from 0 to 256
[ 134.114154][ T5990] exfat: Deprecated parameter 'namecase'
[ 134.126766][ T5990] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x5441951d, utbl_chksum : 0xe619d30d)
[ 134.141511][ T5990] ==================================================================
[ 134.149574][ T5990] BUG: KASAN: stack-out-of-bounds in exfat_nls_to_ucs2+0x706/0x730
[ 134.157584][ T5990] Read of size 1 at addr ffffc90004037cc8 by task syz.0.23/5990
[ 134.165227][ T5990]
[ 134.167565][ T5990] CPU: 1 UID: 0 PID: 5990 Comm: syz.0.23 Tainted: G B syzkaller #0 PREEMPT(full)
[ 134.167619][ T5990] Tainted: [B]=BAD_PAGE
[ 134.167632][ T5990] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[ 134.167655][ T5990] Call Trace:
[ 134.167667][ T5990]
[ 134.167681][ T5990] dump_stack_lvl+0x116/0x1f0
[ 134.167743][ T5990] print_report+0xcd/0x630
[ 134.167790][ T5990] ? srso_alias_return_thunk+0x5/0xfbef5
[ 134.167838][ T5990] ? __virt_addr_valid+0x81/0x610
[ 134.167882][ T5990] ? exfat_nls_to_ucs2+0x706/0x730
[ 134.167918][ T5990] kasan_report+0xe0/0x110
[ 134.167965][ T5990] ? exfat_nls_to_ucs2+0x706/0x730
[ 134.168006][ T5990] exfat_nls_to_ucs2+0x706/0x730
[ 134.168053][ T5990] ? __pfx_exfat_nls_to_ucs2+0x10/0x10
[ 134.168123][ T5990] ? __might_fault+0xe3/0x190
[ 134.168157][ T5990] ? srso_alias_return_thunk+0x5/0xfbef5
[ 134.168201][ T5990] ? rcu_is_watching+0x12/0xc0
[ 134.168236][ T5990] ? srso_alias_return_thunk+0x5/0xfbef5
[ 134.168281][ T5990] ? lock_release+0x201/0x2f0
[ 134.168332][ T5990] exfat_nls_to_utf16+0xa6/0xf0
[ 134.168369][ T5990] exfat_ioctl_set_volume_label+0x15d/0x230
[ 134.168413][ T5990] ? __pfx_exfat_ioctl_set_volume_label+0x10/0x10
[ 134.168455][ T5990] ? __sanitizer_cov_trace_switch+0x54/0x90
[ 134.168554][ T5990] ? srso_alias_return_thunk+0x5/0xfbef5
[ 134.168599][ T5990] ? rcu_is_watching+0x12/0xc0
[ 134.168633][ T5990] ? srso_alias_return_thunk+0x5/0xfbef5
[ 134.168678][ T5990] ? trace_irq_enable.constprop.0+0xd4/0x120
[ 134.168717][ T5990] ? srso_alias_return_thunk+0x5/0xfbef5
[ 134.168785][ T5990] ? srso_alias_return_thunk+0x5/0xfbef5
[ 134.168829][ T5990] ? __sanitizer_cov_trace_switch+0x54/0x90
[ 134.168893][ T5990] exfat_ioctl+0x929/0x1630
[ 134.168937][ T5990] ? __pfx_exfat_ioctl+0x10/0x10
[ 134.168976][ T5990] ? __pfx_do_sys_openat2+0x10/0x10
[ 134.169040][ T5990] ? srso_alias_return_thunk+0x5/0xfbef5
[ 134.169086][ T5990] ? srso_alias_return_thunk+0x5/0xfbef5
[ 134.169132][ T5990] ? hook_file_ioctl_common+0x145/0x410
[ 134.169190][ T5990] ? srso_alias_return_thunk+0x5/0xfbef5
[ 134.169240][ T5990] ? __pfx___x64_sys_futex+0x10/0x10
[ 134.169293][ T5990] ? __pfx_exfat_ioctl+0x10/0x10
[ 134.169338][ T5990] __x64_sys_ioctl+0x18e/0x210
[ 134.169403][ T5990] do_syscall_64+0xcd/0xfa0
[ 134.169467][ T5990] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 134.169506][ T5990] RIP: 0033:0x7fbf7418eec9
[ 134.169534][ T5990] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 134.169572][ T5990] RSP: 002b:00007ffd30025cd8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 134.169608][ T5990] RAX: ffffffffffffffda RBX: 00007fbf743e5fa0 RCX: 00007fbf7418eec9
[ 134.169634][ T5990] RDX: 00002000000001c0 RSI: 0000000041009432 RDI: 0000000000000004
[ 134.169659][ T5990] RBP: 00007fbf74211f91 R08: 0000000000000000 R09: 0000000000000000
[ 134.169684][ T5990] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 134.169708][ T5990] R13: 00007fbf743e5fa0 R14: 00007fbf743e5fa0 R15: 0000000000000003
[ 134.169746][ T5990]
[ 134.169758][ T5990]
[ 134.472087][ T5990] The buggy address belongs to stack of task syz.0.23/5990
[ 134.479269][ T5990] and is located at offset 960 in frame:
[ 134.484976][ T5990] exfat_ioctl_set_volume_label+0x0/0x230
[ 134.491054][ T5990]
[ 134.493361][ T5990] This frame has 3 objects:
[ 134.497847][ T5990] [32, 36) 'lossy'
[ 134.497869][ T5990] [48, 568) 'uniname'
[ 134.501672][ T5990] [704, 960) 'label'
[ 134.505744][ T5990]
[ 134.512003][ T5990] The buggy address belongs to a 8-page vmalloc region starting at 0xffffc90004030000 allocated at kernel_clone+0xfc/0x930
[ 134.524789][ T5990] The buggy address belongs to the physical page:
[ 134.531182][ T5990] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x75357
[ 134.540023][ T5990] memcg:ffff88803262e802
[ 134.544246][ T5990] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[ 134.551445][ T5990] raw: 00fff00000000000 0000000000000000 dead000000000122 0000000000000000
[ 134.560028][ T5990] raw: 0000000000000000 0000000000000000 00000001ffffffff ffff88803262e802
[ 134.568639][ T5990] page dumped because: kasan: bad access detected
[ 134.575060][ T5990] page_owner tracks the page as allocated
[ 134.580758][ T5990] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2dc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_ZERO|__GFP_NOWARN), pid 2, tgid 2 (kthreadd), ts 123416163217, free_ts 122496064687
[ 134.599262][ T5990] post_alloc_hook+0x1c0/0x230
[ 134.604051][ T5990] get_page_from_freelist+0x10a3/0x3a30
[ 134.609622][ T5990] __alloc_frozen_pages_noprof+0x25f/0x2470
[ 134.615517][ T5990] alloc_pages_mpol+0x1fb/0x550
[ 134.620377][ T5990] alloc_pages_noprof+0x131/0x390
[ 134.625411][ T5990] __vmalloc_node_range_noprof+0x6f8/0x1480
[ 134.631317][ T5990] __vmalloc_node_noprof+0xad/0xf0
[ 134.636437][ T5990] copy_process+0x2c77/0x76a0
[ 134.641116][ T5990] kernel_clone+0xfc/0x930
[ 134.645615][ T5990] kernel_thread+0xd7/0x120
[ 134.650123][ T5990] kthreadd+0x503/0x800
[ 134.654289][ T5990] ret_from_fork+0x675/0x7d0
[ 134.658888][ T5990] ret_from_fork_asm+0x1a/0x30
[ 134.663657][ T5990] page last free pid 5901 tgid 5901 stack trace:
[ 134.669968][ T5990] __free_frozen_pages+0x7df/0x1160
[ 134.675177][ T5990] vfree+0x1fd/0xb50
[ 134.679090][ T5990] kcov_close+0x34/0x60
[ 134.683273][ T5990] __fput+0x402/0xb70
[ 134.687270][ T5990] task_work_run+0x150/0x240
[ 134.691873][ T5990] do_exit+0x86f/0x2bf0
[ 134.696032][ T5990] do_group_exit+0xd3/0x2a0
[ 134.700543][ T5990] get_signal+0x2671/0x26d0
[ 134.705045][ T5990] arch_do_signal_or_restart+0x8f/0x7c0
[ 134.710640][ T5990] exit_to_user_mode_loop+0x85/0x130
[ 134.715962][ T5990] do_syscall_64+0x426/0xfa0
[ 134.720575][ T5990] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 134.726494][ T5990]
[ 134.728806][ T5990] Memory state around the buggy address:
[ 134.734425][ T5990] ffffc90004037b80: f2 f2 f2 f2 f2 f2 f2 f2 f2 00 00 00 00 00 00 00
[ 134.742480][ T5990] ffffc90004037c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 134.750534][ T5990] >ffffc90004037c80: 00 00 00 00 00 00 00 00 00 f3 f3 f3 f3 f3 f3 f3
[ 134.758582][ T5990] ^
[ 134.764985][ T5990] ffffc90004037d00: f3 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 134.773042][ T5990] ffffc90004037d80: 00 00 00 00 f1 f1 f1 f1 f1 f1 00 00 00 f2 f2 f2
[ 134.781093][ T5990] ==================================================================
[ 134.835645][ T5991] loop0: detected capacity change from 0 to 256
[ 134.843578][ T5991] exfat: Deprecated parameter 'namecase'
[ 134.858210][ T5991] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x5441951d, utbl_chksum : 0xe619d30d)
[ 134.872742][ T5991] ==================================================================
[ 134.880803][ T5991] BUG: KASAN: stack-out-of-bounds in exfat_nls_to_ucs2+0x706/0x730
[ 134.888712][ T5991] Read of size 1 at addr ffffc90004037cc8 by task syz.0.24/5991
[ 134.896351][ T5991]
[ 134.898689][ T5991] CPU: 1 UID: 0 PID: 5991 Comm: syz.0.24 Tainted: G B syzkaller #0 PREEMPT(full)
[ 134.898744][ T5991] Tainted: [B]=BAD_PAGE
[ 134.898758][ T5991] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[ 134.898780][ T5991] Call Trace:
[ 134.898792][ T5991]
[ 134.898805][ T5991] dump_stack_lvl+0x116/0x1f0
[ 134.898872][ T5991] print_report+0xcd/0x630
[ 134.898921][ T5991] ? srso_alias_return_thunk+0x5/0xfbef5
[ 134.898968][ T5991] ? __virt_addr_valid+0x81/0x610
[ 134.899016][ T5991] ? exfat_nls_to_ucs2+0x706/0x730
[ 134.899051][ T5991] kasan_report+0xe0/0x110
[ 134.899099][ T5991] ? exfat_nls_to_ucs2+0x706/0x730
[ 134.899141][ T5991] exfat_nls_to_ucs2+0x706/0x730
[ 134.899182][ T5991] ? __pfx_exfat_nls_to_ucs2+0x10/0x10
[ 134.899216][ T5991] ? srso_alias_return_thunk+0x5/0xfbef5
[ 134.899296][ T5991] ? __might_fault+0xe3/0x190
[ 134.899330][ T5991] ? srso_alias_return_thunk+0x5/0xfbef5
[ 134.899375][ T5991] ? rcu_is_watching+0x12/0xc0
[ 134.899411][ T5991] ? srso_alias_return_thunk+0x5/0xfbef5
[ 134.899456][ T5991] ? lock_release+0x201/0x2f0
[ 134.899506][ T5991] exfat_nls_to_utf16+0xa6/0xf0
[ 134.899543][ T5991] exfat_ioctl_set_volume_label+0x15d/0x230
[ 134.899586][ T5991] ? __pfx_exfat_ioctl_set_volume_label+0x10/0x10
[ 134.899630][ T5991] ? __sanitizer_cov_trace_switch+0x54/0x90
[ 134.899730][ T5991] ? srso_alias_return_thunk+0x5/0xfbef5
[ 134.899775][ T5991] ? rcu_is_watching+0x12/0xc0
[ 134.899809][ T5991] ? srso_alias_return_thunk+0x5/0xfbef5
[ 134.899854][ T5991] ? trace_irq_enable.constprop.0+0xd4/0x120
[ 134.899894][ T5991] ? srso_alias_return_thunk+0x5/0xfbef5
[ 134.899963][ T5991] ? srso_alias_return_thunk+0x5/0xfbef5
[ 134.900008][ T5991] ? __sanitizer_cov_trace_switch+0x54/0x90
[ 134.900080][ T5991] exfat_ioctl+0x929/0x1630
[ 134.900125][ T5991] ? __pfx_exfat_ioctl+0x10/0x10
[ 134.900166][ T5991] ? __pfx_do_sys_openat2+0x10/0x10
[ 134.900228][ T5991] ? srso_alias_return_thunk+0x5/0xfbef5
[ 134.900273][ T5991] ? srso_alias_return_thunk+0x5/0xfbef5
[ 134.900318][ T5991] ? hook_file_ioctl_common+0x145/0x410
[ 134.900374][ T5991] ? srso_alias_return_thunk+0x5/0xfbef5
[ 134.900421][ T5991] ? __pfx___x64_sys_futex+0x10/0x10
[ 134.900475][ T5991] ? __pfx_exfat_ioctl+0x10/0x10
[ 134.900517][ T5991] __x64_sys_ioctl+0x18e/0x210
[ 134.900582][ T5991] do_syscall_64+0xcd/0xfa0
[ 134.900667][ T5991] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 134.900706][ T5991] RIP: 0033:0x7fbf7418eec9
[ 134.900734][ T5991] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 134.900770][ T5991] RSP: 002b:00007ffd30025cd8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 134.900805][ T5991] RAX: ffffffffffffffda RBX: 00007fbf743e5fa0 RCX: 00007fbf7418eec9
[ 134.900831][ T5991] RDX: 00002000000001c0 RSI: 0000000041009432 RDI: 0000000000000004
[ 134.900855][ T5991] RBP: 00007fbf74211f91 R08: 0000000000000000 R09: 0000000000000000
[ 134.900879][ T5991] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 134.900903][ T5991] R13: 00007fbf743e5fa0 R14: 00007fbf743e5fa0 R15: 0000000000000003
[ 134.900940][ T5991]
[ 134.900953][ T5991]
[ 135.208699][ T5991] The buggy address belongs to stack of task syz.0.24/5991
[ 135.215885][ T5991] and is located at offset 960 in frame:
[ 135.221588][ T5991] exfat_ioctl_set_volume_label+0x0/0x230
[ 135.227328][ T5991]
[ 135.229642][ T5991] This frame has 3 objects:
[ 135.234132][ T5991] [32, 36) 'lossy'
[ 135.234155][ T5991] [48, 568) 'uniname'
[ 135.237969][ T5991] [704, 960) 'label'
[ 135.242030][ T5991]
[ 135.248303][ T5991] The buggy address belongs to a 8-page vmalloc region starting at 0xffffc90004030000 allocated at kernel_clone+0xfc/0x930
[ 135.261096][ T5991] The buggy address belongs to the physical page:
[ 135.267497][ T5991] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x75357
[ 135.276256][ T5991] memcg:ffff88803262e802
[ 135.280486][ T5991] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[ 135.287605][ T5991] raw: 00fff00000000000 0000000000000000 dead000000000122 0000000000000000
[ 135.296190][ T5991] raw: 0000000000000000 0000000000000000 00000001ffffffff ffff88803262e802
[ 135.304763][ T5991] page dumped because: kasan: bad access detected
[ 135.311170][ T5991] page_owner tracks the page as allocated
[ 135.316871][ T5991] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2dc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_ZERO|__GFP_NOWARN), pid 2, tgid 2 (kthreadd), ts 123416163217, free_ts 122496064687
[ 135.335816][ T5991] post_alloc_hook+0x1c0/0x230
[ 135.340614][ T5991] get_page_from_freelist+0x10a3/0x3a30
[ 135.346209][ T5991] __alloc_frozen_pages_noprof+0x25f/0x2470
[ 135.352130][ T5991] alloc_pages_mpol+0x1fb/0x550
[ 135.357010][ T5991] alloc_pages_noprof+0x131/0x390
[ 135.362056][ T5991] __vmalloc_node_range_noprof+0x6f8/0x1480
[ 135.367970][ T5991] __vmalloc_node_noprof+0xad/0xf0
[ 135.373105][ T5991] copy_process+0x2c77/0x76a0
[ 135.377794][ T5991] kernel_clone+0xfc/0x930
[ 135.382212][ T5991] kernel_thread+0xd7/0x120
[ 135.386718][ T5991] kthreadd+0x503/0x800
[ 135.390894][ T5991] ret_from_fork+0x675/0x7d0
[ 135.395498][ T5991] ret_from_fork_asm+0x1a/0x30
[ 135.400267][ T5991] page last free pid 5901 tgid 5901 stack trace:
[ 135.407019][ T5991] __free_frozen_pages+0x7df/0x1160
[ 135.412239][ T5991] vfree+0x1fd/0xb50
[ 135.416149][ T5991] kcov_close+0x34/0x60
[ 135.420334][ T5991] __fput+0x402/0xb70
[ 135.424335][ T5991] task_work_run+0x150/0x240
[ 135.428946][ T5991] do_exit+0x86f/0x2bf0
[ 135.433111][ T5991] do_group_exit+0xd3/0x2a0
[ 135.437627][ T5991] get_signal+0x2671/0x26d0
[ 135.442135][ T5991] arch_do_signal_or_restart+0x8f/0x7c0
[ 135.447704][ T5991] exit_to_user_mode_loop+0x85/0x130
[ 135.453018][ T5991] do_syscall_64+0x426/0xfa0
[ 135.457643][ T5991] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 135.463541][ T5991]
[ 135.465854][ T5991] Memory state around the buggy address:
[ 135.471471][ T5991] ffffc90004037b80: f2 f2 f2 f2 f2 f2 f2 f2 f2 00 00 00 00 00 00 00
[ 135.479527][ T5991] ffffc90004037c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 135.487587][ T5991] >ffffc90004037c80: 00 00 00 00 00 00 00 00 00 f3 f3 f3 f3 f3 f3 f3
[ 135.495639][ T5991] ^
[ 135.502041][ T5991] ffffc90004037d00: f3 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 135.510099][ T5991] ffffc90004037d80: 00 00 00 00 f1 f1 f1 f1 f1 f1 00 00 00 f2 f2 f2
[ 135.518158][ T5991] ==================================================================
2025/10/12 13:42:03 executed programs: 10
[ 135.579157][ T5992] loop0: detected capacity change from 0 to 256
[ 135.588196][ T5992] exfat: Deprecated parameter 'namecase'
[ 135.599605][ T5992] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x5441951d, utbl_chksum : 0xe619d30d)
[ 135.614456][ T5992] ==================================================================
[ 135.622535][ T5992] BUG: KASAN: stack-out-of-bounds in exfat_nls_to_ucs2+0x706/0x730
[ 135.630457][ T5992] Read of size 1 at addr ffffc9000383fcc8 by task syz.0.25/5992
[ 135.638096][ T5992]
[ 135.640425][ T5992] CPU: 1 UID: 0 PID: 5992 Comm: syz.0.25 Tainted: G B syzkaller #0 PREEMPT(full)
[ 135.640472][ T5992] Tainted: [B]=BAD_PAGE
[ 135.640484][ T5992] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[ 135.640504][ T5992] Call Trace:
[ 135.640516][ T5992]
[ 135.640528][ T5992] dump_stack_lvl+0x116/0x1f0
[ 135.640588][ T5992] print_report+0xcd/0x630
[ 135.640661][ T5992] ? srso_alias_return_thunk+0x5/0xfbef5
[ 135.640704][ T5992] ? __virt_addr_valid+0x81/0x610
[ 135.640743][ T5992] ? exfat_nls_to_ucs2+0x706/0x730
[ 135.640776][ T5992] kasan_report+0xe0/0x110
[ 135.640819][ T5992] ? exfat_nls_to_ucs2+0x706/0x730
[ 135.640855][ T5992] exfat_nls_to_ucs2+0x706/0x730
[ 135.640892][ T5992] ? __pfx_exfat_nls_to_ucs2+0x10/0x10
[ 135.640955][ T5992] ? __might_fault+0xe3/0x190
[ 135.640985][ T5992] ? srso_alias_return_thunk+0x5/0xfbef5
[ 135.641030][ T5992] ? rcu_is_watching+0x12/0xc0
[ 135.641062][ T5992] ? srso_alias_return_thunk+0x5/0xfbef5
[ 135.641102][ T5992] ? lock_release+0x201/0x2f0
[ 135.641149][ T5992] exfat_nls_to_utf16+0xa6/0xf0
[ 135.641182][ T5992] exfat_ioctl_set_volume_label+0x15d/0x230
[ 135.641221][ T5992] ? __pfx_exfat_ioctl_set_volume_label+0x10/0x10
[ 135.641260][ T5992] ? __sanitizer_cov_trace_switch+0x54/0x90
[ 135.641351][ T5992] ? srso_alias_return_thunk+0x5/0xfbef5
[ 135.641392][ T5992] ? rcu_is_watching+0x12/0xc0
[ 135.641422][ T5992] ? srso_alias_return_thunk+0x5/0xfbef5
[ 135.641462][ T5992] ? trace_irq_enable.constprop.0+0xd4/0x120
[ 135.641498][ T5992] ? srso_alias_return_thunk+0x5/0xfbef5
[ 135.641559][ T5992] ? srso_alias_return_thunk+0x5/0xfbef5
[ 135.641599][ T5992] ? __sanitizer_cov_trace_switch+0x54/0x90
[ 135.641657][ T5992] exfat_ioctl+0x929/0x1630
[ 135.641697][ T5992] ? __pfx_exfat_ioctl+0x10/0x10
[ 135.641732][ T5992] ? __pfx_do_sys_openat2+0x10/0x10
[ 135.641786][ T5992] ? srso_alias_return_thunk+0x5/0xfbef5
[ 135.641826][ T5992] ? srso_alias_return_thunk+0x5/0xfbef5
[ 135.641866][ T5992] ? hook_file_ioctl_common+0x145/0x410
[ 135.641916][ T5992] ? srso_alias_return_thunk+0x5/0xfbef5
[ 135.641958][ T5992] ? __pfx___x64_sys_futex+0x10/0x10
[ 135.642006][ T5992] ? __pfx_exfat_ioctl+0x10/0x10
[ 135.642046][ T5992] __x64_sys_ioctl+0x18e/0x210
[ 135.642105][ T5992] do_syscall_64+0xcd/0xfa0
[ 135.642163][ T5992] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 135.642200][ T5992] RIP: 0033:0x7fbf7418eec9
[ 135.642225][ T5992] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 135.642258][ T5992] RSP: 002b:00007ffd30025cd8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 135.642290][ T5992] RAX: ffffffffffffffda RBX: 00007fbf743e5fa0 RCX: 00007fbf7418eec9
[ 135.642313][ T5992] RDX: 00002000000001c0 RSI: 0000000041009432 RDI: 0000000000000004
[ 135.642334][ T5992] RBP: 00007fbf74211f91 R08: 0000000000000000 R09: 0000000000000000
[ 135.642355][ T5992] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 135.642394][ T5992] R13: 00007fbf743e5fa0 R14: 00007fbf743e5fa0 R15: 0000000000000003
[ 135.642429][ T5992]
[ 135.642441][ T5992]
[ 135.944752][ T5992] The buggy address belongs to stack of task syz.0.25/5992
[ 135.951940][ T5992] and is located at offset 960 in frame:
[ 135.957654][ T5992] exfat_ioctl_set_volume_label+0x0/0x230
[ 135.963395][ T5992]
[ 135.965708][ T5992] This frame has 3 objects:
[ 135.970198][ T5992] [32, 36) 'lossy'
[ 135.970220][ T5992] [48, 568) 'uniname'
[ 135.974019][ T5992] [704, 960) 'label'
[ 135.978080][ T5992]
[ 135.984338][ T5992] The buggy address belongs to a vmalloc virtual mapping
[ 135.991366][ T5992] The buggy address belongs to the physical page:
[ 135.997769][ T5992] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff888078e7c000 pfn:0x78e7c
[ 136.007839][ T5992] memcg:ffff88803262e802
[ 136.012067][ T5992] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[ 136.019184][ T5992] raw: 00fff00000000000 0000000000000000 dead000000000122 0000000000000000
[ 136.027776][ T5992] raw: ffff888078e7c000 0000000000000000 00000001ffffffff ffff88803262e802
[ 136.036355][ T5992] page dumped because: kasan: bad access detected
[ 136.042757][ T5992] page_owner tracks the page as allocated
[ 136.048461][ T5992] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2dc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_ZERO|__GFP_NOWARN), pid 5950, tgid 5950 (dhcpcd-run-hook), ts 127646754846, free_ts 127600338916
[ 136.068116][ T5992] post_alloc_hook+0x1c0/0x230
[ 136.072916][ T5992] get_page_from_freelist+0x10a3/0x3a30
[ 136.078489][ T5992] __alloc_frozen_pages_noprof+0x25f/0x2470
[ 136.084382][ T5992] alloc_pages_mpol+0x1fb/0x550
[ 136.089247][ T5992] alloc_pages_noprof+0x131/0x390
[ 136.094285][ T5992] __vmalloc_node_range_noprof+0x6f8/0x1480
[ 136.100205][ T5992] __vmalloc_node_noprof+0xad/0xf0
[ 136.105329][ T5992] copy_process+0x2c77/0x76a0
[ 136.110008][ T5992] kernel_clone+0xfc/0x930
[ 136.114424][ T5992] __do_sys_clone+0xce/0x120
[ 136.119018][ T5992] do_syscall_64+0xcd/0xfa0
[ 136.123551][ T5992] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 136.129461][ T5992] page last free pid 12 tgid 12 stack trace:
[ 136.135428][ T5992] __free_frozen_pages+0x7df/0x1160
[ 136.140664][ T5992] rcu_core+0x79c/0x1530
[ 136.144929][ T5992] handle_softirqs+0x219/0x8e0
[ 136.149718][ T5992] __irq_exit_rcu+0x109/0x170
[ 136.154420][ T5992] irq_exit_rcu+0x9/0x30
[ 136.158669][ T5992] sysvec_call_function_single+0xa4/0xc0
[ 136.164322][ T5992] asm_sysvec_call_function_single+0x1a/0x20
[ 136.170309][ T5992]
[ 136.172620][ T5992] Memory state around the buggy address:
[ 136.178249][ T5992] ffffc9000383fb80: f2 f2 f2 f2 f2 f2 f2 f2 f2 00 00 00 00 00 00 00
[ 136.186308][ T5992] ffffc9000383fc00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 136.194366][ T5992] >ffffc9000383fc80: 00 00 00 00 00 00 00 00 00 f3 f3 f3 f3 f3 f3 f3
[ 136.202417][ T5992] ^
[ 136.208824][ T5992] ffffc9000383fd00: f3 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 136.216887][ T5992] ffffc9000383fd80: 00 00 00 00 f1 f1 f1 f1 f1 f1 00 00 00 f2 f2 f2
[ 136.224946][ T5992] ==================================================================
[ 136.268903][ T5993] loop0: detected capacity change from 0 to 256
[ 136.278822][ T5993] exfat: Deprecated parameter 'namecase'
[ 136.293207][ T5993] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x5441951d, utbl_chksum : 0xe619d30d)
[ 136.307059][ T5993] ==================================================================
[ 136.315226][ T5993] BUG: KASAN: stack-out-of-bounds in exfat_nls_to_ucs2+0x706/0x730
[ 136.323142][ T5993] Read of size 1 at addr ffffc9000383fcc8 by task syz.0.26/5993
[ 136.330780][ T5993]
[ 136.333116][ T5993] CPU: 1 UID: 0 PID: 5993 Comm: syz.0.26 Tainted: G B syzkaller #0 PREEMPT(full)
[ 136.333173][ T5993] Tainted: [B]=BAD_PAGE
[ 136.333187][ T5993] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[ 136.333209][ T5993] Call Trace:
[ 136.333221][ T5993]
[ 136.333234][ T5993] dump_stack_lvl+0x116/0x1f0
[ 136.333297][ T5993] print_report+0xcd/0x630
[ 136.333346][ T5993] ? srso_alias_return_thunk+0x5/0xfbef5
[ 136.333392][ T5993] ? __virt_addr_valid+0x81/0x610
[ 136.333438][ T5993] ? exfat_nls_to_ucs2+0x706/0x730
[ 136.333473][ T5993] kasan_report+0xe0/0x110
[ 136.333522][ T5993] ? exfat_nls_to_ucs2+0x706/0x730
[ 136.333563][ T5993] exfat_nls_to_ucs2+0x706/0x730
[ 136.333604][ T5993] ? __pfx_exfat_nls_to_ucs2+0x10/0x10
[ 136.333684][ T5993] ? __might_fault+0xe3/0x190
[ 136.333718][ T5993] ? srso_alias_return_thunk+0x5/0xfbef5
[ 136.333770][ T5993] ? rcu_is_watching+0x12/0xc0
[ 136.333806][ T5993] ? srso_alias_return_thunk+0x5/0xfbef5
[ 136.333851][ T5993] ? lock_release+0x201/0x2f0
[ 136.333903][ T5993] exfat_nls_to_utf16+0xa6/0xf0
[ 136.333941][ T5993] exfat_ioctl_set_volume_label+0x15d/0x230
[ 136.333985][ T5993] ? __pfx_exfat_ioctl_set_volume_label+0x10/0x10
[ 136.334028][ T5993] ? __sanitizer_cov_trace_switch+0x54/0x90
[ 136.334125][ T5993] ? srso_alias_return_thunk+0x5/0xfbef5
[ 136.334171][ T5993] ? rcu_is_watching+0x12/0xc0
[ 136.334207][ T5993] ? srso_alias_return_thunk+0x5/0xfbef5
[ 136.334252][ T5993] ? trace_irq_enable.constprop.0+0xd4/0x120
[ 136.334291][ T5993] ? srso_alias_return_thunk+0x5/0xfbef5
[ 136.334359][ T5993] ? srso_alias_return_thunk+0x5/0xfbef5
[ 136.334403][ T5993] ? __sanitizer_cov_trace_switch+0x54/0x90
[ 136.334468][ T5993] exfat_ioctl+0x929/0x1630
[ 136.334513][ T5993] ? __pfx_exfat_ioctl+0x10/0x10
[ 136.334551][ T5993] ? __pfx_do_sys_openat2+0x10/0x10
[ 136.334609][ T5993] ? srso_alias_return_thunk+0x5/0xfbef5
[ 136.334664][ T5993] ? srso_alias_return_thunk+0x5/0xfbef5
[ 136.334709][ T5993] ? hook_file_ioctl_common+0x145/0x410
[ 136.334769][ T5993] ? srso_alias_return_thunk+0x5/0xfbef5
[ 136.334816][ T5993] ? __pfx___x64_sys_futex+0x10/0x10
[ 136.334869][ T5993] ? __pfx_exfat_ioctl+0x10/0x10
[ 136.334911][ T5993] __x64_sys_ioctl+0x18e/0x210
[ 136.334973][ T5993] do_syscall_64+0xcd/0xfa0
[ 136.335033][ T5993] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 136.335070][ T5993] RIP: 0033:0x7fbf7418eec9
[ 136.335098][ T5993] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 136.335135][ T5993] RSP: 002b:00007ffd30025cd8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 136.335171][ T5993] RAX: ffffffffffffffda RBX: 00007fbf743e5fa0 RCX: 00007fbf7418eec9
[ 136.335197][ T5993] RDX: 00002000000001c0 RSI: 0000000041009432 RDI: 0000000000000004
[ 136.335221][ T5993] RBP: 00007fbf74211f91 R08: 0000000000000000 R09: 0000000000000000
[ 136.335245][ T5993] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 136.335268][ T5993] R13: 00007fbf743e5fa0 R14: 00007fbf743e5fa0 R15: 0000000000000003
[ 136.335304][ T5993]
[ 136.335317][ T5993]
[ 136.637241][ T5993] The buggy address belongs to stack of task syz.0.26/5993
[ 136.644427][ T5993] and is located at offset 960 in frame:
[ 136.650127][ T5993] exfat_ioctl_set_volume_label+0x0/0x230
[ 136.655862][ T5993]
[ 136.658169][ T5993] This frame has 3 objects:
[ 136.662661][ T5993] [32, 36) 'lossy'
[ 136.662682][ T5993] [48, 568) 'uniname'
[ 136.666476][ T5993] [704, 960) 'label'
[ 136.670529][ T5993]
[ 136.676791][ T5993] The buggy address belongs to a vmalloc virtual mapping
[ 136.683895][ T5993] The buggy address belongs to the physical page:
[ 136.690287][ T5993] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff888078e7c000 pfn:0x78e7c
[ 136.700341][ T5993] memcg:ffff88803262e802
[ 136.704564][ T5993] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[ 136.711679][ T5993] raw: 00fff00000000000 0000000000000000 dead000000000122 0000000000000000
[ 136.720263][ T5993] raw: ffff888078e7c000 0000000000000000 00000001ffffffff ffff88803262e802
[ 136.728834][ T5993] page dumped because: kasan: bad access detected
[ 136.735235][ T5993] page_owner tracks the page as allocated
[ 136.740935][ T5993] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2dc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_ZERO|__GFP_NOWARN), pid 5950, tgid 5950 (dhcpcd-run-hook), ts 127646754846, free_ts 127600338916
[ 136.760563][ T5993] post_alloc_hook+0x1c0/0x230
[ 136.765365][ T5993] get_page_from_freelist+0x10a3/0x3a30
[ 136.770931][ T5993] __alloc_frozen_pages_noprof+0x25f/0x2470
[ 136.776829][ T5993] alloc_pages_mpol+0x1fb/0x550
[ 136.781697][ T5993] alloc_pages_noprof+0x131/0x390
[ 136.786729][ T5993] __vmalloc_node_range_noprof+0x6f8/0x1480
[ 136.792638][ T5993] __vmalloc_node_noprof+0xad/0xf0
[ 136.797785][ T5993] copy_process+0x2c77/0x76a0
[ 136.802467][ T5993] kernel_clone+0xfc/0x930
[ 136.806878][ T5993] __do_sys_clone+0xce/0x120
[ 136.811465][ T5993] do_syscall_64+0xcd/0xfa0
[ 136.815991][ T5993] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 136.821887][ T5993] page last free pid 12 tgid 12 stack trace:
[ 136.827852][ T5993] __free_frozen_pages+0x7df/0x1160
[ 136.833063][ T5993] rcu_core+0x79c/0x1530
[ 136.837585][ T5993] handle_softirqs+0x219/0x8e0
[ 136.842367][ T5993] __irq_exit_rcu+0x109/0x170
[ 136.847061][ T5993] irq_exit_rcu+0x9/0x30
[ 136.851383][ T5993] sysvec_call_function_single+0xa4/0xc0
[ 136.857021][ T5993] asm_sysvec_call_function_single+0x1a/0x20
[ 136.863005][ T5993]
[ 136.865315][ T5993] Memory state around the buggy address:
[ 136.870930][ T5993] ffffc9000383fb80: f2 f2 f2 f2 f2 f2 f2 f2 f2 00 00 00 00 00 00 00
[ 136.878987][ T5993] ffffc9000383fc00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 136.887042][ T5993] >ffffc9000383fc80: 00 00 00 00 00 00 00 00 00 f3 f3 f3 f3 f3 f3 f3
[ 136.895092][ T5993] ^
[ 136.901490][ T5993] ffffc9000383fd00: f3 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 136.909544][ T5993] ffffc9000383fd80: 00 00 00 00 f1 f1 f1 f1 f1 f1 00 00 00 f2 f2 f2
[ 136.917592][ T5993] ==================================================================
[ 136.956856][ T5994] loop0: detected capacity change from 0 to 256
[ 136.965187][ T5994] exfat: Deprecated parameter 'namecase'
[ 136.977989][ T5994] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x5441951d, utbl_chksum : 0xe619d30d)
[ 136.992272][ T5994] ==================================================================
[ 137.000337][ T5994] BUG: KASAN: stack-out-of-bounds in exfat_nls_to_ucs2+0x706/0x730
[ 137.008252][ T5994] Read of size 1 at addr ffffc90004037cc8 by task syz.0.27/5994
[ 137.015890][ T5994]
[ 137.018226][ T5994] CPU: 1 UID: 0 PID: 5994 Comm: syz.0.27 Tainted: G B syzkaller #0 PREEMPT(full)
[ 137.018279][ T5994] Tainted: [B]=BAD_PAGE
[ 137.018293][ T5994] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[ 137.018315][ T5994] Call Trace:
[ 137.018327][ T5994]
[ 137.018340][ T5994] dump_stack_lvl+0x116/0x1f0
[ 137.018404][ T5994] print_report+0xcd/0x630
[ 137.018452][ T5994] ? srso_alias_return_thunk+0x5/0xfbef5
[ 137.018499][ T5994] ? __virt_addr_valid+0x81/0x610
[ 137.018542][ T5994] ? exfat_nls_to_ucs2+0x706/0x730
[ 137.018577][ T5994] kasan_report+0xe0/0x110
[ 137.018624][ T5994] ? exfat_nls_to_ucs2+0x706/0x730
[ 137.018665][ T5994] exfat_nls_to_ucs2+0x706/0x730
[ 137.018707][ T5994] ? __pfx_exfat_nls_to_ucs2+0x10/0x10
[ 137.018782][ T5994] ? __might_fault+0xe3/0x190
[ 137.018818][ T5994] ? srso_alias_return_thunk+0x5/0xfbef5
[ 137.018863][ T5994] ? rcu_is_watching+0x12/0xc0
[ 137.018899][ T5994] ? srso_alias_return_thunk+0x5/0xfbef5
[ 137.018943][ T5994] ? lock_release+0x201/0x2f0
[ 137.018995][ T5994] exfat_nls_to_utf16+0xa6/0xf0
[ 137.019033][ T5994] exfat_ioctl_set_volume_label+0x15d/0x230
[ 137.019076][ T5994] ? __pfx_exfat_ioctl_set_volume_label+0x10/0x10
[ 137.019122][ T5994] ? __sanitizer_cov_trace_switch+0x54/0x90
[ 137.019230][ T5994] ? srso_alias_return_thunk+0x5/0xfbef5
[ 137.019279][ T5994] ? rcu_is_watching+0x12/0xc0
[ 137.019314][ T5994] ? srso_alias_return_thunk+0x5/0xfbef5
[ 137.019361][ T5994] ? trace_irq_enable.constprop.0+0xd4/0x120
[ 137.019403][ T5994] ? srso_alias_return_thunk+0x5/0xfbef5
[ 137.019474][ T5994] ? srso_alias_return_thunk+0x5/0xfbef5
[ 137.019521][ T5994] ? __sanitizer_cov_trace_switch+0x54/0x90
[ 137.019591][ T5994] exfat_ioctl+0x929/0x1630
[ 137.019637][ T5994] ? __pfx_exfat_ioctl+0x10/0x10
[ 137.019678][ T5994] ? __pfx_do_sys_openat2+0x10/0x10
[ 137.019739][ T5994] ? srso_alias_return_thunk+0x5/0xfbef5
[ 137.019791][ T5994] ? srso_alias_return_thunk+0x5/0xfbef5
[ 137.019838][ T5994] ? hook_file_ioctl_common+0x145/0x410
[ 137.019897][ T5994] ? srso_alias_return_thunk+0x5/0xfbef5
[ 137.019945][ T5994] ? __pfx___x64_sys_futex+0x10/0x10
[ 137.020000][ T5994] ? __pfx_exfat_ioctl+0x10/0x10
[ 137.020045][ T5994] __x64_sys_ioctl+0x18e/0x210
[ 137.020111][ T5994] do_syscall_64+0xcd/0xfa0
[ 137.020187][ T5994] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 137.020234][ T5994] RIP: 0033:0x7fbf7418eec9
[ 137.020267][ T5994] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 137.020311][ T5994] RSP: 002b:00007ffd30025cd8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 137.020352][ T5994] RAX: ffffffffffffffda RBX: 00007fbf743e5fa0 RCX: 00007fbf7418eec9
[ 137.020383][ T5994] RDX: 00002000000001c0 RSI: 0000000041009432 RDI: 0000000000000004
[ 137.020412][ T5994] RBP: 00007fbf74211f91 R08: 0000000000000000 R09: 0000000000000000
[ 137.020440][ T5994] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 137.020468][ T5994] R13: 00007fbf743e5fa0 R14: 00007fbf743e5fa0 R15: 0000000000000003
[ 137.020512][ T5994]
[ 137.020527][ T5994]
[ 137.323226][ T5994] The buggy address belongs to stack of task syz.0.27/5994
[ 137.330414][ T5994] and is located at offset 960 in frame:
[ 137.336124][ T5994] exfat_ioctl_set_volume_label+0x0/0x230
[ 137.341860][ T5994]
[ 137.344172][ T5994] This frame has 3 objects:
[ 137.348672][ T5994] [32, 36) 'lossy'
[ 137.348693][ T5994] [48, 568) 'uniname'
[ 137.352491][ T5994] [704, 960) 'label'
[ 137.356549][ T5994]
[ 137.362812][ T5994] The buggy address belongs to a 8-page vmalloc region starting at 0xffffc90004030000 allocated at kernel_clone+0xfc/0x930
[ 137.375604][ T5994] The buggy address belongs to the physical page:
[ 137.382024][ T5994] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x75357
[ 137.390779][ T5994] memcg:ffff88803262e802
[ 137.395008][ T5994] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[ 137.402124][ T5994] raw: 00fff00000000000 0000000000000000 dead000000000122 0000000000000000
[ 137.410712][ T5994] raw: 0000000000000000 0000000000000000 00000001ffffffff ffff88803262e802
[ 137.419291][ T5994] page dumped because: kasan: bad access detected
[ 137.425699][ T5994] page_owner tracks the page as allocated
[ 137.431398][ T5994] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2dc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_ZERO|__GFP_NOWARN), pid 2, tgid 2 (kthreadd), ts 123416163217, free_ts 122496064687
[ 137.449905][ T5994] post_alloc_hook+0x1c0/0x230
[ 137.454705][ T5994] get_page_from_freelist+0x10a3/0x3a30
[ 137.460282][ T5994] __alloc_frozen_pages_noprof+0x25f/0x2470
[ 137.466176][ T5994] alloc_pages_mpol+0x1fb/0x550
[ 137.471041][ T5994] alloc_pages_noprof+0x131/0x390
[ 137.476074][ T5994] __vmalloc_node_range_noprof+0x6f8/0x1480
[ 137.481987][ T5994] __vmalloc_node_noprof+0xad/0xf0
[ 137.487116][ T5994] copy_process+0x2c77/0x76a0
[ 137.491798][ T5994] kernel_clone+0xfc/0x930
[ 137.496215][ T5994] kernel_thread+0xd7/0x120
[ 137.500730][ T5994] kthreadd+0x503/0x800
[ 137.504902][ T5994] ret_from_fork+0x675/0x7d0
[ 137.509502][ T5994] ret_from_fork_asm+0x1a/0x30
[ 137.514270][ T5994] page last free pid 5901 tgid 5901 stack trace:
[ 137.520587][ T5994] __free_frozen_pages+0x7df/0x1160
[ 137.525838][ T5994] vfree+0x1fd/0xb50
[ 137.529749][ T5994] kcov_close+0x34/0x60
[ 137.533937][ T5994] __fput+0x402/0xb70
[ 137.537937][ T5994] task_work_run+0x150/0x240
[ 137.542547][ T5994] do_exit+0x86f/0x2bf0
[ 137.546712][ T5994] do_group_exit+0xd3/0x2a0
[ 137.551230][ T5994] get_signal+0x2671/0x26d0
[ 137.555731][ T5994] arch_do_signal_or_restart+0x8f/0x7c0
[ 137.561311][ T5994] exit_to_user_mode_loop+0x85/0x130
[ 137.566617][ T5994] do_syscall_64+0x426/0xfa0
[ 137.571238][ T5994] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 137.577137][ T5994]
[ 137.579451][ T5994] Memory state around the buggy address:
[ 137.585074][ T5994] ffffc90004037b80: f2 f2 f2 f2 f2 f2 f2 f2 f2 00 00 00 00 00 00 00
[ 137.593158][ T5994] ffffc90004037c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 137.601215][ T5994] >ffffc90004037c80: 00 00 00 00 00 00 00 00 00 f3 f3 f3 f3 f3 f3 f3
[ 137.609353][ T5994] ^
[ 137.615764][ T5994] ffffc90004037d00: f3 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 137.623829][ T5994] ffffc90004037d80: 00 00 00 00 f1 f1 f1 f1 f1 f1 00 00 00 f2 f2 f2
[ 137.631882][ T5994] ==================================================================
[ 137.670925][ T5995] loop0: detected capacity change from 0 to 256
[ 137.679064][ T5995] exfat: Deprecated parameter 'namecase'
[ 137.694720][ T5995] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x5441951d, utbl_chksum : 0xe619d30d)
[ 137.710187][ T5995] ==================================================================
[ 137.718260][ T5995] BUG: KASAN: stack-out-of-bounds in exfat_nls_to_ucs2+0x706/0x730
[ 137.726180][ T5995] Read of size 1 at addr ffffc9000383fcc8 by task syz.0.28/5995
[ 137.733818][ T5995]
[ 137.736155][ T5995] CPU: 0 UID: 0 PID: 5995 Comm: syz.0.28 Tainted: G B syzkaller #0 PREEMPT(full)
[ 137.736208][ T5995] Tainted: [B]=BAD_PAGE
[ 137.736220][ T5995] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[ 137.736246][ T5995] Call Trace:
[ 137.736257][ T5995]
[ 137.736272][ T5995] dump_stack_lvl+0x116/0x1f0
[ 137.736335][ T5995] print_report+0xcd/0x630
[ 137.736381][ T5995] ? srso_alias_return_thunk+0x5/0xfbef5
[ 137.736425][ T5995] ? __virt_addr_valid+0x81/0x610
[ 137.736468][ T5995] ? exfat_nls_to_ucs2+0x706/0x730
[ 137.736503][ T5995] kasan_report+0xe0/0x110
[ 137.736550][ T5995] ? exfat_nls_to_ucs2+0x706/0x730
[ 137.736590][ T5995] exfat_nls_to_ucs2+0x706/0x730
[ 137.736629][ T5995] ? __pfx_exfat_nls_to_ucs2+0x10/0x10
[ 137.736696][ T5995] ? __might_fault+0xe3/0x190
[ 137.736735][ T5995] ? srso_alias_return_thunk+0x5/0xfbef5
[ 137.736780][ T5995] ? rcu_is_watching+0x12/0xc0
[ 137.736816][ T5995] ? srso_alias_return_thunk+0x5/0xfbef5
[ 137.736860][ T5995] ? lock_release+0x201/0x2f0
[ 137.736914][ T5995] exfat_nls_to_utf16+0xa6/0xf0
[ 137.736952][ T5995] exfat_ioctl_set_volume_label+0x15d/0x230
[ 137.736994][ T5995] ? __pfx_exfat_ioctl_set_volume_label+0x10/0x10
[ 137.737041][ T5995] ? __sanitizer_cov_trace_switch+0x54/0x90
[ 137.737142][ T5995] ? srso_alias_return_thunk+0x5/0xfbef5
[ 137.737188][ T5995] ? rcu_is_watching+0x12/0xc0
[ 137.737222][ T5995] ? srso_alias_return_thunk+0x5/0xfbef5
[ 137.737265][ T5995] ? trace_irq_enable.constprop.0+0xd4/0x120
[ 137.737304][ T5995] ? srso_alias_return_thunk+0x5/0xfbef5
[ 137.737377][ T5995] ? srso_alias_return_thunk+0x5/0xfbef5
[ 137.737422][ T5995] ? __sanitizer_cov_trace_switch+0x54/0x90
[ 137.737487][ T5995] exfat_ioctl+0x929/0x1630
[ 137.737531][ T5995] ? __pfx_exfat_ioctl+0x10/0x10
[ 137.737573][ T5995] ? __pfx_do_sys_openat2+0x10/0x10
[ 137.737635][ T5995] ? srso_alias_return_thunk+0x5/0xfbef5
[ 137.737679][ T5995] ? srso_alias_return_thunk+0x5/0xfbef5
[ 137.737723][ T5995] ? hook_file_ioctl_common+0x145/0x410
[ 137.737779][ T5995] ? srso_alias_return_thunk+0x5/0xfbef5
[ 137.737828][ T5995] ? __pfx___x64_sys_futex+0x10/0x10
[ 137.737881][ T5995] ? __pfx_exfat_ioctl+0x10/0x10
[ 137.737923][ T5995] __x64_sys_ioctl+0x18e/0x210
[ 137.737987][ T5995] do_syscall_64+0xcd/0xfa0
[ 137.738056][ T5995] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 137.738094][ T5995] RIP: 0033:0x7fbf7418eec9
[ 137.738121][ T5995] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 137.738157][ T5995] RSP: 002b:00007ffd30025cd8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 137.738192][ T5995] RAX: ffffffffffffffda RBX: 00007fbf743e5fa0 RCX: 00007fbf7418eec9
[ 137.738221][ T5995] RDX: 00002000000001c0 RSI: 0000000041009432 RDI: 0000000000000004
[ 137.738245][ T5995] RBP: 00007fbf74211f91 R08: 0000000000000000 R09: 0000000000000000
[ 137.738271][ T5995] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 137.738294][ T5995] R13: 00007fbf743e5fa0 R14: 00007fbf743e5fa0 R15: 0000000000000003
[ 137.738330][ T5995]
[ 137.738342][ T5995]
[ 138.040574][ T5995] The buggy address belongs to stack of task syz.0.28/5995
[ 138.047763][ T5995] and is located at offset 960 in frame:
[ 138.053473][ T5995] exfat_ioctl_set_volume_label+0x0/0x230
[ 138.059202][ T5995]
[ 138.061518][ T5995] This frame has 3 objects:
[ 138.066008][ T5995] [32, 36) 'lossy'
[ 138.066030][ T5995] [48, 568) 'uniname'
[ 138.069824][ T5995] [704, 960) 'label'
[ 138.073879][ T5995]
[ 138.080180][ T5995] The buggy address belongs to a vmalloc virtual mapping
[ 138.087200][ T5995] The buggy address belongs to the physical page:
[ 138.093606][ T5995] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff888078e7c000 pfn:0x78e7c
[ 138.103672][ T5995] memcg:ffff88803262e802
[ 138.107899][ T5995] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[ 138.115012][ T5995] raw: 00fff00000000000 0000000000000000 dead000000000122 0000000000000000
[ 138.123595][ T5995] raw: ffff888078e7c000 0000000000000000 00000001ffffffff ffff88803262e802
[ 138.132174][ T5995] page dumped because: kasan: bad access detected
[ 138.138586][ T5995] page_owner tracks the page as allocated
[ 138.144282][ T5995] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2dc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_ZERO|__GFP_NOWARN), pid 5950, tgid 5950 (dhcpcd-run-hook), ts 127646754846, free_ts 127600338916
[ 138.163915][ T5995] post_alloc_hook+0x1c0/0x230
[ 138.168698][ T5995] get_page_from_freelist+0x10a3/0x3a30
[ 138.174348][ T5995] __alloc_frozen_pages_noprof+0x25f/0x2470
[ 138.180241][ T5995] alloc_pages_mpol+0x1fb/0x550
[ 138.185100][ T5995] alloc_pages_noprof+0x131/0x390
[ 138.190135][ T5995] __vmalloc_node_range_noprof+0x6f8/0x1480
[ 138.196043][ T5995] __vmalloc_node_noprof+0xad/0xf0
[ 138.201170][ T5995] copy_process+0x2c77/0x76a0
[ 138.205846][ T5995] kernel_clone+0xfc/0x930
[ 138.210259][ T5995] __do_sys_clone+0xce/0x120
[ 138.214847][ T5995] do_syscall_64+0xcd/0xfa0
[ 138.219373][ T5995] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 138.225271][ T5995] page last free pid 12 tgid 12 stack trace:
[ 138.231240][ T5995] __free_frozen_pages+0x7df/0x1160
[ 138.236462][ T5995] rcu_core+0x79c/0x1530
[ 138.240728][ T5995] handle_softirqs+0x219/0x8e0
[ 138.245517][ T5995] __irq_exit_rcu+0x109/0x170
[ 138.250217][ T5995] irq_exit_rcu+0x9/0x30
[ 138.254453][ T5995] sysvec_call_function_single+0xa4/0xc0
[ 138.260105][ T5995] asm_sysvec_call_function_single+0x1a/0x20
[ 138.266096][ T5995]
[ 138.268406][ T5995] Memory state around the buggy address:
[ 138.274075][ T5995] ffffc9000383fb80: f2 f2 f2 f2 f2 f2 f2 f2 f2 00 00 00 00 00 00 00
[ 138.282129][ T5995] ffffc9000383fc00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 138.290185][ T5995] >ffffc9000383fc80: 00 00 00 00 00 00 00 00 00 f3 f3 f3 f3 f3 f3 f3
[ 138.298234][ T5995] ^
[ 138.304635][ T5995] ffffc9000383fd00: f3 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 138.312708][ T5995] ffffc9000383fd80: 00 00 00 00 f1 f1 f1 f1 f1 f1 00 00 00 f2 f2 f2
[ 138.320777][ T5995] ==================================================================
[ 138.352783][ T5996] loop0: detected capacity change from 0 to 256
[ 138.360613][ T5996] exfat: Deprecated parameter 'namecase'
[ 138.378559][ T5996] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x5441951d, utbl_chksum : 0xe619d30d)
[ 138.394772][ T5996] ==================================================================
[ 138.402844][ T5996] BUG: KASAN: stack-out-of-bounds in exfat_nls_to_ucs2+0x706/0x730
[ 138.410767][ T5996] Read of size 1 at addr ffffc90004037cc8 by task syz.0.29/5996
[ 138.418403][ T5996]
[ 138.420741][ T5996] CPU: 0 UID: 0 PID: 5996 Comm: syz.0.29 Tainted: G B syzkaller #0 PREEMPT(full)
[ 138.420798][ T5996] Tainted: [B]=BAD_PAGE
[ 138.420811][ T5996] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[ 138.420833][ T5996] Call Trace:
[ 138.420844][ T5996]
[ 138.420857][ T5996] dump_stack_lvl+0x116/0x1f0
[ 138.420917][ T5996] print_report+0xcd/0x630
[ 138.420964][ T5996] ? srso_alias_return_thunk+0x5/0xfbef5
[ 138.421009][ T5996] ? __virt_addr_valid+0x81/0x610
[ 138.421051][ T5996] ? exfat_nls_to_ucs2+0x706/0x730
[ 138.421084][ T5996] kasan_report+0xe0/0x110
[ 138.421131][ T5996] ? exfat_nls_to_ucs2+0x706/0x730
[ 138.421171][ T5996] exfat_nls_to_ucs2+0x706/0x730
[ 138.421211][ T5996] ? __pfx_exfat_nls_to_ucs2+0x10/0x10
[ 138.421278][ T5996] ? __might_fault+0xe3/0x190
[ 138.421311][ T5996] ? srso_alias_return_thunk+0x5/0xfbef5
[ 138.421354][ T5996] ? rcu_is_watching+0x12/0xc0
[ 138.421388][ T5996] ? srso_alias_return_thunk+0x5/0xfbef5
[ 138.421431][ T5996] ? lock_release+0x201/0x2f0
[ 138.421480][ T5996] exfat_nls_to_utf16+0xa6/0xf0
[ 138.421516][ T5996] exfat_ioctl_set_volume_label+0x15d/0x230
[ 138.421558][ T5996] ? __pfx_exfat_ioctl_set_volume_label+0x10/0x10
[ 138.421599][ T5996] ? __sanitizer_cov_trace_switch+0x54/0x90
[ 138.421693][ T5996] ? srso_alias_return_thunk+0x5/0xfbef5
[ 138.421737][ T5996] ? rcu_is_watching+0x12/0xc0
[ 138.421777][ T5996] ? srso_alias_return_thunk+0x5/0xfbef5
[ 138.421820][ T5996] ? trace_irq_enable.constprop.0+0xd4/0x120
[ 138.421858][ T5996] ? srso_alias_return_thunk+0x5/0xfbef5
[ 138.421923][ T5996] ? srso_alias_return_thunk+0x5/0xfbef5
[ 138.421966][ T5996] ? __sanitizer_cov_trace_switch+0x54/0x90
[ 138.422029][ T5996] exfat_ioctl+0x929/0x1630
[ 138.422072][ T5996] ? __pfx_exfat_ioctl+0x10/0x10
[ 138.422110][ T5996] ? __pfx_do_sys_openat2+0x10/0x10
[ 138.422169][ T5996] ? srso_alias_return_thunk+0x5/0xfbef5
[ 138.422215][ T5996] ? srso_alias_return_thunk+0x5/0xfbef5
[ 138.422261][ T5996] ? hook_file_ioctl_common+0x145/0x410
[ 138.422316][ T5996] ? srso_alias_return_thunk+0x5/0xfbef5
[ 138.422364][ T5996] ? __pfx___x64_sys_futex+0x10/0x10
[ 138.422418][ T5996] ? __pfx_exfat_ioctl+0x10/0x10
[ 138.422460][ T5996] __x64_sys_ioctl+0x18e/0x210
[ 138.422523][ T5996] do_syscall_64+0xcd/0xfa0
[ 138.422581][ T5996] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 138.422618][ T5996] RIP: 0033:0x7fbf7418eec9
[ 138.422644][ T5996] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 138.422680][ T5996] RSP: 002b:00007ffd30025cd8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 138.422715][ T5996] RAX: ffffffffffffffda RBX: 00007fbf743e5fa0 RCX: 00007fbf7418eec9
[ 138.422741][ T5996] RDX: 00002000000001c0 RSI: 0000000041009432 RDI: 0000000000000004
[ 138.422771][ T5996] RBP: 00007fbf74211f91 R08: 0000000000000000 R09: 0000000000000000
[ 138.422795][ T5996] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 138.422818][ T5996] R13: 00007fbf743e5fa0 R14: 00007fbf743e5fa0 R15: 0000000000000003
[ 138.422855][ T5996]
[ 138.422867][ T5996]
[ 138.725082][ T5996] The buggy address belongs to stack of task syz.0.29/5996
[ 138.732267][ T5996] and is located at offset 960 in frame:
[ 138.737969][ T5996] exfat_ioctl_set_volume_label+0x0/0x230
[ 138.743707][ T5996]
[ 138.746018][ T5996] This frame has 3 objects:
[ 138.750510][ T5996] [32, 36) 'lossy'
[ 138.750531][ T5996] [48, 568) 'uniname'
[ 138.754327][ T5996] [704, 960) 'label'
[ 138.758385][ T5996]
[ 138.764660][ T5996] The buggy address belongs to a 8-page vmalloc region starting at 0xffffc90004030000 allocated at kernel_clone+0xfc/0x930
[ 138.777469][ T5996] The buggy address belongs to the physical page:
[ 138.783885][ T5996] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x75357
[ 138.792647][ T5996] memcg:ffff88803262e802
[ 138.796874][ T5996] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[ 138.803996][ T5996] raw: 00fff00000000000 0000000000000000 dead000000000122 0000000000000000
[ 138.812590][ T5996] raw: 0000000000000000 0000000000000000 00000001ffffffff ffff88803262e802
[ 138.821163][ T5996] page dumped because: kasan: bad access detected
[ 138.827566][ T5996] page_owner tracks the page as allocated
[ 138.833266][ T5996] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2dc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_ZERO|__GFP_NOWARN), pid 2, tgid 2 (kthreadd), ts 123416163217, free_ts 122496064687
[ 138.851772][ T5996] post_alloc_hook+0x1c0/0x230
[ 138.856571][ T5996] get_page_from_freelist+0x10a3/0x3a30
[ 138.862149][ T5996] __alloc_frozen_pages_noprof+0x25f/0x2470
[ 138.868049][ T5996] alloc_pages_mpol+0x1fb/0x550
[ 138.872918][ T5996] alloc_pages_noprof+0x131/0x390
[ 138.877957][ T5996] __vmalloc_node_range_noprof+0x6f8/0x1480
[ 138.887524][ T5996] __vmalloc_node_noprof+0xad/0xf0
[ 138.892657][ T5996] copy_process+0x2c77/0x76a0
[ 138.897339][ T5996] kernel_clone+0xfc/0x930
[ 138.901757][ T5996] kernel_thread+0xd7/0x120
[ 138.906264][ T5996] kthreadd+0x503/0x800
[ 138.910433][ T5996] ret_from_fork+0x675/0x7d0
[ 138.915033][ T5996] ret_from_fork_asm+0x1a/0x30
[ 138.919801][ T5996] page last free pid 5901 tgid 5901 stack trace:
[ 138.926117][ T5996] __free_frozen_pages+0x7df/0x1160
[ 138.931334][ T5996] vfree+0x1fd/0xb50
[ 138.935242][ T5996] kcov_close+0x34/0x60
[ 138.939421][ T5996] __fput+0x402/0xb70
[ 138.943418][ T5996] task_work_run+0x150/0x240
[ 138.948037][ T5996] do_exit+0x86f/0x2bf0
[ 138.952200][ T5996] do_group_exit+0xd3/0x2a0
[ 138.956707][ T5996] get_signal+0x2671/0x26d0
[ 138.961207][ T5996] arch_do_signal_or_restart+0x8f/0x7c0
[ 138.966779][ T5996] exit_to_user_mode_loop+0x85/0x130
[ 138.972089][ T5996] do_syscall_64+0x426/0xfa0
[ 138.976701][ T5996] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 138.982599][ T5996]
[ 138.984910][ T5996] Memory state around the buggy address:
[ 138.990529][ T5996] ffffc90004037b80: f2 f2 f2 f2 f2 f2 f2 f2 f2 00 00 00 00 00 00 00
[ 138.998591][ T5996] ffffc90004037c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 139.006649][ T5996] >ffffc90004037c80: 00 00 00 00 00 00 00 00 00 f3 f3 f3 f3 f3 f3 f3
[ 139.014706][ T5996] ^
[ 139.021114][ T5996] ffffc90004037d00: f3 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 139.029178][ T5996] ffffc90004037d80: 00 00 00 00 f1 f1 f1 f1 f1 f1 00 00 00 f2 f2 f2
[ 139.037230][ T5996] ==================================================================
[ 139.075441][ T5997] loop0: detected capacity change from 0 to 256
[ 139.084894][ T5997] exfat: Deprecated parameter 'namecase'
[ 139.100095][ T5997] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x5441951d, utbl_chksum : 0xe619d30d)
[ 139.115373][ T5997] ==================================================================
[ 139.123450][ T5997] BUG: KASAN: stack-out-of-bounds in exfat_nls_to_ucs2+0x706/0x730
[ 139.131634][ T5997] Read of size 1 at addr ffffc9000383fcc8 by task syz.0.30/5997
[ 139.139274][ T5997]
[ 139.141612][ T5997] CPU: 0 UID: 0 PID: 5997 Comm: syz.0.30 Tainted: G B syzkaller #0 PREEMPT(full)
[ 139.141668][ T5997] Tainted: [B]=BAD_PAGE
[ 139.141682][ T5997] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[ 139.141706][ T5997] Call Trace:
[ 139.141718][ T5997]
[ 139.141731][ T5997] dump_stack_lvl+0x116/0x1f0
[ 139.141796][ T5997] print_report+0xcd/0x630
[ 139.141845][ T5997] ? srso_alias_return_thunk+0x5/0xfbef5
[ 139.141892][ T5997] ? __virt_addr_valid+0x81/0x610
[ 139.141937][ T5997] ? exfat_nls_to_ucs2+0x706/0x730
[ 139.141973][ T5997] kasan_report+0xe0/0x110
[ 139.142033][ T5997] ? exfat_nls_to_ucs2+0x706/0x730
[ 139.142073][ T5997] exfat_nls_to_ucs2+0x706/0x730
[ 139.142114][ T5997] ? __pfx_exfat_nls_to_ucs2+0x10/0x10
[ 139.142183][ T5997] ? __might_fault+0xe3/0x190
[ 139.142218][ T5997] ? srso_alias_return_thunk+0x5/0xfbef5
[ 139.142265][ T5997] ? rcu_is_watching+0x12/0xc0
[ 139.142301][ T5997] ? srso_alias_return_thunk+0x5/0xfbef5
[ 139.142347][ T5997] ? lock_release+0x201/0x2f0
[ 139.142399][ T5997] exfat_nls_to_utf16+0xa6/0xf0
[ 139.142437][ T5997] exfat_ioctl_set_volume_label+0x15d/0x230
[ 139.142480][ T5997] ? __pfx_exfat_ioctl_set_volume_label+0x10/0x10
[ 139.142524][ T5997] ? __sanitizer_cov_trace_switch+0x54/0x90
[ 139.142627][ T5997] ? srso_alias_return_thunk+0x5/0xfbef5
[ 139.142673][ T5997] ? rcu_is_watching+0x12/0xc0
[ 139.142708][ T5997] ? srso_alias_return_thunk+0x5/0xfbef5
[ 139.142753][ T5997] ? trace_irq_enable.constprop.0+0xd4/0x120
[ 139.142792][ T5997] ? srso_alias_return_thunk+0x5/0xfbef5
[ 139.142860][ T5997] ? srso_alias_return_thunk+0x5/0xfbef5
[ 139.142905][ T5997] ? __sanitizer_cov_trace_switch+0x54/0x90
[ 139.142972][ T5997] exfat_ioctl+0x929/0x1630
[ 139.143021][ T5997] ? __pfx_exfat_ioctl+0x10/0x10
[ 139.143061][ T5997] ? __pfx_do_sys_openat2+0x10/0x10
[ 139.143120][ T5997] ? srso_alias_return_thunk+0x5/0xfbef5
[ 139.143165][ T5997] ? srso_alias_return_thunk+0x5/0xfbef5
[ 139.143210][ T5997] ? hook_file_ioctl_common+0x145/0x410
[ 139.143265][ T5997] ? srso_alias_return_thunk+0x5/0xfbef5
[ 139.143311][ T5997] ? __pfx___x64_sys_futex+0x10/0x10
[ 139.143366][ T5997] ? __pfx_exfat_ioctl+0x10/0x10
[ 139.143408][ T5997] __x64_sys_ioctl+0x18e/0x210
[ 139.143470][ T5997] do_syscall_64+0xcd/0xfa0
[ 139.143531][ T5997] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 139.143569][ T5997] RIP: 0033:0x7fbf7418eec9
[ 139.143597][ T5997] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 139.143634][ T5997] RSP: 002b:00007ffd30025cd8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 139.143669][ T5997] RAX: ffffffffffffffda RBX: 00007fbf743e5fa0 RCX: 00007fbf7418eec9
[ 139.143695][ T5997] RDX: 00002000000001c0 RSI: 0000000041009432 RDI: 0000000000000004
[ 139.143719][ T5997] RBP: 00007fbf74211f91 R08: 0000000000000000 R09: 0000000000000000
[ 139.143743][ T5997] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 139.143765][ T5997] R13: 00007fbf743e5fa0 R14: 00007fbf743e5fa0 R15: 0000000000000003
[ 139.143797][ T5997]
[ 139.143809][ T5997]
[ 139.445856][ T5997] The buggy address belongs to stack of task syz.0.30/5997
[ 139.453044][ T5997] and is located at offset 960 in frame:
[ 139.458748][ T5997] exfat_ioctl_set_volume_label+0x0/0x230
[ 139.464487][ T5997]
[ 139.466797][ T5997] This frame has 3 objects:
[ 139.471284][ T5997] [32, 36) 'lossy'
[ 139.471305][ T5997] [48, 568) 'uniname'
[ 139.475102][ T5997] [704, 960) 'label'
[ 139.479159][ T5997]
[ 139.485422][ T5997] The buggy address belongs to a vmalloc virtual mapping
[ 139.492444][ T5997] The buggy address belongs to the physical page:
[ 139.498841][ T5997] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff888078e7c000 pfn:0x78e7c
[ 139.508904][ T5997] memcg:ffff88803262e802
[ 139.513133][ T5997] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[ 139.520254][ T5997] raw: 00fff00000000000 0000000000000000 dead000000000122 0000000000000000
[ 139.528839][ T5997] raw: ffff888078e7c000 0000000000000000 00000001ffffffff ffff88803262e802
[ 139.537412][ T5997] page dumped because: kasan: bad access detected
[ 139.543812][ T5997] page_owner tracks the page as allocated
[ 139.549511][ T5997] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2dc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_ZERO|__GFP_NOWARN), pid 5950, tgid 5950 (dhcpcd-run-hook), ts 127646754846, free_ts 127600338916
[ 139.569150][ T5997] post_alloc_hook+0x1c0/0x230
[ 139.573961][ T5997] get_page_from_freelist+0x10a3/0x3a30
[ 139.579537][ T5997] __alloc_frozen_pages_noprof+0x25f/0x2470
[ 139.585445][ T5997] alloc_pages_mpol+0x1fb/0x550
[ 139.590312][ T5997] alloc_pages_noprof+0x131/0x390
[ 139.595348][ T5997] __vmalloc_node_range_noprof+0x6f8/0x1480
[ 139.601263][ T5997] __vmalloc_node_noprof+0xad/0xf0
[ 139.606481][ T5997] copy_process+0x2c77/0x76a0
[ 139.611165][ T5997] kernel_clone+0xfc/0x930
[ 139.615583][ T5997] __do_sys_clone+0xce/0x120
[ 139.620178][ T5997] do_syscall_64+0xcd/0xfa0
[ 139.624712][ T5997] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 139.630614][ T5997] page last free pid 12 tgid 12 stack trace:
[ 139.636674][ T5997] __free_frozen_pages+0x7df/0x1160
[ 139.641911][ T5997] rcu_core+0x79c/0x1530
[ 139.646178][ T5997] handle_softirqs+0x219/0x8e0
[ 139.650971][ T5997] __irq_exit_rcu+0x109/0x170
[ 139.655670][ T5997] irq_exit_rcu+0x9/0x30
[ 139.659914][ T5997] sysvec_call_function_single+0xa4/0xc0
[ 139.665568][ T5997] asm_sysvec_call_function_single+0x1a/0x20
[ 139.671560][ T5997]
[ 139.673878][ T5997] Memory state around the buggy address:
[ 139.679502][ T5997] ffffc9000383fb80: f2 f2 f2 f2 f2 f2 f2 f2 f2 00 00 00 00 00 00 00
[ 139.687563][ T5997] ffffc9000383fc00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 139.695624][ T5997] >ffffc9000383fc80: 00 00 00 00 00 00 00 00 00 f3 f3 f3 f3 f3 f3 f3
[ 139.703683][ T5997] ^
[ 139.710093][ T5997] ffffc9000383fd00: f3 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 139.718157][ T5997] ffffc9000383fd80: 00 00 00 00 f1 f1 f1 f1 f1 f1 00 00 00 f2 f2 f2
[ 139.726214][ T5997] ==================================================================
[ 139.779014][ T6000] loop0: detected capacity change from 0 to 256
[ 139.787412][ T6000] exfat: Deprecated parameter 'namecase'
[ 139.800602][ T6000] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x5441951d, utbl_chksum : 0xe619d30d)
[ 139.814601][ T6000] ==================================================================
[ 139.822679][ T6000] BUG: KASAN: stack-out-of-bounds in exfat_nls_to_ucs2+0x706/0x730
[ 139.830594][ T6000] Read of size 1 at addr ffffc900032e7cc8 by task syz.0.31/6000
[ 139.838233][ T6000]
[ 139.840564][ T6000] CPU: 0 UID: 0 PID: 6000 Comm: syz.0.31 Tainted: G B syzkaller #0 PREEMPT(full)
[ 139.840619][ T6000] Tainted: [B]=BAD_PAGE
[ 139.840652][ T6000] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[ 139.840675][ T6000] Call Trace:
[ 139.840687][ T6000]
[ 139.840700][ T6000] dump_stack_lvl+0x116/0x1f0