[ 101.506748][ T9] cfg80211: failed to load regulatory.db
Warning: Permanently added '10.128.1.88' (ED25519) to the list of known hosts.
2025/10/12 12:03:08 parsed 1 programs
[ 112.573889][ T5833] cgroup: Unknown subsys name 'net'
[ 112.760727][ T5833] cgroup: Unknown subsys name 'cpuset'
[ 112.770547][ T5833] cgroup: Unknown subsys name 'rlimit'
[ 114.551650][ T5833] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k
[ 117.435393][ T5841] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[ 118.565549][ T5853] chnl_net:caif_netlink_parms(): no params data found
[ 118.685624][ T5853] bridge0: port 1(bridge_slave_0) entered blocking state
[ 118.693491][ T5853] bridge0: port 1(bridge_slave_0) entered disabled state
[ 118.701352][ T5853] bridge_slave_0: entered allmulticast mode
[ 118.709223][ T5853] bridge_slave_0: entered promiscuous mode
[ 118.720097][ T5853] bridge0: port 2(bridge_slave_1) entered blocking state
[ 118.727373][ T5853] bridge0: port 2(bridge_slave_1) entered disabled state
[ 118.735300][ T5853] bridge_slave_1: entered allmulticast mode
[ 118.743100][ T5853] bridge_slave_1: entered promiscuous mode
[ 118.787377][ T5853] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 118.801239][ T5853] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 118.843272][ T5853] team0: Port device team_slave_0 added
[ 118.851989][ T5853] team0: Port device team_slave_1 added
[ 118.890454][ T5853] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 118.897532][ T5853] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 118.924709][ T5853] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 118.938258][ T5853] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 118.945442][ T5853] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 118.971592][ T5853] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 119.026410][ T5853] hsr_slave_0: entered promiscuous mode
[ 119.033212][ T5853] hsr_slave_1: entered promiscuous mode
[ 119.231508][ T5853] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 119.246369][ T5853] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 119.258088][ T5853] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 119.269994][ T5853] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 119.309532][ T5853] bridge0: port 2(bridge_slave_1) entered blocking state
[ 119.317145][ T5853] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 119.325774][ T5853] bridge0: port 1(bridge_slave_0) entered blocking state
[ 119.333106][ T5853] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 119.403489][ T5853] 8021q: adding VLAN 0 to HW filter on device bond0
[ 119.426092][ T50] bridge0: port 1(bridge_slave_0) entered disabled state
[ 119.435789][ T50] bridge0: port 2(bridge_slave_1) entered disabled state
[ 119.457411][ T5853] 8021q: adding VLAN 0 to HW filter on device team0
[ 119.479841][ T129] bridge0: port 1(bridge_slave_0) entered blocking state
[ 119.487021][ T129] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 119.496308][ T129] bridge0: port 2(bridge_slave_1) entered blocking state
[ 119.503415][ T129] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 119.759271][ T5853] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 119.815264][ T5853] veth0_vlan: entered promiscuous mode
[ 119.831598][ T5853] veth1_vlan: entered promiscuous mode
[ 119.866777][ T5853] veth0_macvtap: entered promiscuous mode
[ 119.877350][ T5853] veth1_macvtap: entered promiscuous mode
[ 119.901916][ T5853] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 119.919961][ T5853] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 119.936993][ T50] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 119.946977][ T50] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 119.958456][ T50] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 119.969640][ T50] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 120.160825][ T129] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 120.235923][ T129] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 120.300878][ T129] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 120.402417][ T129] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 121.567240][ T5901] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 121.576430][ T5901] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 121.585091][ T5901] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 121.596294][ T5901] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 121.606733][ T5901] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 122.612732][ T50] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 122.639581][ T50] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 122.757562][ T50] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 122.766972][ T129] bridge_slave_1: left allmulticast mode
[ 122.772740][ T129] bridge_slave_1: left promiscuous mode
[ 122.773773][ T50] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 122.780265][ T129] bridge0: port 2(bridge_slave_1) entered disabled state
[ 122.798730][ T129] bridge_slave_0: left allmulticast mode
[ 122.804454][ T129] bridge_slave_0: left promiscuous mode
[ 122.810226][ T129] bridge0: port 1(bridge_slave_0) entered disabled state
[ 123.075610][ T129] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 123.088793][ T129] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 123.099715][ T129] bond0 (unregistering): Released all slaves
[ 123.293818][ T129] hsr_slave_0: left promiscuous mode
[ 123.303906][ T129] hsr_slave_1: left promiscuous mode
[ 123.312450][ T129] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 123.333547][ T129] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 123.352319][ T129] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 123.373706][ T129] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 123.418973][ T129] veth1_macvtap: left promiscuous mode
[ 123.434067][ T129] veth0_macvtap: left promiscuous mode
[ 123.439832][ T129] veth1_vlan: left promiscuous mode
[ 123.454568][ T129] veth0_vlan: left promiscuous mode
[ 124.079295][ T129] team0 (unregistering): Port device team_slave_1 removed
[ 124.106502][ T129] team0 (unregistering): Port device team_slave_0 removed
2025/10/12 12:03:28 executed programs: 0
[ 127.215801][ T5901] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 127.225416][ T5901] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 127.237993][ T5901] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 127.246318][ T5901] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 127.258063][ T5901] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 127.612256][ T5991] chnl_net:caif_netlink_parms(): no params data found
[ 127.747063][ T5991] bridge0: port 1(bridge_slave_0) entered blocking state
[ 127.754627][ T5991] bridge0: port 1(bridge_slave_0) entered disabled state
[ 127.761850][ T5991] bridge_slave_0: entered allmulticast mode
[ 127.774881][ T5991] bridge_slave_0: entered promiscuous mode
[ 127.784947][ T5991] bridge0: port 2(bridge_slave_1) entered blocking state
[ 127.792372][ T5991] bridge0: port 2(bridge_slave_1) entered disabled state
[ 127.799827][ T5991] bridge_slave_1: entered allmulticast mode
[ 127.810315][ T5991] bridge_slave_1: entered promiscuous mode
[ 127.852083][ T5991] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 127.865347][ T5991] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 127.906356][ T5991] team0: Port device team_slave_0 added
[ 127.915118][ T5991] team0: Port device team_slave_1 added
[ 127.951676][ T5991] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 127.958754][ T5991] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 127.984968][ T5991] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 127.998026][ T5991] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 128.005032][ T5991] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 128.031065][ T5991] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 128.090467][ T5991] hsr_slave_0: entered promiscuous mode
[ 128.097168][ T5991] hsr_slave_1: entered promiscuous mode
[ 128.624339][ T5991] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 128.636286][ T5991] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 128.649240][ T5991] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 128.664942][ T5991] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 128.800194][ T5991] 8021q: adding VLAN 0 to HW filter on device bond0
[ 128.830933][ T5991] 8021q: adding VLAN 0 to HW filter on device team0
[ 128.845631][ T12] bridge0: port 1(bridge_slave_0) entered blocking state
[ 128.852974][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 128.871976][ T50] bridge0: port 2(bridge_slave_1) entered blocking state
[ 128.879219][ T50] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 129.206945][ T5991] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 129.276195][ T5991] veth0_vlan: entered promiscuous mode
[ 129.292727][ T5991] veth1_vlan: entered promiscuous mode
[ 129.343044][ T5991] veth0_macvtap: entered promiscuous mode
[ 129.345149][ T5901] Bluetooth: hci0: command tx timeout
[ 129.356606][ T5991] veth1_macvtap: entered promiscuous mode
[ 129.390973][ T5991] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 129.407753][ T5991] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 129.425416][ T50] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 129.436203][ T50] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 129.449111][ T50] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 129.466069][ T50] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 129.559082][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 129.576704][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 129.614646][ T36] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 129.622494][ T36] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 129.730884][ T6045] loop0: detected capacity change from 0 to 256
[ 129.746933][ T6045] exfat: Deprecated parameter 'namecase'
[ 129.779628][ T6045] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x5441951d, utbl_chksum : 0xe619d30d)
[ 129.796220][ T6045] ==================================================================
[ 129.804479][ T6045] BUG: KASAN: stack-out-of-bounds in exfat_nls_to_ucs2+0x706/0x730
[ 129.812484][ T6045] Read of size 1 at addr ffffc90002fe7cc8 by task syz.0.17/6045
[ 129.820124][ T6045]
[ 129.822447][ T6045] CPU: 1 UID: 0 PID: 6045 Comm: syz.0.17 Not tainted syzkaller #0 PREEMPT(full)
[ 129.822485][ T6045] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[ 129.822504][ T6045] Call Trace:
[ 129.822515][ T6045]
[ 129.822527][ T6045] dump_stack_lvl+0x116/0x1f0
[ 129.822581][ T6045] print_report+0xcd/0x630
[ 129.822621][ T6045] ? srso_alias_return_thunk+0x5/0xfbef5
[ 129.822663][ T6045] ? __virt_addr_valid+0x81/0x610
[ 129.822700][ T6045] ? exfat_nls_to_ucs2+0x706/0x730
[ 129.822729][ T6045] kasan_report+0xe0/0x110
[ 129.822770][ T6045] ? exfat_nls_to_ucs2+0x706/0x730
[ 129.822805][ T6045] exfat_nls_to_ucs2+0x706/0x730
[ 129.822841][ T6045] ? __pfx_exfat_nls_to_ucs2+0x10/0x10
[ 129.822871][ T6045] ? srso_alias_return_thunk+0x5/0xfbef5
[ 129.822944][ T6045] ? find_held_lock+0x2b/0x80
[ 129.822995][ T6045] ? __might_fault+0xe3/0x190
[ 129.823025][ T6045] ? __might_fault+0xe3/0x190
[ 129.823054][ T6045] ? srso_alias_return_thunk+0x5/0xfbef5
[ 129.823098][ T6045] exfat_nls_to_utf16+0xa6/0xf0
[ 129.823131][ T6045] exfat_ioctl_set_volume_label+0x15d/0x230
[ 129.823167][ T6045] ? __pfx_exfat_ioctl_set_volume_label+0x10/0x10
[ 129.823204][ T6045] ? __lock_acquire+0xb8a/0x1c90
[ 129.823276][ T6045] ? srso_alias_return_thunk+0x5/0xfbef5
[ 129.823315][ T6045] ? kasan_quarantine_put+0x10a/0x240
[ 129.823349][ T6045] ? srso_alias_return_thunk+0x5/0xfbef5
[ 129.823387][ T6045] ? lockdep_hardirqs_on+0x7c/0x110
[ 129.823436][ T6045] ? srso_alias_return_thunk+0x5/0xfbef5
[ 129.823476][ T6045] ? srso_alias_return_thunk+0x5/0xfbef5
[ 129.823514][ T6045] ? find_held_lock+0x2b/0x80
[ 129.823582][ T6045] ? srso_alias_return_thunk+0x5/0xfbef5
[ 129.823620][ T6045] ? __sanitizer_cov_trace_switch+0x54/0x90
[ 129.823684][ T6045] exfat_ioctl+0x929/0x1630
[ 129.823725][ T6045] ? __pfx_exfat_ioctl+0x10/0x10
[ 129.823763][ T6045] ? __pfx_do_sys_openat2+0x10/0x10
[ 129.823815][ T6045] ? srso_alias_return_thunk+0x5/0xfbef5
[ 129.823855][ T6045] ? srso_alias_return_thunk+0x5/0xfbef5
[ 129.823893][ T6045] ? hook_file_ioctl_common+0x145/0x410
[ 129.823945][ T6045] ? srso_alias_return_thunk+0x5/0xfbef5
[ 129.823984][ T6045] ? __pfx___x64_sys_futex+0x10/0x10
[ 129.824028][ T6045] ? __pfx_exfat_ioctl+0x10/0x10
[ 129.824067][ T6045] __x64_sys_ioctl+0x18e/0x210
[ 129.824120][ T6045] do_syscall_64+0xcd/0xfa0
[ 129.824171][ T6045] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 129.824203][ T6045] RIP: 0033:0x7f5e94f8eec9
[ 129.824228][ T6045] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 129.824259][ T6045] RSP: 002b:00007fff76451038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 129.824289][ T6045] RAX: ffffffffffffffda RBX: 00007f5e951e5fa0 RCX: 00007f5e94f8eec9
[ 129.824310][ T6045] RDX: 00002000000001c0 RSI: 0000000041009432 RDI: 0000000000000004
[ 129.824331][ T6045] RBP: 00007f5e95011f91 R08: 0000000000000000 R09: 0000000000000000
[ 129.824351][ T6045] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 129.824370][ T6045] R13: 00007f5e951e5fa0 R14: 00007f5e951e5fa0 R15: 0000000000000003
[ 129.824402][ T6045]
[ 129.824413][ T6045]
[ 130.130551][ T6045] The buggy address belongs to stack of task syz.0.17/6045
[ 130.137829][ T6045] and is located at offset 960 in frame:
[ 130.143536][ T6045] exfat_ioctl_set_volume_label+0x0/0x230
[ 130.149272][ T6045]
[ 130.151593][ T6045] This frame has 3 objects:
[ 130.156088][ T6045] [32, 36) 'lossy'
[ 130.156110][ T6045] [48, 568) 'uniname'
[ 130.159908][ T6045] [704, 960) 'label'
[ 130.163964][ T6045]
[ 130.170263][ T6045] The buggy address belongs to a 8-page vmalloc region starting at 0xffffc90002fe0000 allocated at kernel_clone+0xfc/0x930
[ 130.183078][ T6045] The buggy address belongs to the physical page:
[ 130.189597][ T6045] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff888076c40f50 pfn:0x76c40
[ 130.199676][ T6045] memcg:ffff88802912de02
[ 130.203913][ T6045] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[ 130.211043][ T6045] raw: 00fff00000000000 0000000000000000 dead000000000122 0000000000000000
[ 130.219636][ T6045] raw: ffff888076c40f50 0000000000000000 00000001ffffffff ffff88802912de02
[ 130.228214][ T6045] page dumped because: kasan: bad access detected
[ 130.234621][ T6045] page_owner tracks the page as allocated
[ 130.240326][ T6045] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2dc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_ZERO|__GFP_NOWARN), pid 5991, tgid 5991 (syz-executor), ts 129700407472, free_ts 129677194793
[ 130.259707][ T6045] post_alloc_hook+0x1c0/0x230
[ 130.264505][ T6045] get_page_from_freelist+0x10a3/0x3a30
[ 130.270076][ T6045] __alloc_frozen_pages_noprof+0x25f/0x2470
[ 130.276018][ T6045] alloc_pages_mpol+0x1fb/0x550
[ 130.280909][ T6045] alloc_pages_noprof+0x131/0x390
[ 130.285952][ T6045] __vmalloc_node_range_noprof+0x6f8/0x1480
[ 130.291861][ T6045] __vmalloc_node_noprof+0xad/0xf0
[ 130.296987][ T6045] copy_process+0x2c77/0x76a0
[ 130.301667][ T6045] kernel_clone+0xfc/0x930
[ 130.306083][ T6045] __do_sys_clone+0xce/0x120
[ 130.310674][ T6045] do_syscall_64+0xcd/0xfa0
[ 130.315198][ T6045] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 130.321098][ T6045] page last free pid 5991 tgid 5991 stack trace:
[ 130.327414][ T6045] __free_frozen_pages+0x7df/0x1160
[ 130.332630][ T6045] __put_partials+0x130/0x170
[ 130.337328][ T6045] qlist_free_all+0x4d/0x120
[ 130.341925][ T6045] kasan_quarantine_reduce+0x195/0x1e0
[ 130.347393][ T6045] __kasan_slab_alloc+0x69/0x90
[ 130.352257][ T6045] __kmalloc_noprof+0x2e8/0x880
[ 130.357142][ T6045] tomoyo_realpath_from_path+0xc2/0x6e0
[ 130.362719][ T6045] tomoyo_path_number_perm+0x245/0x580
[ 130.368192][ T6045] security_file_ioctl+0x9b/0x240
[ 130.373243][ T6045] __x64_sys_ioctl+0xb7/0x210
[ 130.377957][ T6045] do_syscall_64+0xcd/0xfa0
[ 130.382495][ T6045] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 130.388493][ T6045]
[ 130.390819][ T6045] Memory state around the buggy address:
[ 130.396443][ T6045] ffffc90002fe7b80: f2 f2 f2 f2 f2 f2 f2 f2 f2 00 00 00 00 00 00 00
[ 130.404508][ T6045] ffffc90002fe7c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 130.412579][ T6045] >ffffc90002fe7c80: 00 00 00 00 00 00 00 00 00 f3 f3 f3 f3 f3 f3 f3
[ 130.420644][ T6045] ^
[ 130.427099][ T6045] ffffc90002fe7d00: f3 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 130.435177][ T6045] ffffc90002fe7d80: 00 00 00 00 f1 f1 f1 f1 f1 f1 00 00 00 f2 f2 f2
[ 130.443286][ T6045] ==================================================================
[ 130.475836][ T6045] Disabling lock debugging due to kernel taint
[ 130.530295][ T6048] loop0: detected capacity change from 0 to 256
[ 130.538229][ T6048] exfat: Deprecated parameter 'namecase'
[ 130.589711][ T6048] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x5441951d, utbl_chksum : 0xe619d30d)
[ 130.605667][ T6048] ==================================================================
[ 130.613757][ T6048] BUG: KASAN: stack-out-of-bounds in exfat_nls_to_ucs2+0x706/0x730
[ 130.621677][ T6048] Read of size 1 at addr ffffc90003a9fcc8 by task syz.0.18/6048
[ 130.629321][ T6048]
[ 130.631658][ T6048] CPU: 0 UID: 0 PID: 6048 Comm: syz.0.18 Tainted: G B syzkaller #0 PREEMPT(full)
[ 130.631710][ T6048] Tainted: [B]=BAD_PAGE
[ 130.631723][ T6048] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[ 130.631744][ T6048] Call Trace:
[ 130.631755][ T6048]
[ 130.631767][ T6048] dump_stack_lvl+0x116/0x1f0
[ 130.631826][ T6048] print_report+0xcd/0x630
[ 130.631870][ T6048] ? srso_alias_return_thunk+0x5/0xfbef5
[ 130.631966][ T6048] ? __virt_addr_valid+0x81/0x610
[ 130.632007][ T6048] ? exfat_nls_to_ucs2+0x706/0x730
[ 130.632041][ T6048] kasan_report+0xe0/0x110
[ 130.632087][ T6048] ? exfat_nls_to_ucs2+0x706/0x730
[ 130.632125][ T6048] exfat_nls_to_ucs2+0x706/0x730
[ 130.632163][ T6048] ? __pfx_exfat_nls_to_ucs2+0x10/0x10
[ 130.632229][ T6048] ? __might_fault+0xe3/0x190
[ 130.632260][ T6048] ? srso_alias_return_thunk+0x5/0xfbef5
[ 130.632303][ T6048] ? rcu_is_watching+0x12/0xc0
[ 130.632336][ T6048] ? srso_alias_return_thunk+0x5/0xfbef5
[ 130.632378][ T6048] ? lock_release+0x201/0x2f0
[ 130.632427][ T6048] exfat_nls_to_utf16+0xa6/0xf0
[ 130.632462][ T6048] exfat_ioctl_set_volume_label+0x15d/0x230
[ 130.632503][ T6048] ? __pfx_exfat_ioctl_set_volume_label+0x10/0x10
[ 130.632544][ T6048] ? __sanitizer_cov_trace_switch+0x54/0x90
[ 130.632636][ T6048] ? srso_alias_return_thunk+0x5/0xfbef5
[ 130.632679][ T6048] ? rcu_is_watching+0x12/0xc0
[ 130.632711][ T6048] ? srso_alias_return_thunk+0x5/0xfbef5
[ 130.632754][ T6048] ? trace_irq_enable.constprop.0+0xd4/0x120
[ 130.632791][ T6048] ? srso_alias_return_thunk+0x5/0xfbef5
[ 130.632855][ T6048] ? srso_alias_return_thunk+0x5/0xfbef5
[ 130.632899][ T6048] ? __sanitizer_cov_trace_switch+0x54/0x90
[ 130.632971][ T6048] exfat_ioctl+0x929/0x1630
[ 130.633013][ T6048] ? __pfx_exfat_ioctl+0x10/0x10
[ 130.633051][ T6048] ? __pfx_do_sys_openat2+0x10/0x10
[ 130.633104][ T6048] ? srso_alias_return_thunk+0x5/0xfbef5
[ 130.633147][ T6048] ? srso_alias_return_thunk+0x5/0xfbef5
[ 130.633188][ T6048] ? hook_file_ioctl_common+0x145/0x410
[ 130.633238][ T6048] ? srso_alias_return_thunk+0x5/0xfbef5
[ 130.633282][ T6048] ? __pfx___x64_sys_futex+0x10/0x10
[ 130.633332][ T6048] ? __pfx_exfat_ioctl+0x10/0x10
[ 130.633372][ T6048] __x64_sys_ioctl+0x18e/0x210
[ 130.633430][ T6048] do_syscall_64+0xcd/0xfa0
[ 130.633487][ T6048] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 130.633522][ T6048] RIP: 0033:0x7f5e94f8eec9
[ 130.633550][ T6048] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 130.633585][ T6048] RSP: 002b:00007fff76451038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 130.633619][ T6048] RAX: ffffffffffffffda RBX: 00007f5e951e5fa0 RCX: 00007f5e94f8eec9
[ 130.633642][ T6048] RDX: 00002000000001c0 RSI: 0000000041009432 RDI: 0000000000000004
[ 130.633662][ T6048] RBP: 00007f5e95011f91 R08: 0000000000000000 R09: 0000000000000000
[ 130.633685][ T6048] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 130.633707][ T6048] R13: 00007f5e951e5fa0 R14: 00007f5e951e5fa0 R15: 0000000000000003
[ 130.633741][ T6048]
[ 130.633752][ T6048]
[ 130.936111][ T6048] The buggy address belongs to stack of task syz.0.18/6048
[ 130.943332][ T6048] and is located at offset 960 in frame:
[ 130.949038][ T6048] exfat_ioctl_set_volume_label+0x0/0x230
[ 130.954775][ T6048]
[ 130.957175][ T6048] This frame has 3 objects:
[ 130.961666][ T6048] [32, 36) 'lossy'
[ 130.961686][ T6048] [48, 568) 'uniname'
[ 130.965489][ T6048] [704, 960) 'label'
[ 130.969553][ T6048]
[ 130.975816][ T6048] The buggy address belongs to a vmalloc virtual mapping
[ 130.982838][ T6048] The buggy address belongs to the physical page:
[ 130.989238][ T6048] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff888077704b40 pfn:0x77704
[ 130.999301][ T6048] memcg:ffff88802912de02
[ 131.003527][ T6048] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[ 131.010642][ T6048] raw: 00fff00000000000 0000000000000000 dead000000000122 0000000000000000
[ 131.019230][ T6048] raw: ffff888077704b40 0000000000000000 00000001ffffffff ffff88802912de02
[ 131.027807][ T6048] page dumped because: kasan: bad access detected
[ 131.034208][ T6048] page_owner tracks the page as allocated
[ 131.039907][ T6048] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2dc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_ZERO|__GFP_NOWARN), pid 6030, tgid 6030 (dhcpcd-run-hook), ts 129060780181, free_ts 128973952316
[ 131.059552][ T6048] post_alloc_hook+0x1c0/0x230
[ 131.064349][ T6048] get_page_from_freelist+0x10a3/0x3a30
[ 131.069933][ T6048] __alloc_frozen_pages_noprof+0x25f/0x2470
[ 131.075835][ T6048] alloc_pages_mpol+0x1fb/0x550
[ 131.080706][ T6048] alloc_pages_noprof+0x131/0x390
[ 131.085753][ T6048] __vmalloc_node_range_noprof+0x6f8/0x1480
[ 131.091673][ T6048] __vmalloc_node_noprof+0xad/0xf0
[ 131.096805][ T6048] copy_process+0x2c77/0x76a0
[ 131.101496][ T6048] kernel_clone+0xfc/0x930
[ 131.105921][ T6048] __do_sys_clone+0xce/0x120
[ 131.110511][ T6048] do_syscall_64+0xcd/0xfa0
[ 131.115030][ T6048] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 131.120926][ T6048] page last free pid 6027 tgid 6027 stack trace:
[ 131.127282][ T6048] __free_frozen_pages+0x7df/0x1160
[ 131.132500][ T6048] rcu_core+0x79c/0x1530
[ 131.136760][ T6048] handle_softirqs+0x219/0x8e0
[ 131.141633][ T6048] __irq_exit_rcu+0x109/0x170
[ 131.146327][ T6048] irq_exit_rcu+0x9/0x30
[ 131.150567][ T6048] sysvec_apic_timer_interrupt+0xa4/0xc0
[ 131.156243][ T6048] asm_sysvec_apic_timer_interrupt+0x1a/0x20
[ 131.162230][ T6048]
[ 131.164541][ T6048] Memory state around the buggy address:
[ 131.170160][ T6048] ffffc90003a9fb80: f2 f2 f2 f2 f2 f2 f2 f2 f2 00 00 00 00 00 00 00
[ 131.178227][ T6048] ffffc90003a9fc00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 131.186284][ T6048] >ffffc90003a9fc80: 00 00 00 00 00 00 00 00 00 f3 f3 f3 f3 f3 f3 f3
[ 131.194335][ T6048] ^
[ 131.200736][ T6048] ffffc90003a9fd00: f3 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 131.208861][ T6048] ffffc90003a9fd80: 00 00 00 00 f1 f1 f1 f1 f1 f1 00 00 00 f2 f2 f2
[ 131.216914][ T6048] ==================================================================
[ 131.287026][ T6054] loop0: detected capacity change from 0 to 256
[ 131.304369][ T6054] exfat: Deprecated parameter 'namecase'
[ 131.327896][ T6054] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x5441951d, utbl_chksum : 0xe619d30d)
[ 131.353949][ T6054] ==================================================================
[ 131.362038][ T6054] BUG: KASAN: stack-out-of-bounds in exfat_nls_to_ucs2+0x706/0x730
[ 131.369952][ T6054] Read of size 1 at addr ffffc90002fe7cc8 by task syz.0.19/6054
[ 131.377591][ T6054]
[ 131.379925][ T6054] CPU: 0 UID: 0 PID: 6054 Comm: syz.0.19 Tainted: G B syzkaller #0 PREEMPT(full)
[ 131.379978][ T6054] Tainted: [B]=BAD_PAGE
[ 131.379991][ T6054] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[ 131.380013][ T6054] Call Trace:
[ 131.380024][ T6054]
[ 131.380037][ T6054] dump_stack_lvl+0x116/0x1f0
[ 131.380098][ T6054] print_report+0xcd/0x630
[ 131.380144][ T6054] ? srso_alias_return_thunk+0x5/0xfbef5
[ 131.380195][ T6054] ? __virt_addr_valid+0x81/0x610
[ 131.380237][ T6054] ? exfat_nls_to_ucs2+0x706/0x730
[ 131.380270][ T6054] kasan_report+0xe0/0x110
[ 131.380317][ T6054] ? exfat_nls_to_ucs2+0x706/0x730
[ 131.380355][ T6054] exfat_nls_to_ucs2+0x706/0x730
[ 131.380395][ T6054] ? __pfx_exfat_nls_to_ucs2+0x10/0x10
[ 131.380462][ T6054] ? __might_fault+0xe3/0x190
[ 131.380495][ T6054] ? srso_alias_return_thunk+0x5/0xfbef5
[ 131.380538][ T6054] ? rcu_is_watching+0x12/0xc0
[ 131.380572][ T6054] ? srso_alias_return_thunk+0x5/0xfbef5
[ 131.380615][ T6054] ? lock_release+0x201/0x2f0
[ 131.380664][ T6054] exfat_nls_to_utf16+0xa6/0xf0
[ 131.380701][ T6054] exfat_ioctl_set_volume_label+0x15d/0x230
[ 131.380742][ T6054] ? __pfx_exfat_ioctl_set_volume_label+0x10/0x10
[ 131.380784][ T6054] ? __sanitizer_cov_trace_switch+0x54/0x90
[ 131.380877][ T6054] ? srso_alias_return_thunk+0x5/0xfbef5
[ 131.380922][ T6054] ? rcu_is_watching+0x12/0xc0
[ 131.380954][ T6054] ? srso_alias_return_thunk+0x5/0xfbef5
[ 131.380998][ T6054] ? trace_irq_enable.constprop.0+0xd4/0x120
[ 131.381036][ T6054] ? srso_alias_return_thunk+0x5/0xfbef5
[ 131.381101][ T6054] ? srso_alias_return_thunk+0x5/0xfbef5
[ 131.381144][ T6054] ? __sanitizer_cov_trace_switch+0x54/0x90
[ 131.381215][ T6054] exfat_ioctl+0x929/0x1630
[ 131.381257][ T6054] ? __pfx_exfat_ioctl+0x10/0x10
[ 131.381295][ T6054] ? __pfx_do_sys_openat2+0x10/0x10
[ 131.381350][ T6054] ? srso_alias_return_thunk+0x5/0xfbef5
[ 131.381393][ T6054] ? srso_alias_return_thunk+0x5/0xfbef5
[ 131.381437][ T6054] ? hook_file_ioctl_common+0x145/0x410
[ 131.381488][ T6054] ? srso_alias_return_thunk+0x5/0xfbef5
[ 131.381532][ T6054] ? __pfx___x64_sys_futex+0x10/0x10
[ 131.381583][ T6054] ? __pfx_exfat_ioctl+0x10/0x10
[ 131.381623][ T6054] __x64_sys_ioctl+0x18e/0x210
[ 131.381683][ T6054] do_syscall_64+0xcd/0xfa0
[ 131.381741][ T6054] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 131.381778][ T6054] RIP: 0033:0x7f5e94f8eec9
[ 131.381804][ T6054] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 131.381839][ T6054] RSP: 002b:00007fff76451038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 131.381873][ T6054] RAX: ffffffffffffffda RBX: 00007f5e951e5fa0 RCX: 00007f5e94f8eec9
[ 131.381898][ T6054] RDX: 00002000000001c0 RSI: 0000000041009432 RDI: 0000000000000004
[ 131.381921][ T6054] RBP: 00007f5e95011f91 R08: 0000000000000000 R09: 0000000000000000
[ 131.381943][ T6054] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 131.381965][ T6054] R13: 00007f5e951e5fa0 R14: 00007f5e951e5fa0 R15: 0000000000000003
[ 131.382001][ T6054]
[ 131.382013][ T6054]
[ 131.685257][ T6054] The buggy address belongs to stack of task syz.0.19/6054
[ 131.692451][ T6054] and is located at offset 960 in frame:
[ 131.698156][ T6054] exfat_ioctl_set_volume_label+0x0/0x230
[ 131.703887][ T6054]
[ 131.706203][ T6054] This frame has 3 objects:
[ 131.710700][ T6054] [32, 36) 'lossy'
[ 131.710722][ T6054] [48, 568) 'uniname'
[ 131.714528][ T6054] [704, 960) 'label'
[ 131.718595][ T6054]
[ 131.724852][ T6054] The buggy address belongs to a 8-page vmalloc region starting at 0xffffc90002fe0000 allocated at kernel_clone+0xfc/0x930
[ 131.737646][ T6054] The buggy address belongs to the physical page:
[ 131.744052][ T6054] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff888076c40f50 pfn:0x76c40
[ 131.754122][ T6054] memcg:ffff88802912de02
[ 131.758356][ T6054] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[ 131.766098][ T6054] raw: 00fff00000000000 0000000000000000 dead000000000122 0000000000000000
[ 131.774701][ T6054] raw: ffff888076c40f50 0000000000000000 00000001ffffffff ffff88802912de02
[ 131.783278][ T6054] page dumped because: kasan: bad access detected
[ 131.789769][ T6054] page_owner tracks the page as allocated
[ 131.795478][ T6054] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2dc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_ZERO|__GFP_NOWARN), pid 5991, tgid 5991 (syz-executor), ts 129700407472, free_ts 129677194793
[ 131.814867][ T6054] post_alloc_hook+0x1c0/0x230
[ 131.819665][ T6054] get_page_from_freelist+0x10a3/0x3a30
[ 131.825275][ T6054] __alloc_frozen_pages_noprof+0x25f/0x2470
[ 131.831174][ T6054] alloc_pages_mpol+0x1fb/0x550
[ 131.836038][ T6054] alloc_pages_noprof+0x131/0x390
[ 131.841084][ T6054] __vmalloc_node_range_noprof+0x6f8/0x1480
[ 131.846994][ T6054] __vmalloc_node_noprof+0xad/0xf0
[ 131.852207][ T6054] copy_process+0x2c77/0x76a0
[ 131.856890][ T6054] kernel_clone+0xfc/0x930
[ 131.861406][ T6054] __do_sys_clone+0xce/0x120
[ 131.866001][ T6054] do_syscall_64+0xcd/0xfa0
[ 131.870527][ T6054] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 131.876424][ T6054] page last free pid 5991 tgid 5991 stack trace:
[ 131.882739][ T6054] __free_frozen_pages+0x7df/0x1160
[ 131.888011][ T6054] __put_partials+0x130/0x170
[ 131.892709][ T6054] qlist_free_all+0x4d/0x120
[ 131.897297][ T6054] kasan_quarantine_reduce+0x195/0x1e0
[ 131.902760][ T6054] __kasan_slab_alloc+0x69/0x90
[ 131.907617][ T6054] __kmalloc_noprof+0x2e8/0x880
[ 131.912489][ T6054] tomoyo_realpath_from_path+0xc2/0x6e0
[ 131.918135][ T6054] tomoyo_path_number_perm+0x245/0x580
[ 131.923609][ T6054] security_file_ioctl+0x9b/0x240
[ 131.928648][ T6054] __x64_sys_ioctl+0xb7/0x210
[ 131.933359][ T6054] do_syscall_64+0xcd/0xfa0
[ 131.937882][ T6054] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 131.943812][ T6054]
[ 131.946127][ T6054] Memory state around the buggy address:
[ 131.951775][ T6054] ffffc90002fe7b80: f2 f2 f2 f2 f2 f2 f2 f2 f2 00 00 00 00 00 00 00
[ 131.959929][ T6054] ffffc90002fe7c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 131.967995][ T6054] >ffffc90002fe7c80: 00 00 00 00 00 00 00 00 00 f3 f3 f3 f3 f3 f3 f3
[ 131.976054][ T6054] ^
[ 131.982464][ T6054] ffffc90002fe7d00: f3 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 131.990531][ T6054] ffffc90002fe7d80: 00 00 00 00 f1 f1 f1 f1 f1 f1 00 00 00 f2 f2 f2
[ 131.998589][ T6054] ==================================================================
[ 132.018494][ T5901] Bluetooth: hci0: command tx timeout
[ 132.100304][ T6060] loop0: detected capacity change from 0 to 256
[ 132.110613][ T6060] exfat: Deprecated parameter 'namecase'
[ 132.137199][ T6060] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x5441951d, utbl_chksum : 0xe619d30d)
[ 132.156254][ T6060] ==================================================================
[ 132.164335][ T6060] BUG: KASAN: stack-out-of-bounds in exfat_nls_to_ucs2+0x706/0x730
[ 132.172255][ T6060] Read of size 1 at addr ffffc90003a9fcc8 by task syz.0.20/6060
[ 132.179901][ T6060]
[ 132.182249][ T6060] CPU: 1 UID: 0 PID: 6060 Comm: syz.0.20 Tainted: G B syzkaller #0 PREEMPT(full)
[ 132.182303][ T6060] Tainted: [B]=BAD_PAGE
[ 132.182316][ T6060] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[ 132.182337][ T6060] Call Trace:
[ 132.182349][ T6060]
[ 132.182362][ T6060] dump_stack_lvl+0x116/0x1f0
[ 132.182422][ T6060] print_report+0xcd/0x630
[ 132.182468][ T6060] ? srso_alias_return_thunk+0x5/0xfbef5
[ 132.182513][ T6060] ? __virt_addr_valid+0x81/0x610
[ 132.182554][ T6060] ? exfat_nls_to_ucs2+0x706/0x730
[ 132.182588][ T6060] kasan_report+0xe0/0x110
[ 132.182634][ T6060] ? exfat_nls_to_ucs2+0x706/0x730
[ 132.182673][ T6060] exfat_nls_to_ucs2+0x706/0x730
[ 132.182712][ T6060] ? __pfx_exfat_nls_to_ucs2+0x10/0x10
[ 132.182779][ T6060] ? __might_fault+0xe3/0x190
[ 132.182812][ T6060] ? srso_alias_return_thunk+0x5/0xfbef5
[ 132.182855][ T6060] ? rcu_is_watching+0x12/0xc0
[ 132.182888][ T6060] ? srso_alias_return_thunk+0x5/0xfbef5
[ 132.182929][ T6060] ? lock_release+0x201/0x2f0
[ 132.182978][ T6060] exfat_nls_to_utf16+0xa6/0xf0
[ 132.183015][ T6060] exfat_ioctl_set_volume_label+0x15d/0x230
[ 132.183056][ T6060] ? __pfx_exfat_ioctl_set_volume_label+0x10/0x10
[ 132.183097][ T6060] ? __sanitizer_cov_trace_switch+0x54/0x90
[ 132.183199][ T6060] ? srso_alias_return_thunk+0x5/0xfbef5
[ 132.183242][ T6060] ? rcu_is_watching+0x12/0xc0
[ 132.183275][ T6060] ? srso_alias_return_thunk+0x5/0xfbef5
[ 132.183319][ T6060] ? trace_irq_enable.constprop.0+0xd4/0x120
[ 132.183357][ T6060] ? srso_alias_return_thunk+0x5/0xfbef5
[ 132.183422][ T6060] ? srso_alias_return_thunk+0x5/0xfbef5
[ 132.183465][ T6060] ? __sanitizer_cov_trace_switch+0x54/0x90
[ 132.183529][ T6060] exfat_ioctl+0x929/0x1630
[ 132.183572][ T6060] ? __pfx_exfat_ioctl+0x10/0x10
[ 132.183610][ T6060] ? __pfx_do_sys_openat2+0x10/0x10
[ 132.183661][ T6060] ? srso_alias_return_thunk+0x5/0xfbef5
[ 132.183701][ T6060] ? srso_alias_return_thunk+0x5/0xfbef5
[ 132.183743][ T6060] ? hook_file_ioctl_common+0x145/0x410
[ 132.183796][ T6060] ? srso_alias_return_thunk+0x5/0xfbef5
[ 132.183840][ T6060] ? __pfx___x64_sys_futex+0x10/0x10
[ 132.183893][ T6060] ? __pfx_exfat_ioctl+0x10/0x10
[ 132.183933][ T6060] __x64_sys_ioctl+0x18e/0x210
[ 132.183996][ T6060] do_syscall_64+0xcd/0xfa0
[ 132.184054][ T6060] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 132.184092][ T6060] RIP: 0033:0x7f5e94f8eec9
[ 132.184120][ T6060] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 132.184156][ T6060] RSP: 002b:00007fff76451038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 132.184200][ T6060] RAX: ffffffffffffffda RBX: 00007f5e951e5fa0 RCX: 00007f5e94f8eec9
[ 132.184226][ T6060] RDX: 00002000000001c0 RSI: 0000000041009432 RDI: 0000000000000004
[ 132.184250][ T6060] RBP: 00007f5e95011f91 R08: 0000000000000000 R09: 0000000000000000
[ 132.184274][ T6060] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 132.184297][ T6060] R13: 00007f5e951e5fa0 R14: 00007f5e951e5fa0 R15: 0000000000000003
[ 132.184334][ T6060]
[ 132.184346][ T6060]
[ 132.487280][ T6060] The buggy address belongs to stack of task syz.0.20/6060
[ 132.494485][ T6060] and is located at offset 960 in frame:
[ 132.500212][ T6060] exfat_ioctl_set_volume_label+0x0/0x230
[ 132.505965][ T6060]
[ 132.508286][ T6060] This frame has 3 objects:
[ 132.512787][ T6060] [32, 36) 'lossy'
[ 132.512815][ T6060] [48, 568) 'uniname'
[ 132.516713][ T6060] [704, 960) 'label'
[ 132.520781][ T6060]
[ 132.527064][ T6060] The buggy address belongs to a vmalloc virtual mapping
[ 132.534114][ T6060] The buggy address belongs to the physical page:
[ 132.540537][ T6060] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff888077704b40 pfn:0x77704
[ 132.550629][ T6060] memcg:ffff88802912de02
[ 132.554881][ T6060] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[ 132.562031][ T6060] raw: 00fff00000000000 0000000000000000 dead000000000122 0000000000000000
[ 132.570645][ T6060] raw: ffff888077704b40 0000000000000000 00000001ffffffff ffff88802912de02
[ 132.579245][ T6060] page dumped because: kasan: bad access detected
[ 132.585679][ T6060] page_owner tracks the page as allocated
[ 132.591416][ T6060] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2dc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_ZERO|__GFP_NOWARN), pid 6030, tgid 6030 (dhcpcd-run-hook), ts 129060780181, free_ts 128973952316
[ 132.611088][ T6060] post_alloc_hook+0x1c0/0x230
[ 132.615907][ T6060] get_page_from_freelist+0x10a3/0x3a30
[ 132.621514][ T6060] __alloc_frozen_pages_noprof+0x25f/0x2470
[ 132.627434][ T6060] alloc_pages_mpol+0x1fb/0x550
[ 132.632323][ T6060] alloc_pages_noprof+0x131/0x390
[ 132.637382][ T6060] __vmalloc_node_range_noprof+0x6f8/0x1480
[ 132.643312][ T6060] __vmalloc_node_noprof+0xad/0xf0
[ 132.648457][ T6060] copy_process+0x2c77/0x76a0
[ 132.653154][ T6060] kernel_clone+0xfc/0x930
[ 132.657585][ T6060] __do_sys_clone+0xce/0x120
[ 132.662195][ T6060] do_syscall_64+0xcd/0xfa0
[ 132.666736][ T6060] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 132.672649][ T6060] page last free pid 6027 tgid 6027 stack trace:
[ 132.679000][ T6060] __free_frozen_pages+0x7df/0x1160
[ 132.684338][ T6060] rcu_core+0x79c/0x1530
[ 132.688632][ T6060] handle_softirqs+0x219/0x8e0
[ 132.693451][ T6060] __irq_exit_rcu+0x109/0x170
[ 132.698175][ T6060] irq_exit_rcu+0x9/0x30
[ 132.702433][ T6060] sysvec_apic_timer_interrupt+0xa4/0xc0
[ 132.708107][ T6060] asm_sysvec_apic_timer_interrupt+0x1a/0x20
[ 132.714129][ T6060]
[ 132.716462][ T6060] Memory state around the buggy address:
[ 132.722096][ T6060] ffffc90003a9fb80: f2 f2 f2 f2 f2 f2 f2 f2 f2 00 00 00 00 00 00 00
[ 132.730168][ T6060] ffffc90003a9fc00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 132.738244][ T6060] >ffffc90003a9fc80: 00 00 00 00 00 00 00 00 00 f3 f3 f3 f3 f3 f3 f3
[ 132.746330][ T6060] ^
[ 132.752743][ T6060] ffffc90003a9fd00: f3 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 132.760809][ T6060] ffffc90003a9fd80: 00 00 00 00 f1 f1 f1 f1 f1 f1 00 00 00 f2 f2 f2
[ 132.768870][ T6060] ==================================================================
2025/10/12 12:03:34 executed programs: 6
[ 132.842035][ T6084] loop0: detected capacity change from 0 to 256
[ 132.874698][ T6084] exfat: Deprecated parameter 'namecase'
[ 132.899960][ T6084] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x5441951d, utbl_chksum : 0xe619d30d)
[ 132.936015][ T6084] ==================================================================
[ 132.944110][ T6084] BUG: KASAN: stack-out-of-bounds in exfat_nls_to_ucs2+0x706/0x730
[ 132.952033][ T6084] Read of size 1 at addr ffffc90003a9fcc8 by task syz.0.21/6084
[ 132.959674][ T6084]
[ 132.962013][ T6084] CPU: 1 UID: 0 PID: 6084 Comm: syz.0.21 Tainted: G B syzkaller #0 PREEMPT(full)
[ 132.962065][ T6084] Tainted: [B]=BAD_PAGE
[ 132.962078][ T6084] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[ 132.962100][ T6084] Call Trace:
[ 132.962111][ T6084]
[ 132.962123][ T6084] dump_stack_lvl+0x116/0x1f0
[ 132.962189][ T6084] print_report+0xcd/0x630
[ 132.962235][ T6084] ? srso_alias_return_thunk+0x5/0xfbef5
[ 132.962280][ T6084] ? __virt_addr_valid+0x81/0x610
[ 132.962322][ T6084] ? exfat_nls_to_ucs2+0x706/0x730
[ 132.962355][ T6084] kasan_report+0xe0/0x110
[ 132.962402][ T6084] ? exfat_nls_to_ucs2+0x706/0x730
[ 132.962441][ T6084] exfat_nls_to_ucs2+0x706/0x730
[ 132.962480][ T6084] ? __pfx_exfat_nls_to_ucs2+0x10/0x10
[ 132.962547][ T6084] ? __might_fault+0xe3/0x190
[ 132.962580][ T6084] ? srso_alias_return_thunk+0x5/0xfbef5
[ 132.962623][ T6084] ? rcu_is_watching+0x12/0xc0
[ 132.962657][ T6084] ? srso_alias_return_thunk+0x5/0xfbef5
[ 132.962701][ T6084] ? lock_release+0x201/0x2f0
[ 132.962751][ T6084] exfat_nls_to_utf16+0xa6/0xf0
[ 132.962788][ T6084] exfat_ioctl_set_volume_label+0x15d/0x230
[ 132.962829][ T6084] ? __pfx_exfat_ioctl_set_volume_label+0x10/0x10
[ 132.962871][ T6084] ? __sanitizer_cov_trace_switch+0x54/0x90
[ 132.962963][ T6084] ? srso_alias_return_thunk+0x5/0xfbef5
[ 132.963007][ T6084] ? rcu_is_watching+0x12/0xc0
[ 132.963040][ T6084] ? srso_alias_return_thunk+0x5/0xfbef5
[ 132.963084][ T6084] ? trace_irq_enable.constprop.0+0xd4/0x120
[ 132.963121][ T6084] ? srso_alias_return_thunk+0x5/0xfbef5
[ 132.963192][ T6084] ? srso_alias_return_thunk+0x5/0xfbef5
[ 132.963235][ T6084] ? __sanitizer_cov_trace_switch+0x54/0x90
[ 132.963298][ T6084] exfat_ioctl+0x929/0x1630
[ 132.963341][ T6084] ? __pfx_exfat_ioctl+0x10/0x10
[ 132.963380][ T6084] ? __pfx_do_sys_openat2+0x10/0x10
[ 132.963434][ T6084] ? srso_alias_return_thunk+0x5/0xfbef5
[ 132.963478][ T6084] ? srso_alias_return_thunk+0x5/0xfbef5
[ 132.963521][ T6084] ? hook_file_ioctl_common+0x145/0x410
[ 132.963573][ T6084] ? srso_alias_return_thunk+0x5/0xfbef5
[ 132.963617][ T6084] ? __pfx___x64_sys_futex+0x10/0x10
[ 132.963667][ T6084] ? __pfx_exfat_ioctl+0x10/0x10
[ 132.963705][ T6084] __x64_sys_ioctl+0x18e/0x210
[ 132.963762][ T6084] do_syscall_64+0xcd/0xfa0
[ 132.963819][ T6084] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 132.963855][ T6084] RIP: 0033:0x7f5e94f8eec9
[ 132.963882][ T6084] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 132.963917][ T6084] RSP: 002b:00007fff76451038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 132.963950][ T6084] RAX: ffffffffffffffda RBX: 00007f5e951e5fa0 RCX: 00007f5e94f8eec9
[ 132.963975][ T6084] RDX: 00002000000001c0 RSI: 0000000041009432 RDI: 0000000000000004
[ 132.963998][ T6084] RBP: 00007f5e95011f91 R08: 0000000000000000 R09: 0000000000000000
[ 132.964021][ T6084] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 132.964044][ T6084] R13: 00007f5e951e5fa0 R14: 00007f5e951e5fa0 R15: 0000000000000003
[ 132.964079][ T6084]
[ 132.964090][ T6084]
[ 133.266688][ T6084] The buggy address belongs to stack of task syz.0.21/6084
[ 133.274017][ T6084] and is located at offset 960 in frame:
[ 133.279746][ T6084] exfat_ioctl_set_volume_label+0x0/0x230
[ 133.285494][ T6084]
[ 133.287818][ T6084] This frame has 3 objects:
[ 133.292496][ T6084] [32, 36) 'lossy'
[ 133.292520][ T6084] [48, 568) 'uniname'
[ 133.296334][ T6084] [704, 960) 'label'
[ 133.300410][ T6084]
[ 133.306685][ T6084] The buggy address belongs to a vmalloc virtual mapping
[ 133.313715][ T6084] The buggy address belongs to the physical page:
[ 133.320123][ T6084] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff888077704b40 pfn:0x77704
[ 133.330206][ T6084] memcg:ffff88802912de02
[ 133.334449][ T6084] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[ 133.341583][ T6084] raw: 00fff00000000000 0000000000000000 dead000000000122 0000000000000000
[ 133.350189][ T6084] raw: ffff888077704b40 0000000000000000 00000001ffffffff ffff88802912de02
[ 133.358773][ T6084] page dumped because: kasan: bad access detected
[ 133.365186][ T6084] page_owner tracks the page as allocated
[ 133.370907][ T6084] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2dc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_ZERO|__GFP_NOWARN), pid 6030, tgid 6030 (dhcpcd-run-hook), ts 129060780181, free_ts 128973952316
[ 133.390565][ T6084] post_alloc_hook+0x1c0/0x230
[ 133.395367][ T6084] get_page_from_freelist+0x10a3/0x3a30
[ 133.400965][ T6084] __alloc_frozen_pages_noprof+0x25f/0x2470
[ 133.406873][ T6084] alloc_pages_mpol+0x1fb/0x550
[ 133.411750][ T6084] alloc_pages_noprof+0x131/0x390
[ 133.416803][ T6084] __vmalloc_node_range_noprof+0x6f8/0x1480
[ 133.422729][ T6084] __vmalloc_node_noprof+0xad/0xf0
[ 133.427876][ T6084] copy_process+0x2c77/0x76a0
[ 133.432568][ T6084] kernel_clone+0xfc/0x930
[ 133.436995][ T6084] __do_sys_clone+0xce/0x120
[ 133.441597][ T6084] do_syscall_64+0xcd/0xfa0
[ 133.446134][ T6084] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 133.452051][ T6084] page last free pid 6027 tgid 6027 stack trace:
[ 133.458376][ T6084] __free_frozen_pages+0x7df/0x1160
[ 133.463602][ T6084] rcu_core+0x79c/0x1530
[ 133.467967][ T6084] handle_softirqs+0x219/0x8e0
[ 133.472762][ T6084] __irq_exit_rcu+0x109/0x170
[ 133.477471][ T6084] irq_exit_rcu+0x9/0x30
[ 133.481720][ T6084] sysvec_apic_timer_interrupt+0xa4/0xc0
[ 133.487386][ T6084] asm_sysvec_apic_timer_interrupt+0x1a/0x20
[ 133.493390][ T6084]
[ 133.495709][ T6084] Memory state around the buggy address:
[ 133.501339][ T6084] ffffc90003a9fb80: f2 f2 f2 f2 f2 f2 f2 f2 f2 00 00 00 00 00 00 00
[ 133.509405][ T6084] ffffc90003a9fc00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 133.517473][ T6084] >ffffc90003a9fc80: 00 00 00 00 00 00 00 00 00 f3 f3 f3 f3 f3 f3 f3
[ 133.525536][ T6084] ^
[ 133.531948][ T6084] ffffc90003a9fd00: f3 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 133.540021][ T6084] ffffc90003a9fd80: 00 00 00 00 f1 f1 f1 f1 f1 f1 00 00 00 f2 f2 f2
[ 133.548086][ T6084] ==================================================================
[ 133.632174][ T6111] loop0: detected capacity change from 0 to 256
[ 133.639388][ T6111] exfat: Deprecated parameter 'namecase'
[ 133.674842][ T6111] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x5441951d, utbl_chksum : 0xe619d30d)
[ 133.696763][ T6111] ==================================================================
[ 133.704861][ T6111] BUG: KASAN: stack-out-of-bounds in exfat_nls_to_ucs2+0x706/0x730
[ 133.712797][ T6111] Read of size 1 at addr ffffc90003a9fcc8 by task syz.0.22/6111
[ 133.720449][ T6111]
[ 133.722789][ T6111] CPU: 1 UID: 0 PID: 6111 Comm: syz.0.22 Tainted: G B syzkaller #0 PREEMPT(full)
[ 133.722841][ T6111] Tainted: [B]=BAD_PAGE
[ 133.722854][ T6111] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[ 133.722876][ T6111] Call Trace:
[ 133.722888][ T6111]
[ 133.722900][ T6111] dump_stack_lvl+0x116/0x1f0
[ 133.723027][ T6111] print_report+0xcd/0x630
[ 133.723072][ T6111] ? srso_alias_return_thunk+0x5/0xfbef5
[ 133.723116][ T6111] ? __virt_addr_valid+0x81/0x610
[ 133.723157][ T6111] ? exfat_nls_to_ucs2+0x706/0x730
[ 133.723189][ T6111] kasan_report+0xe0/0x110
[ 133.723236][ T6111] ? exfat_nls_to_ucs2+0x706/0x730
[ 133.723274][ T6111] exfat_nls_to_ucs2+0x706/0x730
[ 133.723312][ T6111] ? __pfx_exfat_nls_to_ucs2+0x10/0x10
[ 133.723378][ T6111] ? __might_fault+0xe3/0x190
[ 133.723409][ T6111] ? srso_alias_return_thunk+0x5/0xfbef5
[ 133.723452][ T6111] ? rcu_is_watching+0x12/0xc0
[ 133.723485][ T6111] ? srso_alias_return_thunk+0x5/0xfbef5
[ 133.723527][ T6111] ? lock_release+0x201/0x2f0
[ 133.723576][ T6111] exfat_nls_to_utf16+0xa6/0xf0
[ 133.723611][ T6111] exfat_ioctl_set_volume_label+0x15d/0x230
[ 133.723658][ T6111] ? __pfx_exfat_ioctl_set_volume_label+0x10/0x10
[ 133.723697][ T6111] ? __sanitizer_cov_trace_switch+0x54/0x90
[ 133.723786][ T6111] ? srso_alias_return_thunk+0x5/0xfbef5
[ 133.723828][ T6111] ? rcu_is_watching+0x12/0xc0
[ 133.723861][ T6111] ? srso_alias_return_thunk+0x5/0xfbef5
[ 133.723903][ T6111] ? trace_irq_enable.constprop.0+0xd4/0x120
[ 133.723947][ T6111] ? srso_alias_return_thunk+0x5/0xfbef5
[ 133.724011][ T6111] ? srso_alias_return_thunk+0x5/0xfbef5
[ 133.724053][ T6111] ? __sanitizer_cov_trace_switch+0x54/0x90
[ 133.724114][ T6111] exfat_ioctl+0x929/0x1630
[ 133.724155][ T6111] ? __pfx_exfat_ioctl+0x10/0x10
[ 133.724192][ T6111] ? __pfx_do_sys_openat2+0x10/0x10
[ 133.724246][ T6111] ? srso_alias_return_thunk+0x5/0xfbef5
[ 133.724288][ T6111] ? srso_alias_return_thunk+0x5/0xfbef5
[ 133.724331][ T6111] ? hook_file_ioctl_common+0x145/0x410
[ 133.724383][ T6111] ? srso_alias_return_thunk+0x5/0xfbef5
[ 133.724426][ T6111] ? __pfx___x64_sys_futex+0x10/0x10
[ 133.724475][ T6111] ? __pfx_exfat_ioctl+0x10/0x10
[ 133.724515][ T6111] __x64_sys_ioctl+0x18e/0x210
[ 133.724582][ T6111] do_syscall_64+0xcd/0xfa0
[ 133.724639][ T6111] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 133.724673][ T6111] RIP: 0033:0x7f5e94f8eec9
[ 133.724701][ T6111] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 133.724736][ T6111] RSP: 002b:00007fff76451038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 133.724769][ T6111] RAX: ffffffffffffffda RBX: 00007f5e951e5fa0 RCX: 00007f5e94f8eec9
[ 133.724793][ T6111] RDX: 00002000000001c0 RSI: 0000000041009432 RDI: 0000000000000004
[ 133.724816][ T6111] RBP: 00007f5e95011f91 R08: 0000000000000000 R09: 0000000000000000
[ 133.724838][ T6111] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 133.724860][ T6111] R13: 00007f5e951e5fa0 R14: 00007f5e951e5fa0 R15: 0000000000000003
[ 133.724895][ T6111]
[ 133.724906][ T6111]
[ 134.027469][ T6111] The buggy address belongs to stack of task syz.0.22/6111
[ 134.034671][ T6111] and is located at offset 960 in frame:
[ 134.040392][ T6111] exfat_ioctl_set_volume_label+0x0/0x230
[ 134.046140][ T6111]
[ 134.048460][ T6111] This frame has 3 objects:
[ 134.052960][ T6111] [32, 36) 'lossy'
[ 134.052985][ T6111] [48, 568) 'uniname'
[ 134.056790][ T6111] [704, 960) 'label'
[ 134.060857][ T6111]
[ 134.063818][ T5901] Bluetooth: hci0: command tx timeout
[ 134.064825][ T6111] The buggy address belongs to a vmalloc virtual mapping
[ 134.079484][ T6111] The buggy address belongs to the physical page:
[ 134.085884][ T6111] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff888077704b40 pfn:0x77704
[ 134.095963][ T6111] memcg:ffff88802912de02
[ 134.100204][ T6111] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[ 134.107325][ T6111] raw: 00fff00000000000 0000000000000000 dead000000000122 0000000000000000
[ 134.115915][ T6111] raw: ffff888077704b40 0000000000000000 00000001ffffffff ffff88802912de02
[ 134.124499][ T6111] page dumped because: kasan: bad access detected
[ 134.130907][ T6111] page_owner tracks the page as allocated
[ 134.136611][ T6111] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2dc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_ZERO|__GFP_NOWARN), pid 6030, tgid 6030 (dhcpcd-run-hook), ts 129060780181, free_ts 128973952316
[ 134.156262][ T6111] post_alloc_hook+0x1c0/0x230
[ 134.161057][ T6111] get_page_from_freelist+0x10a3/0x3a30
[ 134.166630][ T6111] __alloc_frozen_pages_noprof+0x25f/0x2470
[ 134.172528][ T6111] alloc_pages_mpol+0x1fb/0x550
[ 134.177393][ T6111] alloc_pages_noprof+0x131/0x390
[ 134.182432][ T6111] __vmalloc_node_range_noprof+0x6f8/0x1480
[ 134.188350][ T6111] __vmalloc_node_noprof+0xad/0xf0
[ 134.193484][ T6111] copy_process+0x2c77/0x76a0
[ 134.198170][ T6111] kernel_clone+0xfc/0x930
[ 134.202590][ T6111] __do_sys_clone+0xce/0x120
[ 134.207185][ T6111] do_syscall_64+0xcd/0xfa0
[ 134.211706][ T6111] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 134.217603][ T6111] page last free pid 6027 tgid 6027 stack trace:
[ 134.223931][ T6111] __free_frozen_pages+0x7df/0x1160
[ 134.229153][ T6111] rcu_core+0x79c/0x1530
[ 134.233419][ T6111] handle_softirqs+0x219/0x8e0
[ 134.238202][ T6111] __irq_exit_rcu+0x109/0x170
[ 134.242908][ T6111] irq_exit_rcu+0x9/0x30
[ 134.247146][ T6111] sysvec_apic_timer_interrupt+0xa4/0xc0
[ 134.252801][ T6111] asm_sysvec_apic_timer_interrupt+0x1a/0x20
[ 134.258796][ T6111]
[ 134.261108][ T6111] Memory state around the buggy address:
[ 134.266725][ T6111] ffffc90003a9fb80: f2 f2 f2 f2 f2 f2 f2 f2 f2 00 00 00 00 00 00 00
[ 134.274915][ T6111] ffffc90003a9fc00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 134.282975][ T6111] >ffffc90003a9fc80: 00 00 00 00 00 00 00 00 00 f3 f3 f3 f3 f3 f3 f3
[ 134.291466][ T6111] ^
[ 134.297877][ T6111] ffffc90003a9fd00: f3 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 134.305976][ T6111] ffffc90003a9fd80: 00 00 00 00 f1 f1 f1 f1 f1 f1 00 00 00 f2 f2 f2
[ 134.314034][ T6111] ==================================================================
[ 134.364193][ T6125] loop0: detected capacity change from 0 to 256
[ 134.371542][ T6125] exfat: Deprecated parameter 'namecase'
[ 134.382763][ T6125] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x5441951d, utbl_chksum : 0xe619d30d)
[ 134.399766][ T6125] ==================================================================
[ 134.407840][ T6125] BUG: KASAN: stack-out-of-bounds in exfat_nls_to_ucs2+0x706/0x730
[ 134.415742][ T6125] Read of size 1 at addr ffffc90003a1fcc8 by task syz.0.23/6125
[ 134.423380][ T6125]
[ 134.425715][ T6125] CPU: 0 UID: 0 PID: 6125 Comm: syz.0.23 Tainted: G B syzkaller #0 PREEMPT(full)
[ 134.425754][ T6125] Tainted: [B]=BAD_PAGE
[ 134.425763][ T6125] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[ 134.425779][ T6125] Call Trace:
[ 134.425789][ T6125]
[ 134.425799][ T6125] dump_stack_lvl+0x116/0x1f0
[ 134.425844][ T6125] print_report+0xcd/0x630
[ 134.425879][ T6125] ? srso_alias_return_thunk+0x5/0xfbef5
[ 134.425912][ T6125] ? __virt_addr_valid+0x81/0x610
[ 134.425944][ T6125] ? exfat_nls_to_ucs2+0x706/0x730
[ 134.425970][ T6125] kasan_report+0xe0/0x110
[ 134.426004][ T6125] ? exfat_nls_to_ucs2+0x706/0x730
[ 134.426033][ T6125] exfat_nls_to_ucs2+0x706/0x730
[ 134.426062][ T6125] ? __pfx_exfat_nls_to_ucs2+0x10/0x10
[ 134.426112][ T6125] ? __might_fault+0xe3/0x190
[ 134.426136][ T6125] ? srso_alias_return_thunk+0x5/0xfbef5
[ 134.426172][ T6125] ? rcu_is_watching+0x12/0xc0
[ 134.426199][ T6125] ? srso_alias_return_thunk+0x5/0xfbef5
[ 134.426231][ T6125] ? lock_release+0x201/0x2f0
[ 134.426268][ T6125] exfat_nls_to_utf16+0xa6/0xf0
[ 134.426295][ T6125] exfat_ioctl_set_volume_label+0x15d/0x230
[ 134.426326][ T6125] ? __pfx_exfat_ioctl_set_volume_label+0x10/0x10
[ 134.426356][ T6125] ? __sanitizer_cov_trace_switch+0x54/0x90
[ 134.426427][ T6125] ? srso_alias_return_thunk+0x5/0xfbef5
[ 134.426459][ T6125] ? rcu_is_watching+0x12/0xc0
[ 134.426483][ T6125] ? srso_alias_return_thunk+0x5/0xfbef5
[ 134.426514][ T6125] ? trace_irq_enable.constprop.0+0xd4/0x120
[ 134.426543][ T6125] ? srso_alias_return_thunk+0x5/0xfbef5
[ 134.426592][ T6125] ? srso_alias_return_thunk+0x5/0xfbef5
[ 134.426624][ T6125] ? __sanitizer_cov_trace_switch+0x54/0x90
[ 134.426670][ T6125] exfat_ioctl+0x929/0x1630
[ 134.426702][ T6125] ? __pfx_exfat_ioctl+0x10/0x10
[ 134.426730][ T6125] ? __pfx_do_sys_openat2+0x10/0x10
[ 134.426770][ T6125] ? srso_alias_return_thunk+0x5/0xfbef5
[ 134.426802][ T6125] ? srso_alias_return_thunk+0x5/0xfbef5
[ 134.426834][ T6125] ? hook_file_ioctl_common+0x145/0x410
[ 134.426873][ T6125] ? srso_alias_return_thunk+0x5/0xfbef5
[ 134.426914][ T6125] ? __pfx___x64_sys_futex+0x10/0x10
[ 134.426961][ T6125] ? __pfx_exfat_ioctl+0x10/0x10
[ 134.426998][ T6125] __x64_sys_ioctl+0x18e/0x210
[ 134.427053][ T6125] do_syscall_64+0xcd/0xfa0
[ 134.427106][ T6125] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 134.427139][ T6125] RIP: 0033:0x7f5e94f8eec9
[ 134.427163][ T6125] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 134.427200][ T6125] RSP: 002b:00007fff76451038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 134.427229][ T6125] RAX: ffffffffffffffda RBX: 00007f5e951e5fa0 RCX: 00007f5e94f8eec9
[ 134.427252][ T6125] RDX: 00002000000001c0 RSI: 0000000041009432 RDI: 0000000000000004
[ 134.427273][ T6125] RBP: 00007f5e95011f91 R08: 0000000000000000 R09: 0000000000000000
[ 134.427294][ T6125] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 134.427314][ T6125] R13: 00007f5e951e5fa0 R14: 00007f5e951e5fa0 R15: 0000000000000003
[ 134.427347][ T6125]
[ 134.427357][ T6125]
[ 134.729938][ T6125] The buggy address belongs to stack of task syz.0.23/6125
[ 134.737151][ T6125] and is located at offset 960 in frame:
[ 134.742869][ T6125] exfat_ioctl_set_volume_label+0x0/0x230
[ 134.748599][ T6125]
[ 134.750907][ T6125] This frame has 3 objects:
[ 134.755397][ T6125] [32, 36) 'lossy'
[ 134.755419][ T6125] [48, 568) 'uniname'
[ 134.759213][ T6125] [704, 960) 'label'
[ 134.763263][ T6125]
[ 134.769538][ T6125] The buggy address belongs to a vmalloc virtual mapping
[ 134.776637][ T6125] The buggy address belongs to the physical page:
[ 134.783028][ T6125] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff888000000000 pfn:0x2559e
[ 134.793084][ T6125] memcg:ffff88802912de02
[ 134.797309][ T6125] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[ 134.804417][ T6125] raw: 00fff00000000000 0000000000000000 dead000000000122 0000000000000000
[ 134.812994][ T6125] raw: ffff888000000000 0000000000000000 00000001ffffffff ffff88802912de02
[ 134.821589][ T6125] page dumped because: kasan: bad access detected
[ 134.828084][ T6125] page_owner tracks the page as allocated
[ 134.833783][ T6125] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2dc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_ZERO|__GFP_NOWARN), pid 6089, tgid 6089 (dhcpcd-run-hook), ts 132998741678, free_ts 132877409348
[ 134.853473][ T6125] post_alloc_hook+0x1c0/0x230
[ 134.858271][ T6125] get_page_from_freelist+0x10a3/0x3a30
[ 134.863835][ T6125] __alloc_frozen_pages_noprof+0x25f/0x2470
[ 134.869772][ T6125] alloc_pages_mpol+0x1fb/0x550
[ 134.874641][ T6125] alloc_pages_noprof+0x131/0x390
[ 134.879681][ T6125] __vmalloc_node_range_noprof+0x6f8/0x1480
[ 134.885604][ T6125] __vmalloc_node_noprof+0xad/0xf0
[ 134.890743][ T6125] copy_process+0x2c77/0x76a0
[ 134.895411][ T6125] kernel_clone+0xfc/0x930
[ 134.899822][ T6125] __do_sys_clone+0xce/0x120
[ 134.904408][ T6125] do_syscall_64+0xcd/0xfa0
[ 134.908927][ T6125] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 134.914816][ T6125] page last free pid 5486 tgid 5486 stack trace:
[ 134.921131][ T6125] __free_frozen_pages+0x7df/0x1160
[ 134.926357][ T6125] tlb_remove_table_rcu+0x121/0x320
[ 134.931567][ T6125] rcu_core+0x79c/0x1530
[ 134.935823][ T6125] handle_softirqs+0x219/0x8e0
[ 134.940596][ T6125] do_softirq+0xb2/0xf0
[ 134.945029][ T6125] __local_bh_enable_ip+0x100/0x120
[ 134.950268][ T6125] copy_fpstate_to_sigframe+0x2c8/0xaf0
[ 134.955810][ T6125] get_sigframe+0x4a8/0x9c0
[ 134.960342][ T6125] x64_setup_rt_frame+0x12e/0xcf0
[ 134.965487][ T6125] arch_do_signal_or_restart+0x5e4/0x7c0
[ 134.971139][ T6125] exit_to_user_mode_loop+0x85/0x130
[ 134.976434][ T6125] do_syscall_64+0x426/0xfa0
[ 134.981040][ T6125] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 134.986935][ T6125]
[ 134.989256][ T6125] Memory state around the buggy address:
[ 134.994874][ T6125] ffffc90003a1fb80: f2 f2 f2 f2 f2 f2 f2 f2 f2 00 00 00 00 00 00 00
[ 135.002933][ T6125] ffffc90003a1fc00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 135.010987][ T6125] >ffffc90003a1fc80: 00 00 00 00 00 00 00 00 00 f3 f3 f3 f3 f3 f3 f3
[ 135.019040][ T6125] ^
[ 135.025442][ T6125] ffffc90003a1fd00: f3 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 135.033500][ T6125] ffffc90003a1fd80: 00 00 00 00 f1 f1 f1 f1 f1 f1 00 00 00 f2 f2 f2
[ 135.041550][ T6125] ==================================================================
[ 135.103100][ T6126] loop0: detected capacity change from 0 to 256
[ 135.115667][ T6126] exfat: Deprecated parameter 'namecase'
[ 135.128894][ T6126] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x5441951d, utbl_chksum : 0xe619d30d)
[ 135.143145][ T6126] ==================================================================
[ 135.151236][ T6126] BUG: KASAN: stack-out-of-bounds in exfat_nls_to_ucs2+0x706/0x730
[ 135.159154][ T6126] Read of size 1 at addr ffffc90003a1fcc8 by task syz.0.24/6126
[ 135.166805][ T6126]
[ 135.169148][ T6126] CPU: 0 UID: 0 PID: 6126 Comm: syz.0.24 Tainted: G B syzkaller #0 PREEMPT(full)
[ 135.169234][ T6126] Tainted: [B]=BAD_PAGE
[ 135.169249][ T6126] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[ 135.169271][ T6126] Call Trace:
[ 135.169282][ T6126]
[ 135.169294][ T6126] dump_stack_lvl+0x116/0x1f0
[ 135.169355][ T6126] print_report+0xcd/0x630
[ 135.169400][ T6126] ? srso_alias_return_thunk+0x5/0xfbef5
[ 135.169444][ T6126] ? __virt_addr_valid+0x81/0x610
[ 135.169484][ T6126] ? exfat_nls_to_ucs2+0x706/0x730
[ 135.169517][ T6126] kasan_report+0xe0/0x110
[ 135.169561][ T6126] ? exfat_nls_to_ucs2+0x706/0x730
[ 135.169598][ T6126] exfat_nls_to_ucs2+0x706/0x730
[ 135.169637][ T6126] ? __pfx_exfat_nls_to_ucs2+0x10/0x10
[ 135.169702][ T6126] ? __might_fault+0xe3/0x190
[ 135.169735][ T6126] ? srso_alias_return_thunk+0x5/0xfbef5
[ 135.169777][ T6126] ? rcu_is_watching+0x12/0xc0
[ 135.169809][ T6126] ? srso_alias_return_thunk+0x5/0xfbef5
[ 135.169850][ T6126] ? lock_release+0x201/0x2f0
[ 135.169899][ T6126] exfat_nls_to_utf16+0xa6/0xf0
[ 135.169957][ T6126] exfat_ioctl_set_volume_label+0x15d/0x230
[ 135.169998][ T6126] ? __pfx_exfat_ioctl_set_volume_label+0x10/0x10
[ 135.170039][ T6126] ? __sanitizer_cov_trace_switch+0x54/0x90
[ 135.170132][ T6126] ? srso_alias_return_thunk+0x5/0xfbef5
[ 135.170181][ T6126] ? rcu_is_watching+0x12/0xc0
[ 135.170214][ T6126] ? srso_alias_return_thunk+0x5/0xfbef5
[ 135.170257][ T6126] ? trace_irq_enable.constprop.0+0xd4/0x120
[ 135.170294][ T6126] ? srso_alias_return_thunk+0x5/0xfbef5
[ 135.170358][ T6126] ? srso_alias_return_thunk+0x5/0xfbef5
[ 135.170400][ T6126] ? __sanitizer_cov_trace_switch+0x54/0x90
[ 135.170461][ T6126] exfat_ioctl+0x929/0x1630
[ 135.170502][ T6126] ? __pfx_exfat_ioctl+0x10/0x10
[ 135.170537][ T6126] ? __pfx_do_sys_openat2+0x10/0x10
[ 135.170590][ T6126] ? srso_alias_return_thunk+0x5/0xfbef5
[ 135.170632][ T6126] ? srso_alias_return_thunk+0x5/0xfbef5
[ 135.170675][ T6126] ? hook_file_ioctl_common+0x145/0x410
[ 135.170726][ T6126] ? srso_alias_return_thunk+0x5/0xfbef5
[ 135.170770][ T6126] ? __pfx___x64_sys_futex+0x10/0x10
[ 135.170819][ T6126] ? __pfx_exfat_ioctl+0x10/0x10
[ 135.170859][ T6126] __x64_sys_ioctl+0x18e/0x210
[ 135.170916][ T6126] do_syscall_64+0xcd/0xfa0
[ 135.170972][ T6126] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 135.171008][ T6126] RIP: 0033:0x7f5e94f8eec9
[ 135.171036][ T6126] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 135.171071][ T6126] RSP: 002b:00007fff76451038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 135.171106][ T6126] RAX: ffffffffffffffda RBX: 00007f5e951e5fa0 RCX: 00007f5e94f8eec9
[ 135.171130][ T6126] RDX: 00002000000001c0 RSI: 0000000041009432 RDI: 0000000000000004
[ 135.171153][ T6126] RBP: 00007f5e95011f91 R08: 0000000000000000 R09: 0000000000000000
[ 135.171181][ T6126] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 135.171204][ T6126] R13: 00007f5e951e5fa0 R14: 00007f5e951e5fa0 R15: 0000000000000003
[ 135.171238][ T6126]
[ 135.171250][ T6126]
[ 135.473457][ T6126] The buggy address belongs to stack of task syz.0.24/6126
[ 135.480662][ T6126] and is located at offset 960 in frame:
[ 135.486370][ T6126] exfat_ioctl_set_volume_label+0x0/0x230
[ 135.492104][ T6126]
[ 135.494415][ T6126] This frame has 3 objects:
[ 135.498904][ T6126] [32, 36) 'lossy'
[ 135.498928][ T6126] [48, 568) 'uniname'
[ 135.502743][ T6126] [704, 960) 'label'
[ 135.506823][ T6126]
[ 135.513087][ T6126] The buggy address belongs to a vmalloc virtual mapping
[ 135.520107][ T6126] The buggy address belongs to the physical page:
[ 135.526506][ T6126] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff888000000000 pfn:0x2559e
[ 135.536578][ T6126] memcg:ffff88802912de02
[ 135.540902][ T6126] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[ 135.548037][ T6126] raw: 00fff00000000000 0000000000000000 dead000000000122 0000000000000000
[ 135.556641][ T6126] raw: ffff888000000000 0000000000000000 00000001ffffffff ffff88802912de02
[ 135.565220][ T6126] page dumped because: kasan: bad access detected
[ 135.571620][ T6126] page_owner tracks the page as allocated
[ 135.577319][ T6126] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2dc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_ZERO|__GFP_NOWARN), pid 6089, tgid 6089 (dhcpcd-run-hook), ts 132998741678, free_ts 132877409348
[ 135.596979][ T6126] post_alloc_hook+0x1c0/0x230
[ 135.601776][ T6126] get_page_from_freelist+0x10a3/0x3a30
[ 135.607342][ T6126] __alloc_frozen_pages_noprof+0x25f/0x2470
[ 135.613237][ T6126] alloc_pages_mpol+0x1fb/0x550
[ 135.618100][ T6126] alloc_pages_noprof+0x131/0x390
[ 135.623131][ T6126] __vmalloc_node_range_noprof+0x6f8/0x1480
[ 135.629034][ T6126] __vmalloc_node_noprof+0xad/0xf0
[ 135.634155][ T6126] copy_process+0x2c77/0x76a0
[ 135.638837][ T6126] kernel_clone+0xfc/0x930
[ 135.643255][ T6126] __do_sys_clone+0xce/0x120
[ 135.647841][ T6126] do_syscall_64+0xcd/0xfa0
[ 135.652366][ T6126] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 135.658261][ T6126] page last free pid 5486 tgid 5486 stack trace:
[ 135.664577][ T6126] __free_frozen_pages+0x7df/0x1160
[ 135.669787][ T6126] tlb_remove_table_rcu+0x121/0x320
[ 135.675006][ T6126] rcu_core+0x79c/0x1530
[ 135.679279][ T6126] handle_softirqs+0x219/0x8e0
[ 135.684065][ T6126] do_softirq+0xb2/0xf0
[ 135.688260][ T6126] __local_bh_enable_ip+0x100/0x120
[ 135.693503][ T6126] copy_fpstate_to_sigframe+0x2c8/0xaf0
[ 135.699072][ T6126] get_sigframe+0x4a8/0x9c0
[ 135.703603][ T6126] x64_setup_rt_frame+0x12e/0xcf0
[ 135.708743][ T6126] arch_do_signal_or_restart+0x5e4/0x7c0
[ 135.714402][ T6126] exit_to_user_mode_loop+0x85/0x130
[ 135.719704][ T6126] do_syscall_64+0x426/0xfa0
[ 135.724315][ T6126] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 135.730213][ T6126]
[ 135.732523][ T6126] Memory state around the buggy address:
[ 135.738149][ T6126] ffffc90003a1fb80: f2 f2 f2 f2 f2 f2 f2 f2 f2 00 00 00 00 00 00 00
[ 135.746212][ T6126] ffffc90003a1fc00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 135.754272][ T6126] >ffffc90003a1fc80: 00 00 00 00 00 00 00 00 00 f3 f3 f3 f3 f3 f3 f3
[ 135.762503][ T6126] ^
[ 135.768909][ T6126] ffffc90003a1fd00: f3 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 135.776974][ T6126] ffffc90003a1fd80: 00 00 00 00 f1 f1 f1 f1 f1 f1 00 00 00 f2 f2 f2
[ 135.785034][ T6126] ==================================================================
[ 135.857064][ T6127] loop0: detected capacity change from 0 to 256
[ 135.865353][ T6127] exfat: Deprecated parameter 'namecase'
[ 135.887220][ T6127] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x5441951d, utbl_chksum : 0xe619d30d)
[ 135.901026][ T6127] ==================================================================
[ 135.909105][ T6127] BUG: KASAN: stack-out-of-bounds in exfat_nls_to_ucs2+0x706/0x730
[ 135.917019][ T6127] Read of size 1 at addr ffffc90003a4fcc8 by task syz.0.25/6127
[ 135.924658][ T6127]
[ 135.926984][ T6127] CPU: 1 UID: 0 PID: 6127 Comm: syz.0.25 Tainted: G B syzkaller #0 PREEMPT(full)
[ 135.927030][ T6127] Tainted: [B]=BAD_PAGE
[ 135.927041][ T6127] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[ 135.927060][ T6127] Call Trace:
[ 135.927071][ T6127]
[ 135.927082][ T6127] dump_stack_lvl+0x116/0x1f0
[ 135.927135][ T6127] print_report+0xcd/0x630
[ 135.927176][ T6127] ? srso_alias_return_thunk+0x5/0xfbef5
[ 135.927215][ T6127] ? __virt_addr_valid+0x81/0x610
[ 135.927252][ T6127] ? exfat_nls_to_ucs2+0x706/0x730
[ 135.927281][ T6127] kasan_report+0xe0/0x110
[ 135.927322][ T6127] ? exfat_nls_to_ucs2+0x706/0x730
[ 135.927356][ T6127] exfat_nls_to_ucs2+0x706/0x730
[ 135.927391][ T6127] ? __pfx_exfat_nls_to_ucs2+0x10/0x10
[ 135.927450][ T6127] ? __might_fault+0xe3/0x190
[ 135.927479][ T6127] ? srso_alias_return_thunk+0x5/0xfbef5
[ 135.927517][ T6127] ? rcu_is_watching+0x12/0xc0
[ 135.927547][ T6127] ? srso_alias_return_thunk+0x5/0xfbef5
[ 135.927585][ T6127] ? lock_release+0x201/0x2f0
[ 135.927628][ T6127] exfat_nls_to_utf16+0xa6/0xf0
[ 135.927660][ T6127] exfat_ioctl_set_volume_label+0x15d/0x230
[ 135.927697][ T6127] ? __pfx_exfat_ioctl_set_volume_label+0x10/0x10
[ 135.927734][ T6127] ? __sanitizer_cov_trace_switch+0x54/0x90
[ 135.927816][ T6127] ? srso_alias_return_thunk+0x5/0xfbef5
[ 135.927855][ T6127] ? rcu_is_watching+0x12/0xc0
[ 135.927883][ T6127] ? srso_alias_return_thunk+0x5/0xfbef5
[ 135.927925][ T6127] ? trace_irq_enable.constprop.0+0xd4/0x120
[ 135.927959][ T6127] ? srso_alias_return_thunk+0x5/0xfbef5
[ 135.928017][ T6127] ? srso_alias_return_thunk+0x5/0xfbef5
[ 135.928055][ T6127] ? __sanitizer_cov_trace_switch+0x54/0x90
[ 135.928110][ T6127] exfat_ioctl+0x929/0x1630
[ 135.928148][ T6127] ? __pfx_exfat_ioctl+0x10/0x10
[ 135.928181][ T6127] ? __pfx_do_sys_openat2+0x10/0x10
[ 135.928230][ T6127] ? srso_alias_return_thunk+0x5/0xfbef5
[ 135.928268][ T6127] ? srso_alias_return_thunk+0x5/0xfbef5
[ 135.928306][ T6127] ? hook_file_ioctl_common+0x145/0x410
[ 135.928352][ T6127] ? srso_alias_return_thunk+0x5/0xfbef5
[ 135.928391][ T6127] ? __pfx___x64_sys_futex+0x10/0x10
[ 135.928435][ T6127] ? __pfx_exfat_ioctl+0x10/0x10
[ 135.928471][ T6127] __x64_sys_ioctl+0x18e/0x210
[ 135.928523][ T6127] do_syscall_64+0xcd/0xfa0
[ 135.928574][ T6127] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 135.928606][ T6127] RIP: 0033:0x7f5e94f8eec9
[ 135.928630][ T6127] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 135.928661][ T6127] RSP: 002b:00007fff76451038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 135.928691][ T6127] RAX: ffffffffffffffda RBX: 00007f5e951e5fa0 RCX: 00007f5e94f8eec9
[ 135.928712][ T6127] RDX: 00002000000001c0 RSI: 0000000041009432 RDI: 0000000000000004
[ 135.928733][ T6127] RBP: 00007f5e95011f91 R08: 0000000000000000 R09: 0000000000000000
[ 135.928753][ T6127] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 135.928772][ T6127] R13: 00007f5e951e5fa0 R14: 00007f5e951e5fa0 R15: 0000000000000003
[ 135.928803][ T6127]
[ 135.928814][ T6127]
[ 136.230761][ T6127] The buggy address belongs to stack of task syz.0.25/6127
[ 136.237951][ T6127] and is located at offset 960 in frame:
[ 136.243671][ T6127] exfat_ioctl_set_volume_label+0x0/0x230
[ 136.249416][ T6127]
[ 136.251749][ T6127] This frame has 3 objects:
[ 136.256241][ T6127] [32, 36) 'lossy'
[ 136.256263][ T6127] [48, 568) 'uniname'
[ 136.260059][ T6127] [704, 960) 'label'
[ 136.264116][ T6127]
[ 136.270384][ T6127] The buggy address belongs to a vmalloc virtual mapping
[ 136.277405][ T6127] The buggy address belongs to the physical page:
[ 136.283808][ T6127] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x334eb
[ 136.292741][ T6127] memcg:ffff88802912de02
[ 136.296971][ T6127] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[ 136.304095][ T6127] raw: 00fff00000000000 0000000000000000 dead000000000122 0000000000000000
[ 136.312682][ T6127] raw: 0000000000000000 0000000000000000 00000001ffffffff ffff88802912de02
[ 136.321258][ T6127] page dumped because: kasan: bad access detected
[ 136.327670][ T6127] page_owner tracks the page as allocated
[ 136.333376][ T6127] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2dc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_ZERO|__GFP_NOWARN), pid 6071, tgid 6071 (dhcpcd-run-hook), ts 132472586103, free_ts 124831476976
[ 136.353025][ T6127] post_alloc_hook+0x1c0/0x230
[ 136.357829][ T6127] get_page_from_freelist+0x10a3/0x3a30
[ 136.363404][ T6127] __alloc_frozen_pages_noprof+0x25f/0x2470
[ 136.369302][ T6127] alloc_pages_mpol+0x1fb/0x550
[ 136.374178][ T6127] alloc_pages_noprof+0x131/0x390
[ 136.379219][ T6127] __vmalloc_node_range_noprof+0x6f8/0x1480
[ 136.385131][ T6127] __vmalloc_node_noprof+0xad/0xf0
[ 136.390264][ T6127] copy_process+0x2c77/0x76a0
[ 136.394943][ T6127] kernel_clone+0xfc/0x930
[ 136.399361][ T6127] __do_sys_clone+0xce/0x120
[ 136.403951][ T6127] do_syscall_64+0xcd/0xfa0
[ 136.408474][ T6127] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 136.414369][ T6127] page last free pid 5931 tgid 5931 stack trace:
[ 136.420686][ T6127] __free_frozen_pages+0x7df/0x1160
[ 136.425903][ T6127] vfree+0x1fd/0xb50
[ 136.429813][ T6127] kcov_close+0x34/0x60
[ 136.433988][ T6127] __fput+0x402/0xb70
[ 136.437984][ T6127] task_work_run+0x150/0x240
[ 136.442588][ T6127] do_exit+0x86f/0x2bf0
[ 136.446748][ T6127] do_group_exit+0xd3/0x2a0
[ 136.451260][ T6127] get_signal+0x2671/0x26d0
[ 136.455761][ T6127] arch_do_signal_or_restart+0x8f/0x7c0
[ 136.461419][ T6127] exit_to_user_mode_loop+0x85/0x130
[ 136.466725][ T6127] do_syscall_64+0x426/0xfa0
[ 136.471340][ T6127] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 136.477243][ T6127]
[ 136.479578][ T6127] Memory state around the buggy address:
[ 136.485217][ T6127] ffffc90003a4fb80: f2 f2 f2 f2 f2 f2 f2 f2 f2 00 00 00 00 00 00 00
[ 136.493282][ T6127] ffffc90003a4fc00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 136.501345][ T6127] >ffffc90003a4fc80: 00 00 00 00 00 00 00 00 00 f3 f3 f3 f3 f3 f3 f3
[ 136.509401][ T6127] ^
[ 136.515810][ T6127] ffffc90003a4fd00: f3 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 136.523869][ T6127] ffffc90003a4fd80: 00 00 00 00 f1 f1 f1 f1 f1 f1 00 00 00 f2 f2 f2
[ 136.531930][ T6127] ==================================================================
[ 136.542886][ T5901] Bluetooth: hci0: command tx timeout
[ 136.584868][ T6128] loop0: detected capacity change from 0 to 256
[ 136.593446][ T6128] exfat: Deprecated parameter 'namecase'
[ 136.607500][ T6128] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x5441951d, utbl_chksum : 0xe619d30d)
[ 136.622859][ T6128] ==================================================================
[ 136.630960][ T6128] BUG: KASAN: stack-out-of-bounds in exfat_nls_to_ucs2+0x706/0x730
[ 136.638885][ T6128] Read of size 1 at addr ffffc90003a1fcc8 by task syz.0.26/6128
[ 136.646535][ T6128]
[ 136.648874][ T6128] CPU: 0 UID: 0 PID: 6128 Comm: syz.0.26 Tainted: G B syzkaller #0 PREEMPT(full)
[ 136.648929][ T6128] Tainted: [B]=BAD_PAGE
[ 136.648942][ T6128] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[ 136.648964][ T6128] Call Trace:
[ 136.648975][ T6128]
[ 136.648988][ T6128] dump_stack_lvl+0x116/0x1f0
[ 136.649048][ T6128] print_report+0xcd/0x630
[ 136.649093][ T6128] ? srso_alias_return_thunk+0x5/0xfbef5
[ 136.649138][ T6128] ? __virt_addr_valid+0x81/0x610
[ 136.649184][ T6128] ? exfat_nls_to_ucs2+0x706/0x730
[ 136.649218][ T6128] kasan_report+0xe0/0x110
[ 136.649264][ T6128] ? exfat_nls_to_ucs2+0x706/0x730
[ 136.649303][ T6128] exfat_nls_to_ucs2+0x706/0x730
[ 136.649343][ T6128] ? __pfx_exfat_nls_to_ucs2+0x10/0x10
[ 136.649410][ T6128] ? __might_fault+0xe3/0x190
[ 136.649444][ T6128] ? srso_alias_return_thunk+0x5/0xfbef5
[ 136.649488][ T6128] ? rcu_is_watching+0x12/0xc0
[ 136.649522][ T6128] ? srso_alias_return_thunk+0x5/0xfbef5
[ 136.649565][ T6128] ? lock_release+0x201/0x2f0
[ 136.649613][ T6128] exfat_nls_to_utf16+0xa6/0xf0
[ 136.649650][ T6128] exfat_ioctl_set_volume_label+0x15d/0x230
[ 136.649691][ T6128] ? __pfx_exfat_ioctl_set_volume_label+0x10/0x10
[ 136.649733][ T6128] ? __sanitizer_cov_trace_switch+0x54/0x90
[ 136.649825][ T6128] ? srso_alias_return_thunk+0x5/0xfbef5
[ 136.649869][ T6128] ? rcu_is_watching+0x12/0xc0
[ 136.649902][ T6128] ? srso_alias_return_thunk+0x5/0xfbef5
[ 136.649972][ T6128] ? trace_irq_enable.constprop.0+0xd4/0x120
[ 136.650011][ T6128] ? srso_alias_return_thunk+0x5/0xfbef5
[ 136.650077][ T6128] ? srso_alias_return_thunk+0x5/0xfbef5
[ 136.650117][ T6128] ? __sanitizer_cov_trace_switch+0x54/0x90
[ 136.650187][ T6128] exfat_ioctl+0x929/0x1630
[ 136.650230][ T6128] ? __pfx_exfat_ioctl+0x10/0x10
[ 136.650268][ T6128] ? __pfx_do_sys_openat2+0x10/0x10
[ 136.650322][ T6128] ? srso_alias_return_thunk+0x5/0xfbef5
[ 136.650365][ T6128] ? srso_alias_return_thunk+0x5/0xfbef5
[ 136.650408][ T6128] ? hook_file_ioctl_common+0x145/0x410
[ 136.650460][ T6128] ? srso_alias_return_thunk+0x5/0xfbef5
[ 136.650505][ T6128] ? __pfx___x64_sys_futex+0x10/0x10
[ 136.650555][ T6128] ? __pfx_exfat_ioctl+0x10/0x10
[ 136.650595][ T6128] __x64_sys_ioctl+0x18e/0x210
[ 136.650652][ T6128] do_syscall_64+0xcd/0xfa0
[ 136.650705][ T6128] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 136.650741][ T6128] RIP: 0033:0x7f5e94f8eec9
[ 136.650767][ T6128] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 136.650803][ T6128] RSP: 002b:00007fff76451038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 136.650836][ T6128] RAX: ffffffffffffffda RBX: 00007f5e951e5fa0 RCX: 00007f5e94f8eec9
[ 136.650861][ T6128] RDX: 00002000000001c0 RSI: 0000000041009432 RDI: 0000000000000004
[ 136.650884][ T6128] RBP: 00007f5e95011f91 R08: 0000000000000000 R09: 0000000000000000
[ 136.650906][ T6128] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 136.650928][ T6128] R13: 00007f5e951e5fa0 R14: 00007f5e951e5fa0 R15: 0000000000000003
[ 136.650964][ T6128]
[ 136.650976][ T6128]
[ 136.953561][ T6128] The buggy address belongs to stack of task syz.0.26/6128
[ 136.960746][ T6128] and is located at offset 960 in frame:
[ 136.966479][ T6128] exfat_ioctl_set_volume_label+0x0/0x230
[ 136.972216][ T6128]
[ 136.974527][ T6128] This frame has 3 objects:
[ 136.979017][ T6128] [32, 36) 'lossy'
[ 136.979038][ T6128] [48, 568) 'uniname'
[ 136.982833][ T6128] [704, 960) 'label'
[ 136.986891][ T6128]
[ 136.993198][ T6128] The buggy address belongs to a vmalloc virtual mapping
[ 137.000225][ T6128] The buggy address belongs to the physical page:
[ 137.006627][ T6128] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff888000000000 pfn:0x2559e
[ 137.016693][ T6128] memcg:ffff88802912de02
[ 137.020925][ T6128] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[ 137.028043][ T6128] raw: 00fff00000000000 0000000000000000 dead000000000122 0000000000000000
[ 137.036630][ T6128] raw: ffff888000000000 0000000000000000 00000001ffffffff ffff88802912de02
[ 137.045203][ T6128] page dumped because: kasan: bad access detected
[ 137.051605][ T6128] page_owner tracks the page as allocated
[ 137.057303][ T6128] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2dc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_ZERO|__GFP_NOWARN), pid 6089, tgid 6089 (dhcpcd-run-hook), ts 132998741678, free_ts 132877409348
[ 137.076946][ T6128] post_alloc_hook+0x1c0/0x230
[ 137.081738][ T6128] get_page_from_freelist+0x10a3/0x3a30
[ 137.087310][ T6128] __alloc_frozen_pages_noprof+0x25f/0x2470
[ 137.093208][ T6128] alloc_pages_mpol+0x1fb/0x550
[ 137.098076][ T6128] alloc_pages_noprof+0x131/0x390
[ 137.103218][ T6128] __vmalloc_node_range_noprof+0x6f8/0x1480
[ 137.109151][ T6128] __vmalloc_node_noprof+0xad/0xf0
[ 137.114293][ T6128] copy_process+0x2c77/0x76a0
[ 137.118977][ T6128] kernel_clone+0xfc/0x930
[ 137.123394][ T6128] __do_sys_clone+0xce/0x120
[ 137.127988][ T6128] do_syscall_64+0xcd/0xfa0
[ 137.132517][ T6128] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 137.138411][ T6128] page last free pid 5486 tgid 5486 stack trace:
[ 137.144723][ T6128] __free_frozen_pages+0x7df/0x1160
[ 137.149936][ T6128] tlb_remove_table_rcu+0x121/0x320
[ 137.155146][ T6128] rcu_core+0x79c/0x1530
[ 137.159406][ T6128] handle_softirqs+0x219/0x8e0
[ 137.164190][ T6128] do_softirq+0xb2/0xf0
[ 137.168362][ T6128] __local_bh_enable_ip+0x100/0x120
[ 137.173576][ T6128] copy_fpstate_to_sigframe+0x2c8/0xaf0
[ 137.179127][ T6128] get_sigframe+0x4a8/0x9c0
[ 137.183654][ T6128] x64_setup_rt_frame+0x12e/0xcf0
[ 137.188696][ T6128] arch_do_signal_or_restart+0x5e4/0x7c0
[ 137.194349][ T6128] exit_to_user_mode_loop+0x85/0x130
[ 137.199650][ T6128] do_syscall_64+0x426/0xfa0
[ 137.204259][ T6128] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 137.210157][ T6128]
[ 137.212473][ T6128] Memory state around the buggy address:
[ 137.218092][ T6128] ffffc90003a1fb80: f2 f2 f2 f2 f2 f2 f2 f2 f2 00 00 00 00 00 00 00
[ 137.226147][ T6128] ffffc90003a1fc00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 137.234205][ T6128] >ffffc90003a1fc80: 00 00 00 00 00 00 00 00 00 f3 f3 f3 f3 f3 f3 f3
[ 137.242253][ T6128] ^
[ 137.248654][ T6128] ffffc90003a1fd00: f3 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 137.256709][ T6128] ffffc90003a1fd80: 00 00 00 00 f1 f1 f1 f1 f1 f1 00 00 00 f2 f2 f2
[ 137.264758][ T6128] ==================================================================
[ 137.318675][ T6130] loop0: detected capacity change from 0 to 256
[ 137.326068][ T6130] exfat: Deprecated parameter 'namecase'
[ 137.337781][ T6130] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x5441951d, utbl_chksum : 0xe619d30d)
[ 137.351781][ T6130] ==================================================================
[ 137.359855][ T6130] BUG: KASAN: stack-out-of-bounds in exfat_nls_to_ucs2+0x706/0x730
[ 137.367779][ T6130] Read of size 1 at addr ffffc90003a1fcc8 by task syz.0.27/6130
[ 137.375423][ T6130]
[ 137.377760][ T6130] CPU: 1 UID: 0 PID: 6130 Comm: syz.0.27 Tainted: G B syzkaller #0 PREEMPT(full)
[ 137.377811][ T6130] Tainted: [B]=BAD_PAGE
[ 137.377824][ T6130] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[ 137.377845][ T6130] Call Trace:
[ 137.377855][ T6130]
[ 137.377868][ T6130] dump_stack_lvl+0x116/0x1f0
[ 137.377934][ T6130] print_report+0xcd/0x630
[ 137.377978][ T6130] ? srso_alias_return_thunk+0x5/0xfbef5
[ 137.378022][ T6130] ? __virt_addr_valid+0x81/0x610
[ 137.378062][ T6130] ? exfat_nls_to_ucs2+0x706/0x730
[ 137.378095][ T6130] kasan_report+0xe0/0x110
[ 137.378140][ T6130] ? exfat_nls_to_ucs2+0x706/0x730
[ 137.378178][ T6130] exfat_nls_to_ucs2+0x706/0x730
[ 137.378216][ T6130] ? __pfx_exfat_nls_to_ucs2+0x10/0x10
[ 137.378281][ T6130] ? __might_fault+0xe3/0x190
[ 137.378313][ T6130] ? srso_alias_return_thunk+0x5/0xfbef5
[ 137.378356][ T6130] ? rcu_is_watching+0x12/0xc0
[ 137.378389][ T6130] ? srso_alias_return_thunk+0x5/0xfbef5
[ 137.378431][ T6130] ? lock_release+0x201/0x2f0
[ 137.378479][ T6130] exfat_nls_to_utf16+0xa6/0xf0
[ 137.378515][ T6130] exfat_ioctl_set_volume_label+0x15d/0x230
[ 137.378556][ T6130] ? __pfx_exfat_ioctl_set_volume_label+0x10/0x10
[ 137.378596][ T6130] ? __sanitizer_cov_trace_switch+0x54/0x90
[ 137.378689][ T6130] ? srso_alias_return_thunk+0x5/0xfbef5
[ 137.378733][ T6130] ? rcu_is_watching+0x12/0xc0
[ 137.378765][ T6130] ? srso_alias_return_thunk+0x5/0xfbef5
[ 137.378808][ T6130] ? trace_irq_enable.constprop.0+0xd4/0x120
[ 137.378845][ T6130] ? srso_alias_return_thunk+0x5/0xfbef5
[ 137.378909][ T6130] ? srso_alias_return_thunk+0x5/0xfbef5
[ 137.378958][ T6130] ? __sanitizer_cov_trace_switch+0x54/0x90
[ 137.379018][ T6130] exfat_ioctl+0x929/0x1630
[ 137.379059][ T6130] ? __pfx_exfat_ioctl+0x10/0x10
[ 137.379096][ T6130] ? __pfx_do_sys_openat2+0x10/0x10
[ 137.379149][ T6130] ? srso_alias_return_thunk+0x5/0xfbef5
[ 137.379192][ T6130] ? srso_alias_return_thunk+0x5/0xfbef5
[ 137.379234][ T6130] ? hook_file_ioctl_common+0x145/0x410
[ 137.379285][ T6130] ? srso_alias_return_thunk+0x5/0xfbef5
[ 137.379328][ T6130] ? __pfx___x64_sys_futex+0x10/0x10
[ 137.379378][ T6130] ? __pfx_exfat_ioctl+0x10/0x10
[ 137.379418][ T6130] __x64_sys_ioctl+0x18e/0x210
[ 137.379475][ T6130] do_syscall_64+0xcd/0xfa0
[ 137.379531][ T6130] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 137.379567][ T6130] RIP: 0033:0x7f5e94f8eec9
[ 137.379592][ T6130] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 137.379626][ T6130] RSP: 002b:00007fff76451038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 137.379659][ T6130] RAX: ffffffffffffffda RBX: 00007f5e951e5fa0 RCX: 00007f5e94f8eec9
[ 137.379682][ T6130] RDX: 00002000000001c0 RSI: 0000000041009432 RDI: 0000000000000004
[ 137.379705][ T6130] RBP: 00007f5e95011f91 R08: 0000000000000000 R09: 0000000000000000
[ 137.379727][ T6130] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 137.379749][ T6130] R13: 00007f5e951e5fa0 R14: 00007f5e951e5fa0 R15: 0000000000000003
[ 137.379784][ T6130]
[ 137.379796][ T6130]
[ 137.681769][ T6130] The buggy address belongs to stack of task syz.0.27/6130
[ 137.688956][ T6130] and is located at offset 960 in frame:
[ 137.694666][ T6130] exfat_ioctl_set_volume_label+0x0/0x230
[ 137.700413][ T6130]
[ 137.702739][ T6130] This frame has 3 objects:
[ 137.707232][ T6130] [32, 36) 'lossy'
[ 137.707255][ T6130] [48, 568) 'uniname'
[ 137.711056][ T6130] [704, 960) 'label'
[ 137.715114][ T6130]
[ 137.721381][ T6130] The buggy address belongs to a vmalloc virtual mapping
[ 137.728400][ T6130] The buggy address belongs to the physical page:
[ 137.734801][ T6130] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff888000000000 pfn:0x2559e
[ 137.744872][ T6130] memcg:ffff88802912de02
[ 137.749100][ T6130] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[ 137.756219][ T6130] raw: 00fff00000000000 0000000000000000 dead000000000122 0000000000000000
[ 137.764806][ T6130] raw: ffff888000000000 0000000000000000 00000001ffffffff ffff88802912de02
[ 137.773382][ T6130] page dumped because: kasan: bad access detected
[ 137.779784][ T6130] page_owner tracks the page as allocated
[ 137.785485][ T6130] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2dc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_ZERO|__GFP_NOWARN), pid 6089, tgid 6089 (dhcpcd-run-hook), ts 132998741678, free_ts 132877409348
[ 137.805134][ T6130] post_alloc_hook+0x1c0/0x230
[ 137.809940][ T6130] get_page_from_freelist+0x10a3/0x3a30
[ 137.815515][ T6130] __alloc_frozen_pages_noprof+0x25f/0x2470
[ 137.821411][ T6130] alloc_pages_mpol+0x1fb/0x550
[ 137.826270][ T6130] alloc_pages_noprof+0x131/0x390
[ 137.831309][ T6130] __vmalloc_node_range_noprof+0x6f8/0x1480
[ 137.837226][ T6130] __vmalloc_node_noprof+0xad/0xf0
[ 137.842353][ T6130] copy_process+0x2c77/0x76a0
[ 137.847028][ T6130] kernel_clone+0xfc/0x930
[ 137.851445][ T6130] __do_sys_clone+0xce/0x120
[ 137.856039][ T6130] do_syscall_64+0xcd/0xfa0
[ 137.860560][ T6130] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 137.866452][ T6130] page last free pid 5486 tgid 5486 stack trace:
[ 137.872768][ T6130] __free_frozen_pages+0x7df/0x1160
[ 137.877982][ T6130] tlb_remove_table_rcu+0x121/0x320
[ 137.883215][ T6130] rcu_core+0x79c/0x1530
[ 137.887475][ T6130] handle_softirqs+0x219/0x8e0
[ 137.892258][ T6130] do_softirq+0xb2/0xf0
[ 137.896431][ T6130] __local_bh_enable_ip+0x100/0x120
[ 137.901653][ T6130] copy_fpstate_to_sigframe+0x2c8/0xaf0
[ 137.907210][ T6130] get_sigframe+0x4a8/0x9c0
[ 137.911731][ T6130] x64_setup_rt_frame+0x12e/0xcf0
[ 137.916787][ T6130] arch_do_signal_or_restart+0x5e4/0x7c0
[ 137.922527][ T6130] exit_to_user_mode_loop+0x85/0x130
[ 137.927827][ T6130] do_syscall_64+0x426/0xfa0
[ 137.932453][ T6130] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 137.938398][ T6130]
[ 137.940718][ T6130] Memory state around the buggy address:
[ 137.946354][ T6130] ffffc90003a1fb80: f2 f2 f2 f2 f2 f2 f2 f2 f2 00 00 00 00 00 00 00
[ 137.954425][ T6130] ffffc90003a1fc00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 137.962489][ T6130] >ffffc90003a1fc80: 00 00 00 00 00 00 00 00 00 f3 f3 f3 f3 f3 f3 f3
[ 137.970545][ T6130] ^
[ 137.976970][ T6130] ffffc90003a1fd00: f3 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 137.985039][ T6130] ffffc90003a1fd80: 00 00 00 00 f1 f1 f1 f1 f1 f1 00 00 00 f2 f2 f2
[ 137.993095][ T6130] ==================================================================
2025/10/12 12:03:39 executed programs: 13
[ 138.041732][ T6132] loop0: detected capacity change from 0 to 256
[ 138.060490][ T6132] exfat: Deprecated parameter 'namecase'
[ 138.074514][ T6132] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x5441951d, utbl_chksum : 0xe619d30d)
[ 138.088341][ T6132] ==================================================================
[ 138.096424][ T6132] BUG: KASAN: stack-out-of-bounds in exfat_nls_to_ucs2+0x706/0x730
[ 138.104342][ T6132] Read of size 1 at addr ffffc9000391fcc8 by task syz.0.28/6132
[ 138.111989][ T6132]
[ 138.114322][ T6132] CPU: 0 UID: 0 PID: 6132 Comm: syz.0.28 Tainted: G B syzkaller #0 PREEMPT(full)
[ 138.114373][ T6132] Tainted: [B]=BAD_PAGE
[ 138.114385][ T6132] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[ 138.114406][ T6132] Call Trace:
[ 138.114417][ T6132]
[ 138.114430][ T6132] dump_stack_lvl+0x116/0x1f0
[ 138.114488][ T6132] print_report+0xcd/0x630
[ 138.114531][ T6132] ? srso_alias_return_thunk+0x5/0xfbef5
[ 138.114575][ T6132] ? __virt_addr_valid+0x81/0x610
[ 138.114615][ T6132] ? exfat_nls_to_ucs2+0x706/0x730
[ 138.114649][ T6132] kasan_report+0xe0/0x110
[ 138.114693][ T6132] ? exfat_nls_to_ucs2+0x706/0x730
[ 138.114731][ T6132] exfat_nls_to_ucs2+0x706/0x730
[ 138.114773][ T6132] ? __pfx_exfat_nls_to_ucs2+0x10/0x10
[ 138.114841][ T6132] ? __might_fault+0xe3/0x190
[ 138.114873][ T6132] ? srso_alias_return_thunk+0x5/0xfbef5
[ 138.114916][ T6132] ? rcu_is_watching+0x12/0xc0
[ 138.114948][ T6132] ? srso_alias_return_thunk+0x5/0xfbef5
[ 138.114990][ T6132] ? lock_release+0x201/0x2f0
[ 138.115038][ T6132] exfat_nls_to_utf16+0xa6/0xf0
[ 138.115073][ T6132] exfat_ioctl_set_volume_label+0x15d/0x230
[ 138.115114][ T6132] ? __pfx_exfat_ioctl_set_volume_label+0x10/0x10
[ 138.115155][ T6132] ? __sanitizer_cov_trace_switch+0x54/0x90
[ 138.115250][ T6132] ? srso_alias_return_thunk+0x5/0xfbef5
[ 138.115293][ T6132] ? rcu_is_watching+0x12/0xc0
[ 138.115324][ T6132] ? srso_alias_return_thunk+0x5/0xfbef5
[ 138.115367][ T6132] ? trace_irq_enable.constprop.0+0xd4/0x120
[ 138.115404][ T6132] ? srso_alias_return_thunk+0x5/0xfbef5
[ 138.115467][ T6132] ? srso_alias_return_thunk+0x5/0xfbef5
[ 138.115510][ T6132] ? __sanitizer_cov_trace_switch+0x54/0x90
[ 138.115571][ T6132] exfat_ioctl+0x929/0x1630
[ 138.115612][ T6132] ? __pfx_exfat_ioctl+0x10/0x10
[ 138.115649][ T6132] ? __pfx_do_sys_openat2+0x10/0x10
[ 138.115700][ T6132] ? srso_alias_return_thunk+0x5/0xfbef5
[ 138.115741][ T6132] ? srso_alias_return_thunk+0x5/0xfbef5
[ 138.115783][ T6132] ? hook_file_ioctl_common+0x145/0x410
[ 138.115833][ T6132] ? srso_alias_return_thunk+0x5/0xfbef5
[ 138.115876][ T6132] ? __pfx___x64_sys_futex+0x10/0x10
[ 138.115924][ T6132] ? __pfx_exfat_ioctl+0x10/0x10
[ 138.115962][ T6132] __x64_sys_ioctl+0x18e/0x210
[ 138.116020][ T6132] do_syscall_64+0xcd/0xfa0
[ 138.116076][ T6132] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 138.116112][ T6132] RIP: 0033:0x7f5e94f8eec9
[ 138.116139][ T6132] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 138.116173][ T6132] RSP: 002b:00007fff76451038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 138.116212][ T6132] RAX: ffffffffffffffda RBX: 00007f5e951e5fa0 RCX: 00007f5e94f8eec9
[ 138.116236][ T6132] RDX: 00002000000001c0 RSI: 0000000041009432 RDI: 0000000000000004
[ 138.116258][ T6132] RBP: 00007f5e95011f91 R08: 0000000000000000 R09: 0000000000000000
[ 138.116280][ T6132] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 138.116301][ T6132] R13: 00007f5e951e5fa0 R14: 00007f5e951e5fa0 R15: 0000000000000003
[ 138.116336][ T6132]
[ 138.116348][ T6132]
[ 138.418855][ T6132] The buggy address belongs to stack of task syz.0.28/6132
[ 138.426047][ T6132] and is located at offset 960 in frame:
[ 138.431753][ T6132] exfat_ioctl_set_volume_label+0x0/0x230
[ 138.437487][ T6132]
[ 138.439797][ T6132] This frame has 3 objects:
[ 138.444290][ T6132] [32, 36) 'lossy'
[ 138.444313][ T6132] [48, 568) 'uniname'
[ 138.448113][ T6132] [704, 960) 'label'
[ 138.452174][ T6132]
[ 138.458445][ T6132] The buggy address belongs to a vmalloc virtual mapping
[ 138.465466][ T6132] The buggy address belongs to the physical page:
[ 138.471866][ T6132] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff888000000000 pfn:0x7c071
[ 138.481934][ T6132] memcg:ffff88802912de02
[ 138.486165][ T6132] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[ 138.493285][ T6132] raw: 00fff00000000000 0000000000000000 dead000000000122 0000000000000000
[ 138.501871][ T6132] raw: ffff888000000000 0000000000000000 00000001ffffffff ffff88802912de02
[ 138.510446][ T6132] page dumped because: kasan: bad access detected
[ 138.516844][ T6132] page_owner tracks the page as allocated
[ 138.522563][ T6132] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2dc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_ZERO|__GFP_NOWARN), pid 6112, tgid 6112 (dhcpcd-run-hook), ts 133802867716, free_ts 133669540111
[ 138.542204][ T6132] post_alloc_hook+0x1c0/0x230
[ 138.546997][ T6132] get_page_from_freelist+0x10a3/0x3a30
[ 138.552567][ T6132] __alloc_frozen_pages_noprof+0x25f/0x2470
[ 138.558461][ T6132] alloc_pages_mpol+0x1fb/0x550
[ 138.563322][ T6132] alloc_pages_noprof+0x131/0x390
[ 138.568352][ T6132] __vmalloc_node_range_noprof+0x6f8/0x1480
[ 138.574259][ T6132] __vmalloc_node_noprof+0xad/0xf0
[ 138.579383][ T6132] copy_process+0x2c77/0x76a0
[ 138.584061][ T6132] kernel_clone+0xfc/0x930
[ 138.588474][ T6132] __do_sys_clone+0xce/0x120
[ 138.593058][ T6132] do_syscall_64+0xcd/0xfa0
[ 138.597581][ T6132] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 138.603476][ T6132] page last free pid 60 tgid 60 stack trace:
[ 138.609440][ T6132] __free_frozen_pages+0x7df/0x1160
[ 138.614656][ T6132] rcu_core+0x79c/0x1530
[ 138.618916][ T6132] handle_softirqs+0x219/0x8e0
[ 138.623705][ T6132] do_softirq+0xb2/0xf0
[ 138.627891][ T6132] __local_bh_enable_ip+0x100/0x120
[ 138.633115][ T6132] nsim_dev_trap_report_work+0x8b5/0xcf0
[ 138.638767][ T6132] process_one_work+0x9cf/0x1b70
[ 138.643719][ T6132] worker_thread+0x6c8/0xf10
[ 138.648319][ T6132] kthread+0x3c5/0x780
[ 138.652395][ T6132] ret_from_fork+0x675/0x7d0
[ 138.656994][ T6132] ret_from_fork_asm+0x1a/0x30
[ 138.661761][ T6132]
[ 138.664071][ T6132] Memory state around the buggy address:
[ 138.669690][ T6132] ffffc9000391fb80: f2 f2 f2 f2 f2 f2 f2 f2 f2 00 00 00 00 00 00 00
[ 138.677753][ T6132] ffffc9000391fc00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 138.685811][ T6132] >ffffc9000391fc80: 00 00 00 00 00 00 00 00 00 f3 f3 f3 f3 f3 f3 f3
[ 138.693864][ T6132] ^
[ 138.700266][ T6132] ffffc9000391fd00: f3 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 138.708323][ T6132] ffffc9000391fd80: 00 00 00 00 f1 f1 f1 f1 f1 f1 00 00 00 f2 f2 f2
[ 138.716380][ T6132] ==================================================================
[ 138.758783][ T6134] loop0: detected capacity change from 0 to 256
[ 138.768892][ T6134] exfat: Deprecated parameter 'namecase'
[ 138.809716][ T6134] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x5441951d, utbl_chksum : 0xe619d30d)
[ 138.823479][ T6134] ==================================================================
[ 138.831689][ T6134] BUG: KASAN: stack-out-of-bounds in exfat_nls_to_ucs2+0x706/0x730
[ 138.839614][ T6134] Read of size 1 at addr ffffc90003a4fcc8 by task syz.0.29/6134
[ 138.847261][ T6134]
[ 138.849599][ T6134] CPU: 1 UID: 0 PID: 6134 Comm: syz.0.29 Tainted: G B syzkaller #0 PREEMPT(full)
[ 138.849651][ T6134] Tainted: [B]=BAD_PAGE
[ 138.849664][ T6134] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[ 138.849686][ T6134] Call Trace:
[ 138.849696][ T6134]
[ 138.849708][ T6134] dump_stack_lvl+0x116/0x1f0
[ 138.849768][ T6134] print_report+0xcd/0x630
[ 138.849812][ T6134] ? srso_alias_return_thunk+0x5/0xfbef5
[ 138.849856][ T6134] ? __virt_addr_valid+0x81/0x610
[ 138.849897][ T6134] ? exfat_nls_to_ucs2+0x706/0x730
[ 138.849954][ T6134] kasan_report+0xe0/0x110
[ 138.849998][ T6134] ? exfat_nls_to_ucs2+0x706/0x730
[ 138.850036][ T6134] exfat_nls_to_ucs2+0x706/0x730
[ 138.850075][ T6134] ? __pfx_exfat_nls_to_ucs2+0x10/0x10
[ 138.850141][ T6134] ? __might_fault+0xe3/0x190
[ 138.850173][ T6134] ? srso_alias_return_thunk+0x5/0xfbef5
[ 138.850224][ T6134] ? rcu_is_watching+0x12/0xc0
[ 138.850258][ T6134] ? srso_alias_return_thunk+0x5/0xfbef5
[ 138.850301][ T6134] ? lock_release+0x201/0x2f0
[ 138.850349][ T6134] exfat_nls_to_utf16+0xa6/0xf0
[ 138.850385][ T6134] exfat_ioctl_set_volume_label+0x15d/0x230
[ 138.850425][ T6134] ? __pfx_exfat_ioctl_set_volume_label+0x10/0x10
[ 138.850466][ T6134] ? __sanitizer_cov_trace_switch+0x54/0x90
[ 138.850558][ T6134] ? srso_alias_return_thunk+0x5/0xfbef5
[ 138.850601][ T6134] ? rcu_is_watching+0x12/0xc0
[ 138.850634][ T6134] ? srso_alias_return_thunk+0x5/0xfbef5
[ 138.850677][ T6134] ? trace_irq_enable.constprop.0+0xd4/0x120
[ 138.850714][ T6134] ? srso_alias_return_thunk+0x5/0xfbef5
[ 138.850780][ T6134] ? srso_alias_return_thunk+0x5/0xfbef5
[ 138.850823][ T6134] ? __sanitizer_cov_trace_switch+0x54/0x90
[ 138.850886][ T6134] exfat_ioctl+0x929/0x1630
[ 138.850928][ T6134] ? __pfx_exfat_ioctl+0x10/0x10
[ 138.850963][ T6134] ? __pfx_do_sys_openat2+0x10/0x10
[ 138.851017][ T6134] ? srso_alias_return_thunk+0x5/0xfbef5
[ 138.851059][ T6134] ? srso_alias_return_thunk+0x5/0xfbef5
[ 138.851102][ T6134] ? hook_file_ioctl_common+0x145/0x410
[ 138.851154][ T6134] ? srso_alias_return_thunk+0x5/0xfbef5
[ 138.851204][ T6134] ? __pfx___x64_sys_futex+0x10/0x10
[ 138.851254][ T6134] ? __pfx_exfat_ioctl+0x10/0x10
[ 138.851294][ T6134] __x64_sys_ioctl+0x18e/0x210
[ 138.851353][ T6134] do_syscall_64+0xcd/0xfa0
[ 138.851410][ T6134] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 138.851447][ T6134] RIP: 0033:0x7f5e94f8eec9
[ 138.851473][ T6134] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 138.851509][ T6134] RSP: 002b:00007fff76451038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 138.851541][ T6134] RAX: ffffffffffffffda RBX: 00007f5e951e5fa0 RCX: 00007f5e94f8eec9
[ 138.851566][ T6134] RDX: 00002000000001c0 RSI: 0000000041009432 RDI: 0000000000000004
[ 138.851589][ T6134] RBP: 00007f5e95011f91 R08: 0000000000000000 R09: 0000000000000000
[ 138.851611][ T6134] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 138.851633][ T6134] R13: 00007f5e951e5fa0 R14: 00007f5e951e5fa0 R15: 0000000000000003
[ 138.851668][ T6134]
[ 138.851680][ T6134]
[ 139.153731][ T6134] The buggy address belongs to stack of task syz.0.29/6134
[ 139.160908][ T6134] and is located at offset 960 in frame:
[ 139.166612][ T6134] exfat_ioctl_set_volume_label+0x0/0x230
[ 139.172340][ T6134]
[ 139.174649][ T6134] This frame has 3 objects:
[ 139.179134][ T6134] [32, 36) 'lossy'
[ 139.179153][ T6134] [48, 568) 'uniname'
[ 139.183004][ T6134] [704, 960) 'label'
[ 139.187061][ T6134]
[ 139.193316][ T6134] The buggy address belongs to a vmalloc virtual mapping
[ 139.200329][ T6134] The buggy address belongs to the physical page:
[ 139.206902][ T6134] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x334eb
[ 139.215802][ T6134] memcg:ffff88802912de02
[ 139.220033][ T6134] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[ 139.227147][ T6134] raw: 00fff00000000000 0000000000000000 dead000000000122 0000000000000000
[ 139.235741][ T6134] raw: 0000000000000000 0000000000000000 00000001ffffffff ffff88802912de02
[ 139.244333][ T6134] page dumped because: kasan: bad access detected
[ 139.250736][ T6134] page_owner tracks the page as allocated
[ 139.256437][ T6134] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2dc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_ZERO|__GFP_NOWARN), pid 6071, tgid 6071 (dhcpcd-run-hook), ts 132472586103, free_ts 124831476976
[ 139.276074][ T6134] post_alloc_hook+0x1c0/0x230
[ 139.280860][ T6134] get_page_from_freelist+0x10a3/0x3a30
[ 139.286447][ T6134] __alloc_frozen_pages_noprof+0x25f/0x2470
[ 139.292345][ T6134] alloc_pages_mpol+0x1fb/0x550
[ 139.297207][ T6134] alloc_pages_noprof+0x131/0x390
[ 139.302682][ T6134] __vmalloc_node_range_noprof+0x6f8/0x1480
[ 139.308600][ T6134] __vmalloc_node_noprof+0xad/0xf0
[ 139.313728][ T6134] copy_process+0x2c77/0x76a0
[ 139.318403][ T6134] kernel_clone+0xfc/0x930
[ 139.322815][ T6134] __do_sys_clone+0xce/0x120
[ 139.327402][ T6134] do_syscall_64+0xcd/0xfa0
[ 139.331930][ T6134] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 139.337819][ T6134] page last free pid 5931 tgid 5931 stack trace:
[ 139.344137][ T6134] __free_frozen_pages+0x7df/0x1160
[ 139.349351][ T6134] vfree+0x1fd/0xb50
[ 139.353253][ T6134] kcov_close+0x34/0x60
[ 139.357422][ T6134] __fput+0x402/0xb70
[ 139.361423][ T6134] task_work_run+0x150/0x240
[ 139.366030][ T6134] do_exit+0x86f/0x2bf0
[ 139.370208][ T6134] do_group_exit+0xd3/0x2a0
[ 139.374709][ T6134] get_signal+0x2671/0x26d0
[ 139.379204][ T6134] arch_do_signal_or_restart+0x8f/0x7c0
[ 139.384771][ T6134] exit_to_user_mode_loop+0x85/0x130
[ 139.390073][ T6134] do_syscall_64+0x426/0xfa0
[ 139.394679][ T6134] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 139.400593][ T6134]
[ 139.402900][ T6134] Memory state around the buggy address:
[ 139.408552][ T6134] ffffc90003a4fb80: f2 f2 f2 f2 f2 f2 f2 f2 f2 00 00 00 00 00 00 00
[ 139.416614][ T6134] ffffc90003a4fc00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 139.424677][ T6134] >ffffc90003a4fc80: 00 00 00 00 00 00 00 00 00 f3 f3 f3 f3 f3 f3 f3
[ 139.432756][ T6134] ^
[ 139.439162][ T6134] ffffc90003a4fd00: f3 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 139.447220][ T6134] ffffc90003a4fd80: 00 00 00 00 f1 f1 f1 f1 f1 f1 00 00 00 f2 f2 f2
[ 139.455270][ T6134] ==================================================================
[ 139.510101][ T6138] loop0: detected capacity change from 0 to 256
[ 139.521173][ T6138] exfat: Deprecated parameter 'namecase'
[ 139.535996][ T6138] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x5441951d, utbl_chksum : 0xe619d30d)
[ 139.550705][ T6138] ==================================================================
[ 139.558788][ T6138] BUG: KASAN: stack-out-of-bounds in exfat_nls_to_ucs2+0x706/0x730
[ 139.566711][ T6138] Read of size 1 at addr ffffc9000391fcc8 by task syz.0.30/6138
[ 139.574364][ T6138]
[ 139.576703][ T6138] CPU: 0 UID: 0 PID: 6138 Comm: syz.0.30 Tainted: G B syzkaller #0 PREEMPT(full)
[ 139.576756][ T6138] Tainted: [B]=BAD_PAGE
[ 139.576769][ T6138] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[ 139.576790][ T6138] Call Trace:
[ 139.576801][ T6138]
[ 139.576814][ T6138] dump_stack_lvl+0x116/0x1f0
[ 139.576874][ T6138] print_report+0xcd/0x630
[ 139.576919][ T6138] ? srso_alias_return_thunk+0x5/0xfbef5
[ 139.576964][ T6138] ? __virt_addr_valid+0x81/0x610
[ 139.577004][ T6138] ? exfat_nls_to_ucs2+0x706/0x730
[ 139.577037][ T6138] kasan_report+0xe0/0x110
[ 139.577080][ T6138] ? exfat_nls_to_ucs2+0x706/0x730
[ 139.577117][ T6138] exfat_nls_to_ucs2+0x706/0x730
[ 139.577156][ T6138] ? __pfx_exfat_nls_to_ucs2+0x10/0x10
[ 139.577228][ T6138] ? __might_fault+0xe3/0x190
[ 139.577260][ T6138] ? srso_alias_return_thunk+0x5/0xfbef5
[ 139.577303][ T6138] ? rcu_is_watching+0x12/0xc0
[ 139.577336][ T6138] ? srso_alias_return_thunk+0x5/0xfbef5
[ 139.577378][ T6138] ? lock_release+0x201/0x2f0
[ 139.577426][ T6138] exfat_nls_to_utf16+0xa6/0xf0
[ 139.577461][ T6138] exfat_ioctl_set_volume_label+0x15d/0x230
[ 139.577501][ T6138] ? __pfx_exfat_ioctl_set_volume_label+0x10/0x10
[ 139.577542][ T6138] ? __sanitizer_cov_trace_switch+0x54/0x90
[ 139.577634][ T6138] ? srso_alias_return_thunk+0x5/0xfbef5
[ 139.577681][ T6138] ? rcu_is_watching+0x12/0xc0
[ 139.577715][ T6138] ? srso_alias_return_thunk+0x5/0xfbef5
[ 139.577756][ T6138] ? trace_irq_enable.constprop.0+0xd4/0x120
[ 139.577793][ T6138] ? srso_alias_return_thunk+0x5/0xfbef5
[ 139.577858][ T6138] ? srso_alias_return_thunk+0x5/0xfbef5
[ 139.577900][ T6138] ? __sanitizer_cov_trace_switch+0x54/0x90
[ 139.577963][ T6138] exfat_ioctl+0x929/0x1630
[ 139.578006][ T6138] ? __pfx_exfat_ioctl+0x10/0x10
[ 139.578043][ T6138] ? __pfx_do_sys_openat2+0x10/0x10
[ 139.578097][ T6138] ? srso_alias_return_thunk+0x5/0xfbef5
[ 139.578140][ T6138] ? srso_alias_return_thunk+0x5/0xfbef5
[ 139.578188][ T6138] ? hook_file_ioctl_common+0x145/0x410
[ 139.578240][ T6138] ? srso_alias_return_thunk+0x5/0xfbef5
[ 139.578284][ T6138] ? __pfx___x64_sys_futex+0x10/0x10
[ 139.578334][ T6138] ? __pfx_exfat_ioctl+0x10/0x10
[ 139.578374][ T6138] __x64_sys_ioctl+0x18e/0x210
[ 139.578433][ T6138] do_syscall_64+0xcd/0xfa0
[ 139.578490][ T6138] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 139.578526][ T6138] RIP: 0033:0x7f5e94f8eec9