[   70.471105][   T10] cfg80211: failed to load regulatory.db
Warning: Permanently added '10.128.1.167' (ED25519) to the list of known hosts.
2025/10/13 05:14:00 parsed 1 programs
[   76.302851][ T3527] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
2025/10/13 05:14:10 executed programs: 0
2025/10/13 05:14:16 executed programs: 2
[   90.574704][ T4351] loop3: detected capacity change from 0 to 256
[   90.585849][ T4351] exfat: Deprecated parameter 'namecase'
[   90.597066][ T4351] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0x5441951d, utbl_chksum : 0xe619d30d)
[   90.611892][ T4351] ==================================================================
[   90.620393][ T4351] BUG: KASAN: stack-out-of-bounds in exfat_nls_to_ucs2+0x732/0x800
[   90.628352][ T4351] Read of size 1 at addr ffffc90003ca7ce0 by task syz.3.17/4351
[   90.635942][ T4351] 
[   90.638238][ T4351] CPU: 0 UID: 0 PID: 4351 Comm: syz.3.17 Not tainted syzkaller #0 PREEMPT(full) 
[   90.638244][ T4351] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[   90.638247][ T4351] Call Trace:
[   90.638251][ T4351]  <TASK>
[   90.638254][ T4351]  dump_stack_lvl+0x5a/0x90
[   90.638263][ T4351]  print_report+0xcd/0x630
[   90.638270][ T4351]  ? lock_acquire+0xb2/0x190
[   90.638276][ T4351]  ? exfat_nls_to_ucs2+0x732/0x800
[   90.638282][ T4351]  kasan_report+0xe0/0x110
[   90.638287][ T4351]  ? exfat_nls_to_ucs2+0x732/0x800
[   90.638293][ T4351]  exfat_nls_to_ucs2+0x732/0x800
[   90.638300][ T4351]  ? __pfx_exfat_nls_to_ucs2+0x10/0x10
[   90.638315][ T4351]  ? srso_alias_return_thunk+0x5/0xfbef5
[   90.638320][ T4351]  ? cap_capable+0x159/0x2d0
[   90.638328][ T4351]  exfat_ioctl_set_volume_label+0x18a/0x1c0
[   90.638334][ T4351]  ? __pfx_exfat_ioctl_set_volume_label+0x10/0x10
[   90.638338][ T4351]  ? stack_depot_save_flags+0x25/0x8d0
[   90.638356][ T4351]  ? srso_alias_return_thunk+0x5/0xfbef5
[   90.638369][ T4351]  exfat_ioctl+0x857/0x1390
[   90.638375][ T4351]  ? __pfx_exfat_ioctl+0x10/0x10
[   90.638380][ T4351]  ? __pfx_do_futex+0x10/0x10
[   90.638405][ T4351]  __x64_sys_ioctl+0x134/0x1c0
[   90.638412][ T4351]  do_syscall_64+0x6d/0x310
[   90.638418][ T4351]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   90.638423][ T4351] RIP: 0033:0x7fd732b8eec9
[   90.638428][ T4351] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   90.638432][ T4351] RSP: 002b:00007fd733a8a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   90.638437][ T4351] RAX: ffffffffffffffda RBX: 00007fd732de5fa0 RCX: 00007fd732b8eec9
[   90.638440][ T4351] RDX: 00002000000001c0 RSI: 0000000041009432 RDI: 0000000000000004
[   90.638443][ T4351] RBP: 00007fd732c11f91 R08: 0000000000000000 R09: 0000000000000000
[   90.638445][ T4351] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   90.638447][ T4351] R13: 00007fd732de6038 R14: 00007fd732de5fa0 R15: 00007ffce0ec7b18
[   90.638453][ T4351]  </TASK>
[   90.638456][ T4351] 
[   90.841981][ T4351] The buggy address belongs to stack of task syz.3.17/4351
[   90.849134][ T4351]  and is located at offset 960 in frame:
[   90.854820][ T4351]  exfat_ioctl_set_volume_label+0x0/0x1c0
[   90.860502][ T4351] 
[   90.862788][ T4351] This frame has 3 objects:
[   90.867248][ T4351]  [32, 36) 'lossy'
[   90.867253][ T4351]  [48, 568) 'uniname'
[   90.871037][ T4351]  [704, 960) 'label'
[   90.875064][ T4351] 
[   90.881282][ T4351] The buggy address belongs to a 8-page vmalloc region starting at 0xffffc90003ca0000 allocated at kernel_clone+0xcc/0x830
[   90.894003][ T4351] The buggy address belongs to the physical page:
[   90.900405][ T4351] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff888000000000 pfn:0x7297d
[   90.910517][ T4351] memcg:ffff88801e323902
[   90.914715][ T4351] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[   90.921794][ T4351] raw: 00fff00000000000 0000000000000000 dead000000000122 0000000000000000
[   90.930345][ T4351] raw: ffff888000000000 0000000000000000 00000001ffffffff ffff88801e323902
[   90.939035][ T4351] page dumped because: kasan: bad access detected
[   90.945436][ T4351] page_owner tracks the page as allocated
[   90.951163][ T4351] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2dc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_ZERO|__GFP_NOWARN), pid 325, tgid 325 (kworker/u8:5), ts 90315574052, free_ts 90264073151
[   90.970134][ T4351]  post_alloc_hook+0x168/0x1d0
[   90.974866][ T4351]  get_page_from_freelist+0xf32/0x2fd0
[   90.980286][ T4351]  __alloc_frozen_pages_noprof+0x20c/0x470
[   90.986057][ T4351]  alloc_pages_mpol+0x135/0x400
[   90.990980][ T4351]  alloc_pages_noprof+0xe9/0x2a0
[   90.995899][ T4351]  __vmalloc_node_range_noprof+0x51b/0x1000
[   91.001754][ T4351]  __vmalloc_node_noprof+0x89/0x100
[   91.006926][ T4351]  copy_process+0x2357/0x6210
[   91.011584][ T4351]  kernel_clone+0xcc/0x830
[   91.015959][ T4351]  user_mode_thread+0xb9/0x100
[   91.020698][ T4351]  call_usermodehelper_exec_work+0x57/0x140
[   91.026549][ T4351]  process_one_work+0x81f/0x16b0
[   91.031444][ T4351]  worker_thread+0x6dd/0x11e0
[   91.036117][ T4351]  kthread+0x35d/0x6a0
[   91.040157][ T4351]  ret_from_fork+0x2bb/0x340
[   91.044725][ T4351]  ret_from_fork_asm+0x1a/0x30
[   91.049448][ T4351] page last free pid 15 tgid 15 stack trace:
[   91.055400][ T4351]  __free_frozen_pages+0x811/0x1130
[   91.060558][ T4351]  rcu_core+0xb22/0x1460
[   91.064759][ T4351]  handle_softirqs+0x1b8/0x670
[   91.069499][ T4351]  run_ksoftirqd+0x2e/0x40
[   91.073872][ T4351]  smpboot_thread_fn+0x2e9/0x850
[   91.078767][ T4351]  kthread+0x35d/0x6a0
[   91.082812][ T4351]  ret_from_fork+0x2bb/0x340
[   91.087391][ T4351]  ret_from_fork_asm+0x1a/0x30
[   91.092114][ T4351] 
[   91.094423][ T4351] Memory state around the buggy address:
[   91.100013][ T4351]  ffffc90003ca7b80: f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 00 00 00 00
[   91.108038][ T4351]  ffffc90003ca7c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   91.116083][ T4351] >ffffc90003ca7c80: 00 00 00 00 00 00 00 00 00 00 00 00 f3 f3 f3 f3
[   91.124101][ T4351]                                                        ^
[   91.131254][ T4351]  ffffc90003ca7d00: f3 f3 f3 f3 00 00 00 00 00 00 00 00 00 00 00 00
[   91.139275][ T4351]  ffffc90003ca7d80: 00 00 00 00 00 00 f1 f1 f1 f1 f1 f1 00 00 00 f2
[   91.147296][ T4351] ==================================================================
[   91.156459][ T4351] Disabling lock debugging due to kernel taint
[   91.176036][ T4353] loop3: detected capacity change from 0 to 256
[   91.183998][ T4353] exfat: Deprecated parameter 'namecase'
[   91.192689][ T4353] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0x5441951d, utbl_chksum : 0xe619d30d)
[   91.205580][ T4353] ==================================================================
[   91.213618][ T4353] BUG: KASAN: stack-out-of-bounds in exfat_nls_to_ucs2+0x732/0x800
[   91.221488][ T4353] Read of size 1 at addr ffffc90003bb7ce0 by task syz.3.18/4353
[   91.229086][ T4353] 
[   91.231383][ T4353] CPU: 1 UID: 0 PID: 4353 Comm: syz.3.18 Tainted: G    B               syzkaller #0 PREEMPT(full) 
[   91.231394][ T4353] Tainted: [B]=BAD_PAGE
[   91.231397][ T4353] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[   91.231399][ T4353] Call Trace:
[   91.231402][ T4353]  <TASK>
[   91.231405][ T4353]  dump_stack_lvl+0x5a/0x90
[   91.231414][ T4353]  print_report+0xcd/0x630
[   91.231421][ T4353]  ? lock_acquire+0x16b/0x190
[   91.231427][ T4353]  ? exfat_nls_to_ucs2+0x732/0x800
[   91.231470][ T4353]  kasan_report+0xe0/0x110
[   91.231478][ T4353]  ? exfat_nls_to_ucs2+0x732/0x800
[   91.231483][ T4353]  exfat_nls_to_ucs2+0x732/0x800
[   91.231490][ T4353]  ? __pfx_exfat_nls_to_ucs2+0x10/0x10
[   91.231494][ T4353]  ? srso_alias_return_thunk+0x5/0xfbef5
[   91.231508][ T4353]  ? srso_alias_return_thunk+0x5/0xfbef5
[   91.231512][ T4353]  ? cap_capable+0x159/0x2d0
[   91.231520][ T4353]  exfat_ioctl_set_volume_label+0x18a/0x1c0
[   91.231526][ T4353]  ? __pfx_exfat_ioctl_set_volume_label+0x10/0x10
[   91.231530][ T4353]  ? stack_depot_save_flags+0x25/0x8d0
[   91.231546][ T4353]  ? srso_alias_return_thunk+0x5/0xfbef5
[   91.231557][ T4353]  exfat_ioctl+0x857/0x1390
[   91.231563][ T4353]  ? __pfx_exfat_ioctl+0x10/0x10
[   91.231568][ T4353]  ? __pfx_do_futex+0x10/0x10
[   91.231573][ T4353]  ? lock_release+0x1d9/0x240
[   91.231577][ T4353]  ? srso_alias_return_thunk+0x5/0xfbef5
[   91.231582][ T4353]  ? lock_release+0x1d9/0x240
[   91.231588][ T4353]  __x64_sys_ioctl+0x134/0x1c0
[   91.231594][ T4353]  do_syscall_64+0x6d/0x310
[   91.231600][ T4353]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   91.231604][ T4353] RIP: 0033:0x7fd732b8eec9
[   91.231609][ T4353] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   91.231613][ T4353] RSP: 002b:00007fd733a8a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   91.231618][ T4353] RAX: ffffffffffffffda RBX: 00007fd732de5fa0 RCX: 00007fd732b8eec9
[   91.231621][ T4353] RDX: 00002000000001c0 RSI: 0000000041009432 RDI: 0000000000000004
[   91.231623][ T4353] RBP: 00007fd732c11f91 R08: 0000000000000000 R09: 0000000000000000
[   91.231626][ T4353] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   91.231628][ T4353] R13: 00007fd732de6038 R14: 00007fd732de5fa0 R15: 00007ffce0ec7b18
[   91.231634][ T4353]  </TASK>
[   91.231636][ T4353] 
[   91.462094][ T4353] The buggy address belongs to stack of task syz.3.18/4353
[   91.469419][ T4353]  and is located at offset 960 in frame:
[   91.475118][ T4353]  exfat_ioctl_set_volume_label+0x0/0x1c0
[   91.480800][ T4353] 
[   91.483194][ T4353] This frame has 3 objects:
[   91.487653][ T4353]  [32, 36) 'lossy'
[   91.487658][ T4353]  [48, 568) 'uniname'
[   91.491424][ T4353]  [704, 960) 'label'
[   91.495469][ T4353] 
[   91.501710][ T4353] The buggy address belongs to a 8-page vmalloc region starting at 0xffffc90003bb0000 allocated at kernel_clone+0xcc/0x830
[   91.514455][ T4353] The buggy address belongs to the physical page:
[   91.520836][ T4353] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff88805f256b40 pfn:0x5f256
[   91.530858][ T4353] memcg:ffff88801e323902
[   91.535090][ T4353] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[   91.542163][ T4353] raw: 00fff00000000000 0000000000000000 dead000000000122 0000000000000000
[   91.550705][ T4353] raw: ffff88805f256b40 0000000000000000 00000001ffffffff ffff88801e323902
[   91.559245][ T4353] page dumped because: kasan: bad access detected
[   91.565719][ T4353] page_owner tracks the page as allocated
[   91.571397][ T4353] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2dc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_ZERO|__GFP_NOWARN), pid 12, tgid 12 (kworker/u8:0), ts 89776349962, free_ts 89644389628
[   91.590194][ T4353]  post_alloc_hook+0x168/0x1d0
[   91.595007][ T4353]  get_page_from_freelist+0xf32/0x2fd0
[   91.600433][ T4353]  __alloc_frozen_pages_noprof+0x20c/0x470
[   91.606200][ T4353]  alloc_pages_mpol+0x135/0x400
[   91.611098][ T4353]  alloc_pages_noprof+0xe9/0x2a0
[   91.616083][ T4353]  __vmalloc_node_range_noprof+0x51b/0x1000
[   91.621934][ T4353]  __vmalloc_node_noprof+0x89/0x100
[   91.627092][ T4353]  copy_process+0x2357/0x6210
[   91.631751][ T4353]  kernel_clone+0xcc/0x830
[   91.636126][ T4353]  user_mode_thread+0xb9/0x100
[   91.640857][ T4353]  call_usermodehelper_exec_work+0x57/0x140
[   91.646892][ T4353]  process_one_work+0x81f/0x16b0
[   91.651794][ T4353]  worker_thread+0x6dd/0x11e0
[   91.656436][ T4353]  kthread+0x35d/0x6a0
[   91.660464][ T4353]  ret_from_fork+0x2bb/0x340
[   91.665019][ T4353]  ret_from_fork_asm+0x1a/0x30
[   91.669741][ T4353] page last free pid 761 tgid 761 stack trace:
[   91.675961][ T4353]  __free_frozen_pages+0x811/0x1130
[   91.681123][ T4353]  vfree+0x16c/0x970
[   91.684998][ T4353]  delayed_vfree_work+0x4a/0x70
[   91.689813][ T4353]  process_one_work+0x81f/0x16b0
[   91.694712][ T4353]  worker_thread+0x6dd/0x11e0
[   91.699375][ T4353]  kthread+0x35d/0x6a0
[   91.703425][ T4353]  ret_from_fork+0x2bb/0x340
[   91.707977][ T4353]  ret_from_fork_asm+0x1a/0x30
[   91.712703][ T4353] 
[   91.714991][ T4353] Memory state around the buggy address:
[   91.720585][ T4353]  ffffc90003bb7b80: f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 00 00 00 00
[   91.728606][ T4353]  ffffc90003bb7c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   91.736626][ T4353] >ffffc90003bb7c80: 00 00 00 00 00 00 00 00 00 00 00 00 f3 f3 f3 f3
[   91.744647][ T4353]                                                        ^
[   91.751801][ T4353]  ffffc90003bb7d00: f3 f3 f3 f3 00 00 00 00 00 00 00 00 00 00 00 00
[   91.759825][ T4353]  ffffc90003bb7d80: 00 00 00 00 00 00 f1 f1 f1 f1 f1 f1 00 00 00 f2
[   91.767852][ T4353] ==================================================================
[   91.791805][ T4355] loop3: detected capacity change from 0 to 256
[   91.799016][ T4355] exfat: Deprecated parameter 'namecase'
[   91.811324][ T4355] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0x5441951d, utbl_chksum : 0xe619d30d)
[   91.825362][ T4355] ==================================================================
[   91.833418][ T4355] BUG: KASAN: stack-out-of-bounds in exfat_nls_to_ucs2+0x732/0x800
[   91.841286][ T4355] Read of size 1 at addr ffffc90003cf7ce0 by task syz.3.19/4355
[   91.848881][ T4355] 
[   91.851180][ T4355] CPU: 0 UID: 0 PID: 4355 Comm: syz.3.19 Tainted: G    B               syzkaller #0 PREEMPT(full) 
[   91.851188][ T4355] Tainted: [B]=BAD_PAGE
[   91.851190][ T4355] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[   91.851193][ T4355] Call Trace:
[   91.851196][ T4355]  <TASK>
[   91.851199][ T4355]  dump_stack_lvl+0x5a/0x90
[   91.851208][ T4355]  print_report+0xcd/0x630
[   91.851214][ T4355]  ? lock_acquire+0x16b/0x190
[   91.851221][ T4355]  ? exfat_nls_to_ucs2+0x732/0x800
[   91.851227][ T4355]  kasan_report+0xe0/0x110
[   91.851232][ T4355]  ? exfat_nls_to_ucs2+0x732/0x800
[   91.851237][ T4355]  exfat_nls_to_ucs2+0x732/0x800
[   91.851244][ T4355]  ? __pfx_exfat_nls_to_ucs2+0x10/0x10
[   91.851248][ T4355]  ? srso_alias_return_thunk+0x5/0xfbef5
[   91.851262][ T4355]  ? srso_alias_return_thunk+0x5/0xfbef5
[   91.851265][ T4355]  ? cap_capable+0x159/0x2d0
[   91.851273][ T4355]  exfat_ioctl_set_volume_label+0x18a/0x1c0
[   91.851279][ T4355]  ? __pfx_exfat_ioctl_set_volume_label+0x10/0x10
[   91.851283][ T4355]  ? stack_depot_save_flags+0x25/0x8d0
[   91.851300][ T4355]  ? srso_alias_return_thunk+0x5/0xfbef5
[   91.851311][ T4355]  exfat_ioctl+0x857/0x1390
[   91.851317][ T4355]  ? __pfx_exfat_ioctl+0x10/0x10
[   91.851322][ T4355]  ? __pfx_do_futex+0x10/0x10
[   91.851327][ T4355]  ? lock_release+0x1d9/0x240
[   91.851331][ T4355]  ? srso_alias_return_thunk+0x5/0xfbef5
[   91.851336][ T4355]  ? lock_release+0x1d9/0x240
[   91.851341][ T4355]  __x64_sys_ioctl+0x134/0x1c0
[   91.851348][ T4355]  do_syscall_64+0x6d/0x310
[   91.851354][ T4355]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   91.851358][ T4355] RIP: 0033:0x7fd732b8eec9
[   91.851363][ T4355] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   91.851367][ T4355] RSP: 002b:00007fd733a8a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   91.851372][ T4355] RAX: ffffffffffffffda RBX: 00007fd732de5fa0 RCX: 00007fd732b8eec9
[   91.851375][ T4355] RDX: 00002000000001c0 RSI: 0000000041009432 RDI: 0000000000000004
[   91.851378][ T4355] RBP: 00007fd732c11f91 R08: 0000000000000000 R09: 0000000000000000
[   91.851380][ T4355] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   91.851386][ T4355] R13: 00007fd732de6038 R14: 00007fd732de5fa0 R15: 00007ffce0ec7b18
[   91.851392][ T4355]  </TASK>
[   91.851394][ T4355] 
[   92.081283][ T4355] The buggy address belongs to stack of task syz.3.19/4355
[   92.088440][ T4355]  and is located at offset 960 in frame:
[   92.094203][ T4355]  exfat_ioctl_set_volume_label+0x0/0x1c0
[   92.099890][ T4355] 
[   92.102178][ T4355] This frame has 3 objects:
[   92.106812][ T4355]  [32, 36) 'lossy'
[   92.106816][ T4355]  [48, 568) 'uniname'
[   92.110585][ T4355]  [704, 960) 'label'
[   92.114612][ T4355] 
[   92.120835][ T4355] The buggy address belongs to a 8-page vmalloc region starting at 0xffffc90003cf0000 allocated at kernel_clone+0xcc/0x830
[   92.133561][ T4355] The buggy address belongs to the physical page:
[   92.139931][ T4355] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff8880783e8000 pfn:0x71670
[   92.149956][ T4355] memcg:ffff88801e323902
[   92.154162][ T4355] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[   92.161235][ T4355] raw: 00fff00000000000 0000000000000000 dead000000000122 0000000000000000
[   92.169776][ T4355] raw: ffff8880783e8000 0000000000000000 00000001ffffffff ffff88801e323902
[   92.178407][ T4355] page dumped because: kasan: bad access detected
[   92.184782][ T4355] page_owner tracks the page as allocated
[   92.190471][ T4355] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2dc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_ZERO|__GFP_NOWARN), pid 325, tgid 325 (kworker/u8:5), ts 90427651878, free_ts 90320946355
[   92.209443][ T4355]  post_alloc_hook+0x168/0x1d0
[   92.214175][ T4355]  get_page_from_freelist+0xf32/0x2fd0
[   92.219593][ T4355]  __alloc_frozen_pages_noprof+0x20c/0x470
[   92.225368][ T4355]  alloc_pages_mpol+0x135/0x400
[   92.230188][ T4355]  alloc_pages_noprof+0xe9/0x2a0
[   92.235087][ T4355]  __vmalloc_node_range_noprof+0x51b/0x1000
[   92.240942][ T4355]  __vmalloc_node_noprof+0x89/0x100
[   92.246099][ T4355]  copy_process+0x2357/0x6210
[   92.250737][ T4355]  kernel_clone+0xcc/0x830
[   92.255376][ T4355]  user_mode_thread+0xb9/0x100
[   92.260104][ T4355]  call_usermodehelper_exec_work+0x57/0x140
[   92.265957][ T4355]  process_one_work+0x81f/0x16b0
[   92.270861][ T4355]  worker_thread+0x6dd/0x11e0
[   92.275500][ T4355]  kthread+0x35d/0x6a0
[   92.279530][ T4355]  ret_from_fork+0x2bb/0x340
[   92.284082][ T4355]  ret_from_fork_asm+0x1a/0x30
[   92.288807][ T4355] page last free pid 23 tgid 23 stack trace:
[   92.294746][ T4355]  __free_frozen_pages+0x811/0x1130
[   92.299995][ T4355]  tlb_remove_table_rcu+0xc5/0x120
[   92.305070][ T4355]  rcu_core+0xb22/0x1460
[   92.309276][ T4355]  handle_softirqs+0x1b8/0x670
[   92.314007][ T4355]  run_ksoftirqd+0x2e/0x40
[   92.318392][ T4355]  smpboot_thread_fn+0x2e9/0x850
[   92.323465][ T4355]  kthread+0x35d/0x6a0
[   92.327498][ T4355]  ret_from_fork+0x2bb/0x340
[   92.332048][ T4355]  ret_from_fork_asm+0x1a/0x30
[   92.336772][ T4355] 
[   92.339064][ T4355] Memory state around the buggy address:
[   92.344664][ T4355]  ffffc90003cf7b80: f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 00 00 00 00
[   92.352687][ T4355]  ffffc90003cf7c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   92.360710][ T4355] >ffffc90003cf7c80: 00 00 00 00 00 00 00 00 00 00 00 00 f3 f3 f3 f3
[   92.368728][ T4355]                                                        ^
[   92.375880][ T4355]  ffffc90003cf7d00: f3 f3 f3 f3 00 00 00 00 00 00 00 00 00 00 00 00
[   92.383906][ T4355]  ffffc90003cf7d80: 00 00 00 00 00 00 f1 f1 f1 f1 f1 f1 00 00 00 f2
[   92.391929][ T4355] ==================================================================
[   92.416340][ T4357] loop3: detected capacity change from 0 to 256
[   92.423373][ T4357] exfat: Deprecated parameter 'namecase'
[   92.432164][ T4357] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0x5441951d, utbl_chksum : 0xe619d30d)
[   92.446452][ T4357] ==================================================================
[   92.454494][ T4357] BUG: KASAN: stack-out-of-bounds in exfat_nls_to_ucs2+0x732/0x800
[   92.462358][ T4357] Read of size 1 at addr ffffc90003d07ce0 by task syz.3.20/4357
[   92.469954][ T4357] 
[   92.472260][ T4357] CPU: 0 UID: 0 PID: 4357 Comm: syz.3.20 Tainted: G    B               syzkaller #0 PREEMPT(full) 
[   92.472269][ T4357] Tainted: [B]=BAD_PAGE
[   92.472272][ T4357] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[   92.472276][ T4357] Call Trace:
[   92.472279][ T4357]  <TASK>
[   92.472283][ T4357]  dump_stack_lvl+0x5a/0x90
[   92.472294][ T4357]  print_report+0xcd/0x630
[   92.472302][ T4357]  ? lock_acquire+0x16b/0x190
[   92.472309][ T4357]  ? exfat_nls_to_ucs2+0x732/0x800
[   92.472317][ T4357]  kasan_report+0xe0/0x110
[   92.472323][ T4357]  ? exfat_nls_to_ucs2+0x732/0x800
[   92.472331][ T4357]  exfat_nls_to_ucs2+0x732/0x800
[   92.472339][ T4357]  ? __pfx_exfat_nls_to_ucs2+0x10/0x10
[   92.472345][ T4357]  ? srso_alias_return_thunk+0x5/0xfbef5
[   92.472362][ T4357]  ? srso_alias_return_thunk+0x5/0xfbef5
[   92.472367][ T4357]  ? cap_capable+0x159/0x2d0
[   92.472378][ T4357]  exfat_ioctl_set_volume_label+0x18a/0x1c0
[   92.472385][ T4357]  ? __pfx_exfat_ioctl_set_volume_label+0x10/0x10
[   92.472391][ T4357]  ? stack_depot_save_flags+0x25/0x8d0
[   92.472412][ T4357]  ? srso_alias_return_thunk+0x5/0xfbef5
[   92.472424][ T4357]  ? __pfx_futex_wake+0x10/0x10
[   92.472431][ T4357]  ? srso_alias_return_thunk+0x5/0xfbef5
[   92.472438][ T4357]  exfat_ioctl+0x857/0x1390
[   92.472446][ T4357]  ? __pfx_exfat_ioctl+0x10/0x10
[   92.472452][ T4357]  ? __pfx_do_futex+0x10/0x10
[   92.472457][ T4357]  ? lock_release+0x1d9/0x240
[   92.472462][ T4357]  ? srso_alias_return_thunk+0x5/0xfbef5
[   92.472469][ T4357]  ? lock_release+0x1d9/0x240
[   92.472476][ T4357]  __x64_sys_ioctl+0x134/0x1c0
[   92.472485][ T4357]  do_syscall_64+0x6d/0x310
[   92.472492][ T4357]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   92.472498][ T4357] RIP: 0033:0x7fd732b8eec9
[   92.472504][ T4357] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   92.472509][ T4357] RSP: 002b:00007fd733a8a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   92.472515][ T4357] RAX: ffffffffffffffda RBX: 00007fd732de5fa0 RCX: 00007fd732b8eec9
[   92.472520][ T4357] RDX: 00002000000001c0 RSI: 0000000041009432 RDI: 0000000000000004
[   92.472523][ T4357] RBP: 00007fd732c11f91 R08: 0000000000000000 R09: 0000000000000000
[   92.472527][ T4357] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   92.472530][ T4357] R13: 00007fd732de6038 R14: 00007fd732de5fa0 R15: 00007ffce0ec7b18
[   92.472538][ T4357]  </TASK>
[   92.472541][ T4357] 
[   92.712446][ T4357] The buggy address belongs to stack of task syz.3.20/4357
[   92.719601][ T4357]  and is located at offset 960 in frame:
[   92.725285][ T4357]  exfat_ioctl_set_volume_label+0x0/0x1c0
[   92.731407][ T4357] 
[   92.733695][ T4357] This frame has 3 objects:
[   92.738168][ T4357]  [32, 36) 'lossy'
[   92.738174][ T4357]  [48, 568) 'uniname'
[   92.741942][ T4357]  [704, 960) 'label'
[   92.745968][ T4357] 
[   92.752190][ T4357] The buggy address belongs to a 8-page vmalloc region starting at 0xffffc90003d00000 allocated at kernel_clone+0xcc/0x830
[   92.764915][ T4357] The buggy address belongs to the physical page:
[   92.771373][ T4357] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff888000000000 pfn:0x716a6
[   92.781391][ T4357] memcg:ffff88801e323902
[   92.785602][ T4357] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[   92.792672][ T4357] raw: 00fff00000000000 0000000000000000 dead000000000122 0000000000000000
[   92.801212][ T4357] raw: ffff888000000000 0000000000000000 00000001ffffffff ffff88801e323902
[   92.809838][ T4357] page dumped because: kasan: bad access detected
[   92.816208][ T4357] page_owner tracks the page as allocated
[   92.821884][ T4357] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2dc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_ZERO|__GFP_NOWARN), pid 325, tgid 325 (kworker/u8:5), ts 90446704906, free_ts 90317456994
[   92.841026][ T4357]  post_alloc_hook+0x168/0x1d0
[   92.845756][ T4357]  get_page_from_freelist+0xf32/0x2fd0
[   92.851176][ T4357]  __alloc_frozen_pages_noprof+0x20c/0x470
[   92.856952][ T4357]  alloc_pages_mpol+0x135/0x400
[   92.861760][ T4357]  alloc_pages_noprof+0xe9/0x2a0
[   92.866659][ T4357]  __vmalloc_node_range_noprof+0x51b/0x1000
[   92.872511][ T4357]  __vmalloc_node_noprof+0x89/0x100
[   92.877666][ T4357]  copy_process+0x2357/0x6210
[   92.882304][ T4357]  kernel_clone+0xcc/0x830
[   92.886687][ T4357]  user_mode_thread+0xb9/0x100
[   92.891411][ T4357]  call_usermodehelper_exec_work+0x57/0x140
[   92.897264][ T4357]  process_one_work+0x81f/0x16b0
[   92.902158][ T4357]  worker_thread+0x6dd/0x11e0
[   92.906801][ T4357]  kthread+0x35d/0x6a0
[   92.910828][ T4357]  ret_from_fork+0x2bb/0x340
[   92.915380][ T4357]  ret_from_fork_asm+0x1a/0x30
[   92.920102][ T4357] page last free pid 23 tgid 23 stack trace:
[   92.926043][ T4357]  __free_frozen_pages+0x811/0x1130
[   92.931292][ T4357]  tlb_remove_table_rcu+0xc5/0x120
[   92.936367][ T4357]  rcu_core+0xb22/0x1460
[   92.940576][ T4357]  handle_softirqs+0x1b8/0x670
[   92.945302][ T4357]  run_ksoftirqd+0x2e/0x40
[   92.949675][ T4357]  smpboot_thread_fn+0x2e9/0x850
[   92.954571][ T4357]  kthread+0x35d/0x6a0
[   92.958601][ T4357]  ret_from_fork+0x2bb/0x340
[   92.963246][ T4357]  ret_from_fork_asm+0x1a/0x30
[   92.967974][ T4357] 
[   92.970264][ T4357] Memory state around the buggy address:
[   92.975851][ T4357]  ffffc90003d07b80: f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 00 00 00 00
[   92.983870][ T4357]  ffffc90003d07c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   92.991981][ T4357] >ffffc90003d07c80: 00 00 00 00 00 00 00 00 00 00 00 00 f3 f3 f3 f3
[   92.999999][ T4357]                                                        ^
[   93.007153][ T4357]  ffffc90003d07d00: f3 f3 f3 f3 00 00 00 00 00 00 00 00 00 00 00 00
[   93.015175][ T4357]  ffffc90003d07d80: 00 00 00 00 00 00 f1 f1 f1 f1 f1 f1 00 00 00 f2
[   93.023194][ T4357] ==================================================================
[   93.046175][ T4359] loop3: detected capacity change from 0 to 256
[   93.053746][ T4359] exfat: Deprecated parameter 'namecase'
[   93.064341][ T4359] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0x5441951d, utbl_chksum : 0xe619d30d)
[   93.084651][ T4359] ==================================================================
[   93.092714][ T4359] BUG: KASAN: stack-out-of-bounds in exfat_nls_to_ucs2+0x732/0x800
[   93.100587][ T4359] Read of size 1 at addr ffffc90003ca7ce0 by task syz.3.21/4359
[   93.108222][ T4359] 
[   93.110524][ T4359] CPU: 1 UID: 0 PID: 4359 Comm: syz.3.21 Tainted: G    B               syzkaller #0 PREEMPT(full) 
[   93.110532][ T4359] Tainted: [B]=BAD_PAGE
[   93.110534][ T4359] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[   93.110537][ T4359] Call Trace:
[   93.110541][ T4359]  <TASK>
[   93.110544][ T4359]  dump_stack_lvl+0x5a/0x90
[   93.110554][ T4359]  print_report+0xcd/0x630
[   93.110561][ T4359]  ? lock_acquire+0x16b/0x190
[   93.110567][ T4359]  ? exfat_nls_to_ucs2+0x732/0x800
[   93.110572][ T4359]  kasan_report+0xe0/0x110
[   93.110578][ T4359]  ? exfat_nls_to_ucs2+0x732/0x800
[   93.110583][ T4359]  exfat_nls_to_ucs2+0x732/0x800
[   93.110590][ T4359]  ? __pfx_exfat_nls_to_ucs2+0x10/0x10
[   93.110594][ T4359]  ? srso_alias_return_thunk+0x5/0xfbef5
[   93.110608][ T4359]  ? srso_alias_return_thunk+0x5/0xfbef5
[   93.110612][ T4359]  ? cap_capable+0x159/0x2d0
[   93.110620][ T4359]  exfat_ioctl_set_volume_label+0x18a/0x1c0
[   93.110625][ T4359]  ? __pfx_exfat_ioctl_set_volume_label+0x10/0x10
[   93.110630][ T4359]  ? stack_depot_save_flags+0x25/0x8d0
[   93.110647][ T4359]  ? srso_alias_return_thunk+0x5/0xfbef5
[   93.110658][ T4359]  exfat_ioctl+0x857/0x1390
[   93.110664][ T4359]  ? __pfx_exfat_ioctl+0x10/0x10
[   93.110668][ T4359]  ? __pfx_do_futex+0x10/0x10
[   93.110674][ T4359]  ? lock_release+0x1d9/0x240
[   93.110677][ T4359]  ? srso_alias_return_thunk+0x5/0xfbef5
[   93.110682][ T4359]  ? lock_release+0x1d9/0x240
[   93.110688][ T4359]  __x64_sys_ioctl+0x134/0x1c0
[   93.110695][ T4359]  do_syscall_64+0x6d/0x310
[   93.110701][ T4359]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   93.110705][ T4359] RIP: 0033:0x7fd732b8eec9
[   93.110711][ T4359] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   93.110715][ T4359] RSP: 002b:00007fd733a8a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   93.110720][ T4359] RAX: ffffffffffffffda RBX: 00007fd732de5fa0 RCX: 00007fd732b8eec9
[   93.110723][ T4359] RDX: 00002000000001c0 RSI: 0000000041009432 RDI: 0000000000000004
[   93.110725][ T4359] RBP: 00007fd732c11f91 R08: 0000000000000000 R09: 0000000000000000
[   93.110728][ T4359] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   93.110730][ T4359] R13: 00007fd732de6038 R14: 00007fd732de5fa0 R15: 00007ffce0ec7b18
[   93.110736][ T4359]  </TASK>
[   93.110738][ T4359] 
[   93.340958][ T4359] The buggy address belongs to stack of task syz.3.21/4359
[   93.348254][ T4359]  and is located at offset 960 in frame:
[   93.353934][ T4359]  exfat_ioctl_set_volume_label+0x0/0x1c0
[   93.359621][ T4359] 
[   93.361911][ T4359] This frame has 3 objects:
[   93.366464][ T4359]  [32, 36) 'lossy'
[   93.366469][ T4359]  [48, 568) 'uniname'
[   93.370259][ T4359]  [704, 960) 'label'
[   93.374307][ T4359] 
[   93.380564][ T4359] The buggy address belongs to a 8-page vmalloc region starting at 0xffffc90003ca0000 allocated at kernel_clone+0xcc/0x830
[   93.393302][ T4359] The buggy address belongs to the physical page:
[   93.399684][ T4359] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff888000000000 pfn:0x7297d
[   93.409703][ T4359] memcg:ffff88801e323902
[   93.413905][ T4359] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[   93.421066][ T4359] raw: 00fff00000000000 0000000000000000 dead000000000122 0000000000000000
[   93.429608][ T4359] raw: ffff888000000000 0000000000000000 00000001ffffffff ffff88801e323902
[   93.438208][ T4359] page dumped because: kasan: bad access detected
[   93.444581][ T4359] page_owner tracks the page as allocated
[   93.450256][ T4359] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2dc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_ZERO|__GFP_NOWARN), pid 325, tgid 325 (kworker/u8:5), ts 90315574052, free_ts 90264073151
[   93.469306][ T4359]  post_alloc_hook+0x168/0x1d0
[   93.474037][ T4359]  get_page_from_freelist+0xf32/0x2fd0
[   93.479461][ T4359]  __alloc_frozen_pages_noprof+0x20c/0x470
[   93.485392][ T4359]  alloc_pages_mpol+0x135/0x400
[   93.490222][ T4359]  alloc_pages_noprof+0xe9/0x2a0
[   93.495123][ T4359]  __vmalloc_node_range_noprof+0x51b/0x1000
[   93.500986][ T4359]  __vmalloc_node_noprof+0x89/0x100
[   93.506168][ T4359]  copy_process+0x2357/0x6210
[   93.510812][ T4359]  kernel_clone+0xcc/0x830
[   93.515190][ T4359]  user_mode_thread+0xb9/0x100
[   93.519920][ T4359]  call_usermodehelper_exec_work+0x57/0x140
[   93.525776][ T4359]  process_one_work+0x81f/0x16b0
[   93.530706][ T4359]  worker_thread+0x6dd/0x11e0
[   93.535354][ T4359]  kthread+0x35d/0x6a0
[   93.539417][ T4359]  ret_from_fork+0x2bb/0x340
[   93.544002][ T4359]  ret_from_fork_asm+0x1a/0x30
[   93.548729][ T4359] page last free pid 15 tgid 15 stack trace:
[   93.554670][ T4359]  __free_frozen_pages+0x811/0x1130
[   93.559832][ T4359]  rcu_core+0xb22/0x1460
[   93.564043][ T4359]  handle_softirqs+0x1b8/0x670
[   93.568772][ T4359]  run_ksoftirqd+0x2e/0x40
[   93.573153][ T4359]  smpboot_thread_fn+0x2e9/0x850
[   93.578055][ T4359]  kthread+0x35d/0x6a0
[   93.582200][ T4359]  ret_from_fork+0x2bb/0x340
[   93.586803][ T4359]  ret_from_fork_asm+0x1a/0x30
[   93.591540][ T4359] 
[   93.593834][ T4359] Memory state around the buggy address:
[   93.599425][ T4359]  ffffc90003ca7b80: f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 00 00 00 00
[   93.607444][ T4359]  ffffc90003ca7c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   93.615476][ T4359] >ffffc90003ca7c80: 00 00 00 00 00 00 00 00 00 00 00 00 f3 f3 f3 f3
[   93.623584][ T4359]                                                        ^
[   93.630737][ T4359]  ffffc90003ca7d00: f3 f3 f3 f3 00 00 00 00 00 00 00 00 00 00 00 00
[   93.638937][ T4359]  ffffc90003ca7d80: 00 00 00 00 00 00 f1 f1 f1 f1 f1 f1 00 00 00 f2
[   93.646985][ T4359] ==================================================================
[   93.669297][ T4361] loop3: detected capacity change from 0 to 256
[   93.676601][ T4361] exfat: Deprecated parameter 'namecase'
[   93.684830][ T4361] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0x5441951d, utbl_chksum : 0xe619d30d)
[   93.707598][ T4361] ==================================================================
[   93.715676][ T4361] BUG: KASAN: stack-out-of-bounds in exfat_nls_to_ucs2+0x732/0x800
[   93.723549][ T4361] Read of size 1 at addr ffffc90003d17ce0 by task syz.3.22/4361
[   93.731149][ T4361] 
[   93.733445][ T4361] CPU: 1 UID: 0 PID: 4361 Comm: syz.3.22 Tainted: G    B               syzkaller #0 PREEMPT(full) 
[   93.733454][ T4361] Tainted: [B]=BAD_PAGE
[   93.733456][ T4361] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[   93.733459][ T4361] Call Trace:
[   93.733463][ T4361]  <TASK>
[   93.733466][ T4361]  dump_stack_lvl+0x5a/0x90
[   93.733476][ T4361]  print_report+0xcd/0x630
[   93.733482][ T4361]  ? lock_acquire+0x16b/0x190
[   93.733488][ T4361]  ? exfat_nls_to_ucs2+0x732/0x800
[   93.733494][ T4361]  kasan_report+0xe0/0x110
[   93.733499][ T4361]  ? exfat_nls_to_ucs2+0x732/0x800
[   93.733505][ T4361]  exfat_nls_to_ucs2+0x732/0x800
[   93.733511][ T4361]  ? __pfx_exfat_nls_to_ucs2+0x10/0x10
[   93.733515][ T4361]  ? srso_alias_return_thunk+0x5/0xfbef5
[   93.733529][ T4361]  ? srso_alias_return_thunk+0x5/0xfbef5
[   93.733533][ T4361]  ? cap_capable+0x159/0x2d0
[   93.733541][ T4361]  exfat_ioctl_set_volume_label+0x18a/0x1c0
[   93.733546][ T4361]  ? __pfx_exfat_ioctl_set_volume_label+0x10/0x10
[   93.733551][ T4361]  ? stack_depot_save_flags+0x25/0x8d0
[   93.733568][ T4361]  ? srso_alias_return_thunk+0x5/0xfbef5
[   93.733579][ T4361]  exfat_ioctl+0x857/0x1390
[   93.733585][ T4361]  ? __pfx_exfat_ioctl+0x10/0x10
[   93.733589][ T4361]  ? __pfx_do_futex+0x10/0x10
[   93.733595][ T4361]  ? lock_release+0x1d9/0x240
[   93.733598][ T4361]  ? srso_alias_return_thunk+0x5/0xfbef5
[   93.733603][ T4361]  ? lock_release+0x1d9/0x240
[   93.733609][ T4361]  __x64_sys_ioctl+0x134/0x1c0
[   93.733616][ T4361]  do_syscall_64+0x6d/0x310
[   93.733622][ T4361]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   93.733626][ T4361] RIP: 0033:0x7fd732b8eec9
[   93.733631][ T4361] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   93.733635][ T4361] RSP: 002b:00007fd733a8a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   93.733640][ T4361] RAX: ffffffffffffffda RBX: 00007fd732de5fa0 RCX: 00007fd732b8eec9
[   93.733643][ T4361] RDX: 00002000000001c0 RSI: 0000000041009432 RDI: 0000000000000004
[   93.733645][ T4361] RBP: 00007fd732c11f91 R08: 0000000000000000 R09: 0000000000000000
[   93.733648][ T4361] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   93.733650][ T4361] R13: 00007fd732de6038 R14: 00007fd732de5fa0 R15: 00007ffce0ec7b18
[   93.733656][ T4361]  </TASK>
[   93.733658][ T4361] 
[   93.963208][ T4361] The buggy address belongs to stack of task syz.3.22/4361
[   93.970364][ T4361]  and is located at offset 960 in frame:
[   93.976042][ T4361]  exfat_ioctl_set_volume_label+0x0/0x1c0
[   93.982168][ T4361] 
[   93.984462][ T4361] This frame has 3 objects:
[   93.988925][ T4361]  [32, 36) 'lossy'
[   93.988931][ T4361]  [48, 568) 'uniname'
[   93.992715][ T4361]  [704, 960) 'label'
[   93.996742][ T4361] 
[   94.002967][ T4361] The buggy address belongs to a 8-page vmalloc region starting at 0xffffc90003d10000 allocated at kernel_clone+0xcc/0x830
[   94.015693][ T4361] The buggy address belongs to the physical page:
[   94.022242][ T4361] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff88807183e0f0 pfn:0x7183e
[   94.032450][ T4361] memcg:ffff88801e323902
[   94.036654][ T4361] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[   94.043725][ T4361] raw: 00fff00000000000 0000000000000000 dead000000000122 0000000000000000
[   94.052269][ T4361] raw: ffff88807183e0f0 0000000000000000 00000001ffffffff ffff88801e323902
[   94.060985][ T4361] page dumped because: kasan: bad access detected
[   94.067360][ T4361] page_owner tracks the page as allocated
[   94.073038][ T4361] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2dc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_ZERO|__GFP_NOWARN), pid 4360, tgid 4360 (syz.3.22), ts 93667079600, free_ts 91828864380
[   94.091834][ T4361]  post_alloc_hook+0x168/0x1d0
[   94.096567][ T4361]  get_page_from_freelist+0xf32/0x2fd0
[   94.101988][ T4361]  __alloc_frozen_pages_noprof+0x20c/0x470
[   94.107760][ T4361]  alloc_pages_mpol+0x135/0x400
[   94.112576][ T4361]  alloc_pages_noprof+0xe9/0x2a0
[   94.117476][ T4361]  __vmalloc_node_range_noprof+0x51b/0x1000
[   94.123330][ T4361]  __vmalloc_node_noprof+0x89/0x100
[   94.128490][ T4361]  copy_process+0x2357/0x6210
[   94.133130][ T4361]  kernel_clone+0xcc/0x830
[   94.137515][ T4361]  __do_sys_clone3+0x16c/0x1b0
[   94.142238][ T4361]  do_syscall_64+0x6d/0x310
[   94.146705][ T4361]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   94.152559][ T4361] page last free pid 4295 tgid 4295 stack trace:
[   94.158847][ T4361]  __free_frozen_pages+0x811/0x1130
[   94.164016][ T4361]  __put_partials+0x159/0x1b0
[   94.168654][ T4361]  qlist_free_all+0x4d/0x120
[   94.173205][ T4361]  kasan_quarantine_reduce+0x184/0x1b0
[   94.178624][ T4361]  __kasan_slab_alloc+0x69/0x90
[   94.183433][ T4361]  kmem_cache_alloc_lru_noprof+0x1ce/0x400
[   94.189202][ T4361]  shmem_alloc_inode+0x1c/0x30
[   94.193933][ T4361]  alloc_inode+0x5a/0x1f0
[   94.198228][ T4361]  new_inode+0x13/0x180
[   94.202348][ T4361]  shmem_get_inode+0x140/0xde0
[   94.207075][ T4361]  shmem_mknod+0x144/0x3b0
[   94.211452][ T4361]  lookup_open.isra.0+0xf5a/0x1630
[   94.216524][ T4361]  path_openat+0xf1d/0x2bb0
[   94.220986][ T4361]  do_filp_open+0x1e2/0x430
[   94.225452][ T4361]  do_sys_openat2+0xe8/0x170
[   94.230004][ T4361]  __x64_sys_openat+0x133/0x1d0
[   94.234816][ T4361] 
[   94.237105][ T4361] Memory state around the buggy address:
[   94.242695][ T4361]  ffffc90003d17b80: f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 00 00 00 00
[   94.250716][ T4361]  ffffc90003d17c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   94.258737][ T4361] >ffffc90003d17c80: 00 00 00 00 00 00 00 00 00 00 00 00 f3 f3 f3 f3
[   94.266930][ T4361]                                                        ^
[   94.274085][ T4361]  ffffc90003d17d00: f3 f3 f3 f3 00 00 00 00 00 00 00 00 00 00 00 00
[   94.282108][ T4361]  ffffc90003d17d80: 00 00 00 00 00 00 f1 f1 f1 f1 f1 f1 00 00 00 f2
[   94.290131][ T4361] ==================================================================
[   94.312367][ T4363] loop3: detected capacity change from 0 to 256
[   94.320555][ T4363] exfat: Deprecated parameter 'namecase'
[   94.333202][ T4363] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0x5441951d, utbl_chksum : 0xe619d30d)
[   94.352429][ T4363] ==================================================================
[   94.360489][ T4363] BUG: KASAN: stack-out-of-bounds in exfat_nls_to_ucs2+0x732/0x800
[   94.368448][ T4363] Read of size 1 at addr ffffc90003d47ce0 by task syz.3.23/4363
[   94.376046][ T4363] 
[   94.378374][ T4363] CPU: 1 UID: 0 PID: 4363 Comm: syz.3.23 Tainted: G    B               syzkaller #0 PREEMPT(full) 
[   94.378382][ T4363] Tainted: [B]=BAD_PAGE
[   94.378384][ T4363] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[   94.378386][ T4363] Call Trace:
[   94.378391][ T4363]  <TASK>
[   94.378393][ T4363]  dump_stack_lvl+0x5a/0x90
[   94.378403][ T4363]  print_report+0xcd/0x630
[   94.378410][ T4363]  ? lock_acquire+0x16b/0x190
[   94.378416][ T4363]  ? exfat_nls_to_ucs2+0x732/0x800
[   94.378422][ T4363]  kasan_report+0xe0/0x110
[   94.378427][ T4363]  ? exfat_nls_to_ucs2+0x732/0x800
[   94.378432][ T4363]  exfat_nls_to_ucs2+0x732/0x800
[   94.378439][ T4363]  ? __pfx_exfat_nls_to_ucs2+0x10/0x10
[   94.378443][ T4363]  ? srso_alias_return_thunk+0x5/0xfbef5
[   94.378457][ T4363]  ? srso_alias_return_thunk+0x5/0xfbef5
[   94.378461][ T4363]  ? cap_capable+0x159/0x2d0
[   94.378469][ T4363]  exfat_ioctl_set_volume_label+0x18a/0x1c0
[   94.378474][ T4363]  ? __pfx_exfat_ioctl_set_volume_label+0x10/0x10
[   94.378479][ T4363]  ? stack_depot_save_flags+0x25/0x8d0
[   94.378495][ T4363]  ? srso_alias_return_thunk+0x5/0xfbef5
[   94.378506][ T4363]  exfat_ioctl+0x857/0x1390
[   94.378513][ T4363]  ? __pfx_exfat_ioctl+0x10/0x10
[   94.378517][ T4363]  ? __pfx_do_futex+0x10/0x10
[   94.378522][ T4363]  ? lock_release+0x1d9/0x240
[   94.378526][ T4363]  ? srso_alias_return_thunk+0x5/0xfbef5
[   94.378531][ T4363]  ? lock_release+0x1d9/0x240
[   94.378537][ T4363]  __x64_sys_ioctl+0x134/0x1c0
[   94.378544][ T4363]  do_syscall_64+0x6d/0x310
[   94.378550][ T4363]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   94.378554][ T4363] RIP: 0033:0x7fd732b8eec9
[   94.378559][ T4363] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   94.378563][ T4363] RSP: 002b:00007fd733a8a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   94.378568][ T4363] RAX: ffffffffffffffda RBX: 00007fd732de5fa0 RCX: 00007fd732b8eec9
[   94.378571][ T4363] RDX: 00002000000001c0 RSI: 0000000041009432 RDI: 0000000000000004
[   94.378574][ T4363] RBP: 00007fd732c11f91 R08: 0000000000000000 R09: 0000000000000000
[   94.378576][ T4363] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   94.378578][ T4363] R13: 00007fd732de6038 R14: 00007fd732de5fa0 R15: 00007ffce0ec7b18
[   94.378584][ T4363]  </TASK>
[   94.378586][ T4363] 
[   94.608317][ T4363] The buggy address belongs to stack of task syz.3.23/4363
[   94.615475][ T4363]  and is located at offset 960 in frame:
[   94.621238][ T4363]  exfat_ioctl_set_volume_label+0x0/0x1c0
[   94.626923][ T4363] 
[   94.629212][ T4363] This frame has 3 objects:
[   94.633674][ T4363]  [32, 36) 'lossy'
[   94.633679][ T4363]  [48, 568) 'uniname'
[   94.637447][ T4363]  [704, 960) 'label'
[   94.641477][ T4363] 
[   94.647701][ T4363] The buggy address belongs to a 8-page vmalloc region starting at 0xffffc90003d40000 allocated at kernel_clone+0xcc/0x830
[   94.660514][ T4363] The buggy address belongs to the physical page:
[   94.666888][ T4363] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff888000000000 pfn:0x137d8
[   94.676906][ T4363] memcg:ffff88801e323902
[   94.681108][ T4363] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[   94.688183][ T4363] raw: 00fff00000000000 0000000000000000 dead000000000122 0000000000000000
[   94.696728][ T4363] raw: ffff888000000000 0000000000000000 00000001ffffffff ffff88801e323902
[   94.705358][ T4363] page dumped because: kasan: bad access detected
[   94.711731][ T4363] page_owner tracks the page as allocated
[   94.717408][ T4363] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2dc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_ZERO|__GFP_NOWARN), pid 4362, tgid 4362 (syz.3.23), ts 94310438422, free_ts 91182584496
[   94.736219][ T4363]  post_alloc_hook+0x168/0x1d0
[   94.740950][ T4363]  get_page_from_freelist+0xf32/0x2fd0
[   94.746373][ T4363]  __alloc_frozen_pages_noprof+0x20c/0x470
[   94.752157][ T4363]  alloc_pages_mpol+0x135/0x400
[   94.756971][ T4363]  alloc_pages_noprof+0xe9/0x2a0
[   94.761957][ T4363]  __vmalloc_node_range_noprof+0x51b/0x1000
[   94.767898][ T4363]  __vmalloc_node_noprof+0x89/0x100
[   94.773057][ T4363]  copy_process+0x2357/0x6210
[   94.777699][ T4363]  kernel_clone+0xcc/0x830
[   94.782076][ T4363]  __do_sys_clone3+0x16c/0x1b0
[   94.786801][ T4363]  do_syscall_64+0x6d/0x310
[   94.791277][ T4363]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   94.797139][ T4363] page last free pid 4353 tgid 4352 stack trace:
[   94.803429][ T4363]  __free_frozen_pages+0x811/0x1130
[   94.808593][ T4363]  tlb_remove_table_rcu+0xc5/0x120
[   94.813668][ T4363]  rcu_core+0xb22/0x1460
[   94.817870][ T4363]  handle_softirqs+0x1b8/0x670
[   94.822596][ T4363]  __irq_exit_rcu+0xf0/0x150
[   94.827148][ T4363]  sysvec_apic_timer_interrupt+0x90/0xb0
[   94.832747][ T4363]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[   94.838689][ T4363] 
[   94.840978][ T4363] Memory state around the buggy address:
[   94.846573][ T4363]  ffffc90003d47b80: f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 00 00 00 00
[   94.854604][ T4363]  ffffc90003d47c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   94.862627][ T4363] >ffffc90003d47c80: 00 00 00 00 00 00 00 00 00 00 00 00 f3 f3 f3 f3
[   94.870646][ T4363]                                                        ^
[   94.877800][ T4363]  ffffc90003d47d00: f3 f3 f3 f3 00 00 00 00 00 00 00 00 00 00 00 00
[   94.885909][ T4363]  ffffc90003d47d80: 00 00 00 00 00 00 f1 f1 f1 f1 f1 f1 00 00 00 f2
[   94.893930][ T4363] ==================================================================
[   94.917084][ T4365] loop3: detected capacity change from 0 to 256
[   94.925696][ T4365] exfat: Deprecated parameter 'namecase'
[   94.937644][ T4365] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0x5441951d, utbl_chksum : 0xe619d30d)
[   94.952738][ T4365] ==================================================================
[   94.960783][ T4365] BUG: KASAN: stack-out-of-bounds in exfat_nls_to_ucs2+0x732/0x800
[   94.968651][ T4365] Read of size 1 at addr ffffc90003d57ce0 by task syz.3.24/4365
[   94.976248][ T4365] 
[   94.978541][ T4365] CPU: 1 UID: 0 PID: 4365 Comm: syz.3.24 Tainted: G    B               syzkaller #0 PREEMPT(full) 
[   94.978548][ T4365] Tainted: [B]=BAD_PAGE
[   94.978551][ T4365] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[   94.978553][ T4365] Call Trace:
[   94.978557][ T4365]  <TASK>
[   94.978559][ T4365]  dump_stack_lvl+0x5a/0x90
[   94.978569][ T4365]  print_report+0xcd/0x630
[   94.978575][ T4365]  ? lock_acquire+0x16b/0x190
[   94.978581][ T4365]  ? exfat_nls_to_ucs2+0x732/0x800
[   94.978587][ T4365]  kasan_report+0xe0/0x110
[   94.978592][ T4365]  ? exfat_nls_to_ucs2+0x732/0x800
[   94.978597][ T4365]  exfat_nls_to_ucs2+0x732/0x800
[   94.978604][ T4365]  ? __pfx_exfat_nls_to_ucs2+0x10/0x10
[   94.978608][ T4365]  ? srso_alias_return_thunk+0x5/0xfbef5
[   94.978622][ T4365]  ? srso_alias_return_thunk+0x5/0xfbef5
[   94.978625][ T4365]  ? cap_capable+0x159/0x2d0
[   94.978634][ T4365]  exfat_ioctl_set_volume_label+0x18a/0x1c0
[   94.978639][ T4365]  ? __pfx_exfat_ioctl_set_volume_label+0x10/0x10
[   94.978644][ T4365]  ? stack_depot_save_flags+0x25/0x8d0
[   94.978660][ T4365]  ? srso_alias_return_thunk+0x5/0xfbef5
[   94.978671][ T4365]  exfat_ioctl+0x857/0x1390
[   94.978677][ T4365]  ? __pfx_exfat_ioctl+0x10/0x10
[   94.978682][ T4365]  ? __pfx_do_futex+0x10/0x10
[   94.978687][ T4365]  ? lock_release+0x1d9/0x240
[   94.978691][ T4365]  ? srso_alias_return_thunk+0x5/0xfbef5
[   94.978696][ T4365]  ? lock_release+0x1d9/0x240
[   94.978701][ T4365]  __x64_sys_ioctl+0x134/0x1c0
[   94.978708][ T4365]  do_syscall_64+0x6d/0x310
[   94.978714][ T4365]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   94.978718][ T4365] RIP: 0033:0x7fd732b8eec9
[   94.978723][ T4365] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   94.978726][ T4365] RSP: 002b:00007fd733a8a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   94.978731][ T4365] RAX: ffffffffffffffda RBX: 00007fd732de5fa0 RCX: 00007fd732b8eec9
[   94.978734][ T4365] RDX: 00002000000001c0 RSI: 0000000041009432 RDI: 0000000000000004
[   94.978737][ T4365] RBP: 00007fd732c11f91 R08: 0000000000000000 R09: 0000000000000000
[   94.978740][ T4365] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   94.978742][ T4365] R13: 00007fd732de6038 R14: 00007fd732de5fa0 R15: 00007ffce0ec7b18
[   94.978748][ T4365]  </TASK>
[   94.978750][ T4365] 
[   95.208428][ T4365] The buggy address belongs to stack of task syz.3.24/4365
[   95.215584][ T4365]  and is located at offset 960 in frame:
[   95.221262][ T4365]  exfat_ioctl_set_volume_label+0x0/0x1c0
[   95.226948][ T4365] 
[   95.229323][ T4365] This frame has 3 objects:
[   95.233788][ T4365]  [32, 36) 'lossy'
[   95.233793][ T4365]  [48, 568) 'uniname'
[   95.237561][ T4365]  [704, 960) 'label'
[   95.241588][ T4365] 
[   95.247916][ T4365] The buggy address belongs to a 8-page vmalloc region starting at 0xffffc90003d50000 allocated at kernel_clone+0xcc/0x830
[   95.260641][ T4365] The buggy address belongs to the physical page:
[   95.267014][ T4365] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff88805f228780 pfn:0x5f228
[   95.277036][ T4365] memcg:ffff88801e323902
[   95.281241][ T4365] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[   95.288399][ T4365] raw: 00fff00000000000 0000000000000000 dead000000000122 0000000000000000
[   95.297020][ T4365] raw: ffff88805f228780 0000000000000000 00000001ffffffff ffff88801e323902
[   95.305571][ T4365] page dumped because: kasan: bad access detected
[   95.312031][ T4365] page_owner tracks the page as allocated
[   95.317706][ T4365] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2dc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_ZERO|__GFP_NOWARN), pid 4364, tgid 4364 (syz.3.24), ts 94915170789, free_ts 90584324852
[   95.336497][ T4365]  post_alloc_hook+0x168/0x1d0
[   95.341231][ T4365]  get_page_from_freelist+0xf32/0x2fd0
[   95.346655][ T4365]  __alloc_frozen_pages_noprof+0x20c/0x470
[   95.352422][ T4365]  alloc_pages_mpol+0x135/0x400
[   95.357235][ T4365]  alloc_pages_noprof+0xe9/0x2a0
[   95.362132][ T4365]  __vmalloc_node_range_noprof+0x51b/0x1000
[   95.367985][ T4365]  __vmalloc_node_noprof+0x89/0x100
[   95.373327][ T4365]  copy_process+0x2357/0x6210
[   95.377966][ T4365]  kernel_clone+0xcc/0x830
[   95.382342][ T4365]  __do_sys_clone3+0x16c/0x1b0
[   95.387152][ T4365]  do_syscall_64+0x6d/0x310
[   95.391625][ T4365]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   95.397479][ T4365] page last free pid 23 tgid 23 stack trace:
[   95.403420][ T4365]  __free_frozen_pages+0x811/0x1130
[   95.408579][ T4365]  rcu_core+0xb22/0x1460
[   95.412779][ T4365]  handle_softirqs+0x1b8/0x670
[   95.417500][ T4365]  run_ksoftirqd+0x2e/0x40
[   95.421873][ T4365]  smpboot_thread_fn+0x2e9/0x850
[   95.426768][ T4365]  kthread+0x35d/0x6a0
[   95.430801][ T4365]  ret_from_fork+0x2bb/0x340
[   95.435352][ T4365]  ret_from_fork_asm+0x1a/0x30
[   95.440189][ T4365] 
[   95.442492][ T4365] Memory state around the buggy address:
[   95.448087][ T4365]  ffffc90003d57b80: f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 00 00 00 00
[   95.456110][ T4365]  ffffc90003d57c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   95.464131][ T4365] >ffffc90003d57c80: 00 00 00 00 00 00 00 00 00 00 00 00 f3 f3 f3 f3
[   95.472162][ T4365]                                                        ^
[   95.479319][ T4365]  ffffc90003d57d00: f3 f3 f3 f3 00 00 00 00 00 00 00 00 00 00 00 00
[   95.487430][ T4365]  ffffc90003d57d80: 00 00 00 00 00 00 f1 f1 f1 f1 f1 f1 00 00 00 f2
[   95.495452][ T4365] ==================================================================
[   95.522551][ T4367] loop3: detected capacity change from 0 to 256
[   95.529477][ T4367] exfat: Deprecated parameter 'namecase'
[   95.538681][ T4367] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0x5441951d, utbl_chksum : 0xe619d30d)
[   95.553572][ T4367] ==================================================================
[   95.561620][ T4367] BUG: KASAN: stack-out-of-bounds in exfat_nls_to_ucs2+0x732/0x800
[   95.569483][ T4367] Read of size 1 at addr ffffc90003d67ce0 by task syz.3.25/4367
[   95.577077][ T4367] 
[   95.579376][ T4367] CPU: 1 UID: 0 PID: 4367 Comm: syz.3.25 Tainted: G    B               syzkaller #0 PREEMPT(full) 
[   95.579385][ T4367] Tainted: [B]=BAD_PAGE
[   95.579387][ T4367] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[   95.579392][ T4367] Call Trace:
[   95.579395][ T4367]  <TASK>
[   95.579398][ T4367]  dump_stack_lvl+0x5a/0x90
[   95.579410][ T4367]  print_report+0xcd/0x630
[   95.579418][ T4367]  ? lock_acquire+0x16b/0x190
[   95.579426][ T4367]  ? exfat_nls_to_ucs2+0x732/0x800
[   95.579433][ T4367]  kasan_report+0xe0/0x110
[   95.579439][ T4367]  ? exfat_nls_to_ucs2+0x732/0x800
[   95.579447][ T4367]  exfat_nls_to_ucs2+0x732/0x800
[   95.579455][ T4367]  ? __pfx_exfat_nls_to_ucs2+0x10/0x10
[   95.579461][ T4367]  ? srso_alias_return_thunk+0x5/0xfbef5
[   95.579479][ T4367]  ? srso_alias_return_thunk+0x5/0xfbef5
[   95.579484][ T4367]  ? cap_capable+0x159/0x2d0
[   95.579494][ T4367]  exfat_ioctl_set_volume_label+0x18a/0x1c0
[   95.579501][ T4367]  ? __pfx_exfat_ioctl_set_volume_label+0x10/0x10
[   95.579507][ T4367]  ? stack_depot_save_flags+0x25/0x8d0
[   95.579529][ T4367]  ? srso_alias_return_thunk+0x5/0xfbef5
[   95.579544][ T4367]  exfat_ioctl+0x857/0x1390
[   95.579552][ T4367]  ? __pfx_exfat_ioctl+0x10/0x10
[   95.579558][ T4367]  ? __pfx_do_futex+0x10/0x10
[   95.579564][ T4367]  ? lock_release+0x1d9/0x240
[   95.579569][ T4367]  ? srso_alias_return_thunk+0x5/0xfbef5
[   95.579576][ T4367]  ? lock_release+0x1d9/0x240
[   95.579583][ T4367]  __x64_sys_ioctl+0x134/0x1c0
[   95.579592][ T4367]  do_syscall_64+0x6d/0x310
[   95.579600][ T4367]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   95.579606][ T4367] RIP: 0033:0x7fd732b8eec9
[   95.579612][ T4367] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   95.579618][ T4367] RSP: 002b:00007fd733a8a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   95.579624][ T4367] RAX: ffffffffffffffda RBX: 00007fd732de5fa0 RCX: 00007fd732b8eec9
[   95.579628][ T4367] RDX: 00002000000001c0 RSI: 0000000041009432 RDI: 0000000000000004
[   95.579632][ T4367] RBP: 00007fd732c11f91 R08: 0000000000000000 R09: 0000000000000000
[   95.579634][ T4367] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   95.579637][ T4367] R13: 00007fd732de6038 R14: 00007fd732de5fa0 R15: 00007ffce0ec7b18
[   95.579643][ T4367]  </TASK>
[   95.579645][ T4367] 
[   95.809574][ T4367] The buggy address belongs to stack of task syz.3.25/4367
[   95.816731][ T4367]  and is located at offset 960 in frame:
[   95.822409][ T4367]  exfat_ioctl_set_volume_label+0x0/0x1c0
[   95.828096][ T4367] 
[   95.830388][ T4367] This frame has 3 objects:
[   95.834855][ T4367]  [32, 36) 'lossy'
[   95.834861][ T4367]  [48, 568) 'uniname'
[   95.838633][ T4367]  [704, 960) 'label'
[   95.842676][ T4367] 
[   95.848911][ T4367] The buggy address belongs to a 8-page vmalloc region starting at 0xffffc90003d60000 allocated at kernel_clone+0xcc/0x830
[   95.861641][ T4367] The buggy address belongs to the physical page:
[   95.868036][ T4367] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff88801e7040f0 pfn:0x1e704
[   95.878071][ T4367] memcg:ffff88801e323902
[   95.882275][ T4367] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[   95.889352][ T4367] raw: 00fff00000000000 0000000000000000 dead000000000122 0000000000000000
[   95.897895][ T4367] raw: ffff88801e7040f0 0000000000000000 00000001ffffffff ffff88801e323902
[   95.906447][ T4367] page dumped because: kasan: bad access detected
[   95.912819][ T4367] page_owner tracks the page as allocated
[   95.918494][ T4367] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2dc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_ZERO|__GFP_NOWARN), pid 4366, tgid 4366 (syz.3.25), ts 95519945775, free_ts 95504062039
[   95.937287][ T4367]  post_alloc_hook+0x168/0x1d0
[   95.942015][ T4367]  get_page_from_freelist+0xf32/0x2fd0
[   95.947434][ T4367]  __alloc_frozen_pages_noprof+0x20c/0x470
[   95.953198][ T4367]  alloc_pages_mpol+0x135/0x400
[   95.958013][ T4367]  alloc_pages_noprof+0xe9/0x2a0
[   95.962909][ T4367]  __vmalloc_node_range_noprof+0x51b/0x1000
[   95.969025][ T4367]  __vmalloc_node_noprof+0x89/0x100
[   95.974341][ T4367]  copy_process+0x2357/0x6210
[   95.978981][ T4367]  kernel_clone+0xcc/0x830
[   95.983443][ T4367]  __do_sys_clone3+0x16c/0x1b0
[   95.988170][ T4367]  do_syscall_64+0x6d/0x310
[   95.992635][ T4367]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   95.998498][ T4367] page last free pid 4365 tgid 4364 stack trace:
[   96.004781][ T4367]  __free_frozen_pages+0x811/0x1130
[   96.009946][ T4367]  tlb_remove_table_rcu+0xc5/0x120
[   96.015046][ T4367]  rcu_core+0xb22/0x1460
[   96.019248][ T4367]  handle_softirqs+0x1b8/0x670
[   96.023974][ T4367]  __irq_exit_rcu+0xf0/0x150
[   96.028524][ T4367]  sysvec_apic_timer_interrupt+0x90/0xb0
[   96.034120][ T4367]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[   96.040060][ T4367] 
[   96.042349][ T4367] Memory state around the buggy address:
[   96.047937][ T4367]  ffffc90003d67b80: f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 00 00 00 00
[   96.055973][ T4367]  ffffc90003d67c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   96.064005][ T4367] >ffffc90003d67c80: 00 00 00 00 00 00 00 00 00 00 00 00 f3 f3 f3 f3
2025/10/13 05:14:21 executed programs: 10
[   96.072030][ T4367]                                                        ^
[   96.079187][ T4367]  ffffc90003d67d00: f3 f3 f3 f3 00 00 00 00 00 00 00 00 00 00 00 00
[   96.087219][ T4367]  ffffc90003d67d80: 00 00 00 00 00 00 f1 f1 f1 f1 f1 f1 00 00 00 f2
[   96.095242][ T4367] ==================================================================
[   96.118642][ T4369] loop3: detected capacity change from 0 to 256
[   96.130826][ T4369] exfat: Deprecated parameter 'namecase'
[   96.139144][ T4369] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0x5441951d, utbl_chksum : 0xe619d30d)
[   96.152592][ T4369] ==================================================================
[   96.160634][ T4369] BUG: KASAN: stack-out-of-bounds in exfat_nls_to_ucs2+0x732/0x800
[   96.168503][ T4369] Read of size 1 at addr ffffc90003d77ce0 by task syz.3.26/4369
[   96.176107][ T4369] 
[   96.178433][ T4369] CPU: 1 UID: 0 PID: 4369 Comm: syz.3.26 Tainted: G    B               syzkaller #0 PREEMPT(full) 
[   96.178441][ T4369] Tainted: [B]=BAD_PAGE
[   96.178444][ T4369] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[   96.178446][ T4369] Call Trace:
[   96.178450][ T4369]  <TASK>
[   96.178452][ T4369]  dump_stack_lvl+0x5a/0x90
[   96.178462][ T4369]  print_report+0xcd/0x630
[   96.178469][ T4369]  ? lock_acquire+0x16b/0x190
[   96.178475][ T4369]  ? exfat_nls_to_ucs2+0x732/0x800
[   96.178481][ T4369]  kasan_report+0xe0/0x110
[   96.178486][ T4369]  ? exfat_nls_to_ucs2+0x732/0x800
[   96.178492][ T4369]  exfat_nls_to_ucs2+0x732/0x800
[   96.178499][ T4369]  ? __pfx_exfat_nls_to_ucs2+0x10/0x10
[   96.178503][ T4369]  ? srso_alias_return_thunk+0x5/0xfbef5
[   96.178517][ T4369]  ? srso_alias_return_thunk+0x5/0xfbef5
[   96.178520][ T4369]  ? cap_capable+0x159/0x2d0
[   96.178528][ T4369]  exfat_ioctl_set_volume_label+0x18a/0x1c0
[   96.178533][ T4369]  ? __pfx_exfat_ioctl_set_volume_label+0x10/0x10
[   96.178538][ T4369]  ? stack_depot_save_flags+0x25/0x8d0
[   96.178555][ T4369]  ? srso_alias_return_thunk+0x5/0xfbef5
[   96.178564][ T4369]  ? __pfx_futex_wake+0x10/0x10
[   96.178569][ T4369]  ? srso_alias_return_thunk+0x5/0xfbef5
[   96.178574][ T4369]  exfat_ioctl+0x857/0x1390
[   96.178581][ T4369]  ? __pfx_exfat_ioctl+0x10/0x10
[   96.178585][ T4369]  ? __pfx_do_futex+0x10/0x10
[   96.178589][ T4369]  ? lock_release+0x1d9/0x240
[   96.178593][ T4369]  ? srso_alias_return_thunk+0x5/0xfbef5
[   96.178598][ T4369]  ? lock_release+0x1d9/0x240
[   96.178604][ T4369]  __x64_sys_ioctl+0x134/0x1c0
[   96.178610][ T4369]  do_syscall_64+0x6d/0x310
[   96.178616][ T4369]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   96.178620][ T4369] RIP: 0033:0x7fd732b8eec9
[   96.178626][ T4369] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   96.178629][ T4369] RSP: 002b:00007fd733a8a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   96.178634][ T4369] RAX: ffffffffffffffda RBX: 00007fd732de5fa0 RCX: 00007fd732b8eec9
[   96.178637][ T4369] RDX: 00002000000001c0 RSI: 0000000041009432 RDI: 0000000000000004
[   96.178640][ T4369] RBP: 00007fd732c11f91 R08: 0000000000000000 R09: 0000000000000000
[   96.178642][ T4369] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   96.178645][ T4369] R13: 00007fd732de6038 R14: 00007fd732de5fa0 R15: 00007ffce0ec7b18
[   96.178650][ T4369]  </TASK>
[   96.178653][ T4369] 
[   96.418343][ T4369] The buggy address belongs to stack of task syz.3.26/4369
[   96.425585][ T4369]  and is located at offset 960 in frame:
[   96.431261][ T4369]  exfat_ioctl_set_volume_label+0x0/0x1c0
[   96.436946][ T4369] 
[   96.439234][ T4369] This frame has 3 objects:
[   96.443702][ T4369]  [32, 36) 'lossy'
[   96.443708][ T4369]  [48, 568) 'uniname'
[   96.447474][ T4369]  [704, 960) 'label'
[   96.451501][ T4369] 
[   96.457725][ T4369] The buggy address belongs to a 8-page vmalloc region starting at 0xffffc90003d70000 allocated at kernel_clone+0xcc/0x830
[   96.470450][ T4369] The buggy address belongs to the physical page:
[   96.476824][ T4369] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff88805ece2b40 pfn:0x5ece2
[   96.486850][ T4369] memcg:ffff88801e323902
[   96.491054][ T4369] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[   96.498126][ T4369] raw: 00fff00000000000 0000000000000000 dead000000000122 0000000000000000
[   96.506674][ T4369] raw: ffff88805ece2b40 0000000000000000 00000001ffffffff ffff88801e323902
[   96.515220][ T4369] page dumped because: kasan: bad access detected
[   96.521595][ T4369] page_owner tracks the page as allocated
[   96.527270][ T4369] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2dc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_ZERO|__GFP_NOWARN), pid 4368, tgid 4368 (syz.3.26), ts 96116715959, free_ts 96104706584
[   96.546070][ T4369]  post_alloc_hook+0x168/0x1d0
[   96.550804][ T4369]  get_page_from_freelist+0xf32/0x2fd0
[   96.556235][ T4369]  __alloc_frozen_pages_noprof+0x20c/0x470
[   96.562011][ T4369]  alloc_pages_mpol+0x135/0x400
[   96.566830][ T4369]  alloc_pages_noprof+0xe9/0x2a0
[   96.571729][ T4369]  __vmalloc_node_range_noprof+0x51b/0x1000
[   96.577676][ T4369]  __vmalloc_node_noprof+0x89/0x100
[   96.582835][ T4369]  copy_process+0x2357/0x6210
[   96.587569][ T4369]  kernel_clone+0xcc/0x830
[   96.591944][ T4369]  __do_sys_clone3+0x16c/0x1b0
[   96.596669][ T4369]  do_syscall_64+0x6d/0x310
[   96.601132][ T4369]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   96.606995][ T4369] page last free pid 2413 tgid 2413 stack trace:
[   96.613465][ T4369]  __free_frozen_pages+0x811/0x1130
[   96.618624][ T4369]  rcu_core+0xb22/0x1460
[   96.622825][ T4369]  handle_softirqs+0x1b8/0x670
[   96.627546][ T4369]  __irq_exit_rcu+0xf0/0x150
[   96.632101][ T4369]  sysvec_apic_timer_interrupt+0x43/0xb0
[   96.637693][ T4369]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[   96.643634][ T4369] 
[   96.645923][ T4369] Memory state around the buggy address:
[   96.651511][ T4369]  ffffc90003d77b80: f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 00 00 00 00
[   96.659624][ T4369]  ffffc90003d77c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   96.667643][ T4369] >ffffc90003d77c80: 00 00 00 00 00 00 00 00 00 00 00 00 f3 f3 f3 f3
[   96.675660][ T4369]                                                        ^
[   96.682898][ T4369]  ffffc90003d77d00: f3 f3 f3 f3 00 00 00 00 00 00 00 00 00 00 00 00
[   96.690926][ T4369]  ffffc90003d77d80: 00 00 00 00 00 00 f1 f1 f1 f1 f1 f1 00 00 00 f2
[   96.698945][ T4369] ==================================================================
[   96.722988][ T4371] loop3: detected capacity change from 0 to 256
[   96.731457][ T4371] exfat: Deprecated parameter 'namecase'
[   96.745652][ T4371] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0x5441951d, utbl_chksum : 0xe619d30d)
[   96.759495][ T4371] ==================================================================
[   96.767535][ T4371] BUG: KASAN: stack-out-of-bounds in exfat_nls_to_ucs2+0x732/0x800
[   96.775400][ T4371] Read of size 1 at addr ffffc90003d87ce0 by task syz.3.27/4371
[   96.782988][ T4371] 
[   96.785280][ T4371] CPU: 1 UID: 0 PID: 4371 Comm: syz.3.27 Tainted: G    B               syzkaller #0 PREEMPT(full) 
[   96.785287][ T4371] Tainted: [B]=BAD_PAGE
[   96.785289][ T4371] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[   96.785292][ T4371] Call Trace:
[   96.785295][ T4371]  <TASK>
[   96.785298][ T4371]  dump_stack_lvl+0x5a/0x90
[   96.785307][ T4371]  print_report+0xcd/0x630
[   96.785313][ T4371]  ? lock_acquire+0x16b/0x190
[   96.785320][ T4371]  ? exfat_nls_to_ucs2+0x732/0x800
[   96.785326][ T4371]  kasan_report+0xe0/0x110
[   96.785331][ T4371]  ? exfat_nls_to_ucs2+0x732/0x800
[   96.785337][ T4371]  exfat_nls_to_ucs2+0x732/0x800
[   96.785343][ T4371]  ? __pfx_exfat_nls_to_ucs2+0x10/0x10
[   96.785347][ T4371]  ? srso_alias_return_thunk+0x5/0xfbef5
[   96.785361][ T4371]  ? srso_alias_return_thunk+0x5/0xfbef5
[   96.785365][ T4371]  ? cap_capable+0x159/0x2d0
[   96.785373][ T4371]  exfat_ioctl_set_volume_label+0x18a/0x1c0
[   96.785379][ T4371]  ? __pfx_exfat_ioctl_set_volume_label+0x10/0x10
[   96.785384][ T4371]  ? stack_depot_save_flags+0x25/0x8d0
[   96.785400][ T4371]  ? srso_alias_return_thunk+0x5/0xfbef5
[   96.785409][ T4371]  ? __pfx_futex_wake+0x10/0x10
[   96.785414][ T4371]  ? srso_alias_return_thunk+0x5/0xfbef5
[   96.785419][ T4371]  exfat_ioctl+0x857/0x1390
[   96.785425][ T4371]  ? __pfx_exfat_ioctl+0x10/0x10
[   96.785430][ T4371]  ? __pfx_do_futex+0x10/0x10
[   96.785435][ T4371]  ? lock_release+0x1d9/0x240
[   96.785438][ T4371]  ? srso_alias_return_thunk+0x5/0xfbef5
[   96.785443][ T4371]  ? lock_release+0x1d9/0x240
[   96.785449][ T4371]  __x64_sys_ioctl+0x134/0x1c0
[   96.785456][ T4371]  do_syscall_64+0x6d/0x310
[   96.785462][ T4371]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   96.785466][ T4371] RIP: 0033:0x7fd732b8eec9
[   96.785471][ T4371] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   96.785475][ T4371] RSP: 002b:00007fd733a8a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   96.785480][ T4371] RAX: ffffffffffffffda RBX: 00007fd732de5fa0 RCX: 00007fd732b8eec9
[   96.785483][ T4371] RDX: 00002000000001c0 RSI: 0000000041009432 RDI: 0000000000000004
[   96.785486][ T4371] RBP: 00007fd732c11f91 R08: 0000000000000000 R09: 0000000000000000
[   96.785488][ T4371] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   96.785490][ T4371] R13: 00007fd732de6038 R14: 00007fd732de5fa0 R15: 00007ffce0ec7b18
[   96.785496][ T4371]  </TASK>
[   96.785498][ T4371] 
[   97.025504][ T4371] The buggy address belongs to stack of task syz.3.27/4371
[   97.032659][ T4371]  and is located at offset 960 in frame:
[   97.038343][ T4371]  exfat_ioctl_set_volume_label+0x0/0x1c0
[   97.044025][ T4371] 
[   97.046314][ T4371] This frame has 3 objects:
[   97.050775][ T4371]  [32, 36) 'lossy'
[   97.050780][ T4371]  [48, 568) 'uniname'
[   97.054546][ T4371]  [704, 960) 'label'
[   97.058571][ T4371] 
[   97.064795][ T4371] The buggy address belongs to a 8-page vmalloc region starting at 0xffffc90003d80000 allocated at kernel_clone+0xcc/0x830
[   97.077522][ T4371] The buggy address belongs to the physical page:
[   97.083898][ T4371] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff888070f80140 pfn:0x70f80
[   97.093946][ T4371] memcg:ffff88801e323902
[   97.098166][ T4371] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[   97.105246][ T4371] raw: 00fff00000000000 0000000000000000 dead000000000122 0000000000000000
[   97.113786][ T4371] raw: ffff888070f80140 0000000000000000 00000001ffffffff ffff88801e323902
[   97.122328][ T4371] page dumped because: kasan: bad access detected
[   97.128699][ T4371] page_owner tracks the page as allocated
[   97.134380][ T4371] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2dc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_ZERO|__GFP_NOWARN), pid 4370, tgid 4370 (syz.3.27), ts 96720071815, free_ts 96708121890
[   97.153179][ T4371]  post_alloc_hook+0x168/0x1d0
[   97.157911][ T4371]  get_page_from_freelist+0xf32/0x2fd0
[   97.163331][ T4371]  __alloc_frozen_pages_noprof+0x20c/0x470
[   97.169104][ T4371]  alloc_pages_mpol+0x135/0x400
[   97.173919][ T4371]  alloc_pages_noprof+0xe9/0x2a0
[   97.178818][ T4371]  __vmalloc_node_range_noprof+0x51b/0x1000
[   97.184675][ T4371]  __vmalloc_node_noprof+0x89/0x100
[   97.189919][ T4371]  copy_process+0x2357/0x6210
[   97.194557][ T4371]  kernel_clone+0xcc/0x830
[   97.198934][ T4371]  __do_sys_clone3+0x16c/0x1b0
[   97.203657][ T4371]  do_syscall_64+0x6d/0x310
[   97.208120][ T4371]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   97.213984][ T4371] page last free pid 23 tgid 23 stack trace:
[   97.219923][ T4371]  __free_frozen_pages+0x811/0x1130
[   97.225085][ T4371]  rcu_core+0xb22/0x1460
[   97.229292][ T4371]  handle_softirqs+0x1b8/0x670
[   97.234016][ T4371]  run_ksoftirqd+0x2e/0x40
[   97.238403][ T4371]  smpboot_thread_fn+0x2e9/0x850
[   97.243343][ T4371]  kthread+0x35d/0x6a0
[   97.247375][ T4371]  ret_from_fork+0x2bb/0x340
[   97.251927][ T4371]  ret_from_fork_asm+0x1a/0x30
[   97.256717][ T4371] 
[   97.259011][ T4371] Memory state around the buggy address:
[   97.264666][ T4371]  ffffc90003d87b80: f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 00 00 00 00
[   97.272691][ T4371]  ffffc90003d87c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   97.280717][ T4371] >ffffc90003d87c80: 00 00 00 00 00 00 00 00 00 00 00 00 f3 f3 f3 f3
[   97.288825][ T4371]                                                        ^
[   97.295979][ T4371]  ffffc90003d87d00: f3 f3 f3 f3 00 00 00 00 00 00 00 00 00 00 00 00
[   97.303998][ T4371]  ffffc90003d87d80: 00 00 00 00 00 00 f1 f1 f1 f1 f1 f1 00 00 00 f2
[   97.312018][ T4371] ==================================================================
[   97.333596][ T4373] loop3: detected capacity change from 0 to 256
[   97.340371][ T4373] exfat: Deprecated parameter 'namecase'
[   97.348806][ T4373] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0x5441951d, utbl_chksum : 0xe619d30d)
[   97.361907][ T4373] ==================================================================
[   97.369955][ T4373] BUG: KASAN: stack-out-of-bounds in exfat_nls_to_ucs2+0x732/0x800
[   97.377825][ T4373] Read of size 1 at addr ffffc90003d97ce0 by task syz.3.28/4373
[   97.385510][ T4373] 
[   97.387815][ T4373] CPU: 1 UID: 0 PID: 4373 Comm: syz.3.28 Tainted: G    B               syzkaller #0 PREEMPT(full) 
[   97.387822][ T4373] Tainted: [B]=BAD_PAGE
[   97.387825][ T4373] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[   97.387828][ T4373] Call Trace:
[   97.387831][ T4373]  <TASK>
[   97.387834][ T4373]  dump_stack_lvl+0x5a/0x90
[   97.387843][ T4373]  print_report+0xcd/0x630
[   97.387850][ T4373]  ? lock_acquire+0x16b/0x190
[   97.387857][ T4373]  ? exfat_nls_to_ucs2+0x732/0x800
[   97.387863][ T4373]  kasan_report+0xe0/0x110
[   97.387868][ T4373]  ? exfat_nls_to_ucs2+0x732/0x800
[   97.387873][ T4373]  exfat_nls_to_ucs2+0x732/0x800
[   97.387880][ T4373]  ? __pfx_exfat_nls_to_ucs2+0x10/0x10
[   97.387884][ T4373]  ? srso_alias_return_thunk+0x5/0xfbef5
[   97.387898][ T4373]  ? srso_alias_return_thunk+0x5/0xfbef5
[   97.387902][ T4373]  ? cap_capable+0x159/0x2d0
[   97.387910][ T4373]  exfat_ioctl_set_volume_label+0x18a/0x1c0
[   97.387916][ T4373]  ? __pfx_exfat_ioctl_set_volume_label+0x10/0x10
[   97.387920][ T4373]  ? stack_depot_save_flags+0x25/0x8d0
[   97.387936][ T4373]  ? srso_alias_return_thunk+0x5/0xfbef5
[   97.387947][ T4373]  exfat_ioctl+0x857/0x1390
[   97.387954][ T4373]  ? __pfx_exfat_ioctl+0x10/0x10
[   97.387958][ T4373]  ? __pfx_do_futex+0x10/0x10
[   97.387964][ T4373]  ? lock_release+0x1d9/0x240
[   97.387967][ T4373]  ? srso_alias_return_thunk+0x5/0xfbef5
[   97.387972][ T4373]  ? lock_release+0x1d9/0x240
[   97.387978][ T4373]  __x64_sys_ioctl+0x134/0x1c0
[   97.387985][ T4373]  do_syscall_64+0x6d/0x310
[   97.387991][ T4373]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   97.387995][ T4373] RIP: 0033:0x7fd732b8eec9
[   97.387999][ T4373] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   97.388003][ T4373] RSP: 002b:00007fd733a8a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   97.388008][ T4373] RAX: ffffffffffffffda RBX: 00007fd732de5fa0 RCX: 00007fd732b8eec9
[   97.388030][ T4373] RDX: 00002000000001c0 RSI: 0000000041009432 RDI: 0000000000000004
[   97.388033][ T4373] RBP: 00007fd732c11f91 R08: 0000000000000000 R09: 0000000000000000
[   97.388036][ T4373] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   97.388038][ T4373] R13: 00007fd732de6038 R14: 00007fd732de5fa0 R15: 00007ffce0ec7b18
[   97.388044][ T4373]  </TASK>
[   97.388046][ T4373] 
[   97.617850][ T4373] The buggy address belongs to stack of task syz.3.28/4373
[   97.625017][ T4373]  and is located at offset 960 in frame:
[   97.630715][ T4373]  exfat_ioctl_set_volume_label+0x0/0x1c0
[   97.636406][ T4373] 
[   97.638698][ T4373] This frame has 3 objects:
[   97.643249][ T4373]  [32, 36) 'lossy'
[   97.643254][ T4373]  [48, 568) 'uniname'
[   97.647035][ T4373]  [704, 960) 'label'
[   97.651078][ T4373] 
[   97.657305][ T4373] The buggy address belongs to a 8-page vmalloc region starting at 0xffffc90003d90000 allocated at kernel_clone+0xcc/0x830
[   97.670379][ T4373] The buggy address belongs to the physical page:
[   97.676766][ T4373] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff88801d1ad140 pfn:0x1d1ad
[   97.686803][ T4373] memcg:ffff88801e323902
[   97.691005][ T4373] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[   97.698076][ T4373] raw: 00fff00000000000 0000000000000000 dead000000000122 0000000000000000
[   97.706616][ T4373] raw: ffff88801d1ad140 0000000000000000 00000001ffffffff ffff88801e323902
[   97.715157][ T4373] page dumped because: kasan: bad access detected
[   97.721530][ T4373] page_owner tracks the page as allocated
[   97.727214][ T4373] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2dc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_ZERO|__GFP_NOWARN), pid 4372, tgid 4372 (syz.3.28), ts 97330866984, free_ts 96707640510
[   97.746011][ T4373]  post_alloc_hook+0x168/0x1d0
[   97.750741][ T4373]  get_page_from_freelist+0xf32/0x2fd0
[   97.756161][ T4373]  __alloc_frozen_pages_noprof+0x20c/0x470
[   97.761932][ T4373]  alloc_pages_mpol+0x135/0x400
[   97.766749][ T4373]  alloc_pages_noprof+0xe9/0x2a0
[   97.771646][ T4373]  __vmalloc_node_range_noprof+0x51b/0x1000
[   97.777499][ T4373]  __vmalloc_node_noprof+0x89/0x100
[   97.782657][ T4373]  copy_process+0x2357/0x6210
[   97.787306][ T4373]  kernel_clone+0xcc/0x830
[   97.791689][ T4373]  __do_sys_clone3+0x16c/0x1b0
[   97.796418][ T4373]  do_syscall_64+0x6d/0x310
[   97.800884][ T4373]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   97.806740][ T4373] page last free pid 23 tgid 23 stack trace:
[   97.812681][ T4373]  __free_frozen_pages+0x811/0x1130
[   97.817844][ T4373]  rcu_core+0xb22/0x1460
[   97.822054][ T4373]  handle_softirqs+0x1b8/0x670
[   97.826778][ T4373]  run_ksoftirqd+0x2e/0x40
[   97.831156][ T4373]  smpboot_thread_fn+0x2e9/0x850
[   97.836054][ T4373]  kthread+0x35d/0x6a0
[   97.840090][ T4373]  ret_from_fork+0x2bb/0x340
[   97.844639][ T4373]  ret_from_fork_asm+0x1a/0x30
[   97.849365][ T4373] 
[   97.851653][ T4373] Memory state around the buggy address:
[   97.857246][ T4373]  ffffc90003d97b80: f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 00 00 00 00
[   97.865265][ T4373]  ffffc90003d97c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   97.873289][ T4373] >ffffc90003d97c80: 00 00 00 00 00 00 00 00 00 00 00 00 f3 f3 f3 f3
[   97.881309][ T4373]                                                        ^
[   97.888462][ T4373]  ffffc90003d97d00: f3 f3 f3 f3 00 00 00 00 00 00 00 00 00 00 00 00
[   97.896482][ T4373]  ffffc90003d97d80: 00 00 00 00 00 00 f1 f1 f1 f1 f1 f1 00 00 00 f2
[   97.904515][ T4373] ==================================================================
[   97.927561][ T4375] loop3: detected capacity change from 0 to 256
[   97.935657][ T4375] exfat: Deprecated parameter 'namecase'
[   97.943671][ T4375] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0x5441951d, utbl_chksum : 0xe619d30d)
[   97.956732][ T4375] ==================================================================
[   97.964775][ T4375] BUG: KASAN: stack-out-of-bounds in exfat_nls_to_ucs2+0x732/0x800
[   97.972635][ T4375] Read of size 1 at addr ffffc90003db7ce0 by task syz.3.29/4375
[   97.980228][ T4375] 
[   97.982522][ T4375] CPU: 1 UID: 0 PID: 4375 Comm: syz.3.29 Tainted: G    B               syzkaller #0 PREEMPT(full) 
[   97.982530][ T4375] Tainted: [B]=BAD_PAGE
[   97.982532][ T4375] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[   97.982535][ T4375] Call Trace:
[   97.982540][ T4375]  <TASK>
[   97.982543][ T4375]  dump_stack_lvl+0x5a/0x90
[   97.982553][ T4375]  print_report+0xcd/0x630
[   97.982560][ T4375]  ? lock_acquire+0x16b/0x190
[   97.982567][ T4375]  ? exfat_nls_to_ucs2+0x732/0x800
[   97.982573][ T4375]  kasan_report+0xe0/0x110
[   97.982579][ T4375]  ? exfat_nls_to_ucs2+0x732/0x800
[   97.982585][ T4375]  exfat_nls_to_ucs2+0x732/0x800
[   97.982592][ T4375]  ? __pfx_exfat_nls_to_ucs2+0x10/0x10
[   97.982597][ T4375]  ? srso_alias_return_thunk+0x5/0xfbef5
[   97.982612][ T4375]  ? srso_alias_return_thunk+0x5/0xfbef5
[   97.982616][ T4375]  ? cap_capable+0x159/0x2d0
[   97.982625][ T4375]  exfat_ioctl_set_volume_label+0x18a/0x1c0
[   97.982630][ T4375]  ? __pfx_exfat_ioctl_set_volume_label+0x10/0x10
[   97.982635][ T4375]  ? stack_depot_save_flags+0x25/0x8d0
[   97.982653][ T4375]  ? srso_alias_return_thunk+0x5/0xfbef5
[   97.982665][ T4375]  exfat_ioctl+0x857/0x1390
[   97.982672][ T4375]  ? __pfx_exfat_ioctl+0x10/0x10
[   97.982677][ T4375]  ? __pfx_do_futex+0x10/0x10
[   97.982683][ T4375]  ? lock_release+0x1d9/0x240
[   97.982687][ T4375]  ? srso_alias_return_thunk+0x5/0xfbef5
[   97.982693][ T4375]  ? lock_release+0x1d9/0x240
[   97.982699][ T4375]  __x64_sys_ioctl+0x134/0x1c0
[   97.982707][ T4375]  do_syscall_64+0x6d/0x310
[   97.982714][ T4375]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   97.982719][ T4375] RIP: 0033:0x7fd732b8eec9
[   97.982725][ T4375] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   97.982729][ T4375] RSP: 002b:00007fd733a8a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   97.982735][ T4375] RAX: ffffffffffffffda RBX: 00007fd732de5fa0 RCX: 00007fd732b8eec9
[   97.982739][ T4375] RDX: 00002000000001c0 RSI: 0000000041009432 RDI: 0000000000000004
[   97.982742][ T4375] RBP: 00007fd732c11f91 R08: 0000000000000000 R09: 0000000000000000
[   97.982745][ T4375] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   97.982747][ T4375] R13: 00007fd732de6038 R14: 00007fd732de5fa0 R15: 00007ffce0ec7b18
[   97.982754][ T4375]  </TASK>
[   97.982756][ T4375] 
[   98.212011][ T4375] The buggy address belongs to stack of task syz.3.29/4375
[   98.219252][ T4375]  and is located at offset 960 in frame:
[   98.224927][ T4375]  exfat_ioctl_set_volume_label+0x0/0x1c0
[   98.230610][ T4375] 
[   98.232900][ T4375] This frame has 3 objects:
[   98.237361][ T4375]  [32, 36) 'lossy'
[   98.237366][ T4375]  [48, 568) 'uniname'
[   98.241134][ T4375]  [704, 960) 'label'
[   98.245179][ T4375] 
[   98.251402][ T4375] The buggy address belongs to a 8-page vmalloc region starting at 0xffffc90003db0000 allocated at kernel_clone+0xcc/0x830
[   98.264364][ T4375] The buggy address belongs to the physical page:
[   98.270741][ T4375] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff888070f85b40 pfn:0x70f85
[   98.280765][ T4375] memcg:ffff88801e323902
[   98.284966][ T4375] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[   98.292131][ T4375] raw: 00fff00000000000 0000000000000000 dead000000000122 0000000000000000
[   98.300677][ T4375] raw: ffff888070f85b40 0000000000000000 00000001ffffffff ffff88801e323902
[   98.309218][ T4375] page dumped because: kasan: bad access detected
[   98.315594][ T4375] page_owner tracks the page as allocated
[   98.321271][ T4375] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2dc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_ZERO|__GFP_NOWARN), pid 4374, tgid 4374 (syz.3.29), ts 97925642227, free_ts 97350447012
[   98.340156][ T4375]  post_alloc_hook+0x168/0x1d0
[   98.344888][ T4375]  get_page_from_freelist+0xf32/0x2fd0
[   98.350309][ T4375]  __alloc_frozen_pages_noprof+0x20c/0x470
[   98.356078][ T4375]  alloc_pages_mpol+0x135/0x400
[   98.360888][ T4375]  alloc_pages_noprof+0xe9/0x2a0
[   98.365784][ T4375]  __vmalloc_node_range_noprof+0x51b/0x1000
[   98.371725][ T4375]  __vmalloc_node_noprof+0x89/0x100
[   98.376884][ T4375]  copy_process+0x2357/0x6210
[   98.381524][ T4375]  kernel_clone+0xcc/0x830
[   98.385901][ T4375]  __do_sys_clone3+0x16c/0x1b0
[   98.390623][ T4375]  do_syscall_64+0x6d/0x310
[   98.395088][ T4375]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   98.400940][ T4375] page last free pid 4295 tgid 4295 stack trace:
[   98.407225][ T4375]  __free_frozen_pages+0x811/0x1130
[   98.412384][ T4375]  rcu_core+0xb22/0x1460
[   98.416592][ T4375]  handle_softirqs+0x1b8/0x670
[   98.421314][ T4375]  __irq_exit_rcu+0xf0/0x150
[   98.425863][ T4375]  sysvec_apic_timer_interrupt+0x90/0xb0
[   98.431461][ T4375]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[   98.437403][ T4375] 
[   98.439778][ T4375] Memory state around the buggy address:
[   98.445375][ T4375]  ffffc90003db7b80: f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 00 00 00 00
[   98.453404][ T4375]  ffffc90003db7c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   98.461424][ T4375] >ffffc90003db7c80: 00 00 00 00 00 00 00 00 00 00 00 00 f3 f3 f3 f3
[   98.469443][ T4375]                                                        ^
[   98.476594][ T4375]  ffffc90003db7d00: f3 f3 f3 f3 00 00 00 00 00 00 00 00 00 00 00 00
[   98.484706][ T4375]  ffffc90003db7d80: 00 00 00 00 00 00 f1 f1 f1 f1 f1 f1 00 00 00 f2
[   98.492729][ T4375] ==================================================================
[   98.518615][ T4377] loop3: detected capacity change from 0 to 256
[   98.527319][ T4377] exfat: Deprecated parameter 'namecase'
[   98.538061][ T4377] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0x5441951d, utbl_chksum : 0xe619d30d)
[   98.551853][ T4377] ==================================================================
[   98.559894][ T4377] BUG: KASAN: stack-out-of-bounds in exfat_nls_to_ucs2+0x732/0x800
[   98.567756][ T4377] Read of size 1 at addr ffffc90003d07ce0 by task syz.3.30/4377
[   98.575350][ T4377] 
[   98.577642][ T4377] CPU: 0 UID: 0 PID: 4377 Comm: syz.3.30 Tainted: G    B               syzkaller #0 PREEMPT(full) 
[   98.577649][ T4377] Tainted: [B]=BAD_PAGE
[   98.577651][ T4377] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[   98.577654][ T4377] Call Trace:
[   98.577657][ T4377]  <TASK>
[   98.577660][ T4377]  dump_stack_lvl+0x5a/0x90
[   98.577668][ T4377]  print_report+0xcd/0x630
[   98.577675][ T4377]  ? lock_acquire+0x16b/0x190
[   98.577681][ T4377]  ? exfat_nls_to_ucs2+0x732/0x800
[   98.577686][ T4377]  kasan_report+0xe0/0x110
[   98.577691][ T4377]  ? exfat_nls_to_ucs2+0x732/0x800
[   98.577697][ T4377]  exfat_nls_to_ucs2+0x732/0x800
[   98.577703][ T4377]  ? __pfx_exfat_nls_to_ucs2+0x10/0x10
[   98.577707][ T4377]  ? srso_alias_return_thunk+0x5/0xfbef5
[   98.577721][ T4377]  ? srso_alias_return_thunk+0x5/0xfbef5
[   98.577725][ T4377]  ? cap_capable+0x159/0x2d0
[   98.577733][ T4377]  exfat_ioctl_set_volume_label+0x18a/0x1c0
[   98.577738][ T4377]  ? __pfx_exfat_ioctl_set_volume_label+0x10/0x10
[   98.577743][ T4377]  ? stack_depot_save_flags+0x25/0x8d0
[   98.577759][ T4377]  ? srso_alias_return_thunk+0x5/0xfbef5
[   98.577770][ T4377]  exfat_ioctl+0x857/0x1390
[   98.577776][ T4377]  ? __pfx_exfat_ioctl+0x10/0x10
[   98.577781][ T4377]  ? __pfx_do_futex+0x10/0x10
[   98.577786][ T4377]  ? lock_release+0x1d9/0x240
[   98.577790][ T4377]  ? srso_alias_return_thunk+0x5/0xfbef5
[   98.577795][ T4377]  ? lock_release+0x1d9/0x240
[   98.577800][ T4377]  __x64_sys_ioctl+0x134/0x1c0
[   98.577807][ T4377]  do_syscall_64+0x6d/0x310
[   98.577813][ T4377]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   98.577817][ T4377] RIP: 0033:0x7fd732b8eec9
[   98.577822][ T4377] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   98.577825][ T4377] RSP: 002b:00007fd733a8a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   98.577830][ T4377] RAX: ffffffffffffffda RBX: 00007fd732de5fa0 RCX: 00007fd732b8eec9
[   98.577833][ T4377] RDX: 00002000000001c0 RSI: 0000000041009432 RDI: 0000000000000004
[   98.577836][ T4377] RBP: 00007fd732c11f91 R08: 0000000000000000 R09: 0000000000000000
[   98.577838][ T4377] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   98.577841][ T4377] R13: 00007fd732de6038 R14: 00007fd732de5fa0 R15: 00007ffce0ec7b18
[   98.577846][ T4377]  </TASK>
[   98.577848][ T4377] 
[   98.807596][ T4377] The buggy address belongs to stack of task syz.3.30/4377
[   98.814747][ T4377]  and is located at offset 960 in frame:
[   98.820424][ T4377]  exfat_ioctl_set_volume_label+0x0/0x1c0
[   98.826108][ T4377] 
[   98.828396][ T4377] This frame has 3 objects:
[   98.832855][ T4377]  [32, 36) 'lossy'
[   98.832860][ T4377]  [48, 568) 'uniname'
[   98.836797][ T4377]  [704, 960) 'label'
[   98.840820][ T4377] 
[   98.847038][ T4377] The buggy address belongs to a 8-page vmalloc region starting at 0xffffc90003d00000 allocated at kernel_clone+0xcc/0x830
[   98.859762][ T4377] The buggy address belongs to the physical page:
[   98.866129][ T4377] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff888000000000 pfn:0x716a6
[   98.876144][ T4377] memcg:ffff88801e323902
[   98.880347][ T4377] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[   98.887417][ T4377] raw: 00fff00000000000 0000000000000000 dead000000000122 0000000000000000
[   98.895961][ T4377] raw: ffff888000000000 0000000000000000 00000001ffffffff ffff88801e323902
[   98.904497][ T4377] page dumped because: kasan: bad access detected
[   98.910865][ T4377] page_owner tracks the page as allocated
[   98.916538][ T4377] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2dc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_ZERO|__GFP_NOWARN), pid 325, tgid 325 (kworker/u8:5), ts 90446704906, free_ts 90317456994
[   98.935501][ T4377]  post_alloc_hook+0x168/0x1d0
[   98.940233][ T4377]  get_page_from_freelist+0xf32/0x2fd0
[   98.945650][ T4377]  __alloc_frozen_pages_noprof+0x20c/0x470
[   98.951414][ T4377]  alloc_pages_mpol+0x135/0x400
[   98.956233][ T4377]  alloc_pages_noprof+0xe9/0x2a0
[   98.961128][ T4377]  __vmalloc_node_range_noprof+0x51b/0x1000
[   98.966989][ T4377]  __vmalloc_node_noprof+0x89/0x100
[   98.972167][ T4377]  copy_process+0x2357/0x6210
[   98.976809][ T4377]  kernel_clone+0xcc/0x830
[   98.981361][ T4377]  user_mode_thread+0xb9/0x100
[   98.986088][ T4377]  call_usermodehelper_exec_work+0x57/0x140
[   98.991946][ T4377]  process_one_work+0x81f/0x16b0
[   98.996844][ T4377]  worker_thread+0x6dd/0x11e0
[   99.001478][ T4377]  kthread+0x35d/0x6a0
[   99.005508][ T4377]  ret_from_fork+0x2bb/0x340
[   99.010055][ T4377]  ret_from_fork_asm+0x1a/0x30
[   99.014799][ T4377] page last free pid 23 tgid 23 stack trace:
[   99.020856][ T4377]  __free_frozen_pages+0x811/0x1130
[   99.026016][ T4377]  tlb_remove_table_rcu+0xc5/0x120
[   99.031121][ T4377]  rcu_core+0xb22/0x1460
[   99.035337][ T4377]  handle_softirqs+0x1b8/0x670
[   99.040063][ T4377]  run_ksoftirqd+0x2e/0x40
[   99.044440][ T4377]  smpboot_thread_fn+0x2e9/0x850
[   99.049363][ T4377]  kthread+0x35d/0x6a0
[   99.053394][ T4377]  ret_from_fork+0x2bb/0x340
[   99.057975][ T4377]  ret_from_fork_asm+0x1a/0x30
[   99.062705][ T4377] 
[   99.065000][ T4377] Memory state around the buggy address:
[   99.070589][ T4377]  ffffc90003d07b80: f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 00 00 00 00
[   99.078613][ T4377]  ffffc90003d07c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   99.086735][ T4377] >ffffc90003d07c80: 00 00 00 00 00 00 00 00 00 00 00 00 f3 f3 f3 f3
[   99.094757][ T4377]                                                        ^
[   99.101931][ T4377]  ffffc90003d07d00: f3 f3 f3 f3 00 00 00 00 00 00 00 00 00 00 00 00
[   99.109950][ T4377]  ffffc90003d07d80: 00 00 00 00 00 00 f1 f1 f1 f1 f1 f1 00 00 00 f2
[   99.117975][ T4377] ==================================================================
[   99.139949][ T4379] loop3: detected capacity change from 0 to 256
[   99.147251][ T4379] exfat: Deprecated parameter 'namecase'
[   99.162028][ T4379] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0x5441951d, utbl_chksum : 0xe619d30d)
[   99.186429][ T4379] ==================================================================
[   99.194524][ T4379] BUG: KASAN: stack-out-of-bounds in exfat_nls_to_ucs2+0x732/0x800
[   99.202409][ T4379] Read of size 1 at addr ffffc90003da7ce0 by task syz.3.31/4379
[   99.209996][ T4379] 
[   99.212291][ T4379] CPU: 0 UID: 0 PID: 4379 Comm: syz.3.31 Tainted: G    B               syzkaller #0 PREEMPT(full) 
[   99.212299][ T4379] Tainted: [B]=BAD_PAGE
[   99.212301][ T4379] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[   99.212304][ T4379] Call Trace:
[   99.212307][ T4379]  <TASK>
[   99.212310][ T4379]  dump_stack_lvl+0x5a/0x90
[   99.212319][ T4379]  print_report+0xcd/0x630
[   99.212326][ T4379]  ? lock_acquire+0x16b/0x190
[   99.212332][ T4379]  ? exfat_nls_to_ucs2+0x732/0x800
[   99.212338][ T4379]  kasan_report+0xe0/0x110
[   99.212343][ T4379]  ? exfat_nls_to_ucs2+0x732/0x800
[   99.212348][ T4379]  exfat_nls_to_ucs2+0x732/0x800
[   99.212355][ T4379]  ? __pfx_exfat_nls_to_ucs2+0x10/0x10
[   99.212359][ T4379]  ? srso_alias_return_thunk+0x5/0xfbef5
[   99.212373][ T4379]  ? srso_alias_return_thunk+0x5/0xfbef5
[   99.212377][ T4379]  ? cap_capable+0x159/0x2d0
[   99.212385][ T4379]  exfat_ioctl_set_volume_label+0x18a/0x1c0
[   99.212390][ T4379]  ? __pfx_exfat_ioctl_set_volume_label+0x10/0x10
[   99.212395][ T4379]  ? stack_depot_save_flags+0x25/0x8d0
[   99.212411][ T4379]  ? srso_alias_return_thunk+0x5/0xfbef5
[   99.212422][ T4379]  exfat_ioctl+0x857/0x1390
[   99.212429][ T4379]  ? __pfx_exfat_ioctl+0x10/0x10
[   99.212433][ T4379]  ? __pfx_do_futex+0x10/0x10
[   99.212438][ T4379]  ? lock_release+0x1d9/0x240
[   99.212442][ T4379]  ? srso_alias_return_thunk+0x5/0xfbef5
[   99.212447][ T4379]  ? lock_release+0x1d9/0x240
[   99.212453][ T4379]  __x64_sys_ioctl+0x134/0x1c0
[   99.212459][ T4379]  do_syscall_64+0x6d/0x310
[   99.212465][ T4379]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   99.212469][ T4379] RIP: 0033:0x7fd732b8eec9
[   99.212475][ T4379] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   99.212478][ T4379] RSP: 002b:00007fd733a8a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   99.212483][ T4379] RAX: ffffffffffffffda RBX: 00007fd732de5fa0 RCX: 00007fd732b8eec9
[   99.212486][ T4379] RDX: 00002000000001c0 RSI: 0000000041009432 RDI: 0000000000000004
[   99.212489][ T4379] RBP: 00007fd732c11f91 R08: 0000000000000000 R09: 0000000000000000
[   99.212491][ T4379] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   99.212494][ T4379] R13: 00007fd732de6038 R14: 00007fd732de5fa0 R15: 00007ffce0ec7b18
[   99.212499][ T4379]  </TASK>
[   99.212501][ T4379] 
[   99.443302][ T4379] The buggy address belongs to stack of task syz.3.31/4379
[   99.450720][ T4379]  and is located at offset 960 in frame:
[   99.456396][ T4379]  exfat_ioctl_set_volume_label+0x0/0x1c0
[   99.462085][ T4379] 
[   99.464374][ T4379] This frame has 3 objects:
[   99.468834][ T4379]  [32, 36) 'lossy'
[   99.468839][ T4379]  [48, 568) 'uniname'
[   99.472607][ T4379]  [704, 960) 'label'
[   99.476636][ T4379] 
[   99.482860][ T4379] The buggy address belongs to a 8-page vmalloc region starting at 0xffffc90003da0000 allocated at kernel_clone+0xcc/0x830
[   99.495584][ T4379] The buggy address belongs to the physical page:
[   99.501960][ T4379] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff88805f2303c0 pfn:0x5f230
[   99.511985][ T4379] memcg:ffff88801e323902
[   99.516191][ T4379] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[   99.523272][ T4379] raw: 00fff00000000000 0000000000000000 dead000000000122 0000000000000000
[   99.531817][ T4379] raw: ffff88805f2303c0 0000000000000000 00000001ffffffff ffff88801e323902
[   99.540449][ T4379] page dumped because: kasan: bad access detected
[   99.546826][ T4379] page_owner tracks the page as allocated
[   99.552505][ T4379] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2dc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_ZERO|__GFP_NOWARN), pid 3975, tgid 3975 (syz-executor), ts 97923016536, free_ts 97913732132
[   99.571661][ T4379]  post_alloc_hook+0x168/0x1d0
[   99.576395][ T4379]  get_page_from_freelist+0xf32/0x2fd0
[   99.581816][ T4379]  __alloc_frozen_pages_noprof+0x20c/0x470
[   99.587583][ T4379]  alloc_pages_mpol+0x135/0x400
[   99.592401][ T4379]  alloc_pages_noprof+0xe9/0x2a0
[   99.597301][ T4379]  __vmalloc_node_range_noprof+0x51b/0x1000
[   99.603157][ T4379]  __vmalloc_node_noprof+0x89/0x100
[   99.608405][ T4379]  copy_process+0x2357/0x6210
[   99.613046][ T4379]  kernel_clone+0xcc/0x830
[   99.617431][ T4379]  __do_sys_clone+0xb5/0x100
[   99.621994][ T4379]  do_syscall_64+0x6d/0x310
[   99.626466][ T4379]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   99.632321][ T4379] page last free pid 23 tgid 23 stack trace:
[   99.638432][ T4379]  __free_frozen_pages+0x811/0x1130
[   99.643593][ T4379]  rcu_core+0xb22/0x1460
[   99.647795][ T4379]  handle_softirqs+0x1b8/0x670
[   99.652534][ T4379]  run_ksoftirqd+0x2e/0x40
[   99.657011][ T4379]  smpboot_thread_fn+0x2e9/0x850
[   99.661916][ T4379]  kthread+0x35d/0x6a0
[   99.665966][ T4379]  ret_from_fork+0x2bb/0x340
[   99.670616][ T4379]  ret_from_fork_asm+0x1a/0x30
[   99.675347][ T4379] 
[   99.677641][ T4379] Memory state around the buggy address:
[   99.683239][ T4379]  ffffc90003da7b80: f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 00 00 00 00
[   99.691263][ T4379]  ffffc90003da7c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   99.699285][ T4379] >ffffc90003da7c80: 00 00 00 00 00 00 00 00 00 00 00 00 f3 f3 f3 f3
[   99.707306][ T4379]                                                        ^
[   99.714461][ T4379]  ffffc90003da7d00: f3 f3 f3 f3 00 00 00 00 00 00 00 00 00 00 00 00
[   99.722570][ T4379]  ffffc90003da7d80: 00 00 00 00 00 00 f1 f1 f1 f1 f1 f1 00 00 00 f2
[   99.730597][ T4379] ==================================================================
[   99.753594][ T4381] loop3: detected capacity change from 0 to 256
[   99.761229][ T4381] exfat: Deprecated parameter 'namecase'
[   99.769947][ T4381] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0x5441951d, utbl_chksum : 0xe619d30d)
[   99.782926][ T4381] ==================================================================
[   99.790968][ T4381] BUG: KASAN: stack-out-of-bounds in exfat_nls_to_ucs2+0x732/0x800
[   99.798843][ T4381] Read of size 1 at addr ffffc90003db7ce0 by task syz.3.32/4381
[   99.806439][ T4381] 
[   99.808731][ T4381] CPU: 0 UID: 0 PID: 4381 Comm: syz.3.32 Tainted: G    B               syzkaller #0 PREEMPT(full) 
[   99.808739][ T4381] Tainted: [B]=BAD_PAGE
[   99.808741][ T4381] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[   99.808744][ T4381] Call Trace:
[   99.808747][ T4381]  <TASK>
[   99.808749][ T4381]  dump_stack_lvl+0x5a/0x90
[   99.808758][ T4381]  print_report+0xcd/0x630
[   99.808766][ T4381]  ? lock_acquire+0x16b/0x190
[   99.808772][ T4381]  ? exfat_nls_to_ucs2+0x732/0x800
[   99.808777][ T4381]  kasan_report+0xe0/0x110
[   99.808783][ T4381]  ? exfat_nls_to_ucs2+0x732/0x800
[   99.808788][ T4381]  exfat_nls_to_ucs2+0x732/0x800
[   99.808795][ T4381]  ? __pfx_exfat_nls_to_ucs2+0x10/0x10
[   99.808799][ T4381]  ? srso_alias_return_thunk+0x5/0xfbef5
[   99.808813][ T4381]  ? srso_alias_return_thunk+0x5/0xfbef5
[   99.808817][ T4381]  ? cap_capable+0x159/0x2d0
[   99.808825][ T4381]  exfat_ioctl_set_volume_label+0x18a/0x1c0
[   99.808831][ T4381]  ? __pfx_exfat_ioctl_set_volume_label+0x10/0x10
[   99.808835][ T4381]  ? stack_depot_save_flags+0x25/0x8d0
[   99.808852][ T4381]  ? srso_alias_return_thunk+0x5/0xfbef5
[   99.808863][ T4381]  exfat_ioctl+0x857/0x1390
[   99.808869][ T4381]  ? __pfx_exfat_ioctl+0x10/0x10
[   99.808874][ T4381]  ? __pfx_do_futex+0x10/0x10
[   99.808879][ T4381]  ? lock_release+0x1d9/0x240
[   99.808883][ T4381]  ? srso_alias_return_thunk+0x5/0xfbef5
[   99.808888][ T4381]  ? lock_release+0x1d9/0x240
[   99.808893][ T4381]  __x64_sys_ioctl+0x134/0x1c0
[   99.808900][ T4381]  do_syscall_64+0x6d/0x310
[   99.808906][ T4381]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   99.808910][ T4381] RIP: 0033:0x7fd732b8eec9
[   99.808914][ T4381] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   99.808918][ T4381] RSP: 002b:00007fd733a8a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   99.808923][ T4381] RAX: ffffffffffffffda RBX: 00007fd732de5fa0 RCX: 00007fd732b8eec9
[   99.808926][ T4381] RDX: 00002000000001c0 RSI: 0000000041009432 RDI: 0000000000000004
[   99.808928][ T4381] RBP: 00007fd732c11f91 R08: 0000000000000000 R09: 0000000000000000
[   99.808931][ T4381] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   99.808933][ T4381] R13: 00007fd732de6038 R14: 00007fd732de5fa0 R15: 00007ffce0ec7b18
[   99.808939][ T4381]  </TASK>
[   99.808941][ T4381] 
[  100.039832][ T4381] The buggy address belongs to stack of task syz.3.32/4381
[  100.046988][ T4381]  and is located at offset 960 in frame:
[  100.052665][ T4381]  exfat_ioctl_set_volume_label+0x0/0x1c0
[  100.058364][ T4381] 
[  100.060658][ T4381] This frame has 3 objects:
[  100.065121][ T4381]  [32, 36) 'lossy'
[  100.065126][ T4381]  [48, 568) 'uniname'
[  100.068895][ T4381]  [704, 960) 'label'
[  100.072924][ T4381] 
[  100.079160][ T4381] The buggy address belongs to a 8-page vmalloc region starting at 0xffffc90003db0000 allocated at kernel_clone+0xcc/0x830
[  100.091886][ T4381] The buggy address belongs to the physical page:
[  100.098265][ T4381] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff888070f85b40 pfn:0x70f85
[  100.108377][ T4381] memcg:ffff88801e323902
[  100.112668][ T4381] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  100.119923][ T4381] raw: 00fff00000000000 0000000000000000 dead000000000122 0000000000000000
[  100.128554][ T4381] raw: ffff888070f85b40 0000000000000000 00000001ffffffff ffff88801e323902
[  100.137096][ T4381] page dumped because: kasan: bad access detected
[  100.143474][ T4381] page_owner tracks the page as allocated
[  100.149153][ T4381] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2dc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_ZERO|__GFP_NOWARN), pid 4374, tgid 4374 (syz.3.29), ts 97925642227, free_ts 97350447012
[  100.168040][ T4381]  post_alloc_hook+0x168/0x1d0
[  100.172772][ T4381]  get_page_from_freelist+0xf32/0x2fd0
[  100.178197][ T4381]  __alloc_frozen_pages_noprof+0x20c/0x470
[  100.184050][ T4381]  alloc_pages_mpol+0x135/0x400
[  100.188865][ T4381]  alloc_pages_noprof+0xe9/0x2a0
[  100.193853][ T4381]  __vmalloc_node_range_noprof+0x51b/0x1000
[  100.199720][ T4381]  __vmalloc_node_noprof+0x89/0x100
[  100.204881][ T4381]  copy_process+0x2357/0x6210
[  100.209520][ T4381]  kernel_clone+0xcc/0x830
[  100.213896][ T4381]  __do_sys_clone3+0x16c/0x1b0
[  100.218623][ T4381]  do_syscall_64+0x6d/0x310
[  100.223090][ T4381]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  100.228943][ T4381] page last free pid 4295 tgid 4295 stack trace:
[  100.235229][ T4381]  __free_frozen_pages+0x811/0x1130
[  100.240408][ T4381]  rcu_core+0xb22/0x1460
[  100.244626][ T4381]  handle_softirqs+0x1b8/0x670
[  100.249357][ T4381]  __irq_exit_rcu+0xf0/0x150
[  100.253913][ T4381]  sysvec_apic_timer_interrupt+0x90/0xb0
[  100.259511][ T4381]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  100.265455][ T4381] 
[  100.267746][ T4381] Memory state around the buggy address:
[  100.273360][ T4381]  ffffc90003db7b80: f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 00 00 00 00
[  100.281380][ T4381]  ffffc90003db7c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  100.289414][ T4381] >ffffc90003db7c80: 00 00 00 00 00 00 00 00 00 00 00 00 f3 f3 f3 f3
[  100.297525][ T4381]                                                        ^
[  100.304678][ T4381]  ffffc90003db7d00: f3 f3 f3 f3 00 00 00 00 00 00 00 00 00 00 00 00
[  100.312699][ T4381]  ffffc90003db7d80: 00 00 00 00 00 00 f1 f1 f1 f1 f1 f1 00 00 00 f2
[  100.320719][ T4381] ==================================================================
[  100.356745][ T4383] loop3: detected capacity change from 0 to 256
[  100.363501][ T4383] exfat: Deprecated parameter 'namecase'
[  100.372414][ T4383] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0x5441951d, utbl_chksum : 0xe619d30d)
[  100.385540][ T4383] ==================================================================
[  100.393583][ T4383] BUG: KASAN: stack-out-of-bounds in exfat_nls_to_ucs2+0x732/0x800
[  100.401451][ T4383] Read of size 1 at addr ffffc90003d07ce0 by task syz.3.33/4383
[  100.409136][ T4383] 
[  100.411440][ T4383] CPU: 1 UID: 0 PID: 4383 Comm: syz.3.33 Tainted: G    B               syzkaller #0 PREEMPT(full) 
[  100.411450][ T4383] Tainted: [B]=BAD_PAGE
[  100.411453][ T4383] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  100.411457][ T4383] Call Trace:
[  100.411461][ T4383]  <TASK>
[  100.411464][ T4383]  dump_stack_lvl+0x5a/0x90
[  100.411475][ T4383]  print_report+0xcd/0x630
[  100.411483][ T4383]  ? lock_acquire+0x16b/0x190
[  100.411491][ T4383]  ? exfat_nls_to_ucs2+0x732/0x800
[  100.411498][ T4383]  kasan_report+0xe0/0x110
[  100.411505][ T4383]  ? exfat_nls_to_ucs2+0x732/0x800
[  100.411513][ T4383]  exfat_nls_to_ucs2+0x732/0x800
[  100.411521][ T4383]  ? __pfx_exfat_nls_to_ucs2+0x10/0x10
[  100.411527][ T4383]  ? srso_alias_return_thunk+0x5/0xfbef5
[  100.411545][ T4383]  ? srso_alias_return_thunk+0x5/0xfbef5
[  100.411550][ T4383]  ? cap_capable+0x159/0x2d0
[  100.411561][ T4383]  exfat_ioctl_set_volume_label+0x18a/0x1c0
[  100.411568][ T4383]  ? __pfx_exfat_ioctl_set_volume_label+0x10/0x10
[  100.411574][ T4383]  ? stack_depot_save_flags+0x25/0x8d0
[  100.411596][ T4383]  ? srso_alias_return_thunk+0x5/0xfbef5
[  100.411611][ T4383]  exfat_ioctl+0x857/0x1390
[  100.411619][ T4383]  ? __pfx_exfat_ioctl+0x10/0x10
[  100.411626][ T4383]  ? __pfx_do_futex+0x10/0x10
[  100.411633][ T4383]  ? lock_release+0x1d9/0x240
[  100.411638][ T4383]  ? srso_alias_return_thunk+0x5/0xfbef5
[  100.411645][ T4383]  ? lock_release+0x1d9/0x240
[  100.411653][ T4383]  __x64_sys_ioctl+0x134/0x1c0
[  100.411661][ T4383]  do_syscall_64+0x6d/0x310
[  100.411669][ T4383]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  100.411675][ T4383] RIP: 0033:0x7fd732b8eec9
[  100.411681][ T4383] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  100.411686][ T4383] RSP: 002b:00007fd733a8a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  100.411693][ T4383] RAX: ffffffffffffffda RBX: 00007fd732de5fa0 RCX: 00007fd732b8eec9
[  100.411697][ T4383] RDX: 00002000000001c0 RSI: 0000000041009432 RDI: 0000000000000004
[  100.411701][ T4383] RBP: 00007fd732c11f91 R08: 0000000000000000 R09: 0000000000000000
[  100.411704][ T4383] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  100.411708][ T4383] R13: 00007fd732de6038 R14: 00007fd732de5fa0 R15: 00007ffce0ec7b18
[  100.411716][ T4383]  </TASK>
[  100.411719][ T4383] 
[  100.641756][ T4383] The buggy address belongs to stack of task syz.3.33/4383
[  100.648926][ T4383]  and is located at offset 960 in frame: