[ 71.218499][ T10] cfg80211: failed to load regulatory.db Warning: Permanently added '10.128.1.47' (ED25519) to the list of known hosts. 2025/10/06 04:13:00 parsed 1 programs [ 78.351693][ T3475] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k 2025/10/06 04:13:11 executed programs: 0 2025/10/06 04:13:17 executed programs: 2 [ 94.185737][ T4286] loop3: detected capacity change from 0 to 256 [ 94.186571][ T4286] exfat: Deprecated parameter 'utf8' [ 94.192599][ T4286] exFAT-fs (loop3): failed [ 94.192599][ T4286] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0xe3865569, utbl_chksum : 0xe619d30d) [ 94.195786][ T38] audit: type=1800 audit(1759723997.853:2): pid=4286 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz.3.17" name="file1" dev="loop3" ino=2 res=0 errno=0 [ 94.201860][ T4286] ================================================================== [ 94.201866][ T4286] BUG: KASAN: stack-out-of-bounds in exfat_nls_to_utf16+0x899/0xa10 [ 94.201884][ T4286] Read of size 1 at addr ffffc900034a7710 by task syz.3.17/4286 [ 94.201890][ T4286] [ 94.201903][ T4286] CPU: 0 UID: 0 PID: 4286 Comm: syz.3.17 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 94.201914][ T4286] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 94.201922][ T4286] Call Trace: [ 94.201926][ T4286] [ 94.201929][ T4286] dump_stack_lvl+0xf4/0x170 [ 94.201939][ T4286] ? __pfx_dump_stack_lvl+0x10/0x10 [ 94.201947][ T4286] ? __pfx__printk+0x10/0x10 [ 94.201954][ T4286] ? is_module_text_address+0x1d/0x150 [ 94.201964][ T4286] print_report+0xca/0x240 [ 94.201971][ T4286] ? exfat_nls_to_utf16+0x899/0xa10 [ 94.201977][ T4286] kasan_report+0x118/0x150 [ 94.201985][ T4286] ? exfat_nls_to_utf16+0x899/0xa10 [ 94.201993][ T4286] exfat_nls_to_utf16+0x899/0xa10 [ 94.202001][ T4286] ? __pfx_exfat_nls_to_utf16+0x10/0x10 [ 94.202017][ T4286] ? do_raw_spin_lock+0x121/0x2c0 [ 94.202025][ T4286] ? do_raw_spin_unlock+0x122/0x240 [ 94.202031][ T4286] ? _raw_spin_unlock_irqrestore+0xa0/0x100 [ 94.202045][ T4286] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 94.202053][ T4286] ? migrate_disable+0x6c/0x1d0 [ 94.202060][ T4286] ? rt_mutex_slowunlock+0x445/0x760 [ 94.202069][ T4286] ? rcu_is_watching+0x1f/0xa0 [ 94.202076][ T4286] ? cap_capable+0xa7/0x2d0 [ 94.202087][ T4286] exfat_ioctl+0x2cc/0xde0 [ 94.202095][ T4286] ? __pfx_exfat_ioctl+0x10/0x10 [ 94.202116][ T4286] ? kasan_save_track+0x4f/0x80 [ 94.202122][ T4286] ? kasan_save_track+0x3e/0x80 [ 94.202127][ T4286] ? kasan_save_free_info+0x46/0x50 [ 94.202133][ T4286] ? __kasan_slab_free+0x5b/0x80 [ 94.202139][ T4286] ? kfree+0x174/0x490 [ 94.202145][ T4286] ? tomoyo_path_number_perm+0x367/0x420 [ 94.202153][ T4286] ? security_file_ioctl+0x68/0x170 [ 94.202160][ T4286] ? __se_sys_ioctl+0x39/0x100 [ 94.202167][ T4286] ? do_syscall_64+0x8f/0x250 [ 94.202174][ T4286] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 94.202184][ T4286] ? __pfx_file_ioctl+0x10/0x10 [ 94.202196][ T4286] ? tomoyo_path_number_perm+0x176/0x420 [ 94.202203][ T4286] ? do_vfs_ioctl+0xbcf/0xfb0 [ 94.202209][ T4286] ? tomoyo_path_number_perm+0x176/0x420 [ 94.202215][ T4286] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 94.202222][ T4286] ? __pfx_smack_log+0x10/0x10 [ 94.202230][ T4286] ? smk_tskacc+0x247/0x2e0 [ 94.202236][ T4286] ? smack_file_ioctl+0x201/0x2f0 [ 94.202243][ T4286] ? __pfx_smack_file_ioctl+0x10/0x10 [ 94.202252][ T4286] ? __fget_files+0x246/0x2a0 [ 94.202260][ T4286] __se_sys_ioctl+0xb1/0x100 [ 94.202267][ T4286] do_syscall_64+0x8f/0x250 [ 94.202274][ T4286] ? fpregs_assert_state_consistent+0x48/0x60 [ 94.202281][ T4286] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 94.202287][ T4286] RIP: 0033:0x7f96226ceec9 [ 94.202293][ T4286] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 94.202299][ T4286] RSP: 002b:00007f9622537038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 94.202308][ T4286] RAX: ffffffffffffffda RBX: 00007f9622925fa0 RCX: 00007f96226ceec9 [ 94.202313][ T4286] RDX: 00002000000007c0 RSI: 0000000041009432 RDI: 0000000000000004 [ 94.202317][ T4286] RBP: 00007f9622751f91 R08: 0000000000000000 R09: 0000000000000000 [ 94.202321][ T4286] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 94.202325][ T4286] R13: 00007f9622926038 R14: 00007f9622925fa0 R15: 00007ffe95548628 [ 94.202333][ T4286] [ 94.202335][ T4286] [ 94.202338][ T4286] The buggy address belongs to stack of task syz.3.17/4286 [ 94.202341][ T4286] and is located at offset 304 in frame: [ 94.202345][ T4286] exfat_ioctl+0x0/0xde0 [ 94.202352][ T4286] [ 94.202354][ T4286] This frame has 7 objects: [ 94.202358][ T4286] [32, 36) 'lossy.i' [ 94.202362][ T4286] [48, 304) 'label.i50' [ 94.202366][ T4286] [368, 888) 'uniname.i51' [ 94.202369][ T4286] [1024, 1280) 'label.i' [ 94.202373][ T4286] [1344, 1864) 'uniname.i' [ 94.202376][ T4286] [2000, 2024) 'range.i' [ 94.202380][ T4286] [2064, 2144) 'ia.i' [ 94.202383][ T4286] [ 94.202386][ T4286] The buggy address belongs to a 8-page vmalloc region starting at 0xffffc900034a0000 allocated at copy_process+0x3ab/0x2ff0 [ 94.202408][ T4286] The buggy address belongs to the physical page: [ 94.202418][ T4286] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff888000000000 pfn:0x2a3ba [ 94.202424][ T4286] memcg:ffff88801a1ee402 [ 94.202428][ T4286] flags: 0x80000000000000(node=0|zone=1) [ 94.202441][ T4286] raw: 0080000000000000 0000000000000000 dead000000000122 0000000000000000 [ 94.202447][ T4286] raw: ffff888000000000 0000000000000000 00000001ffffffff ffff88801a1ee402 [ 94.202450][ T4286] page dumped because: kasan: bad access detected [ 94.202457][ T4286] page_owner tracks the page as allocated [ 94.202460][ T4286] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2dc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_ZERO|__GFP_NOWARN), pid 40, tgid 40 (kworker/u8:2), ts 92756563485, free_ts 92748563255 [ 94.202471][ T4286] post_alloc_hook+0x168/0x1a0 [ 94.202478][ T4286] get_page_from_freelist+0x27e0/0x2880 [ 94.202485][ T4286] __alloc_frozen_pages_noprof+0x26b/0x460 [ 94.202491][ T4286] alloc_pages_mpol+0xcb/0x270 [ 94.202497][ T4286] alloc_pages_noprof+0xe9/0x160 [ 94.202503][ T4286] __vmalloc_node_range_noprof+0x6da/0xf50 [ 94.202510][ T4286] __vmalloc_node_noprof+0xc6/0xe0 [ 94.202516][ T4286] dup_task_struct+0x54e/0x6c0 [ 94.202521][ T4286] copy_process+0x3ab/0x2ff0 [ 94.202525][ T4286] kernel_clone+0x195/0x640 [ 94.202530][ T4286] user_mode_thread+0xd8/0x130 [ 94.202535][ T4286] call_usermodehelper_exec_work+0x79/0x1c0 [ 94.202542][ T4286] process_scheduled_works+0x995/0x12d0 [ 94.202549][ T4286] worker_thread+0x850/0xc60 [ 94.202554][ T4286] kthread+0x598/0x690 [ 94.202559][ T4286] ret_from_fork+0x15e/0x2f0 [ 94.202570][ T4286] page last free pid 21 tgid 21 stack trace: [ 94.202574][ T4286] __free_frozen_pages+0xbf8/0xd90 [ 94.202580][ T4286] __tlb_remove_table+0x1c3/0x2a0 [ 94.202584][ T4286] tlb_remove_table_rcu+0x6e/0xd0 [ 94.202589][ T4286] rcu_cpu_kthread+0xa98/0x1800 [ 94.202595][ T4286] smpboot_thread_fn+0x3f7/0x7d0 [ 94.202601][ T4286] kthread+0x598/0x690 [ 94.202605][ T4286] ret_from_fork+0x15e/0x2f0 [ 94.202611][ T4286] ret_from_fork_asm+0x1a/0x30 [ 94.202616][ T4286] [ 94.202618][ T4286] Memory state around the buggy address: [ 94.202622][ T4286] ffffc900034a7600: 04 f2 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 94.202626][ T4286] ffffc900034a7680: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 94.202630][ T4286] >ffffc900034a7700: 00 00 f2 f2 f2 f2 f2 f2 f2 f2 00 00 00 00 00 00 [ 94.202633][ T4286] ^ [ 94.202636][ T4286] ffffc900034a7780: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 94.202640][ T4286] ffffc900034a7800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 94.202643][ T4286] ================================================================== [ 94.202650][ T4286] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 94.202958][ T4286] Kernel Offset: disabled