Warning: Permanently added '10.128.1.142' (ED25519) to the list of known hosts.
executing program
executing program
executing program
executing program
executing program
executing program
[   60.107358][ T5091] warning: `syz-executor309' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
[   68.562438][ T6594] ==================================================================
[   68.570640][ T6594] BUG: KASAN: slab-out-of-bounds in cfg80211_wext_freq+0x1f9/0x240
[   68.578586][ T6594] Read of size 2 at addr ffff88801f290940 by task syz-executor309/6594
[   68.586923][ T6594] 
[   68.589371][ T6594] CPU: 0 PID: 6594 Comm: syz-executor309 Tainted: G        W          6.10.0-rc2-next-20240605-syzkaller #0
[   68.600843][ T6594] Tainted: [W]=WARN
[   68.604645][ T6594] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024
[   68.614897][ T6594] Call Trace:
[   68.618877][ T6594]  <TASK>
[   68.621902][ T6594]  dump_stack_lvl+0x241/0x360
[   68.626619][ T6594]  ? __pfx_dump_stack_lvl+0x10/0x10
[   68.631840][ T6594]  ? __pfx__printk+0x10/0x10
[   68.636456][ T6594]  ? _printk+0xd5/0x120
[   68.640606][ T6594]  ? __virt_addr_valid+0x183/0x520
[   68.645802][ T6594]  ? __virt_addr_valid+0x183/0x520
[   68.650907][ T6594]  print_report+0x169/0x550
[   68.655421][ T6594]  ? __virt_addr_valid+0x183/0x520
[   68.660632][ T6594]  ? __virt_addr_valid+0x183/0x520
[   68.665736][ T6594]  ? __virt_addr_valid+0x44e/0x520
[   68.671282][ T6594]  ? __phys_addr+0xba/0x170
[   68.675807][ T6594]  ? cfg80211_wext_freq+0x1f9/0x240
[   68.681036][ T6594]  kasan_report+0x143/0x180
[   68.685577][ T6594]  ? cfg80211_wext_freq+0x1f9/0x240
[   68.691129][ T6594]  cfg80211_wext_freq+0x1f9/0x240
[   68.696264][ T6594]  cfg80211_wext_siwscan+0x4fd/0x10d0
[   68.701654][ T6594]  ioctl_standard_iw_point+0x788/0xcb0
[   68.707106][ T6594]  ? do_raw_spin_unlock+0x13c/0x8b0
[   68.712332][ T6594]  ? __pfx_cfg80211_wext_siwscan+0x10/0x10
[   68.718128][ T6594]  ? __pfx_ioctl_standard_iw_point+0x10/0x10
[   68.724099][ T6594]  ? __mutex_lock+0x527/0xd70
[   68.728777][ T6594]  ? wext_ioctl_dispatch+0x106/0x640
[   68.734153][ T6594]  ? __pfx___mutex_lock+0x10/0x10
[   68.739168][ T6594]  ? full_name_hash+0x93/0xe0
[   68.743852][ T6594]  ioctl_standard_call+0xc7/0x290
[   68.748891][ T6594]  ? __pfx_cfg80211_wext_siwscan+0x10/0x10
[   68.754706][ T6594]  ? __pfx_cfg80211_wext_siwscan+0x10/0x10
[   68.760556][ T6594]  wext_ioctl_dispatch+0x58e/0x640
[   68.765756][ T6594]  ? __pfx_ioctl_standard_call+0x10/0x10
[   68.771393][ T6594]  ? __pfx_ioctl_private_call+0x10/0x10
[   68.776957][ T6594]  ? __pfx_wext_ioctl_dispatch+0x10/0x10
[   68.782604][ T6594]  ? __might_fault+0xc6/0x120
[   68.787288][ T6594]  wext_handle_ioctl+0x15f/0x270
[   68.792332][ T6594]  ? __pfx_wext_handle_ioctl+0x10/0x10
[   68.797805][ T6594]  sock_ioctl+0x17f/0x8e0
[   68.802134][ T6594]  ? __pfx_sock_ioctl+0x10/0x10
[   68.807066][ T6594]  ? __fget_files+0x29/0x470
[   68.811669][ T6594]  ? __fget_files+0x3f6/0x470
[   68.816355][ T6594]  ? __fget_files+0x29/0x470
[   68.821001][ T6594]  ? bpf_lsm_file_ioctl+0x9/0x10
[   68.825957][ T6594]  ? security_file_ioctl+0x87/0xb0
[   68.831090][ T6594]  ? __pfx_sock_ioctl+0x10/0x10
[   68.835982][ T6594]  __se_sys_ioctl+0xfc/0x170
[   68.840572][ T6594]  do_syscall_64+0xf3/0x230
[   68.845287][ T6594]  ? clear_bhb_loop+0x35/0x90
[   68.850060][ T6594]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   68.856541][ T6594] RIP: 0033:0x7f8f74142599
[   68.861139][ T6594] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[   68.881381][ T6594] RSP: 002b:00007f8f740fd218 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   68.889830][ T6594] RAX: ffffffffffffffda RBX: 00007f8f741cd328 RCX: 00007f8f74142599
[   68.897991][ T6594] RDX: 0000000020000000 RSI: 0000000000008b18 RDI: 0000000000000003
[   68.905991][ T6594] RBP: 00007f8f741cd320 R08: 0000000000000000 R09: 0000000000000000
[   68.913959][ T6594] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f8f7419a1bc
[   68.922096][ T6594] R13: 0073746e6576652e R14: 652e79726f6d656d R15: 0000000000000000
[   68.930157][ T6594]  </TASK>
[   68.933182][ T6594] 
[   68.935585][ T6594] Allocated by task 6594:
[   68.939907][ T6594]  kasan_save_track+0x3f/0x80
[   68.944597][ T6594]  __kasan_kmalloc+0x98/0xb0
[   68.949286][ T6594]  __kmalloc_noprof+0x1f9/0x400
[   68.954134][ T6594]  ioctl_standard_iw_point+0x4ae/0xcb0
[   68.959584][ T6594]  ioctl_standard_call+0xc7/0x290
[   68.964606][ T6594]  wext_ioctl_dispatch+0x58e/0x640
[   68.969710][ T6594]  wext_handle_ioctl+0x15f/0x270
[   68.974643][ T6594]  sock_ioctl+0x17f/0x8e0
[   68.978972][ T6594]  __se_sys_ioctl+0xfc/0x170
[   68.983730][ T6594]  do_syscall_64+0xf3/0x230
[   68.988249][ T6594]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   68.994168][ T6594] 
[   68.996483][ T6594] The buggy address belongs to the object at ffff88801f290800
[   68.996483][ T6594]  which belongs to the cache kmalloc-512 of size 512
[   69.010550][ T6594] The buggy address is located 4 bytes to the right of
[   69.010550][ T6594]  allocated 316-byte region [ffff88801f290800, ffff88801f29093c)
[   69.025063][ T6594] 
[   69.027373][ T6594] The buggy address belongs to the physical page:
[   69.033775][ T6594] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1f290
[   69.042524][ T6594] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   69.051034][ T6594] anon flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[   69.059378][ T6594] page_type: 0xfdffffff(slab)
[   69.064140][ T6594] raw: 00fff00000000040 ffff888015041c80 0000000000000000 dead000000000001
[   69.072817][ T6594] raw: 0000000000000000 0000000080100010 00000001fdffffff 0000000000000000
[   69.081652][ T6594] head: 00fff00000000040 ffff888015041c80 0000000000000000 dead000000000001
[   69.090912][ T6594] head: 0000000000000000 0000000080100010 00000001fdffffff 0000000000000000
[   69.099692][ T6594] head: 00fff00000000002 ffffea00007ca401 ffffffffffffffff 0000000000000000
[   69.108591][ T6594] head: 0000000000000004 0000000000000000 00000000ffffffff 0000000000000000
[   69.118319][ T6594] page dumped because: kasan: bad access detected
[   69.124938][ T6594] page_owner tracks the page as allocated
[   69.130745][ T6594] page last allocated via order 2, migratetype Unmovable, gfp_mask 0x52820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 1, tgid 1 (swapper/0), ts 7258318340, free_ts 0
[   69.148269][ T6594]  post_alloc_hook+0x1f3/0x230
[   69.153031][ T6594]  get_page_from_freelist+0x2cbd/0x2d70
[   69.158585][ T6594]  __alloc_pages_noprof+0x256/0x6c0
[   69.163770][ T6594]  alloc_slab_page+0x5f/0x120
[   69.168466][ T6594]  allocate_slab+0x5a/0x2f0
[   69.172977][ T6594]  ___slab_alloc+0xcd1/0x14b0
[   69.177670][ T6594]  __slab_alloc+0x58/0xa0
[   69.182037][ T6594]  __kmalloc_noprof+0x257/0x400
[   69.186901][ T6594]  fb_alloc_cmap_gfp+0x23c/0x6e0
[   69.191847][ T6594]  drm_fb_helper_alloc_info+0x80/0x120
[   69.197290][ T6594]  drm_fbdev_generic_helper_fb_probe+0x246/0x550
[   69.204232][ T6594]  __drm_fb_helper_initial_config_and_unlock+0x15fe/0x1e30
[   69.211439][ T6594]  drm_fbdev_generic_client_hotplug+0x16e/0x230
[   69.217667][ T6594]  drm_client_register+0x17f/0x210
[   69.222768][ T6594]  vkms_init+0x5f5/0x730
[   69.227025][ T6594]  do_one_initcall+0x248/0x880
[   69.231792][ T6594] page_owner free stack trace missing
[   69.237141][ T6594] 
[   69.239448][ T6594] Memory state around the buggy address:
[   69.245073][ T6594]  ffff88801f290800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   69.253208][ T6594]  ffff88801f290880: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
executing program
[   69.261362][ T6594] >ffff88801f290900: 00 00 00 00 00 00 00 04 fc fc fc fc fc fc fc fc
[   69.269872][ T6594]                                            ^
[   69.276051][ T6594]  ffff88801f290980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   69.284120][ T6594]  ffff88801f290a00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   69.292264][ T6594] ==================================================================
[   69.305032][ T6594] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[   69.312488][ T6594] CPU: 0 PID: 6594 Comm: syz-executor309 Tainted: G        W          6.10.0-rc2-next-20240605-syzkaller #0
[   69.323944][ T6594] Tainted: [W]=WARN
[   69.327756][ T6594] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024
[   69.337846][ T6594] Call Trace:
[   69.341146][ T6594]  <TASK>
[   69.344098][ T6594]  dump_stack_lvl+0x241/0x360
[   69.348799][ T6594]  ? __pfx_dump_stack_lvl+0x10/0x10
[   69.354035][ T6594]  ? __pfx__printk+0x10/0x10
[   69.358651][ T6594]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[   69.364658][ T6594]  ? vscnprintf+0x5d/0x90
[   69.369018][ T6594]  panic+0x349/0x870
[   69.373037][ T6594]  ? check_panic_on_warn+0x21/0xb0
[   69.378172][ T6594]  ? __pfx_panic+0x10/0x10
[   69.382616][ T6594]  ? _raw_spin_unlock_irqrestore+0x130/0x140
[   69.389086][ T6594]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[   69.395691][ T6594]  check_panic_on_warn+0x86/0xb0
[   69.400636][ T6594]  ? cfg80211_wext_freq+0x1f9/0x240
[   69.405847][ T6594]  end_report+0x77/0x160
[   69.410133][ T6594]  kasan_report+0x154/0x180
[   69.414658][ T6594]  ? cfg80211_wext_freq+0x1f9/0x240
[   69.419874][ T6594]  cfg80211_wext_freq+0x1f9/0x240
[   69.424898][ T6594]  cfg80211_wext_siwscan+0x4fd/0x10d0
[   69.430278][ T6594]  ioctl_standard_iw_point+0x788/0xcb0
[   69.435751][ T6594]  ? do_raw_spin_unlock+0x13c/0x8b0
[   69.440956][ T6594]  ? __pfx_cfg80211_wext_siwscan+0x10/0x10
[   69.446777][ T6594]  ? __pfx_ioctl_standard_iw_point+0x10/0x10
[   69.452843][ T6594]  ? __mutex_lock+0x527/0xd70
[   69.457524][ T6594]  ? wext_ioctl_dispatch+0x106/0x640
[   69.462824][ T6594]  ? __pfx___mutex_lock+0x10/0x10
[   69.467867][ T6594]  ? full_name_hash+0x93/0xe0
[   69.472746][ T6594]  ioctl_standard_call+0xc7/0x290
[   69.477878][ T6594]  ? __pfx_cfg80211_wext_siwscan+0x10/0x10
[   69.483774][ T6594]  ? __pfx_cfg80211_wext_siwscan+0x10/0x10
[   69.489575][ T6594]  wext_ioctl_dispatch+0x58e/0x640
[   69.494693][ T6594]  ? __pfx_ioctl_standard_call+0x10/0x10
[   69.500471][ T6594]  ? __pfx_ioctl_private_call+0x10/0x10
[   69.506022][ T6594]  ? __pfx_wext_ioctl_dispatch+0x10/0x10
[   69.511656][ T6594]  ? __might_fault+0xc6/0x120
[   69.516331][ T6594]  wext_handle_ioctl+0x15f/0x270
[   69.521265][ T6594]  ? __pfx_wext_handle_ioctl+0x10/0x10
[   69.526716][ T6594]  sock_ioctl+0x17f/0x8e0
[   69.531071][ T6594]  ? __pfx_sock_ioctl+0x10/0x10
[   69.535939][ T6594]  ? __fget_files+0x29/0x470
[   69.540525][ T6594]  ? __fget_files+0x3f6/0x470
[   69.545191][ T6594]  ? __fget_files+0x29/0x470
[   69.549762][ T6594]  ? bpf_lsm_file_ioctl+0x9/0x10
[   69.554684][ T6594]  ? security_file_ioctl+0x87/0xb0
[   69.559778][ T6594]  ? __pfx_sock_ioctl+0x10/0x10
[   69.564634][ T6594]  __se_sys_ioctl+0xfc/0x170
[   69.569245][ T6594]  do_syscall_64+0xf3/0x230
[   69.573779][ T6594]  ? clear_bhb_loop+0x35/0x90
[   69.578452][ T6594]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   69.584437][ T6594] RIP: 0033:0x7f8f74142599
[   69.588846][ T6594] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[   69.608449][ T6594] RSP: 002b:00007f8f740fd218 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   69.616857][ T6594] RAX: ffffffffffffffda RBX: 00007f8f741cd328 RCX: 00007f8f74142599
[   69.624842][ T6594] RDX: 0000000020000000 RSI: 0000000000008b18 RDI: 0000000000000003
[   69.632812][ T6594] RBP: 00007f8f741cd320 R08: 0000000000000000 R09: 0000000000000000
[   69.641044][ T6594] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f8f7419a1bc
[   69.649195][ T6594] R13: 0073746e6576652e R14: 652e79726f6d656d R15: 0000000000000000
[   69.657297][ T6594]  </TASK>
[   69.660724][ T6594] Kernel Offset: disabled
[   69.665057][ T6594] Rebooting in 86400 seconds..