Warning: Permanently added '10.128.0.230' (ECDSA) to the list of known hosts. executing program executing program executing program executing program executing program executing program executing program executing program [ 46.604353][ T197] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 46.612325][ T197] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 46.629159][ T197] ================================================================== [ 46.637376][ T197] BUG: KASAN: use-after-free in ieee80211_ibss_build_presp+0xfdb/0x1850 [ 46.645724][ T197] Read of size 4 at addr ffff88801ce26fc8 by task kworker/u4:4/197 [ 46.653592][ T197] [ 46.655900][ T197] CPU: 1 PID: 197 Comm: kworker/u4:4 Not tainted 5.12.0-rc4-syzkaller #0 [ 46.664299][ T197] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 46.674356][ T197] Workqueue: phy0 ieee80211_iface_work [ 46.679823][ T197] Call Trace: [ 46.683188][ T197] dump_stack+0x176/0x24e [ 46.687512][ T197] print_address_description+0x5f/0x3a0 [ 46.693062][ T197] kasan_report+0x15c/0x200 [ 46.697593][ T197] ? ieee80211_ibss_build_presp+0xfdb/0x1850 [ 46.703568][ T197] kasan_check_range+0x2b5/0x2f0 [ 46.708522][ T197] ? ieee80211_ibss_build_presp+0xfdb/0x1850 [ 46.714485][ T197] memcpy+0x25/0x60 [ 46.718280][ T197] ieee80211_ibss_build_presp+0xfdb/0x1850 [ 46.724108][ T197] ? __mutex_unlock_slowpath+0x12d/0x520 [ 46.729756][ T197] ? __ieee80211_sta_join_ibss+0x6dc/0x12f0 [ 46.735662][ T197] __ieee80211_sta_join_ibss+0x70d/0x12f0 [ 46.741415][ T197] ieee80211_sta_create_ibss+0x312/0x530 [ 46.747059][ T197] ieee80211_ibss_work+0xdb1/0x1450 [ 46.752265][ T197] ? ieee80211_iface_work+0x9d3/0xb10 [ 46.757644][ T197] process_one_work+0x789/0xfd0 [ 46.762516][ T197] worker_thread+0xac1/0x1300 [ 46.767240][ T197] ? rcu_lock_release+0x20/0x20 [ 46.772092][ T197] kthread+0x39a/0x3c0 [ 46.776149][ T197] ? rcu_lock_release+0x20/0x20 [ 46.780999][ T197] ? kthread_blkcg+0xd0/0xd0 [ 46.785571][ T197] ret_from_fork+0x1f/0x30 [ 46.789997][ T197] [ 46.792320][ T197] Allocated by task 6461: [ 46.796726][ T197] ____kasan_kmalloc+0xc2/0xf0 [ 46.801476][ T197] __kmalloc+0xb4/0x380 [ 46.805614][ T197] smk_parse_smack+0x18e/0x220 [ 46.810361][ T197] smk_import_entry+0x22/0x400 [ 46.815112][ T197] smack_d_instantiate+0x6af/0xcc0 [ 46.820220][ T197] security_d_instantiate+0xa5/0x100 [ 46.825498][ T197] d_instantiate+0x51/0x90 [ 46.829910][ T197] shmem_symlink+0x53f/0x6f0 [ 46.834494][ T197] vfs_symlink+0x3a0/0x540 [ 46.838892][ T197] do_symlinkat+0x1c9/0x440 [ 46.843374][ T197] do_syscall_64+0x2d/0x70 [ 46.847773][ T197] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 46.853647][ T197] [ 46.855954][ T197] Freed by task 8417: [ 46.859917][ T197] kasan_set_track+0x3d/0x70 [ 46.864509][ T197] kasan_set_free_info+0x1f/0x40 [ 46.869430][ T197] ____kasan_slab_free+0x100/0x140 [ 46.874539][ T197] slab_free_freelist_hook+0x171/0x270 [ 46.879996][ T197] kfree+0xcf/0x2d0 [ 46.883794][ T197] ieee80211_ibss_leave+0x80/0xf0 [ 46.888804][ T197] __cfg80211_leave_ibss+0x11c/0x200 [ 46.894081][ T197] cfg80211_leave_ibss+0x5c/0x70 [ 46.899007][ T197] cfg80211_change_iface+0x46c/0xb40 [ 46.904278][ T197] nl80211_set_interface+0x497/0x7f0 [ 46.909567][ T197] genl_rcv_msg+0xe4e/0x1280 [ 46.914140][ T197] netlink_rcv_skb+0x190/0x3a0 [ 46.918886][ T197] genl_rcv+0x24/0x40 [ 46.922852][ T197] netlink_unicast+0x786/0x940 [ 46.927593][ T197] netlink_sendmsg+0x9ae/0xd50 [ 46.932338][ T197] ____sys_sendmsg+0x519/0x800 [ 46.937096][ T197] __sys_sendmsg+0x2bf/0x370 [ 46.941693][ T197] do_syscall_64+0x2d/0x70 [ 46.946095][ T197] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 46.951976][ T197] [ 46.954284][ T197] The buggy address belongs to the object at ffff88801ce26fc8 [ 46.954284][ T197] which belongs to the cache kmalloc-8 of size 8 [ 46.967972][ T197] The buggy address is located 0 bytes inside of [ 46.967972][ T197] 8-byte region [ffff88801ce26fc8, ffff88801ce26fd0) [ 46.981053][ T197] The buggy address belongs to the page: [ 46.986662][ T197] page:ffffea0000738980 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1ce26 [ 46.996836][ T197] flags: 0xfff00000000200(slab) [ 47.001698][ T197] raw: 00fff00000000200 ffffea0000421d80 0000000e0000000e ffff888010841280 [ 47.010272][ T197] raw: 0000000000000000 0000000080660066 00000001ffffffff 0000000000000000 [ 47.018844][ T197] page dumped because: kasan: bad access detected [ 47.025233][ T197] [ 47.027540][ T197] Memory state around the buggy address: [ 47.033152][ T197] ffff88801ce26e80: fc 00 fc fc fc fc 00 fc fc fc fc fb fc fc fc fc [ 47.041540][ T197] ffff88801ce26f00: fb fc fc fc fc fb fc fc fc fc 00 fc fc fc fc 00 [ 47.049586][ T197] >ffff88801ce26f80: fc fc fc fc 00 fc fc fc fc fa fc fc fc fc fc fc [ 47.057634][ T197] ^ [ 47.064029][ T197] ffff88801ce27000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 47.072120][ T197] ffff88801ce27080: 00 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc [ 47.080158][ T197] ================================================================== [ 47.088212][ T197] Disabling lock debugging due to kernel taint [ 47.100364][ T197] Kernel panic - not syncing: panic_on_warn set ... [ 47.106960][ T197] CPU: 0 PID: 197 Comm: kworker/u4:4 Tainted: G B 5.12.0-rc4-syzkaller #0 [ 47.116868][ T197] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 47.126926][ T197] Workqueue: phy0 ieee80211_iface_work [ 47.132393][ T197] Call Trace: [ 47.135667][ T197] dump_stack+0x176/0x24e [ 47.139999][ T197] panic+0x291/0x800 [ 47.143901][ T197] ? trace_hardirqs_on+0x30/0x80 [ 47.148836][ T197] kasan_report+0x1ff/0x200 [ 47.153339][ T197] ? ieee80211_ibss_build_presp+0xfdb/0x1850 [ 47.159326][ T197] kasan_check_range+0x2b5/0x2f0 [ 47.164242][ T197] ? ieee80211_ibss_build_presp+0xfdb/0x1850 [ 47.170201][ T197] memcpy+0x25/0x60 [ 47.173986][ T197] ieee80211_ibss_build_presp+0xfdb/0x1850 [ 47.179834][ T197] ? __mutex_unlock_slowpath+0x12d/0x520 [ 47.185457][ T197] ? __ieee80211_sta_join_ibss+0x6dc/0x12f0 [ 47.191337][ T197] __ieee80211_sta_join_ibss+0x70d/0x12f0 [ 47.197036][ T197] ieee80211_sta_create_ibss+0x312/0x530 [ 47.202708][ T197] ieee80211_ibss_work+0xdb1/0x1450 [ 47.207898][ T197] ? ieee80211_iface_work+0x9d3/0xb10 [ 47.213288][ T197] process_one_work+0x789/0xfd0 [ 47.218128][ T197] worker_thread+0xac1/0x1300 [ 47.222791][ T197] ? rcu_lock_release+0x20/0x20 [ 47.227634][ T197] kthread+0x39a/0x3c0 [ 47.231678][ T197] ? rcu_lock_release+0x20/0x20 [ 47.236500][ T197] ? kthread_blkcg+0xd0/0xd0 [ 47.241063][ T197] ret_from_fork+0x1f/0x30 [ 47.246189][ T197] Kernel Offset: disabled [ 47.250496][ T197] Rebooting in 86400 seconds..