Warning: Permanently added '10.128.0.114' (ED25519) to the list of known hosts. executing program [ 42.035327][ T3969] loop0: detected capacity change from 0 to 256 [ 42.071332][ T3969] exfat: Bad value for 'uid' [ 42.156786][ T3969] ================================================================== [ 42.158966][ T3969] BUG: KASAN: slab-out-of-bounds in cfg80211_wext_freq+0x170/0x1ac [ 42.161125][ T3969] Read of size 2 at addr ffff0000c7d8a940 by task syz-executor415/3969 [ 42.163301][ T3969] [ 42.163923][ T3969] CPU: 0 PID: 3969 Comm: syz-executor415 Not tainted 5.15.160-syzkaller #0 [ 42.166255][ T3969] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024 [ 42.168959][ T3969] Call trace: [ 42.169791][ T3969] dump_backtrace+0x0/0x530 [ 42.170986][ T3969] show_stack+0x2c/0x3c [ 42.172083][ T3969] dump_stack_lvl+0x108/0x170 [ 42.173328][ T3969] print_address_description+0x7c/0x3f0 [ 42.174785][ T3969] kasan_report+0x174/0x1e4 [ 42.175978][ T3969] __asan_report_load2_noabort+0x44/0x50 [ 42.177516][ T3969] cfg80211_wext_freq+0x170/0x1ac [ 42.178849][ T3969] cfg80211_wext_siwscan+0x45c/0xe0c [ 42.180253][ T3969] ioctl_standard_iw_point+0x82c/0xe24 [ 42.181671][ T3969] ioctl_standard_call+0xcc/0x264 [ 42.183013][ T3969] wext_ioctl_dispatch+0x16c/0x3ec [ 42.184364][ T3969] wext_handle_ioctl+0x224/0x448 [ 42.185617][ T3969] sock_ioctl+0x140/0x8ac [ 42.186727][ T3969] __arm64_sys_ioctl+0x14c/0x1c8 [ 42.188069][ T3969] invoke_syscall+0x98/0x2b8 [ 42.189267][ T3969] el0_svc_common+0x138/0x258 [ 42.190485][ T3969] do_el0_svc+0x58/0x14c [ 42.191634][ T3969] el0_svc+0x7c/0x1f0 [ 42.192677][ T3969] el0t_64_sync_handler+0x84/0xe4 [ 42.193967][ T3969] el0t_64_sync+0x1a0/0x1a4 [ 42.195159][ T3969] [ 42.195756][ T3969] Allocated by task 3969: [ 42.196879][ T3969] ____kasan_kmalloc+0xbc/0xfc [ 42.198147][ T3969] __kasan_kmalloc+0x10/0x1c [ 42.199359][ T3969] __kmalloc+0x29c/0x4c8 [ 42.200474][ T3969] ioctl_standard_iw_point+0x3b8/0xe24 [ 42.201909][ T3969] ioctl_standard_call+0xcc/0x264 [ 42.203204][ T3969] wext_ioctl_dispatch+0x16c/0x3ec [ 42.204517][ T3969] wext_handle_ioctl+0x224/0x448 [ 42.205840][ T3969] sock_ioctl+0x140/0x8ac [ 42.207019][ T3969] __arm64_sys_ioctl+0x14c/0x1c8 [ 42.208287][ T3969] invoke_syscall+0x98/0x2b8 [ 42.209546][ T3969] el0_svc_common+0x138/0x258 [ 42.210792][ T3969] do_el0_svc+0x58/0x14c [ 42.211901][ T3969] el0_svc+0x7c/0x1f0 [ 42.212997][ T3969] el0t_64_sync_handler+0x84/0xe4 [ 42.214272][ T3969] el0t_64_sync+0x1a0/0x1a4 [ 42.215425][ T3969] [ 42.216057][ T3969] The buggy address belongs to the object at ffff0000c7d8a800 [ 42.216057][ T3969] which belongs to the cache kmalloc-512 of size 512 [ 42.219684][ T3969] The buggy address is located 320 bytes inside of [ 42.219684][ T3969] 512-byte region [ffff0000c7d8a800, ffff0000c7d8aa00) [ 42.223130][ T3969] The buggy address belongs to the page: [ 42.224565][ T3969] page:000000001aa7392f refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107d88 [ 42.227269][ T3969] head:000000001aa7392f order:2 compound_mapcount:0 compound_pincount:0 [ 42.229408][ T3969] flags: 0x5ffc00000010200(slab|head|node=0|zone=2|lastcpupid=0x7ff) [ 42.231637][ T3969] raw: 05ffc00000010200 dead000000000100 dead000000000122 ffff0000c0002600 [ 42.233861][ T3969] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 42.236073][ T3969] page dumped because: kasan: bad access detected [ 42.237697][ T3969] [ 42.238296][ T3969] Memory state around the buggy address: [ 42.239791][ T3969] ffff0000c7d8a800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 42.241939][ T3969] ffff0000c7d8a880: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 42.244061][ T3969] >ffff0000c7d8a900: 00 00 00 00 00 00 00 04 fc fc fc fc fc fc fc fc [ 42.246171][ T3969] ^ [ 42.247804][ T3969] ffff0000c7d8a980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 42.249952][ T3969] ffff0000c7d8aa00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 42.252064][ T3969] ================================================================== [ 42.254148][ T3969] Disabling lock debugging due to kernel taint [ 42.255811][ T3969] ================================================================================ [ 42.258212][ T3969] UBSAN: array-index-out-of-bounds in net/wireless/scan.c:2829:8 [ 42.260322][ T3969] index 33 is out of range for type 'struct iw_freq[32]' [ 42.262203][ T3969] CPU: 0 PID: 3969 Comm: syz-executor415 Tainted: G B 5.15.160-syzkaller #0 [ 42.264758][ T3969] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024 [ 42.267281][ T3969] Call trace: [ 42.268092][ T3969] dump_backtrace+0x0/0x530 [ 42.269268][ T3969] show_stack+0x2c/0x3c [ 42.270323][ T3969] dump_stack_lvl+0x108/0x170 [ 42.271546][ T3969] dump_stack+0x1c/0x58 [ 42.272622][ T3969] __ubsan_handle_out_of_bounds+0x108/0x15c [ 42.274150][ T3969] cfg80211_wext_siwscan+0x4cc/0xe0c [ 42.275530][ T3969] ioctl_standard_iw_point+0x82c/0xe24 [ 42.277015][ T3969] ioctl_standard_call+0xcc/0x264 [ 42.278312][ T3969] wext_ioctl_dispatch+0x16c/0x3ec [ 42.279596][ T3969] wext_handle_ioctl+0x224/0x448 [ 42.280883][ T3969] sock_ioctl+0x140/0x8ac [ 42.281980][ T3969] __arm64_sys_ioctl+0x14c/0x1c8 [ 42.283318][ T3969] invoke_syscall+0x98/0x2b8 [ 42.284493][ T3969] el0_svc_common+0x138/0x258 [ 42.285678][ T3969] do_el0_svc+0x58/0x14c [ 42.286804][ T3969] el0_svc+0x7c/0x1f0 [ 42.287901][ T3969] el0t_64_sync_handler+0x84/0xe4 [ 42.289178][ T3969] el0t_64_sync+0x1a0/0x1a4 [ 42.290400][ T3969] ================================================================================ executing program [ 42.384670][ T3971] loop0: detected capacity change from 0 to 256 [ 42.429469][ T3971] exfat: Bad value for 'uid' executing program [ 42.632900][ T3972] loop0: detected capacity change from 0 to 256 [ 42.689489][ T3972] exfat: Bad value for 'uid' executing program [ 43.081604][ T3973] loop0: detected capacity change from 0 to 256 [ 43.129320][ T3973] exfat: Bad value for 'uid' [ 43.297977][ T3974] loop0: detected capacity change from 0 to 256 executing program [ 43.349401][ T3974] exfat: Bad value for 'uid' executing program [ 43.714589][ T3975] loop0: detected capacity change from 0 to 256 [ 43.759412][ T3975] exfat: Bad value for 'uid' [ 43.928685][ T3976] loop0: detected capacity change from 0 to 256 executing program [ 43.969522][ T3976] exfat: Bad value for 'uid' [ 44.040980][ T3977] loop0: detected capacity change from 0 to 256 executing program [ 44.070984][ T3977] exfat: Bad value for 'uid' executing program [ 44.234979][ T3978] loop0: detected capacity change from 0 to 256 [ 44.279455][ T3978] exfat: Bad value for 'uid' executing program [ 44.368246][ T3979] loop0: detected capacity change from 0 to 256 [ 44.409531][ T3979] exfat: Bad value for 'uid' [ 44.612594][ T3980] loop0: detected capacity change from 0 to 256 executing program [ 44.659456][ T3980] exfat: Bad value for 'uid' executing program [ 44.949295][ T3981] loop0: detected capacity change from 0 to 256 [ 45.009256][ T3981] exfat: Bad value for 'uid' [ 45.172884][ T3982] loop0: detected capacity change from 0 to 256 executing program [ 45.219514][ T3982] exfat: Bad value for 'uid' executing program [ 45.367206][ T3983] loop0: detected capacity change from 0 to 256 [ 45.409450][ T3983] exfat: Bad value for 'uid' [ 45.580548][ T3984] loop0: detected capacity change from 0 to 256 executing program [ 45.629480][ T3984] exfat: Bad value for 'uid' [ 45.783995][ T3985] loop0: detected capacity change from 0 to 256 executing program [ 45.829474][ T3985] exfat: Bad value for 'uid' executing program [ 46.069351][ T3986] loop0: detected capacity change from 0 to 256 [ 46.119327][ T3986] exfat: Bad value for 'uid' executing program [ 46.334519][ T3987] loop0: detected capacity change from 0 to 256 [ 46.389441][ T3987] exfat: Bad value for 'uid' executing program [ 46.567939][ T3988] loop0: detected capacity change from 0 to 256 [ 46.609447][ T3988] exfat: Bad value for 'uid' [ 46.771811][ T3989] loop0: detected capacity change from 0 to 256 executing program [ 46.819329][ T3989] exfat: Bad value for 'uid' executing program [ 46.894909][ T3990] loop0: detected capacity change from 0 to 256 [ 46.939560][ T3990] exfat: Bad value for 'uid' [ 47.129052][ T3991] loop0: detected capacity change from 0 to 256 executing program [ 47.179332][ T3991] exfat: Bad value for 'uid' executing program [ 47.393806][ T3992] loop0: detected capacity change from 0 to 256 [ 47.429411][ T3992] exfat: Bad value for 'uid' executing program [ 47.598974][ T3993] loop0: detected capacity change from 0 to 256 [ 47.649301][ T3993] exfat: Bad value for 'uid' [ 47.823025][ T3994] loop0: detected capacity change from 0 to 256 executing program [ 47.879459][ T3994] exfat: Bad value for 'uid' executing program [ 48.250789][ T3995] loop0: detected capacity change from 0 to 256 [ 48.289414][ T3995] exfat: Bad value for 'uid' [ 48.494769][ T3996] loop0: detected capacity change from 0 to 256 executing program [ 48.539454][ T3996] exfat: Bad value for 'uid' [ 48.708673][ T3997] loop0: detected capacity change from 0 to 256 executing program [ 48.759429][ T3997] exfat: Bad value for 'uid' executing program [ 48.943371][ T3998] loop0: detected capacity change from 0 to 256 [ 48.999432][ T3998] exfat: Bad value for 'uid' executing program [ 49.340160][ T3999] loop0: detected capacity change from 0 to 256 [ 49.389277][ T3999] exfat: Bad value for 'uid' [ 49.483624][ T4000] loop0: detected capacity change from 0 to 256 executing program [ 49.529550][ T4000] exfat: Bad value for 'uid' [ 49.666982][ T4001] loop0: detected capacity change from 0 to 256 executing program [ 49.709509][ T4001] exfat: Bad value for 'uid' [ 49.860815][ T4002] loop0: detected capacity change from 0 to 256 executing program [ 49.889400][ T4002] exfat: Bad value for 'uid' executing program [ 50.258215][ T4003] loop0: detected capacity change from 0 to 256 [ 50.299423][ T4003] exfat: Bad value for 'uid' executing program [ 50.502990][ T4004] loop0: detected capacity change from 0 to 256 [ 50.549517][ T4004] exfat: Bad value for 'uid' executing program [ 50.747604][ T4005] loop0: detected capacity change from 0 to 256 [ 50.819403][ T4005] exfat: Bad value for 'uid' executing program [ 50.911232][ T4006] loop0: detected capacity change from 0 to 256 [ 50.949342][ T4006] exfat: Bad value for 'uid' executing program [ 51.115491][ T4007] loop0: detected capacity change from 0 to 256 [ 51.150245][ T4007] exfat: Bad value for 'uid' executing program [ 51.339236][ T4008] loop0: detected capacity change from 0 to 256 [ 51.379524][ T4008] exfat: Bad value for 'uid' executing program [ 51.472139][ T4009] loop0: detected capacity change from 0 to 256 [ 51.519319][ T4009] exfat: Bad value for 'uid' [ 51.901110][ T4010] loop0: detected capacity change from 0 to 256 executing program [ 51.960563][ T4010] exfat: Bad value for 'uid' executing program [ 52.054126][ T4011] loop0: detected capacity change from 0 to 256 [ 52.119507][ T4011] exfat: Bad value for 'uid'