Warning: Permanently added '10.128.1.9' (ED25519) to the list of known hosts. 2025/06/26 18:32:23 ignoring optional flag "sandboxArg"="0" 2025/06/26 18:32:24 parsed 1 programs [ 83.977238][ T3505] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 87.444796][ T3538] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 87.453623][ T3538] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 87.462405][ T3538] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 87.471736][ T3538] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 92.418847][ T67] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 92.426958][ T67] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 92.448482][ T67] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 92.456395][ T67] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 2025/06/26 18:32:37 executed programs: 0 [ 98.163629][ T4089] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 98.174194][ T4089] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 98.185630][ T4089] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 98.197367][ T4089] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 106.639504][ T67] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 106.647761][ T67] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 106.672029][ T1369] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 106.680467][ T1369] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 2025/06/26 18:32:48 executed programs: 2 [ 106.884874][ T4861] ================================================================== [ 106.893058][ T4861] BUG: KASAN: slab-out-of-bounds in pause_parse_request+0x40/0x160 [ 106.900953][ T4861] Read of size 8 at addr ffff888111a60830 by task syz.2.16/4861 [ 106.908588][ T4861] [ 106.910919][ T4861] CPU: 0 UID: 0 PID: 4861 Comm: syz.2.16 Not tainted 6.16.0-rc2-syzkaller #0 PREEMPT(undef) [ 106.910938][ T4861] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 106.910953][ T4861] Call Trace: [ 106.910959][ T4861] [ 106.910966][ T4861] dump_stack_lvl+0x18a/0x250 [ 106.910988][ T4861] ? __pfx_dump_stack_lvl+0x10/0x10 [ 106.911006][ T4861] ? rcu_is_watching+0x1f/0xa0 [ 106.911025][ T4861] ? lock_release+0x42/0x2f0 [ 106.911045][ T4861] ? lock_acquire+0x69/0x210 [ 106.911064][ T4861] ? __virt_addr_valid+0x1a8/0x400 [ 106.911084][ T4861] ? __virt_addr_valid+0x301/0x400 [ 106.911102][ T4861] print_report+0xd2/0x2b0 [ 106.911121][ T4861] ? pause_parse_request+0x40/0x160 [ 106.911136][ T4861] kasan_report+0x118/0x150 [ 106.911153][ T4861] ? pause_parse_request+0x40/0x160 [ 106.911168][ T4861] pause_parse_request+0x40/0x160 [ 106.911183][ T4861] ? __pfx_pause_parse_request+0x10/0x10 [ 106.911198][ T4861] ethnl_default_set_doit+0x295/0x9d0 [ 106.911218][ T4861] ? genl_family_rcv_msg_attrs_parse+0x1c9/0x2a0 [ 106.911238][ T4861] genl_family_rcv_msg_doit+0x215/0x300 [ 106.911257][ T4861] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 106.911278][ T4861] ? security_capable+0x5d/0x210 [ 106.911301][ T4861] genl_rcv_msg+0x609/0x790 [ 106.911319][ T4861] ? __pfx_genl_rcv_msg+0x10/0x10 [ 106.911335][ T4861] ? __pfx_ethnl_default_set_doit+0x10/0x10 [ 106.911356][ T4861] netlink_rcv_skb+0x205/0x470 [ 106.911378][ T4861] ? __pfx_genl_rcv_msg+0x10/0x10 [ 106.911395][ T4861] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 106.911420][ T4861] genl_rcv+0x28/0x40 [ 106.911435][ T4861] netlink_unicast+0x71f/0x890 [ 106.911457][ T4861] netlink_sendmsg+0x7e8/0xb00 [ 106.911481][ T4861] ? __pfx_aa_sk_perm+0x10/0x10 [ 106.911497][ T4861] ? __pfx_netlink_sendmsg+0x10/0x10 [ 106.911522][ T4861] ? __pfx_netlink_sendmsg+0x10/0x10 [ 106.911545][ T4861] __sock_sendmsg+0x219/0x270 [ 106.911563][ T4861] ____sys_sendmsg+0x505/0x7e0 [ 106.911586][ T4861] ? __pfx_____sys_sendmsg+0x10/0x10 [ 106.911615][ T4861] ? import_iovec+0x74/0xa0 [ 106.911636][ T4861] ___sys_sendmsg+0x21f/0x2a0 [ 106.911659][ T4861] ? __pfx____sys_sendmsg+0x10/0x10 [ 106.911683][ T4861] ? futex_wait+0x285/0x360 [ 106.911706][ T4861] ? __fget_files+0x2a4/0x320 [ 106.911721][ T4861] __x64_sys_sendmsg+0x19b/0x260 [ 106.911744][ T4861] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 106.911769][ T4861] ? switch_fpu_return+0x12c/0x1c0 [ 106.911790][ T4861] do_syscall_64+0x8f/0x250 [ 106.911812][ T4861] ? fpregs_assert_state_consistent+0x66/0x90 [ 106.911833][ T4861] ? clear_bhb_loop+0x60/0xb0 [ 106.911850][ T4861] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 106.911867][ T4861] RIP: 0033:0x7fa87d78e929 [ 106.911884][ T4861] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 106.911898][ T4861] RSP: 002b:00007fa87d1ff038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 106.911918][ T4861] RAX: ffffffffffffffda RBX: 00007fa87d9b5fa0 RCX: 00007fa87d78e929 [ 106.911929][ T4861] RDX: 0000000000000040 RSI: 0000200000000000 RDI: 0000000000000003 [ 106.911940][ T4861] RBP: 00007fa87d810b39 R08: 0000000000000000 R09: 0000000000000000 [ 106.911950][ T4861] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 106.911960][ T4861] R13: 0000000000000000 R14: 00007fa87d9b5fa0 R15: 00007ffd37ba7178 [ 106.911973][ T4861] [ 106.911979][ T4861] [ 107.248251][ T4861] Allocated by task 4861: [ 107.252568][ T4861] kasan_save_track+0x3e/0x80 [ 107.257326][ T4861] __kasan_kmalloc+0x93/0xb0 [ 107.261902][ T4861] __kmalloc_noprof+0x263/0x500 [ 107.266781][ T4861] genl_family_rcv_msg_attrs_parse+0xa3/0x2a0 [ 107.272838][ T4861] genl_family_rcv_msg_doit+0xb8/0x300 [ 107.278289][ T4861] genl_rcv_msg+0x609/0x790 [ 107.282878][ T4861] netlink_rcv_skb+0x205/0x470 [ 107.287632][ T4861] genl_rcv+0x28/0x40 [ 107.291606][ T4861] netlink_unicast+0x71f/0x890 [ 107.296363][ T4861] netlink_sendmsg+0x7e8/0xb00 [ 107.301475][ T4861] __sock_sendmsg+0x219/0x270 [ 107.306225][ T4861] ____sys_sendmsg+0x505/0x7e0 [ 107.310998][ T4861] ___sys_sendmsg+0x21f/0x2a0 [ 107.315664][ T4861] __x64_sys_sendmsg+0x19b/0x260 [ 107.320590][ T4861] do_syscall_64+0x8f/0x250 [ 107.325183][ T4861] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 107.331235][ T4861] [ 107.333543][ T4861] The buggy address belongs to the object at ffff888111a60800 [ 107.333543][ T4861] which belongs to the cache kmalloc-64 of size 64 [ 107.347438][ T4861] The buggy address is located 8 bytes to the right of [ 107.347438][ T4861] allocated 40-byte region [ffff888111a60800, ffff888111a60828) [ 107.361843][ T4861] [ 107.364171][ T4861] The buggy address belongs to the physical page: [ 107.370573][ T4861] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x111a60 [ 107.379507][ T4861] anon flags: 0x200000000000000(node=0|zone=2) [ 107.385743][ T4861] page_type: f5(slab) [ 107.389801][ T4861] raw: 0200000000000000 ffff8881000418c0 ffffea0004768780 dead000000000005 [ 107.398463][ T4861] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 107.407221][ T4861] page dumped because: kasan: bad access detected [ 107.413649][ T4861] page_owner tracks the page as allocated [ 107.419399][ T4861] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x52cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 12, tgid 12 (kworker/u8:0), ts 6843562714, free_ts 0 [ 107.437799][ T4861] post_alloc_hook+0x168/0x1a0 [ 107.442559][ T4861] get_page_from_freelist+0x260e/0x2710 [ 107.448094][ T4861] __alloc_frozen_pages_noprof+0x26b/0x460 [ 107.454067][ T4861] alloc_pages_mpol+0xd1/0x330 [ 107.458908][ T4861] allocate_slab+0x8a/0x350 [ 107.463399][ T4861] ___slab_alloc+0x9dc/0x10e0 [ 107.468061][ T4861] __kmalloc_noprof+0x2e8/0x500 [ 107.473005][ T4861] security_task_alloc+0x4d/0x280 [ 107.478103][ T4861] copy_process+0x132c/0x3700 [ 107.482853][ T4861] kernel_clone+0x21c/0x8c0 [ 107.487358][ T4861] user_mode_thread+0xdd/0x140 [ 107.492146][ T4861] call_usermodehelper_exec_work+0x5c/0x230 [ 107.498047][ T4861] process_scheduled_works+0xa3a/0x1530 [ 107.503594][ T4861] worker_thread+0xa03/0xeb0 [ 107.508193][ T4861] kthread+0x667/0x760 [ 107.512245][ T4861] ret_from_fork+0x1b7/0x380 [ 107.516856][ T4861] page_owner free stack trace missing [ 107.522228][ T4861] [ 107.524660][ T4861] Memory state around the buggy address: [ 107.530355][ T4861] ffff888111a60700: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 107.538402][ T4861] ffff888111a60780: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 107.546545][ T4861] >ffff888111a60800: 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc fc [ 107.554594][ T4861] ^ [ 107.560223][ T4861] ffff888111a60880: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 107.568451][ T4861] ffff888111a60900: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 107.576512][ T4861] ================================================================== [ 107.585130][ T4861] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 107.592812][ T4861] Kernel Offset: disabled [ 107.597147][ T4861] Rebooting in 86400 seconds..