Warning: Permanently added '10.128.1.238' (ED25519) to the list of known hosts. 2025/07/15 00:05:32 ignoring optional flag "sandboxArg"="0" 2025/07/15 00:05:33 parsed 1 programs [ 68.810147][ T3627] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 69.186311][ T3633] IPVS: ftp: loaded support on port[0] = 21 [ 69.354777][ T3642] IPVS: ftp: loaded support on port[0] = 21 [ 69.531242][ T3650] IPVS: ftp: loaded support on port[0] = 21 [ 70.719152][ T3650] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 70.728296][ T3650] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 70.737946][ T3650] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 70.746979][ T3650] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 74.637415][ T4364] IPVS: ftp: loaded support on port[0] = 21 [ 74.663906][ T21] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 74.671984][ T21] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 74.679422][ T1696] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 74.693598][ T7] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 74.701596][ T7] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 74.710823][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 74.847523][ T4373] IPVS: ftp: loaded support on port[0] = 21 [ 75.158650][ T4401] IPVS: ftp: loaded support on port[0] = 21 [ 75.351453][ T4420] IPVS: ftp: loaded support on port[0] = 21 [ 75.562571][ T4439] IPVS: ftp: loaded support on port[0] = 21 [ 75.641669][ T4449] IPVS: ftp: loaded support on port[0] = 21 [ 75.691541][ T4452] IPVS: ftp: loaded support on port[0] = 21 [ 75.835421][ T4470] IPVS: ftp: loaded support on port[0] = 21 [ 76.073127][ T4492] IPVS: ftp: loaded support on port[0] = 21 [ 76.261242][ T4513] IPVS: ftp: loaded support on port[0] = 21 [ 76.422225][ T4530] IPVS: ftp: loaded support on port[0] = 21 2025/07/15 00:05:42 executed programs: 0 [ 76.968991][ T4565] IPVS: ftp: loaded support on port[0] = 21 [ 78.318249][ T4565] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 78.328160][ T4565] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 78.348197][ T4565] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 78.357677][ T4565] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 82.214180][ T33] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 82.222186][ T33] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 82.230243][ T853] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 82.239031][ T324] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 82.247133][ T324] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 82.254710][ T16] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready 2025/07/15 00:05:47 executed programs: 2 [ 82.316306][ T5298] ================================================================== [ 82.316321][ T5298] BUG: KASAN: slab-out-of-bounds in string+0x39c/0x3d0 [ 82.316331][ T5298] Read of size 1 at addr ffff888106b80bc8 by task syz.2.16/5298 [ 82.316339][ T5298] [ 82.316345][ T5298] CPU: 0 PID: 5298 Comm: syz.2.16 Not tainted 5.11.0-rc7-syzkaller #0 [ 82.316356][ T5298] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 82.316366][ T5298] Call Trace: [ 82.316371][ T5298] dump_stack+0xbe/0xf9 [ 82.316376][ T5298] ? string+0x39c/0x3d0 [ 82.316382][ T5298] print_address_description.constprop.0+0x18/0x170 [ 82.316389][ T5298] ? string+0x39c/0x3d0 [ 82.316394][ T5298] ? string+0x39c/0x3d0 [ 82.316400][ T5298] kasan_report.cold+0x7f/0x10e [ 82.316406][ T5298] ? string+0x39c/0x3d0 [ 82.316411][ T5298] string+0x39c/0x3d0 [ 82.316417][ T5298] ? ip6_addr_string_sa+0x830/0x830 [ 82.316423][ T5298] vsnprintf+0xa3f/0x16c0 [ 82.316429][ T5298] ? pointer+0xa50/0xa50 [ 82.316435][ T5298] ? kvm_sched_clock_read+0xd/0x20 [ 82.316441][ T5298] ? sched_clock+0x2a/0x40 [ 82.316447][ T5298] ? sched_clock_cpu+0x18/0x160 [ 82.316454][ T5298] vprintk_store+0x15d/0x790 [ 82.316460][ T5298] ? __ia32_sys_syslog+0xd0/0xd0 [ 82.316467][ T5298] ? __is_kernel_percpu_address+0x1ae/0x210 [ 82.316475][ T5298] ? register_lock_class+0x60f/0x16c0 [ 82.316482][ T5298] ? find_held_lock+0x2c/0x110 [ 82.316488][ T5298] vprintk_emit+0xa2/0x330 [ 82.316494][ T5298] vprintk_func+0x8b/0x140 [ 82.316500][ T5298] printk+0xba/0xed [ 82.316505][ T5298] ? record_print_text.cold+0x16/0x16 [ 82.316511][ T5298] ? ___ratelimit+0x7c/0x400 [ 82.316518][ T5298] ? do_raw_spin_unlock+0x171/0x230 [ 82.316525][ T5298] ? ___ratelimit+0x59/0x400 [ 82.316531][ T5298] nfacct_mt_checkentry.cold+0x1a/0x1f [ 82.316539][ T5298] ? nfacct_mt_destroy+0x60/0x60 [ 82.316545][ T5298] xt_check_match+0x278/0x650 [ 82.316552][ T5298] ? xt_check_target+0x650/0x650 [ 82.316558][ T5298] ? lock_acquire+0x11a/0x220 [ 82.316565][ T5298] ? stack_depot_save+0x1c5/0x3f0 [ 82.316571][ T5298] ? do_raw_spin_unlock+0x171/0x230 [ 82.316577][ T5298] ? stack_depot_save+0x229/0x3f0 [ 82.316583][ T5298] __nft_match_init+0x43d/0x620 [ 82.316588][ T5298] ? ___sys_sendmsg+0x70/0x170 [ 82.316594][ T5298] ? nft_parse_compat+0x280/0x280 [ 82.316600][ T5298] ? unpoison_range+0x3a/0x60 [ 82.316606][ T5298] ? __kmem_cache_create+0x2e0/0x580 [ 82.316612][ T5298] ? fs_reclaim_release+0x9c/0xe0 [ 82.316618][ T5298] ? ____kasan_kmalloc.constprop.0+0x84/0xa0 [ 82.316624][ T5298] ? unpoison_range+0x3a/0x60 [ 82.316630][ T5298] ? nft_match_large_init+0x160/0x160 [ 82.316636][ T5298] nf_tables_newrule+0xd6e/0x2740 [ 82.316641][ T5298] ? nf_tables_rule_release+0x1e0/0x1e0 [ 82.316647][ T5298] ? __mutex_unlock_slowpath+0xe1/0x460 [ 82.316653][ T5298] ? __nla_parse+0x3e/0x50 [ 82.316659][ T5298] nfnetlink_rcv_batch+0x7a0/0x1e20 [ 82.316665][ T5298] ? nf_tables_rule_release+0x1e0/0x1e0 [ 82.316671][ T5298] ? nfnetlink_rcv_msg+0x8c0/0x8c0 [ 82.316678][ T5298] ? apparmor_capable+0x1f4/0x5a0 [ 82.316685][ T5298] ? apparmor_ptrace_access_check+0x330/0x330 [ 82.316692][ T5298] ? apparmor_ptrace_access_check+0x330/0x330 [ 82.316700][ T5298] ? nla_get_range_signed+0x510/0x510 [ 82.316708][ T5298] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 82.316716][ T5298] ? cap_capable+0x1eb/0x250 [ 82.316723][ T5298] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 82.316731][ T5298] ? security_capable+0x95/0xc0 [ 82.316737][ T5298] ? __nla_parse+0x3e/0x50 [ 82.316742][ T5298] nfnetlink_rcv+0x3af/0x420 [ 82.316748][ T5298] ? nfnetlink_rcv_batch+0x1e20/0x1e20 [ 82.316754][ T5298] ? netlink_deliver_tap+0xd5/0x8f0 [ 82.316760][ T5298] ? lock_acquire+0x11a/0x220 [ 82.316766][ T5298] ? netlink_unicast+0x238/0x8f0 [ 82.316771][ T5298] netlink_unicast+0x64e/0x8f0 [ 82.316777][ T5298] ? netlink_attachskb+0x7f0/0x7f0 [ 82.316790][ T5298] ? _copy_from_iter_full+0x235/0x7d0 [ 82.316797][ T5298] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 82.316804][ T5298] ? __phys_addr_symbol+0x2c/0x70 [ 82.316811][ T5298] ? __sanitizer_cov_trace_cmp8+0x1d/0x70 [ 82.316818][ T5298] ? __check_object_size+0x1af/0x480 [ 82.316824][ T5298] netlink_sendmsg+0x856/0xd80 [ 82.316831][ T5298] ? netlink_unicast+0x8f0/0x8f0 [ 82.316838][ T5298] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 82.316845][ T5298] ? netlink_unicast+0x8f0/0x8f0 [ 82.316851][ T5298] sock_sendmsg+0x151/0x190 [ 82.316857][ T5298] ____sys_sendmsg+0x709/0x870 [ 82.316863][ T5298] ? kernel_sendmsg+0x50/0x50 [ 82.316869][ T5298] ? do_recvmmsg+0x6a0/0x6a0 [ 82.316875][ T5298] ? lock_downgrade+0x4e0/0x4e0 [ 82.316881][ T5298] ___sys_sendmsg+0xf3/0x170 [ 82.316888][ T5298] ? sendmsg_copy_msghdr+0x160/0x160 [ 82.316895][ T5298] ? __fget_files+0x1e4/0x2f0 [ 82.316901][ T5298] ? lock_downgrade+0x4e0/0x4e0 [ 82.316907][ T5298] ? lock_acquire+0x11a/0x220 [ 82.316914][ T5298] ? free_fdtable_rcu+0x70/0x70 [ 82.316920][ T5298] ? finish_task_switch.isra.0+0x2f5/0x680 [ 82.316927][ T5298] ? __fget_files+0x206/0x2f0 [ 82.316933][ T5298] ? __fget_light+0xea/0x280 [ 82.316939][ T5298] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 82.316945][ T5298] __sys_sendmsg+0xe5/0x1b0 [ 82.316951][ T5298] ? __sys_sendmsg_sock+0xb0/0xb0 [ 82.316957][ T5298] ? vtime_user_exit+0xde/0x180 [ 82.316964][ T5298] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 82.316972][ T5298] ? trace_user_exit.constprop.0+0x54/0xf0 [ 82.316978][ T5298] do_syscall_64+0x34/0x50 [ 82.316985][ T5298] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 82.316992][ T5298] RIP: 0033:0x7f0522e1a929 [ 82.317003][ T5298] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 82.317021][ T5298] RSP: 002b:00007f052288b038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 82.317035][ T5298] RAX: ffffffffffffffda RBX: 00007f0523041fa0 RCX: 00007f0522e1a929 [ 82.317044][ T5298] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000003 [ 82.317053][ T5298] RBP: 00007f0522e9cb39 R08: 0000000000000000 R09: 0000000000000000 [ 82.317063][ T5298] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 82.317074][ T5298] R13: 0000000000000000 R14: 00007f0523041fa0 R15: 00007ffc7aea58a8 [ 82.317081][ T5298] [ 82.317085][ T5298] Allocated by task 5298: [ 82.317092][ T5298] kasan_save_stack+0x1b/0x40 [ 82.317099][ T5298] ____kasan_kmalloc.constprop.0+0x84/0xa0 [ 82.317106][ T5298] nf_tables_newrule+0xadd/0x2740 [ 82.317112][ T5298] nfnetlink_rcv_batch+0x7a0/0x1e20 [ 82.317118][ T5298] nfnetlink_rcv+0x3af/0x420 [ 82.317124][ T5298] netlink_unicast+0x64e/0x8f0 [ 82.317130][ T5298] netlink_sendmsg+0x856/0xd80 [ 82.317136][ T5298] sock_sendmsg+0x151/0x190 [ 82.317142][ T5298] ____sys_sendmsg+0x709/0x870 [ 82.317148][ T5298] ___sys_sendmsg+0xf3/0x170 [ 82.317155][ T5298] __sys_sendmsg+0xe5/0x1b0 [ 82.317161][ T5298] do_syscall_64+0x34/0x50 [ 82.317168][ T5298] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 82.317174][ T5298] [ 82.317179][ T5298] Last potentially related work creation: [ 82.317204][ T5298] kasan_save_stack+0x1b/0x40 [ 82.317210][ T5298] kasan_record_aux_stack+0xbc/0xe0 [ 82.317216][ T5298] call_rcu+0xb6/0x670 [ 82.317221][ T5298] __nf_unregister_net_hook+0x1f8/0x4a0 [ 82.317228][ T5298] nf_unregister_net_hooks+0x117/0x160 [ 82.317235][ T5298] ip6table_mangle_net_pre_exit+0x4c/0x60 [ 82.317242][ T5298] cleanup_net+0x452/0xb10 [ 82.317248][ T5298] process_one_work+0x910/0x1250 [ 82.317255][ T5298] worker_thread+0x4d4/0xe70 [ 82.317261][ T5298] kthread+0x347/0x420 [ 82.317267][ T5298] ret_from_fork+0x22/0x30 [ 82.317272][ T5298] [ 82.317279][ T5298] The buggy address belongs to the object at ffff888106b80b80 [ 82.317289][ T5298] which belongs to the cache kmalloc-96 of size 96 [ 82.317297][ T5298] The buggy address is located 72 bytes inside of [ 82.317305][ T5298] 96-byte region [ffff888106b80b80, ffff888106b80be0) [ 82.317314][ T5298] The buggy address belongs to the page: [ 82.317323][ T5298] page:00000000cae82224 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106b80 [ 82.317334][ T5298] flags: 0x200000000000200(slab) [ 82.317343][ T5298] raw: 0200000000000200 ffffea0004095900 0000000400000004 ffff888100041780 [ 82.317354][ T5298] raw: 0000000000000000 0000000080200020 00000001ffffffff ffff88810e6b0601 [ 82.317365][ T5298] page dumped because: kasan: bad access detected [ 82.317373][ T5298] pages's memcg:ffff88810e6b0601 [ 82.317381][ T5298] page_owner tracks the page as allocated [ 82.317393][ T5298] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x12c40(GFP_NOFS|__GFP_NOWARN|__GFP_NORETRY), pid 1977, ts 11687336174 [ 82.317406][ T5298] post_alloc_hook+0x136/0x1a0 [ 82.317412][ T5298] get_page_from_freelist+0x20ee/0x2da0 [ 82.317420][ T5298] __alloc_pages_nodemask+0x275/0x5b0 [ 82.317427][ T5298] alloc_pages_current+0x1c9/0x370 [ 82.317434][ T5298] allocate_slab+0x27f/0x450 [ 82.317439][ T5298] ___slab_alloc+0x40e/0x6c0 [ 82.317444][ T5298] __kmalloc+0x299/0x2b0 [ 82.317449][ T5298] tomoyo_encode2.part.0+0xe9/0x3a0 [ 82.317453][ T5298] tomoyo_encode+0x28/0x50 [ 82.317458][ T5298] tomoyo_realpath_from_path+0x188/0x620 [ 82.317464][ T5298] tomoyo_check_open_permission+0x255/0x350 [ 82.317470][ T5298] tomoyo_file_open+0xa3/0xd0 [ 82.317477][ T5298] security_file_open+0x58/0x500 [ 82.317484][ T5298] do_dentry_open+0x4ec/0x1070 [ 82.317490][ T5298] path_openat+0x18c5/0x26b0 [ 82.317496][ T5298] do_filp_open+0x17e/0x3c0 [ 82.317501][ T5298] page last free stack trace: [ 82.317508][ T5298] free_pcp_prepare+0x44a/0x5a0 [ 82.317514][ T5298] free_unref_page+0x39/0x1f0 [ 82.317521][ T5298] kasan_depopulate_vmalloc_pte+0x59/0x70 [ 82.317527][ T5298] __apply_to_page_range+0x7bc/0x1350 [ 82.317533][ T5298] kasan_release_vmalloc+0xa7/0xc0 [ 82.317539][ T5298] __purge_vmap_area_lazy+0x8cf/0x1c80 [ 82.317546][ T5298] _vm_unmap_aliases.part.0+0x2d7/0x3c0 [ 82.317553][ T5298] vm_unmap_aliases+0x2f/0x40 [ 82.317560][ T5298] change_page_attr_set_clr+0x23f/0x4f0 [ 82.317567][ T5298] set_memory_nx+0xb2/0x110 [ 82.317573][ T5298] free_init_pages+0x52/0x80 [ 82.317579][ T5298] free_kernel_image_pages+0x20/0x50 [ 82.317584][ T5298] kernel_init+0x17/0x1bc [ 82.317590][ T5298] ret_from_fork+0x22/0x30 [ 82.317595][ T5298] [ 82.317599][ T5298] Memory state around the buggy address: [ 82.317607][ T5298] ffff888106b80a80: fb fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc [ 82.317618][ T5298] ffff888106b80b00: fb fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc [ 82.317628][ T5298] >ffff888106b80b80: 00 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc [ 82.317637][ T5298] ^ [ 82.317646][ T5298] ffff888106b80c00: 00 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc [ 82.317656][ T5298] ffff888106b80c80: 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc fc [ 82.317667][ T5298] ================================================================== [ 82.317677][ T5298] Disabling lock debugging due to kernel taint [ 82.317686][ T5298] Kernel panic - not syncing: panic_on_warn set ... [ 82.317887][ T5298] Kernel Offset: disabled