./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor3240845017

<...>
Warning: Permanently added '10.128.0.162' (ED25519) to the list of known hosts.
execve("./syz-executor3240845017", ["./syz-executor3240845017"], 0x7ffe95983040 /* 10 vars */) = 0
brk(NULL)                               = 0x55556f6aa000
brk(0x55556f6aad00)                     = 0x55556f6aad00
arch_prctl(ARCH_SET_FS, 0x55556f6aa380) = 0
set_tid_address(0x55556f6aa650)         = 5852
set_robust_list(0x55556f6aa660, 24)     = 0
rseq(0x55556f6aaca0, 0x20, 0, 0x53053053) = 0
prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0
readlink("/proc/self/exe", "/root/syz-executor3240845017", 4096) = 28
getrandom("\x45\x77\xbd\x82\x45\x10\x73\xb4", 8, GRND_NONBLOCK) = 8
brk(NULL)                               = 0x55556f6aad00
brk(0x55556f6cbd00)                     = 0x55556f6cbd00
brk(0x55556f6cc000)                     = 0x55556f6cc000
mprotect(0x7f036ac4d000, 16384, PROT_READ) = 0
mmap(0x1ffffffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffffffff000
mmap(0x200000000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x200000000000
mmap(0x200001000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0executing program
) = 0x200001000000
write(1, "executing program\n", 18)     = 18
socket(AF_NETLINK, SOCK_RAW, NETLINK_NETFILTER) = 3
sendmsg(3, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="\x14\x00\x00\x00\x10\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0a\x28\x00\x00\x00\x00\x0a\x01\x01\x00\x00\x00\x00\x5e\x1a\xff\xd5\x02\x00\x00\x00\x09\x00\x01\x00\x73\x79\x7a\x30\x00\x00\x00\x00\x08\x00\x02\x40\x00\x00\x00\x03\x2c\x00\x00\x00\x03\x0a\x01\x03\x00\x00\xe6\xff\x00\x00\x00\x00\x02\x00\x00\x00\x09\x00\x01\x00\x73\x79\x7a\x30\x00\x00\x00\x00\x09\x00\x03\x00\x73\x79\x7a\x32"..., iov_len=124}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, MSG_PROBE) = 124
[   86.576522][ T5852] ==================================================================
[   86.585743][ T5852] BUG: KASAN: slab-out-of-bounds in string+0x231/0x2b0
[   86.593995][ T5852] Read of size 1 at addr ffff8881416d4148 by task syz-executor324/5852
[   86.604457][ T5852] 
[   86.607019][ T5852] CPU: 1 UID: 0 PID: 5852 Comm: syz-executor324 Not tainted 6.16.0-rc6-next-20250714-syzkaller #0 PREEMPT(full) 
[   86.607034][ T5852] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[   86.607046][ T5852] Call Trace:
[   86.607052][ T5852]  <TASK>
[   86.607057][ T5852]  dump_stack_lvl+0x189/0x250
[   86.607075][ T5852]  ? __kasan_check_byte+0x12/0x40
[   86.607093][ T5852]  ? __pfx_dump_stack_lvl+0x10/0x10
[   86.607105][ T5852]  ? lock_release+0x4b/0x3e0
[   86.607117][ T5852]  ? __virt_addr_valid+0x4a5/0x5c0
[   86.607131][ T5852]  print_report+0xca/0x230
[   86.607140][ T5852]  ? string+0x231/0x2b0
[   86.607152][ T5852]  kasan_report+0x118/0x150
[   86.607160][ T5852]  ? __kasan_check_byte+0x12/0x40
[   86.607173][ T5852]  ? string+0x231/0x2b0
[   86.607186][ T5852]  string+0x231/0x2b0
[   86.607198][ T5852]  vsnprintf+0x739/0xf00
[   86.607212][ T5852]  vprintk_store+0x3c7/0xd00
[   86.607226][ T5852]  ? __pfx_vprintk_store+0x10/0x10
[   86.607238][ T5852]  ? stack_trace_save+0x9c/0xe0
[   86.607251][ T5852]  ? __pfx_stack_trace_save+0x10/0x10
[   86.607263][ T5852]  ? __is_module_percpu_address+0x28/0x3f0
[   86.607278][ T5852]  ? __lock_acquire+0xab9/0xd20
[   86.607292][ T5852]  ? is_printk_cpu_sync_owner+0x32/0x40
[   86.607303][ T5852]  vprintk_emit+0x21e/0x7a0
[   86.607315][ T5852]  ? __pfx_vprintk_emit+0x10/0x10
[   86.607326][ T5852]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[   86.607334][ T5852]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[   86.607346][ T5852]  _printk+0xcf/0x120
[   86.607358][ T5852]  ? __pfx____ratelimit+0x10/0x10
[   86.607367][ T5852]  ? __pfx__printk+0x10/0x10
[   86.607379][ T5852]  ? __flush_work+0xd2/0xbc0
[   86.607443][ T5852]  ? __flush_work+0xa5b/0xbc0
[   86.607455][ T5852]  nfacct_mt_checkentry+0xd2/0xe0
[   86.607466][ T5852]  xt_check_match+0x3d1/0xab0
[   86.607478][ T5852]  ? __pfx___flush_work+0x10/0x10
[   86.607490][ T5852]  ? __pfx_xt_check_match+0x10/0x10
[   86.607501][ T5852]  ? __pfx___might_resched+0x10/0x10
[   86.607537][ T5852]  ? nft_pernet+0x23/0x240
[   86.607553][ T5852]  ? nft_pernet+0x23/0x240
[   86.607562][ T5852]  ? nft_pernet+0x23/0x240
[   86.607574][ T5852]  __nft_match_init+0x63a/0x840
[   86.607587][ T5852]  ? __pfx___nft_match_init+0x10/0x10
[   86.607608][ T5852]  ? rcu_is_watching+0x15/0xb0
[   86.607620][ T5852]  ? trace_kmalloc+0x1f/0xd0
[   86.607632][ T5852]  ? nf_tables_newrule+0x1506/0x2890
[   86.607644][ T5852]  nf_tables_newrule+0x178f/0x2890
[   86.607658][ T5852]  ? __pfx_nf_tables_newrule+0x10/0x10
[   86.607669][ T5852]  ? nfnl_pernet+0x23/0x240
[   86.607684][ T5852]  ? __nla_parse+0x40/0x60
[   86.607695][ T5852]  nfnetlink_rcv+0x1132/0x2520
[   86.607714][ T5852]  ? __pfx_nfnetlink_rcv+0x10/0x10
[   86.607728][ T5852]  ? __lock_acquire+0xab9/0xd20
[   86.607751][ T5852]  ? netlink_deliver_tap+0x2e/0x1b0
[   86.607761][ T5852]  ? netlink_deliver_tap+0x2e/0x1b0
[   86.607775][ T5852]  netlink_unicast+0x759/0x8e0
[   86.607786][ T5852]  netlink_sendmsg+0x805/0xb30
[   86.607801][ T5852]  ? __pfx_netlink_sendmsg+0x10/0x10
[   86.607811][ T5852]  ? aa_sock_msg_perm+0xf1/0x1d0
[   86.607827][ T5852]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[   86.607838][ T5852]  ? __pfx_netlink_sendmsg+0x10/0x10
[   86.607848][ T5852]  __sock_sendmsg+0x219/0x270
[   86.607863][ T5852]  ____sys_sendmsg+0x505/0x830
[   86.607875][ T5852]  ? __pfx_____sys_sendmsg+0x10/0x10
[   86.607888][ T5852]  ? import_iovec+0x74/0xa0
[   86.607897][ T5852]  ___sys_sendmsg+0x21f/0x2a0
[   86.607908][ T5852]  ? __pfx____sys_sendmsg+0x10/0x10
[   86.607920][ T5852]  ? do_raw_spin_lock+0x121/0x290
[   86.607940][ T5852]  __x64_sys_sendmsg+0x19b/0x260
[   86.607951][ T5852]  ? _raw_spin_unlock_irq+0x2e/0x50
[   86.607959][ T5852]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[   86.607972][ T5852]  ? rcu_is_watching+0x15/0xb0
[   86.607985][ T5852]  do_syscall_64+0xfa/0x3b0
[   86.607995][ T5852]  ? lockdep_hardirqs_on+0x9c/0x150
[   86.608004][ T5852]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   86.608013][ T5852]  ? clear_bhb_loop+0x60/0xb0
[   86.608024][ T5852]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   86.608033][ T5852] RIP: 0033:0x7f036abda6a9
[   86.608048][ T5852] Code: 48 83 c4 28 c3 e8 37 17 00 00 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[   86.608056][ T5852] RSP: 002b:00007ffe5335dce8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   86.608070][ T5852] RAX: ffffffffffffffda RBX: 00007ffe5335deb8 RCX: 00007f036abda6a9
[   86.608077][ T5852] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000003
[   86.608083][ T5852] RBP: 00007f036ac4d610 R08: 0000000000000002 R09: 00007ffe5335deb8
[   86.608089][ T5852] R10: 0000000000000009 R11: 0000000000000246 R12: 0000000000000001
[   86.608094][ T5852] R13: 00007ffe5335dea8 R14: 0000000000000001 R15: 0000000000000001
[   86.608103][ T5852]  </TASK>
[   86.608107][ T5852] 
[   87.122488][ T5852] Allocated by task 5852:
[   87.127157][ T5852]  kasan_save_track+0x3e/0x80
[   87.132224][ T5852]  __kasan_kmalloc+0x93/0xb0
[   87.137022][ T5852]  __kmalloc_noprof+0x27a/0x4f0
[   87.142873][ T5852]  nf_tables_newrule+0x1506/0x2890
[   87.148303][ T5852]  nfnetlink_rcv+0x1132/0x2520
[   87.153433][ T5852]  netlink_unicast+0x759/0x8e0
[   87.159967][ T5852]  netlink_sendmsg+0x805/0xb30
[   87.166212][ T5852]  __sock_sendmsg+0x219/0x270
[   87.171499][ T5852]  ____sys_sendmsg+0x505/0x830
[   87.176635][ T5852]  ___sys_sendmsg+0x21f/0x2a0
[   87.181576][ T5852]  __x64_sys_sendmsg+0x19b/0x260
[   87.186705][ T5852]  do_syscall_64+0xfa/0x3b0
[   87.191561][ T5852]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   87.198129][ T5852] 
[   87.200581][ T5852] The buggy address belongs to the object at ffff8881416d4100
[   87.200581][ T5852]  which belongs to the cache kmalloc-cg-96 of size 96
[   87.215715][ T5852] The buggy address is located 0 bytes to the right of
[   87.215715][ T5852]  allocated 72-byte region [ffff8881416d4100, ffff8881416d4148)
[   87.232308][ T5852] 
[   87.234780][ T5852] The buggy address belongs to the physical page:
[   87.241701][ T5852] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1416d4
[   87.251361][ T5852] flags: 0x57ff00000000000(node=1|zone=2|lastcpupid=0x7ff)
[   87.260040][ T5852] page_type: f5(slab)
[   87.264542][ T5852] raw: 057ff00000000000 ffff88801a849640 dead000000000122 0000000000000000
[   87.273325][ T5852] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000
[   87.282813][ T5852] page dumped because: kasan: bad access detected
[   87.290488][ T5852] page_owner tracks the page as allocated
[   87.296555][ T5852] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x52cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 1, tgid 1 (swapper/0), ts 2706477909, free_ts 0
[   87.314751][ T5852]  post_alloc_hook+0x240/0x2a0
[   87.320556][ T5852]  get_page_from_freelist+0x21e4/0x22c0
[   87.326305][ T5852]  __alloc_frozen_pages_noprof+0x181/0x370
[   87.332565][ T5852]  alloc_pages_mpol+0x232/0x4a0
[   87.338293][ T5852]  allocate_slab+0x8a/0x370
[   87.343233][ T5852]  ___slab_alloc+0xbeb/0x1410
[   87.348241][ T5852]  __kmalloc_noprof+0x305/0x4f0
[   87.353558][ T5852]  __register_sysctl_table+0x72/0x1340
[   87.361672][ T5852]  net_sysctl_init+0x20/0x90
[   87.367311][ T5852]  sock_init+0x6a/0x190
[   87.371785][ T5852]  do_one_initcall+0x233/0x820
[   87.377263][ T5852]  do_initcall_level+0x137/0x1f0
[   87.383511][ T5852]  do_initcalls+0x69/0xd0
[   87.388556][ T5852]  kernel_init_freeable+0x3d9/0x590
[   87.394440][ T5852]  kernel_init+0x1d/0x1d0
[   87.399048][ T5852]  ret_from_fork+0x3f9/0x770
[   87.404556][ T5852] page_owner free stack trace missing
[   87.410047][ T5852] 
[   87.413203][ T5852] Memory state around the buggy address:
[   87.419203][ T5852]  ffff8881416d4000: 00 00 00 00 00 00 00 00 00 00 00 fc fc fc fc fc
[   87.428255][ T5852]  ffff8881416d4080: 00 00 00 00 00 00 00 00 00 00 00 fc fc fc fc fc
[   87.437170][ T5852] >ffff8881416d4100: 00 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc
[   87.446140][ T5852]                                               ^
[   87.452753][ T5852]  ffff8881416d4180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   87.461085][ T5852]  ffff8881416d4200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   87.469410][ T5852] ==================================================================
[   87.477951][ T5852] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[   87.485976][ T5852] CPU: 1 UID: 0 PID: 5852 Comm: syz-executor324 Not tainted 6.16.0-rc6-next-20250714-syzkaller #0 PREEMPT(full) 
[   87.499029][ T5852] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[   87.509657][ T5852] Call Trace:
[   87.513113][ T5852]  <TASK>
[   87.516658][ T5852]  dump_stack_lvl+0x99/0x250
[   87.521346][ T5852]  ? __asan_memcpy+0x40/0x70
[   87.526675][ T5852]  ? __pfx_dump_stack_lvl+0x10/0x10
[   87.532413][ T5852]  ? __pfx__printk+0x10/0x10
[   87.537187][ T5852]  vpanic+0x281/0x750
[   87.541728][ T5852]  ? __pfx_print_hex_dump+0x10/0x10
[   87.547598][ T5852]  ? __pfx_vpanic+0x10/0x10
[   87.552650][ T5852]  panic+0xb9/0xc0
[   87.557266][ T5852]  ? __pfx_panic+0x10/0x10
[   87.562008][ T5852]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[   87.568362][ T5852]  ? string+0x231/0x2b0
[   87.573416][ T5852]  check_panic_on_warn+0x89/0xb0
[   87.578714][ T5852]  ? string+0x231/0x2b0
[   87.583135][ T5852]  end_report+0x78/0x160
[   87.587915][ T5852]  kasan_report+0x129/0x150
[   87.593397][ T5852]  ? __kasan_check_byte+0x12/0x40
[   87.600348][ T5852]  ? string+0x231/0x2b0
[   87.604866][ T5852]  string+0x231/0x2b0
[   87.609031][ T5852]  vsnprintf+0x739/0xf00
[   87.613634][ T5852]  vprintk_store+0x3c7/0xd00
[   87.619518][ T5852]  ? __pfx_vprintk_store+0x10/0x10
[   87.625027][ T5852]  ? stack_trace_save+0x9c/0xe0
[   87.630434][ T5852]  ? __pfx_stack_trace_save+0x10/0x10
[   87.636696][ T5852]  ? __is_module_percpu_address+0x28/0x3f0
[   87.643045][ T5852]  ? __lock_acquire+0xab9/0xd20
[   87.648823][ T5852]  ? is_printk_cpu_sync_owner+0x32/0x40
[   87.655069][ T5852]  vprintk_emit+0x21e/0x7a0
[   87.660907][ T5852]  ? __pfx_vprintk_emit+0x10/0x10
[   87.666071][ T5852]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[   87.673016][ T5852]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[   87.680071][ T5852]  _printk+0xcf/0x120
[   87.685486][ T5852]  ? __pfx____ratelimit+0x10/0x10
[   87.691295][ T5852]  ? __pfx__printk+0x10/0x10
[   87.696850][ T5852]  ? __flush_work+0xd2/0xbc0
[   87.703308][ T5852]  ? __flush_work+0xa5b/0xbc0
[   87.708456][ T5852]  nfacct_mt_checkentry+0xd2/0xe0
[   87.714573][ T5852]  xt_check_match+0x3d1/0xab0
[   87.723077][ T5852]  ? __pfx___flush_work+0x10/0x10
[   87.728284][ T5852]  ? __pfx_xt_check_match+0x10/0x10
[   87.735568][ T5852]  ? __pfx___might_resched+0x10/0x10
[   87.741497][ T5852]  ? nft_pernet+0x23/0x240
[   87.747725][ T5852]  ? nft_pernet+0x23/0x240
[   87.752592][ T5852]  ? nft_pernet+0x23/0x240
[   87.757711][ T5852]  __nft_match_init+0x63a/0x840
[   87.762880][ T5852]  ? __pfx___nft_match_init+0x10/0x10
[   87.769746][ T5852]  ? rcu_is_watching+0x15/0xb0
[   87.774879][ T5852]  ? trace_kmalloc+0x1f/0xd0
[   87.779680][ T5852]  ? nf_tables_newrule+0x1506/0x2890
[   87.785747][ T5852]  nf_tables_newrule+0x178f/0x2890
[   87.791168][ T5852]  ? __pfx_nf_tables_newrule+0x10/0x10
[   87.796854][ T5852]  ? nfnl_pernet+0x23/0x240
[   87.801566][ T5852]  ? __nla_parse+0x40/0x60
[   87.806472][ T5852]  nfnetlink_rcv+0x1132/0x2520
[   87.811530][ T5852]  ? __pfx_nfnetlink_rcv+0x10/0x10
[   87.817005][ T5852]  ? __lock_acquire+0xab9/0xd20
[   87.822369][ T5852]  ? netlink_deliver_tap+0x2e/0x1b0
[   87.827757][ T5852]  ? netlink_deliver_tap+0x2e/0x1b0
[   87.833684][ T5852]  netlink_unicast+0x759/0x8e0
[   87.838863][ T5852]  netlink_sendmsg+0x805/0xb30
[   87.844634][ T5852]  ? __pfx_netlink_sendmsg+0x10/0x10
[   87.850278][ T5852]  ? aa_sock_msg_perm+0xf1/0x1d0
[   87.856024][ T5852]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[   87.862320][ T5852]  ? __pfx_netlink_sendmsg+0x10/0x10
[   87.867884][ T5852]  __sock_sendmsg+0x219/0x270
[   87.873118][ T5852]  ____sys_sendmsg+0x505/0x830
[   87.878154][ T5852]  ? __pfx_____sys_sendmsg+0x10/0x10
[   87.883625][ T5852]  ? import_iovec+0x74/0xa0
[   87.889041][ T5852]  ___sys_sendmsg+0x21f/0x2a0
[   87.894083][ T5852]  ? __pfx____sys_sendmsg+0x10/0x10
[   87.899894][ T5852]  ? do_raw_spin_lock+0x121/0x290
[   87.904941][ T5852]  __x64_sys_sendmsg+0x19b/0x260
[   87.910161][ T5852]  ? _raw_spin_unlock_irq+0x2e/0x50
[   87.915516][ T5852]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[   87.921862][ T5852]  ? rcu_is_watching+0x15/0xb0
[   87.927160][ T5852]  do_syscall_64+0xfa/0x3b0
[   87.933514][ T5852]  ? lockdep_hardirqs_on+0x9c/0x150
[   87.939770][ T5852]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   87.947092][ T5852]  ? clear_bhb_loop+0x60/0xb0
[   87.953775][ T5852]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   87.961401][ T5852] RIP: 0033:0x7f036abda6a9
[   87.965925][ T5852] Code: 48 83 c4 28 c3 e8 37 17 00 00 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[   87.987489][ T5852] RSP: 002b:00007ffe5335dce8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   87.996919][ T5852] RAX: ffffffffffffffda RBX: 00007ffe5335deb8 RCX: 00007f036abda6a9
[   88.006082][ T5852] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000003
[   88.014694][ T5852] RBP: 00007f036ac4d610 R08: 0000000000000002 R09: 00007ffe5335deb8
[   88.023546][ T5852] R10: 0000000000000009 R11: 0000000000000246 R12: 0000000000000001
[   88.031877][ T5852] R13: 00007ffe5335dea8 R14: 0000000000000001 R15: 0000000000000001
[   88.039875][ T5852]  </TASK>
[   88.043382][ T5852] Kernel Offset: disabled
[   88.048183][ T5852] Rebooting in 86400 seconds..