./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor4263837646

<...>
Warning: Permanently added '10.128.0.90' (ED25519) to the list of known hosts.
execve("./syz-executor4263837646", ["./syz-executor4263837646"], 0x7ffc6615c020 /* 10 vars */) = 0
brk(NULL)                               = 0x55555719c000
brk(0x55555719cd00)                     = 0x55555719cd00
arch_prctl(ARCH_SET_FS, 0x55555719c380) = 0
set_tid_address(0x55555719c650)         = 5060
set_robust_list(0x55555719c660, 24)     = 0
rseq(0x55555719cca0, 0x20, 0, 0x53053053) = 0
prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0
readlink("/proc/self/exe", "/root/syz-executor4263837646", 4096) = 28
getrandom("\xa9\x7d\x24\x1e\x51\x7b\x87\x55", 8, GRND_NONBLOCK) = 8
brk(NULL)                               = 0x55555719cd00
brk(0x5555571bdd00)                     = 0x5555571bdd00
brk(0x5555571be000)                     = 0x5555571be000
mprotect(0x7efd0736e000, 16384, PROT_READ) = 0
mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000
mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000
mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000
getpid()                                = 5060
openat(AT_FDCWD, "/sys/kernel/debug/x86/nmi_longest_ns", O_WRONLY|O_CLOEXEC) = 3
write(3, "10000000000", 11)             = 11
close(3)                                = 0
openat(AT_FDCWD, "/proc/sys/kernel/hung_task_check_interval_secs", O_WRONLY|O_CLOEXEC) = 3
write(3, "20", 2)                       = 2
close(3)                                = 0
openat(AT_FDCWD, "/proc/sys/net/core/bpf_jit_kallsyms", O_WRONLY|O_CLOEXEC) = 3
write(3, "1", 1)                        = 1
close(3)                                = 0
openat(AT_FDCWD, "/proc/sys/net/core/bpf_jit_harden", O_WRONLY|O_CLOEXEC) = 3
write(3, "0", 1)                        = 1
close(3)                                = 0
openat(AT_FDCWD, "/proc/sys/kernel/kptr_restrict", O_WRONLY|O_CLOEXEC) = 3
write(3, "0", 1)                        = 1
close(3)                                = 0
openat(AT_FDCWD, "/proc/sys/kernel/softlockup_all_cpu_backtrace", O_WRONLY|O_CLOEXEC) = 3
write(3, "1", 1)                        = 1
close(3)                                = 0
openat(AT_FDCWD, "/proc/sys/fs/mount-max", O_WRONLY|O_CLOEXEC) = 3
write(3, "100", 3)                      = 3
close(3)                                = 0
openat(AT_FDCWD, "/proc/sys/vm/oom_dump_tasks", O_WRONLY|O_CLOEXEC) = 3
write(3, "0", 1)                        = 1
close(3)                                = 0
openat(AT_FDCWD, "/proc/sys/debug/exception-trace", O_WRONLY|O_CLOEXEC) = 3
write(3, "0", 1)                        = 1
close(3)                                = 0
openat(AT_FDCWD, "/proc/sys/kernel/printk", O_WRONLY|O_CLOEXEC) = 3
write(3, "7 4 1 3", 7)                  = 7
close(3)                                = 0
openat(AT_FDCWD, "/proc/sys/kernel/keys/gc_delay", O_WRONLY|O_CLOEXEC) = 3
write(3, "1", 1)                        = 1
close(3)                                = 0
openat(AT_FDCWD, "/proc/sys/vm/oom_kill_allocating_task", O_WRONLY|O_CLOEXEC) = 3
write(3, "1", 1)                        = 1
close(3)                                = 0
openat(AT_FDCWD, "/proc/sys/kernel/ctrl-alt-del", O_WRONLY|O_CLOEXEC) = 3
write(3, "0", 1)                        = 1
close(3)                                = 0
openat(AT_FDCWD, "/proc/sys/kernel/cad_pid", O_WRONLY|O_CLOEXEC) = 3
write(3, "5060", 4)                     = 4
close(3)                                = 0
socketpair(AF_UNIX, SOCK_SEQPACKET, 0, [3, 4]) = 0
setsockopt(4, SOL_SOCKET, SO_ATTACH_FILTER, {len=3, filter=0x20000040}, 16) = 0
[   76.114299][ T5060] ==================================================================
[   76.122400][ T5060] BUG: KASAN: slab-use-after-free in nla_find+0x120/0x130
[   76.129515][ T5060] Read of size 2 at addr ffff88807bc42ca0 by task syz-executor426/5060
[   76.137735][ T5060] 
[   76.140044][ T5060] CPU: 1 PID: 5060 Comm: syz-executor426 Not tainted 6.7.0-rc5-syzkaller-01062-g358105ab92fc #0
[   76.150458][ T5060] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023
[   76.160590][ T5060] Call Trace:
[   76.163859][ T5060]  <TASK>
[   76.166792][ T5060]  dump_stack_lvl+0xd9/0x1b0
[   76.171397][ T5060]  print_report+0xc4/0x620
[   76.175900][ T5060]  ? __virt_addr_valid+0x5e/0x2d0
[   76.180929][ T5060]  ? __phys_addr+0xc6/0x140
[   76.185869][ T5060]  kasan_report+0xda/0x110
[   76.190474][ T5060]  ? nla_find+0x120/0x130
[   76.194805][ T5060]  ? nla_find+0x120/0x130
[   76.199132][ T5060]  nla_find+0x120/0x130
[   76.203288][ T5060]  bpf_skb_get_nlattr_nest+0x178/0x1f0
[   76.208831][ T5060]  ? sk_filter_trim_cap+0x387/0xa40
[   76.214025][ T5060]  ? __check_object_size+0x323/0x730
[   76.219392][ T5060]  ? bpf_msg_push_data+0x21e0/0x21e0
[   76.224674][ T5060]  ? unix_dgram_sendmsg+0xb32/0x1ca0
[   76.229950][ T5060]  ? unix_stream_recvmsg+0x1b0/0x1b0
[   76.235238][ T5060]  ? aa_file_perm+0x4e8/0x1000
[   76.240006][ T5060]  ? unix_seqpacket_sendmsg+0x11d/0x1b0
[   76.245545][ T5060]  ? unix_dgram_sendmsg+0x1ca0/0x1ca0
[   76.250918][ T5060]  ? __sock_sendmsg+0xd5/0x180
[   76.255685][ T5060]  ? sock_write_iter+0x29b/0x3d0
[   76.260626][ T5060]  ? __sock_sendmsg+0x180/0x180
[   76.265649][ T5060]  ? print_usage_bug.part.0+0x550/0x550
[   76.271199][ T5060]  ? reacquire_held_locks+0x4c0/0x4c0
[   76.276604][ T5060]  ? find_held_lock+0x2d/0x110
[   76.281367][ T5060]  ? do_iter_readv_writev+0x21e/0x3c0
[   76.286730][ T5060]  ? generic_copy_file_range+0x1d0/0x1d0
[   76.292358][ T5060]  ? bpf_lsm_file_permission+0x9/0x10
[   76.297730][ T5060]  ? security_file_permission+0x94/0x100
[   76.303359][ T5060]  ? do_iter_write+0x17f/0x7f0
[   76.308118][ T5060]  ? vfs_writev+0x221/0x700
[   76.312607][ T5060]  ? ptrace_stop.part.0+0x457/0x7a0
[   76.317904][ T5060]  ? vfs_iter_write+0xb0/0xb0
[   76.322604][ T5060]  ? do_raw_spin_lock+0x12e/0x2b0
[   76.327631][ T5060]  ? spin_bug+0x1d0/0x1d0
[   76.331967][ T5060]  ? cgroup_update_frozen+0x144/0x6b0
[   76.337427][ T5060]  ? recalc_sigpending_tsk+0x187/0x1d0
[   76.342979][ T5060]  ? reacquire_held_locks+0x4c0/0x4c0
[   76.348400][ T5060]  ? do_writev+0x285/0x370
[   76.352802][ T5060]  ? do_writev+0x285/0x370
[   76.357203][ T5060]  ? vfs_writev+0x700/0x700
[   76.361693][ T5060]  ? syscall_trace_enter.constprop.0+0xaf/0x1e0
[   76.367929][ T5060]  ? do_syscall_64+0x40/0x110
[   76.372600][ T5060]  ? entry_SYSCALL_64_after_hwframe+0x63/0x6b
[   76.378666][ T5060]  </TASK>
[   76.381678][ T5060] 
[   76.383982][ T5060] Allocated by task 4521:
[   76.388287][ T5060]  kasan_save_stack+0x33/0x50
[   76.392956][ T5060]  kasan_set_track+0x25/0x30
[   76.397537][ T5060]  __kasan_kmalloc+0xa2/0xb0
[   76.402118][ T5060]  __kmalloc_node+0x5c/0x90
[   76.406610][ T5060]  kvmalloc_node+0x99/0x1a0
[   76.411104][ T5060]  seq_read_iter+0x80b/0x1280
[   76.415791][ T5060]  kernfs_fop_read_iter+0x410/0x580
[   76.420977][ T5060]  vfs_read+0x4d4/0x8f0
[   76.425119][ T5060]  ksys_read+0x12f/0x250
[   76.429359][ T5060]  do_syscall_64+0x40/0x110
[   76.433856][ T5060]  entry_SYSCALL_64_after_hwframe+0x63/0x6b
[   76.439744][ T5060] 
[   76.442074][ T5060] The buggy address belongs to the object at ffff88807bc42000
[   76.442074][ T5060]  which belongs to the cache kmalloc-cg-4k of size 4096
[   76.456379][ T5060] The buggy address is located 3232 bytes inside of
[   76.456379][ T5060]  freed 4096-byte region [ffff88807bc42000, ffff88807bc43000)
[   76.471815][ T5060] 
[   76.474119][ T5060] The buggy address belongs to the physical page:
[   76.480511][ T5060] page:ffffea0001ef1000 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x7bc40
[   76.490832][ T5060] head:ffffea0001ef1000 order:3 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   76.499747][ T5060] flags: 0xfff00000000840(slab|head|node=0|zone=1|lastcpupid=0x7ff)
[   76.507718][ T5060] page_type: 0xffffffff()
[   76.512031][ T5060] raw: 00fff00000000840 ffff88801304f500 ffffea0001dc3000 dead000000000002
[   76.520610][ T5060] raw: 0000000000000000 0000000080040004 00000001ffffffff 0000000000000000
[   76.529190][ T5060] page dumped because: kasan: bad access detected
[   76.535586][ T5060] page_owner tracks the page as allocated
[   76.541289][ T5060] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 4525, tgid 4525 (udevd), ts 40899198633, free_ts 40892363839
[   76.562038][ T5060]  post_alloc_hook+0x2d0/0x350
[   76.566797][ T5060]  get_page_from_freelist+0xa28/0x3730
[   76.572248][ T5060]  __alloc_pages+0x22e/0x2420
[   76.576916][ T5060]  alloc_pages_mpol+0x258/0x5f0
[   76.581759][ T5060]  new_slab+0x283/0x3c0
[   76.585904][ T5060]  ___slab_alloc+0x979/0x1500
[   76.590655][ T5060]  __slab_alloc.constprop.0+0x56/0xa0
[   76.596030][ T5060]  __kmem_cache_alloc_node+0x131/0x310
[   76.601485][ T5060]  __kmalloc_node+0x4c/0x90
[   76.605991][ T5060]  kvmalloc_node+0x99/0x1a0
[   76.610498][ T5060]  seq_read_iter+0x80b/0x1280
[   76.615203][ T5060]  kernfs_fop_read_iter+0x410/0x580
[   76.620414][ T5060]  vfs_read+0x4d4/0x8f0
[   76.624561][ T5060]  ksys_read+0x12f/0x250
[   76.628803][ T5060]  do_syscall_64+0x40/0x110
[   76.633460][ T5060]  entry_SYSCALL_64_after_hwframe+0x63/0x6b
[   76.639350][ T5060] page last free stack trace:
[   76.644009][ T5060]  free_unref_page_prepare+0x53c/0xb80
[   76.649474][ T5060]  free_unref_page+0x33/0x3b0
[   76.654143][ T5060]  qlist_free_all+0x6a/0x170
[   76.658728][ T5060]  kasan_quarantine_reduce+0x18e/0x1d0
[   76.664267][ T5060]  __kasan_slab_alloc+0x65/0x90
[   76.669115][ T5060]  __kmem_cache_alloc_node+0x195/0x310
[   76.674742][ T5060]  __kmalloc_node+0x4c/0x90
[   76.679349][ T5060]  kvmalloc_node+0x99/0x1a0
[   76.683875][ T5060]  seq_read_iter+0x80b/0x1280
[   76.689643][ T5060]  kernfs_fop_read_iter+0x410/0x580
[   76.695111][ T5060]  vfs_read+0x4d4/0x8f0
[   76.699348][ T5060]  ksys_read+0x12f/0x250
[   76.703603][ T5060]  do_syscall_64+0x40/0x110
[   76.708101][ T5060]  entry_SYSCALL_64_after_hwframe+0x63/0x6b
[   76.713997][ T5060] 
[   76.716306][ T5060] Memory state around the buggy address:
[   76.721942][ T5060]  ffff88807bc42b80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   76.729984][ T5060]  ffff88807bc42c00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   76.738067][ T5060] >ffff88807bc42c80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   76.746115][ T5060]                                ^
[   76.751227][ T5060]  ffff88807bc42d00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   76.759280][ T5060]  ffff88807bc42d80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   76.767342][ T5060] ==================================================================
[   76.775849][ T5060] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[   76.783053][ T5060] CPU: 1 PID: 5060 Comm: syz-executor426 Not tainted 6.7.0-rc5-syzkaller-01062-g358105ab92fc #0
[   76.793570][ T5060] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023
[   76.803645][ T5060] Call Trace:
[   76.806924][ T5060]  <TASK>
[   76.809875][ T5060]  dump_stack_lvl+0xd9/0x1b0
[   76.814480][ T5060]  panic+0x6dc/0x790
[   76.818381][ T5060]  ? panic_smp_self_stop+0xa0/0xa0
[   76.823553][ T5060]  ? check_panic_on_warn+0x1f/0xb0
[   76.828678][ T5060]  check_panic_on_warn+0xab/0xb0
[   76.833629][ T5060]  end_report+0x108/0x150
[   76.837986][ T5060]  kasan_report+0xea/0x110
[   76.842431][ T5060]  ? nla_find+0x120/0x130
[   76.846765][ T5060]  ? nla_find+0x120/0x130
[   76.851127][ T5060]  nla_find+0x120/0x130
[   76.855289][ T5060]  bpf_skb_get_nlattr_nest+0x178/0x1f0
[   76.860774][ T5060]  ? sk_filter_trim_cap+0x387/0xa40
[   76.865985][ T5060]  ? __check_object_size+0x323/0x730
[   76.871277][ T5060]  ? bpf_msg_push_data+0x21e0/0x21e0
[   76.876576][ T5060]  ? unix_dgram_sendmsg+0xb32/0x1ca0
[   76.881873][ T5060]  ? unix_stream_recvmsg+0x1b0/0x1b0
[   76.887186][ T5060]  ? aa_file_perm+0x4e8/0x1000
[   76.891977][ T5060]  ? unix_seqpacket_sendmsg+0x11d/0x1b0
[   76.897532][ T5060]  ? unix_dgram_sendmsg+0x1ca0/0x1ca0
[   76.902909][ T5060]  ? __sock_sendmsg+0xd5/0x180
[   76.907692][ T5060]  ? sock_write_iter+0x29b/0x3d0
[   76.912638][ T5060]  ? __sock_sendmsg+0x180/0x180
[   76.917508][ T5060]  ? print_usage_bug.part.0+0x550/0x550
[   76.923096][ T5060]  ? reacquire_held_locks+0x4c0/0x4c0
[   76.928492][ T5060]  ? find_held_lock+0x2d/0x110
[   76.933450][ T5060]  ? do_iter_readv_writev+0x21e/0x3c0
[   76.938840][ T5060]  ? generic_copy_file_range+0x1d0/0x1d0
[   76.944508][ T5060]  ? bpf_lsm_file_permission+0x9/0x10
[   76.949905][ T5060]  ? security_file_permission+0x94/0x100
[   76.955552][ T5060]  ? do_iter_write+0x17f/0x7f0
[   76.960428][ T5060]  ? vfs_writev+0x221/0x700
[   76.964933][ T5060]  ? ptrace_stop.part.0+0x457/0x7a0
[   76.970141][ T5060]  ? vfs_iter_write+0xb0/0xb0
[   76.974820][ T5060]  ? do_raw_spin_lock+0x12e/0x2b0
[   76.979848][ T5060]  ? spin_bug+0x1d0/0x1d0
[   76.984179][ T5060]  ? cgroup_update_frozen+0x144/0x6b0
[   76.989574][ T5060]  ? recalc_sigpending_tsk+0x187/0x1d0
[   76.995301][ T5060]  ? reacquire_held_locks+0x4c0/0x4c0
[   77.000689][ T5060]  ? do_writev+0x285/0x370
[   77.005105][ T5060]  ? do_writev+0x285/0x370
[   77.009529][ T5060]  ? vfs_writev+0x700/0x700
[   77.014033][ T5060]  ? syscall_trace_enter.constprop.0+0xaf/0x1e0
[   77.020286][ T5060]  ? do_syscall_64+0x40/0x110
[   77.024971][ T5060]  ? entry_SYSCALL_64_after_hwframe+0x63/0x6b
[   77.031060][ T5060]  </TASK>
[   77.034464][ T5060] Kernel Offset: disabled
[   77.038778][ T5060] Rebooting in 86400 seconds..