./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor256796753
<...>
Warning: Permanently added '10.128.0.84' (ED25519) to the list of known hosts.
execve("./syz-executor256796753", ["./syz-executor256796753"], 0x7ffdf41f2950 /* 10 vars */) = 0
brk(NULL) = 0x555573a83000
brk(0x555573a83d00) = 0x555573a83d00
arch_prctl(ARCH_SET_FS, 0x555573a83380) = 0
set_tid_address(0x555573a83650) = 5840
set_robust_list(0x555573a83660, 24) = 0
rseq(0x555573a83ca0, 0x20, 0, 0x53053053) = 0
prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0
readlink("/proc/self/exe", "/root/syz-executor256796753", 4096) = 27
getrandom("\x9a\xc5\x35\x9c\x2b\x6e\x31\x53", 8, GRND_NONBLOCK) = 8
brk(NULL) = 0x555573a83d00
brk(0x555573aa4d00) = 0x555573aa4d00
brk(0x555573aa5000) = 0x555573aa5000
mprotect(0x7f6438bba000, 16384, PROT_READ) = 0
mmap(0x1ffffffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffffffff000
mmap(0x200000000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x200000000000
mmap(0x200001000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x200001000000
executing program
write(1, "executing program\n", 18) = 18
socket(AF_NETLINK, SOCK_RAW, NETLINK_GENERIC) = 3
socket(AF_NETLINK, SOCK_RAW, NETLINK_GENERIC) = 4
sendto(4, [{nlmsg_len=32, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x03\x00\x00\x00\x0c\x00\x02\x00\x65\x74\x68\x74\x6f\x6f\x6c\x00"], 32, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 32
recvfrom(4, [{nlmsg_len=1036, nlmsg_type=nlctrl, nlmsg_flags=0, nlmsg_seq=0, nlmsg_pid=5840}, "\x01\x02\x00\x00\x0c\x00\x02\x00\x65\x74\x68\x74\x6f\x6f\x6c\x00\x06\x00\x01\x00\x16\x00\x00\x00\x08\x00\x03\x00\x01\x00\x00\x00\x08\x00\x04\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x00\x00\xb0\x03\x06\x00\x14\x00\x01\x00\x08\x00\x01\x00\x01\x00\x00\x00\x08\x00\x02\x00\x0e\x00\x00\x00\x14\x00\x02\x00\x08\x00\x01\x00\x02\x00\x00\x00\x08\x00\x02\x00\x0e\x00\x00\x00\x14\x00\x03\x00\x08\x00\x01\x00"...], 4096, 0, NULL, NULL) = 1036
recvfrom(4, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=5840}, {error=0, msg={nlmsg_len=32, nlmsg_type=nlctrl, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36
close(4) = 0
socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE) = 4
ioctl(4, SIOCGIFINDEX, {ifr_name="lo", ifr_ifindex=1}) = 0
[ 89.495626][ T5840] ==================================================================
[ 89.503722][ T5840] BUG: KASAN: slab-out-of-bounds in pause_parse_request+0x40/0x160
[ 89.511711][ T5840] Read of size 8 at addr ffff88802417afb0 by task syz-executor256/5840
[ 89.519939][ T5840]
[ 89.522274][ T5840] CPU: 1 UID: 0 PID: 5840 Comm: syz-executor256 Not tainted 6.16.0-rc2-syzkaller-00867-ga9b24b3583ae #0 PREEMPT(full)
[ 89.522290][ T5840] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 89.522304][ T5840] Call Trace:
[ 89.522315][ T5840]
[ 89.522327][ T5840] dump_stack_lvl+0x189/0x250
[ 89.522392][ T5840] ? __virt_addr_valid+0x1c8/0x5c0
[ 89.522427][ T5840] ? rcu_is_watching+0x15/0xb0
[ 89.522458][ T5840] ? __kasan_check_byte+0x12/0x40
[ 89.522497][ T5840] ? __pfx_dump_stack_lvl+0x10/0x10
[ 89.522515][ T5840] ? rcu_is_watching+0x15/0xb0
[ 89.522537][ T5840] ? lock_release+0x4b/0x3e0
[ 89.522567][ T5840] ? __virt_addr_valid+0x1c8/0x5c0
[ 89.522597][ T5840] ? __virt_addr_valid+0x4a5/0x5c0
[ 89.522611][ T5840] print_report+0xd2/0x2b0
[ 89.522637][ T5840] ? pause_parse_request+0x40/0x160
[ 89.522652][ T5840] kasan_report+0x118/0x150
[ 89.522665][ T5840] ? pause_parse_request+0x40/0x160
[ 89.522682][ T5840] ? __pfx_pause_parse_request+0x10/0x10
[ 89.522696][ T5840] pause_parse_request+0x40/0x160
[ 89.522718][ T5840] ? __pfx_pause_parse_request+0x10/0x10
[ 89.522733][ T5840] ethnl_default_set_doit+0x2c1/0xa40
[ 89.522758][ T5840] ? genl_family_rcv_msg_attrs_parse+0x1c9/0x2a0
[ 89.522777][ T5840] genl_family_rcv_msg_doit+0x215/0x300
[ 89.522791][ T5840] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[ 89.522808][ T5840] ? bpf_lsm_capable+0x9/0x20
[ 89.522830][ T5840] ? security_capable+0x7e/0x2e0
[ 89.522884][ T5840] genl_rcv_msg+0x60e/0x790
[ 89.522897][ T5840] ? __pfx_genl_rcv_msg+0x10/0x10
[ 89.522908][ T5840] ? __pfx_ethnl_default_set_doit+0x10/0x10
[ 89.522931][ T5840] netlink_rcv_skb+0x205/0x470
[ 89.522948][ T5840] ? __pfx_genl_rcv_msg+0x10/0x10
[ 89.522960][ T5840] ? __pfx_netlink_rcv_skb+0x10/0x10
[ 89.522981][ T5840] ? down_read+0x1ad/0x2e0
[ 89.523031][ T5840] genl_rcv+0x28/0x40
[ 89.523049][ T5840] netlink_unicast+0x758/0x8d0
[ 89.523067][ T5840] netlink_sendmsg+0x805/0xb30
[ 89.523091][ T5840] ? __pfx_netlink_sendmsg+0x10/0x10
[ 89.523108][ T5840] ? aa_sock_msg_perm+0x94/0x160
[ 89.523136][ T5840] ? bpf_lsm_socket_sendmsg+0x9/0x20
[ 89.523155][ T5840] ? __pfx_netlink_sendmsg+0x10/0x10
[ 89.523172][ T5840] __sock_sendmsg+0x21c/0x270
[ 89.523200][ T5840] ____sys_sendmsg+0x505/0x830
[ 89.523224][ T5840] ? __pfx_____sys_sendmsg+0x10/0x10
[ 89.523246][ T5840] ? import_iovec+0x74/0xa0
[ 89.523277][ T5840] ___sys_sendmsg+0x21f/0x2a0
[ 89.523297][ T5840] ? __pfx____sys_sendmsg+0x10/0x10
[ 89.523319][ T5840] ? do_raw_spin_lock+0x121/0x290
[ 89.523351][ T5840] __x64_sys_sendmsg+0x19b/0x260
[ 89.523370][ T5840] ? _raw_spin_unlock_irq+0x2e/0x50
[ 89.523384][ T5840] ? __pfx___x64_sys_sendmsg+0x10/0x10
[ 89.523407][ T5840] ? rcu_is_watching+0x15/0xb0
[ 89.523430][ T5840] do_syscall_64+0xfa/0x3b0
[ 89.523472][ T5840] ? lockdep_hardirqs_on+0x9c/0x150
[ 89.523487][ T5840] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 89.523514][ T5840] ? clear_bhb_loop+0x60/0xb0
[ 89.523532][ T5840] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 89.523547][ T5840] RIP: 0033:0x7f6438b47359
[ 89.523562][ T5840] Code: 48 83 c4 28 c3 e8 e7 18 00 00 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 89.523579][ T5840] RSP: 002b:00007ffc94f8a848 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 89.523597][ T5840] RAX: ffffffffffffffda RBX: 00007ffc94f8aa18 RCX: 00007f6438b47359
[ 89.523613][ T5840] RDX: 000000000000c080 RSI: 00002000000002c0 RDI: 0000000000000003
[ 89.523622][ T5840] RBP: 00007f6438bba610 R08: 0000000000000003 R09: 00007ffc94f8aa18
[ 89.523642][ T5840] R10: 0000000000000005 R11: 0000000000000246 R12: 0000000000000001
[ 89.523649][ T5840] R13: 00007ffc94f8aa08 R14: 0000000000000001 R15: 0000000000000001
[ 89.523662][ T5840]
[ 89.523666][ T5840]
[ 89.891513][ T5840] Allocated by task 5840:
[ 89.895847][ T5840] kasan_save_track+0x3e/0x80
[ 89.900534][ T5840] __kasan_kmalloc+0x93/0xb0
[ 89.905117][ T5840] __kmalloc_noprof+0x27a/0x4f0
[ 89.909973][ T5840] genl_family_rcv_msg_attrs_parse+0xa3/0x2a0
[ 89.916043][ T5840] genl_family_rcv_msg_doit+0xb8/0x300
[ 89.921494][ T5840] genl_rcv_msg+0x60e/0x790
[ 89.925991][ T5840] netlink_rcv_skb+0x205/0x470
[ 89.930751][ T5840] genl_rcv+0x28/0x40
[ 89.934749][ T5840] netlink_unicast+0x758/0x8d0
[ 89.939504][ T5840] netlink_sendmsg+0x805/0xb30
[ 89.944262][ T5840] __sock_sendmsg+0x21c/0x270
[ 89.948956][ T5840] ____sys_sendmsg+0x505/0x830
[ 89.953738][ T5840] ___sys_sendmsg+0x21f/0x2a0
[ 89.958414][ T5840] __x64_sys_sendmsg+0x19b/0x260
[ 89.963351][ T5840] do_syscall_64+0xfa/0x3b0
[ 89.967854][ T5840] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 89.973739][ T5840]
[ 89.976054][ T5840] The buggy address belongs to the object at ffff88802417af80
[ 89.976054][ T5840] which belongs to the cache kmalloc-64 of size 64
[ 89.989931][ T5840] The buggy address is located 8 bytes to the right of
[ 89.989931][ T5840] allocated 40-byte region [ffff88802417af80, ffff88802417afa8)
[ 90.004337][ T5840]
[ 90.006660][ T5840] The buggy address belongs to the physical page:
[ 90.013086][ T5840] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x2417a
[ 90.021844][ T5840] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[ 90.028952][ T5840] page_type: f5(slab)
[ 90.032932][ T5840] raw: 00fff00000000000 ffff88801a4418c0 ffffea0000a79940 dead000000000002
[ 90.041506][ T5840] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000
[ 90.050081][ T5840] page dumped because: kasan: bad access detected
[ 90.056508][ T5840] page_owner tracks the page as allocated
[ 90.062220][ T5840] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x52cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 65, tgid 65 (kworker/u8:4), ts 9986515556, free_ts 0
[ 90.080222][ T5840] post_alloc_hook+0x240/0x2a0
[ 90.085016][ T5840] get_page_from_freelist+0x21e4/0x22c0
[ 90.090560][ T5840] __alloc_frozen_pages_noprof+0x181/0x370
[ 90.096366][ T5840] alloc_pages_mpol+0x232/0x4a0
[ 90.101213][ T5840] allocate_slab+0x8a/0x3b0
[ 90.105716][ T5840] ___slab_alloc+0xbfc/0x1480
[ 90.110388][ T5840] __kmalloc_noprof+0x305/0x4f0
[ 90.115249][ T5840] security_task_alloc+0x4d/0x360
[ 90.120278][ T5840] copy_process+0x1530/0x3c00
[ 90.124963][ T5840] kernel_clone+0x21e/0x870
[ 90.129471][ T5840] user_mode_thread+0xdd/0x140
[ 90.134235][ T5840] call_usermodehelper_exec_work+0x5c/0x230
[ 90.140151][ T5840] process_scheduled_works+0xae1/0x17b0
[ 90.145706][ T5840] worker_thread+0x8a0/0xda0
[ 90.150288][ T5840] kthread+0x70e/0x8a0
[ 90.154367][ T5840] ret_from_fork+0x3f9/0x770
[ 90.159752][ T5840] page_owner free stack trace missing
[ 90.165118][ T5840]
[ 90.167454][ T5840] Memory state around the buggy address:
[ 90.173075][ T5840] ffff88802417ae80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[ 90.181127][ T5840] ffff88802417af00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc
[ 90.189184][ T5840] >ffff88802417af80: 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc fc
[ 90.197237][ T5840] ^
[ 90.202864][ T5840] ffff88802417b000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 90.210918][ T5840] ffff88802417b080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 90.218972][ T5840] ==================================================================
[ 90.227468][ T5840] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 90.234690][ T5840] CPU: 0 UID: 0 PID: 5840 Comm: syz-executor256 Not tainted 6.16.0-rc2-syzkaller-00867-ga9b24b3583ae #0 PREEMPT(full)
[ 90.247092][ T5840] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 90.257139][ T5840] Call Trace:
[ 90.260415][ T5840]
[ 90.263347][ T5840] dump_stack_lvl+0x99/0x250
[ 90.267944][ T5840] ? __asan_memcpy+0x40/0x70
[ 90.272547][ T5840] ? __pfx_dump_stack_lvl+0x10/0x10
[ 90.277764][ T5840] ? __pfx__printk+0x10/0x10
[ 90.282352][ T5840] panic+0x2db/0x790
[ 90.286253][ T5840] ? __pfx_panic+0x10/0x10
[ 90.290674][ T5840] ? _raw_spin_unlock_irqrestore+0xfd/0x110
[ 90.296568][ T5840] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[ 90.302885][ T5840] ? print_memory_metadata+0x314/0x400
[ 90.308349][ T5840] ? pause_parse_request+0x40/0x160
[ 90.314237][ T5840] check_panic_on_warn+0x89/0xb0
[ 90.319179][ T5840] ? pause_parse_request+0x40/0x160
[ 90.324369][ T5840] end_report+0x78/0x160
[ 90.328606][ T5840] kasan_report+0x129/0x150
[ 90.333103][ T5840] ? pause_parse_request+0x40/0x160
[ 90.338295][ T5840] ? __pfx_pause_parse_request+0x10/0x10
[ 90.343925][ T5840] pause_parse_request+0x40/0x160
[ 90.348943][ T5840] ? __pfx_pause_parse_request+0x10/0x10
[ 90.354574][ T5840] ethnl_default_set_doit+0x2c1/0xa40
[ 90.359954][ T5840] ? genl_family_rcv_msg_attrs_parse+0x1c9/0x2a0
[ 90.366287][ T5840] genl_family_rcv_msg_doit+0x215/0x300
[ 90.371842][ T5840] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[ 90.377918][ T5840] ? bpf_lsm_capable+0x9/0x20
[ 90.382591][ T5840] ? security_capable+0x7e/0x2e0
[ 90.387530][ T5840] genl_rcv_msg+0x60e/0x790
[ 90.392057][ T5840] ? __pfx_genl_rcv_msg+0x10/0x10
[ 90.397068][ T5840] ? __pfx_ethnl_default_set_doit+0x10/0x10
[ 90.402966][ T5840] netlink_rcv_skb+0x205/0x470
[ 90.407724][ T5840] ? __pfx_genl_rcv_msg+0x10/0x10
[ 90.412739][ T5840] ? __pfx_netlink_rcv_skb+0x10/0x10
[ 90.418022][ T5840] ? down_read+0x1ad/0x2e0
[ 90.422435][ T5840] genl_rcv+0x28/0x40
[ 90.426416][ T5840] netlink_unicast+0x758/0x8d0
[ 90.431179][ T5840] netlink_sendmsg+0x805/0xb30
[ 90.435951][ T5840] ? __pfx_netlink_sendmsg+0x10/0x10
[ 90.441245][ T5840] ? aa_sock_msg_perm+0x94/0x160
[ 90.446185][ T5840] ? bpf_lsm_socket_sendmsg+0x9/0x20
[ 90.451468][ T5840] ? __pfx_netlink_sendmsg+0x10/0x10
[ 90.456753][ T5840] __sock_sendmsg+0x21c/0x270
[ 90.461428][ T5840] ____sys_sendmsg+0x505/0x830
[ 90.466191][ T5840] ? __pfx_____sys_sendmsg+0x10/0x10
[ 90.471481][ T5840] ? import_iovec+0x74/0xa0
[ 90.475983][ T5840] ___sys_sendmsg+0x21f/0x2a0
[ 90.480667][ T5840] ? __pfx____sys_sendmsg+0x10/0x10
[ 90.485961][ T5840] ? do_raw_spin_lock+0x121/0x290
[ 90.491004][ T5840] __x64_sys_sendmsg+0x19b/0x260
[ 90.495948][ T5840] ? _raw_spin_unlock_irq+0x2e/0x50
[ 90.501139][ T5840] ? __pfx___x64_sys_sendmsg+0x10/0x10
[ 90.506600][ T5840] ? rcu_is_watching+0x15/0xb0
[ 90.511372][ T5840] do_syscall_64+0xfa/0x3b0
[ 90.515874][ T5840] ? lockdep_hardirqs_on+0x9c/0x150
[ 90.521065][ T5840] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 90.527561][ T5840] ? clear_bhb_loop+0x60/0xb0
[ 90.532238][ T5840] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 90.538118][ T5840] RIP: 0033:0x7f6438b47359
[ 90.542525][ T5840] Code: 48 83 c4 28 c3 e8 e7 18 00 00 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 90.562125][ T5840] RSP: 002b:00007ffc94f8a848 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 90.570546][ T5840] RAX: ffffffffffffffda RBX: 00007ffc94f8aa18 RCX: 00007f6438b47359
[ 90.578514][ T5840] RDX: 000000000000c080 RSI: 00002000000002c0 RDI: 0000000000000003
[ 90.586493][ T5840] RBP: 00007f6438bba610 R08: 0000000000000003 R09: 00007ffc94f8aa18
[ 90.594457][ T5840] R10: 0000000000000005 R11: 0000000000000246 R12: 0000000000000001
[ 90.602419][ T5840] R13: 00007ffc94f8aa08 R14: 0000000000000001 R15: 0000000000000001
[ 90.610389][ T5840]
[ 90.613789][ T5840] Kernel Offset: disabled
[ 90.618112][ T5840] Rebooting in 86400 seconds..