./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor935368410 <...> Warning: Permanently added '10.128.0.243' (ED25519) to the list of known hosts. execve("./syz-executor935368410", ["./syz-executor935368410"], 0x7ffcea965e00 /* 10 vars */) = 0 brk(NULL) = 0x555593e0e000 brk(0x555593e0ed00) = 0x555593e0ed00 arch_prctl(ARCH_SET_FS, 0x555593e0e380) = 0 set_tid_address(0x555593e0e650) = 5840 set_robust_list(0x555593e0e660, 24) = 0 rseq(0x555593e0eca0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor935368410", 4096) = 27 getrandom("\xd3\x8c\x9a\x71\x51\xad\x07\x3e", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x555593e0ed00 brk(0x555593e2fd00) = 0x555593e2fd00 brk(0x555593e30000) = 0x555593e30000 mprotect(0x7fd7c6a1b000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5841 attached [pid 5841] set_robust_list(0x555593e0e660, 24 [pid 5840] <... clone resumed>, child_tidptr=0x555593e0e650) = 5841 [pid 5841] <... set_robust_list resumed>) = 0 [pid 5841] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5841] setpgid(0, 0) = 0 [pid 5841] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5841] write(3, "1000", 4) = 4 [pid 5841] close(3) = 0 [pid 5841] write(1, "executing program\n", 18executing program ) = 18 [pid 5841] socket(AF_NETLINK, SOCK_RAW, NETLINK_NETFILTER) = 3 [pid 5841] sendmsg(3, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="\x14\x00\x00\x00\x10\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0a\x28\x00\x00\x00\x00\x0a\x01\x01\x00\x00\x00\x00\x5e\x1a\xff\xd5\x02\x00\x00\x00\x09\x00\x01\x00\x73\x79\x7a\x30\x00\x00\x00\x00\x08\x00\x02\x40\x00\x00\x00\x03\x2c\x00\x00\x00\x03\x0a\x01\x03\x00\x00\xe6\xff\x00\x00\x00\x00\x02\x00\x00\x00\x09\x00\x01\x00\x73\x79\x7a\x30\x00\x00\x00\x00\x09\x00\x03\x00\x73\x79\x7a\x32"..., iov_len=124}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 124 [ 59.327461][ T5841] ================================================================== [ 59.335566][ T5841] BUG: KASAN: slab-out-of-bounds in strlen+0x58/0x70 [ 59.342267][ T5841] Read of size 1 at addr ffff88802f9860c8 by task syz-executor935/5841 [ 59.350498][ T5841] [ 59.352829][ T5841] CPU: 0 UID: 0 PID: 5841 Comm: syz-executor935 Not tainted 6.12.0-rc7-syzkaller-01681-g38f83a57aa8e #0 [ 59.363928][ T5841] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024 [ 59.374001][ T5841] Call Trace: [ 59.377267][ T5841] [ 59.380220][ T5841] dump_stack_lvl+0x241/0x360 [ 59.384895][ T5841] ? __pfx_dump_stack_lvl+0x10/0x10 [ 59.390087][ T5841] ? __pfx__printk+0x10/0x10 [ 59.394662][ T5841] ? _printk+0xd5/0x120 [ 59.398798][ T5841] ? __virt_addr_valid+0x183/0x530 [ 59.403894][ T5841] ? __virt_addr_valid+0x183/0x530 [ 59.408995][ T5841] print_report+0x169/0x550 [ 59.413508][ T5841] ? __virt_addr_valid+0x183/0x530 [ 59.418605][ T5841] ? __virt_addr_valid+0x183/0x530 [ 59.423703][ T5841] ? __virt_addr_valid+0x45f/0x530 [ 59.428804][ T5841] ? __phys_addr+0xba/0x170 [ 59.433404][ T5841] ? strlen+0x58/0x70 [ 59.437388][ T5841] kasan_report+0x143/0x180 [ 59.441893][ T5841] ? strlen+0x58/0x70 [ 59.445886][ T5841] strlen+0x58/0x70 [ 59.449687][ T5841] kstrdup+0x20/0x80 [ 59.453579][ T5841] led_tg_check+0x18b/0x3c0 [ 59.458073][ T5841] xt_check_target+0x3b9/0xa40 [ 59.462859][ T5841] ? __pfx_xt_check_target+0x10/0x10 [ 59.468134][ T5841] ? stack_depot_save_flags+0x6e4/0x830 [ 59.473697][ T5841] ? nft_target_init+0x174/0xc30 [ 59.478620][ T5841] nft_target_init+0x82d/0xc30 [ 59.483375][ T5841] ? __pfx_nft_target_init+0x10/0x10 [ 59.488653][ T5841] ? nf_tables_newrule+0x1609/0x2980 [ 59.493954][ T5841] ? nf_tables_newrule+0x1609/0x2980 [ 59.499259][ T5841] ? rcu_is_watching+0x15/0xb0 [ 59.504017][ T5841] ? nf_tables_newrule+0x1609/0x2980 [ 59.509297][ T5841] ? nf_tables_newrule+0x1609/0x2980 [ 59.514573][ T5841] ? __kmalloc_noprof+0x21a/0x400 [ 59.519669][ T5841] nf_tables_newrule+0x185e/0x2980 [ 59.524794][ T5841] ? __pfx_nf_tables_newrule+0x10/0x10 [ 59.530251][ T5841] ? __nla_parse+0x40/0x60 [ 59.534658][ T5841] nfnetlink_rcv+0x14e3/0x2ab0 [ 59.539415][ T5841] ? __pfx_validate_chain+0x10/0x10 [ 59.544610][ T5841] ? __pfx_nfnetlink_rcv+0x10/0x10 [ 59.549731][ T5841] ? __lock_acquire+0x1384/0x2050 [ 59.554775][ T5841] ? netlink_deliver_tap+0x2e/0x1b0 [ 59.559960][ T5841] ? __pfx_lock_release+0x10/0x10 [ 59.564978][ T5841] ? netlink_deliver_tap+0x2e/0x1b0 [ 59.570163][ T5841] netlink_unicast+0x7f6/0x990 [ 59.574921][ T5841] ? __pfx_netlink_unicast+0x10/0x10 [ 59.580217][ T5841] ? __virt_addr_valid+0x183/0x530 [ 59.585369][ T5841] ? __check_object_size+0x48e/0x900 [ 59.590657][ T5841] netlink_sendmsg+0x8e4/0xcb0 [ 59.595426][ T5841] ? __pfx_netlink_sendmsg+0x10/0x10 [ 59.600741][ T5841] ? aa_sock_msg_perm+0x91/0x160 [ 59.605686][ T5841] ? __pfx_netlink_sendmsg+0x10/0x10 [ 59.610961][ T5841] __sock_sendmsg+0x221/0x270 [ 59.615648][ T5841] ____sys_sendmsg+0x52a/0x7e0 [ 59.620482][ T5841] ? __pfx_____sys_sendmsg+0x10/0x10 [ 59.625775][ T5841] ? do_raw_spin_lock+0x14f/0x370 [ 59.630803][ T5841] __sys_sendmsg+0x292/0x380 [ 59.635388][ T5841] ? __pfx___sys_sendmsg+0x10/0x10 [ 59.640500][ T5841] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 59.646823][ T5841] ? _raw_spin_unlock_irq+0x2e/0x50 [ 59.652009][ T5841] ? ptrace_notify+0x279/0x380 [ 59.656762][ T5841] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 59.663077][ T5841] ? exc_page_fault+0x590/0x8c0 [ 59.667915][ T5841] do_syscall_64+0xf3/0x230 [ 59.672437][ T5841] ? clear_bhb_loop+0x35/0x90 [ 59.677102][ T5841] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 59.682981][ T5841] RIP: 0033:0x7fd7c69a7d79 [ 59.687398][ T5841] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 c1 17 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 59.707192][ T5841] RSP: 002b:00007ffda3603c28 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 59.715603][ T5841] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fd7c69a7d79 [ 59.723595][ T5841] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000003 [ 59.731557][ T5841] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000006 [ 59.739955][ T5841] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 59.747912][ T5841] R13: 0000000000000000 R14: 0000000000000001 R15: 0000000000000001 [ 59.755874][ T5841] [ 59.758886][ T5841] [ 59.761190][ T5841] Allocated by task 5841: [ 59.765511][ T5841] kasan_save_track+0x3f/0x80 [ 59.770202][ T5841] __kasan_kmalloc+0x98/0xb0 [ 59.774780][ T5841] __kmalloc_noprof+0x1fc/0x400 [ 59.779637][ T5841] nf_tables_newrule+0x1609/0x2980 [ 59.784736][ T5841] nfnetlink_rcv+0x14e3/0x2ab0 [ 59.789488][ T5841] netlink_unicast+0x7f6/0x990 [ 59.794240][ T5841] netlink_sendmsg+0x8e4/0xcb0 [ 59.798988][ T5841] __sock_sendmsg+0x221/0x270 [ 59.803645][ T5841] ____sys_sendmsg+0x52a/0x7e0 [ 59.808420][ T5841] __sys_sendmsg+0x292/0x380 [ 59.813084][ T5841] do_syscall_64+0xf3/0x230 [ 59.817573][ T5841] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 59.823451][ T5841] [ 59.825759][ T5841] The buggy address belongs to the object at ffff88802f986080 [ 59.825759][ T5841] which belongs to the cache kmalloc-cg-96 of size 96 [ 59.839887][ T5841] The buggy address is located 0 bytes to the right of [ 59.839887][ T5841] allocated 72-byte region [ffff88802f986080, ffff88802f9860c8) [ 59.854299][ T5841] [ 59.856613][ T5841] The buggy address belongs to the physical page: [ 59.863009][ T5841] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x2f986 [ 59.871763][ T5841] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 59.878945][ T5841] page_type: f5(slab) [ 59.882930][ T5841] raw: 00fff00000000000 ffff88801ac4d640 dead000000000122 0000000000000000 [ 59.891499][ T5841] raw: 0000000000000000 0000000080200020 00000001f5000000 0000000000000000 [ 59.900072][ T5841] page dumped because: kasan: bad access detected [ 59.906485][ T5841] page_owner tracks the page as allocated [ 59.912179][ T5841] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x52cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 1, tgid 1 (swapper/0), ts 11421086320, free_ts 11296262132 [ 59.930706][ T5841] post_alloc_hook+0x1f3/0x230 [ 59.935467][ T5841] get_page_from_freelist+0x3649/0x3790 [ 59.940994][ T5841] __alloc_pages_noprof+0x292/0x710 [ 59.946173][ T5841] alloc_pages_mpol_noprof+0x3e8/0x680 [ 59.951624][ T5841] alloc_slab_page+0x6a/0x140 [ 59.956285][ T5841] allocate_slab+0x5a/0x2f0 [ 59.960773][ T5841] ___slab_alloc+0xcd1/0x14b0 [ 59.965446][ T5841] __slab_alloc+0x58/0xa0 [ 59.969762][ T5841] __kmalloc_noprof+0x25a/0x400 [ 59.974595][ T5841] __register_sysctl_table+0x65/0x1550 [ 59.980034][ T5841] llc_sysctl_init+0xc0/0x130 [ 59.984694][ T5841] llc2_init+0x5b/0x110 [ 59.988831][ T5841] do_one_initcall+0x248/0x880 [ 59.993585][ T5841] do_initcall_level+0x157/0x210 [ 59.998606][ T5841] do_initcalls+0x3f/0x80 [ 60.003176][ T5841] kernel_init_freeable+0x435/0x5d0 [ 60.008359][ T5841] page last free pid 8 tgid 8 stack trace: [ 60.014146][ T5841] free_unref_page+0xdf9/0x1140 [ 60.019009][ T5841] vfree+0x186/0x2e0 [ 60.022887][ T5841] delayed_vfree_work+0x56/0x80 [ 60.027720][ T5841] process_scheduled_works+0xa63/0x1850 [ 60.033248][ T5841] worker_thread+0x870/0xd30 [ 60.037821][ T5841] kthread+0x2f0/0x390 [ 60.041881][ T5841] ret_from_fork+0x4b/0x80 [ 60.046287][ T5841] ret_from_fork_asm+0x1a/0x30 [ 60.051063][ T5841] [ 60.053372][ T5841] Memory state around the buggy address: [ 60.058981][ T5841] ffff88802f985f80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 60.067024][ T5841] ffff88802f986000: 00 00 00 00 00 00 00 00 00 00 00 fc fc fc fc fc [ 60.075082][ T5841] >ffff88802f986080: 00 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc [ 60.083121][ T5841] ^ [ 60.089517][ T5841] ffff88802f986100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 60.097566][ T5841] ffff88802f986180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 60.105603][ T5841] ================================================================== [ 60.118972][ T5841] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 60.126192][ T5841] CPU: 0 UID: 0 PID: 5841 Comm: syz-executor935 Not tainted 6.12.0-rc7-syzkaller-01681-g38f83a57aa8e #0 [ 60.137296][ T5841] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024 [ 60.147339][ T5841] Call Trace: [ 60.150609][ T5841] [ 60.153527][ T5841] dump_stack_lvl+0x241/0x360 [ 60.158201][ T5841] ? __pfx_dump_stack_lvl+0x10/0x10 [ 60.163388][ T5841] ? __pfx__printk+0x10/0x10 [ 60.167986][ T5841] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 60.173970][ T5841] ? vscnprintf+0x5d/0x90 [ 60.178305][ T5841] panic+0x349/0x880 [ 60.182188][ T5841] ? check_panic_on_warn+0x21/0xb0 [ 60.187293][ T5841] ? __pfx_panic+0x10/0x10 [ 60.191704][ T5841] ? _raw_spin_unlock_irqrestore+0x130/0x140 [ 60.197759][ T5841] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 60.204075][ T5841] check_panic_on_warn+0x86/0xb0 [ 60.209003][ T5841] ? strlen+0x58/0x70 [ 60.212976][ T5841] end_report+0x77/0x160 [ 60.217211][ T5841] kasan_report+0x154/0x180 [ 60.221706][ T5841] ? strlen+0x58/0x70 [ 60.225684][ T5841] strlen+0x58/0x70 [ 60.229483][ T5841] kstrdup+0x20/0x80 [ 60.233378][ T5841] led_tg_check+0x18b/0x3c0 [ 60.237879][ T5841] xt_check_target+0x3b9/0xa40 [ 60.242636][ T5841] ? __pfx_xt_check_target+0x10/0x10 [ 60.247928][ T5841] ? stack_depot_save_flags+0x6e4/0x830 [ 60.253468][ T5841] ? nft_target_init+0x174/0xc30 [ 60.258394][ T5841] nft_target_init+0x82d/0xc30 [ 60.263147][ T5841] ? __pfx_nft_target_init+0x10/0x10 [ 60.268429][ T5841] ? nf_tables_newrule+0x1609/0x2980 [ 60.273707][ T5841] ? nf_tables_newrule+0x1609/0x2980 [ 60.278983][ T5841] ? rcu_is_watching+0x15/0xb0 [ 60.283737][ T5841] ? nf_tables_newrule+0x1609/0x2980 [ 60.289012][ T5841] ? nf_tables_newrule+0x1609/0x2980 [ 60.294292][ T5841] ? __kmalloc_noprof+0x21a/0x400 [ 60.299747][ T5841] nf_tables_newrule+0x185e/0x2980 [ 60.304854][ T5841] ? __pfx_nf_tables_newrule+0x10/0x10 [ 60.310334][ T5841] ? __nla_parse+0x40/0x60 [ 60.314757][ T5841] nfnetlink_rcv+0x14e3/0x2ab0 [ 60.319519][ T5841] ? __pfx_validate_chain+0x10/0x10 [ 60.324714][ T5841] ? __pfx_nfnetlink_rcv+0x10/0x10 [ 60.329834][ T5841] ? __lock_acquire+0x1384/0x2050 [ 60.334862][ T5841] ? netlink_deliver_tap+0x2e/0x1b0 [ 60.340050][ T5841] ? __pfx_lock_release+0x10/0x10 [ 60.345068][ T5841] ? netlink_deliver_tap+0x2e/0x1b0 [ 60.350263][ T5841] netlink_unicast+0x7f6/0x990 [ 60.355020][ T5841] ? __pfx_netlink_unicast+0x10/0x10 [ 60.360293][ T5841] ? __virt_addr_valid+0x183/0x530 [ 60.365393][ T5841] ? __check_object_size+0x48e/0x900 [ 60.370670][ T5841] netlink_sendmsg+0x8e4/0xcb0 [ 60.375434][ T5841] ? __pfx_netlink_sendmsg+0x10/0x10 [ 60.380714][ T5841] ? aa_sock_msg_perm+0x91/0x160 [ 60.385646][ T5841] ? __pfx_netlink_sendmsg+0x10/0x10 [ 60.390927][ T5841] __sock_sendmsg+0x221/0x270 [ 60.395602][ T5841] ____sys_sendmsg+0x52a/0x7e0 [ 60.400459][ T5841] ? __pfx_____sys_sendmsg+0x10/0x10 [ 60.405740][ T5841] ? do_raw_spin_lock+0x14f/0x370 [ 60.410756][ T5841] __sys_sendmsg+0x292/0x380 [ 60.415339][ T5841] ? __pfx___sys_sendmsg+0x10/0x10 [ 60.420448][ T5841] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 60.426776][ T5841] ? _raw_spin_unlock_irq+0x2e/0x50 [ 60.431985][ T5841] ? ptrace_notify+0x279/0x380 [ 60.436761][ T5841] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 60.443095][ T5841] ? exc_page_fault+0x590/0x8c0 [ 60.447964][ T5841] do_syscall_64+0xf3/0x230 [ 60.452513][ T5841] ? clear_bhb_loop+0x35/0x90 [ 60.457197][ T5841] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 60.463110][ T5841] RIP: 0033:0x7fd7c69a7d79 [ 60.467546][ T5841] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 c1 17 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 60.487165][ T5841] RSP: 002b:00007ffda3603c28 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 60.495628][ T5841] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fd7c69a7d79 [ 60.503611][ T5841] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000003 [ 60.511589][ T5841] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000006 [ 60.519558][ T5841] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 60.527518][ T5841] R13: 0000000000000000 R14: 0000000000000001 R15: 0000000000000001 [ 60.535499][ T5841] [ 60.538894][ T5841] Kernel Offset: disabled [ 60.543248][ T5841] Rebooting in 86400 seconds..