./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor1834731957

<...>
Warning: Permanently added '10.128.0.126' (ED25519) to the list of known hosts.
execve("./syz-executor1834731957", ["./syz-executor1834731957"], 0x7ffeea3d2750 /* 10 vars */) = 0
brk(NULL)                               = 0x555559843000
brk(0x555559843d00)                     = 0x555559843d00
arch_prctl(ARCH_SET_FS, 0x555559843380) = 0
set_tid_address(0x555559843650)         = 5851
set_robust_list(0x555559843660, 24)     = 0
rseq(0x555559843ca0, 0x20, 0, 0x53053053) = 0
prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0
readlink("/proc/self/exe", "/root/syz-executor1834731957", 4096) = 28
getrandom("\x4d\x21\x19\x62\x3c\x4e\x87\x4f", 8, GRND_NONBLOCK) = 8
brk(NULL)                               = 0x555559843d00
brk(0x555559864d00)                     = 0x555559864d00
brk(0x555559865000)                     = 0x555559865000
mprotect(0x7fa7bbf8f000, 16384, PROT_READ) = 0
mmap(0x1ffffffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffffffff000
mmap(0x200000000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x200000000000
mmap(0x200001000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x200001000000
executing program
write(1, "executing program\n", 18)     = 18
socket(AF_NETLINK, SOCK_RAW, NETLINK_NETFILTER) = 3
sendmsg(3, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="\x14\x00\x00\x00\x10\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0a\x28\x00\x00\x00\x00\x0a\x01\x01\x00\x00\x00\x00\x5e\x1a\xff\xd5\x02\x00\x00\x00\x09\x00\x01\x00\x73\x79\x7a\x30\x00\x00\x00\x00\x08\x00\x02\x40\x00\x00\x00\x03\x2c\x00\x00\x00\x03\x0a\x01\x03\x00\x00\xe6\xff\x00\x00\x00\x00\x02\x00\x00\x00\x09\x00\x01\x00\x73\x79\x7a\x30\x00\x00\x00\x00\x09\x00\x03\x00\x73\x79\x7a\x32"..., iov_len=124}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, MSG_PROBE) = 124
[   87.421636][ T5851] ==================================================================
[   87.429744][ T5851] BUG: KASAN: slab-out-of-bounds in string+0x231/0x2b0
[   87.436634][ T5851] Read of size 1 at addr ffff88801eac95c8 by task syz-executor183/5851
[   87.444891][ T5851] 
[   87.447243][ T5851] CPU: 0 UID: 0 PID: 5851 Comm: syz-executor183 Not tainted 6.16.0-rc5-syzkaller-00276-g5d5d62298b8b #0 PREEMPT(full) 
[   87.447263][ T5851] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[   87.447279][ T5851] Call Trace:
[   87.447286][ T5851]  <TASK>
[   87.447293][ T5851]  dump_stack_lvl+0x189/0x250
[   87.447314][ T5851]  ? __kasan_check_byte+0x12/0x40
[   87.447338][ T5851]  ? __pfx_dump_stack_lvl+0x10/0x10
[   87.447356][ T5851]  ? lock_release+0x4b/0x3e0
[   87.447374][ T5851]  ? __virt_addr_valid+0x4a5/0x5c0
[   87.447395][ T5851]  print_report+0xca/0x230
[   87.447411][ T5851]  ? string+0x231/0x2b0
[   87.447429][ T5851]  kasan_report+0x118/0x150
[   87.447447][ T5851]  ? __kasan_check_byte+0x12/0x40
[   87.447465][ T5851]  ? string+0x231/0x2b0
[   87.447486][ T5851]  string+0x231/0x2b0
[   87.447506][ T5851]  vsnprintf+0x739/0xf00
[   87.447529][ T5851]  vprintk_store+0x3c7/0xd00
[   87.447552][ T5851]  ? __pfx_vprintk_store+0x10/0x10
[   87.447570][ T5851]  ? stack_trace_save+0x9c/0xe0
[   87.447591][ T5851]  ? __pfx_stack_trace_save+0x10/0x10
[   87.447611][ T5851]  ? __is_module_percpu_address+0x28/0x3f0
[   87.447631][ T5851]  ? __lock_acquire+0xab9/0xd20
[   87.447654][ T5851]  ? is_printk_cpu_sync_owner+0x32/0x40
[   87.447679][ T5851]  vprintk_emit+0x21e/0x7a0
[   87.447698][ T5851]  ? __pfx_vprintk_emit+0x10/0x10
[   87.447725][ T5851]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[   87.447748][ T5851]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[   87.447776][ T5851]  _printk+0xcf/0x120
[   87.447796][ T5851]  ? __pfx____ratelimit+0x10/0x10
[   87.447820][ T5851]  ? __pfx__printk+0x10/0x10
[   87.447841][ T5851]  ? __flush_work+0xd2/0xbc0
[   87.447859][ T5851]  ? __flush_work+0xa5b/0xbc0
[   87.447879][ T5851]  nfacct_mt_checkentry+0xd2/0xe0
[   87.447900][ T5851]  xt_check_match+0x3d1/0xab0
[   87.447921][ T5851]  ? __pfx___flush_work+0x10/0x10
[   87.447941][ T5851]  ? __pfx_xt_check_match+0x10/0x10
[   87.447963][ T5851]  ? __pfx___might_resched+0x10/0x10
[   87.447983][ T5851]  ? nft_pernet+0x23/0x240
[   87.448004][ T5851]  ? nft_pernet+0x23/0x240
[   87.448024][ T5851]  ? nft_pernet+0x23/0x240
[   87.448048][ T5851]  __nft_match_init+0x63a/0x840
[   87.448067][ T5851]  ? __pfx___nft_match_init+0x10/0x10
[   87.448098][ T5851]  ? rcu_is_watching+0x15/0xb0
[   87.448119][ T5851]  ? trace_kmalloc+0x1f/0xd0
[   87.448136][ T5851]  ? nf_tables_newrule+0x1506/0x2890
[   87.448162][ T5851]  nf_tables_newrule+0x178c/0x2890
[   87.448189][ T5851]  ? __pfx_nf_tables_newrule+0x10/0x10
[   87.448210][ T5851]  ? nfnl_pernet+0x23/0x240
[   87.448236][ T5851]  ? __nla_parse+0x40/0x60
[   87.448253][ T5851]  nfnetlink_rcv+0x1132/0x2520
[   87.448288][ T5851]  ? __pfx_nfnetlink_rcv+0x10/0x10
[   87.448315][ T5851]  ? __lock_acquire+0xab9/0xd20
[   87.448347][ T5851]  ? netlink_deliver_tap+0x2e/0x1b0
[   87.448366][ T5851]  ? netlink_deliver_tap+0x2e/0x1b0
[   87.448386][ T5851]  netlink_unicast+0x759/0x8e0
[   87.448406][ T5851]  netlink_sendmsg+0x805/0xb30
[   87.448428][ T5851]  ? __pfx_netlink_sendmsg+0x10/0x10
[   87.448447][ T5851]  ? aa_sock_msg_perm+0x94/0x160
[   87.448471][ T5851]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[   87.448493][ T5851]  ? __pfx_netlink_sendmsg+0x10/0x10
[   87.448512][ T5851]  __sock_sendmsg+0x219/0x270
[   87.448527][ T5851]  ____sys_sendmsg+0x505/0x830
[   87.448549][ T5851]  ? __pfx_____sys_sendmsg+0x10/0x10
[   87.448572][ T5851]  ? import_iovec+0x74/0xa0
[   87.448590][ T5851]  ___sys_sendmsg+0x21f/0x2a0
[   87.448610][ T5851]  ? __pfx____sys_sendmsg+0x10/0x10
[   87.448644][ T5851]  ? do_raw_spin_lock+0x121/0x290
[   87.448680][ T5851]  __x64_sys_sendmsg+0x19b/0x260
[   87.448698][ T5851]  ? _raw_spin_unlock_irq+0x2e/0x50
[   87.448724][ T5851]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[   87.448747][ T5851]  ? rcu_is_watching+0x15/0xb0
[   87.448768][ T5851]  do_syscall_64+0xfa/0x3b0
[   87.448782][ T5851]  ? lockdep_hardirqs_on+0x9c/0x150
[   87.448804][ T5851]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   87.448818][ T5851]  ? clear_bhb_loop+0x60/0xb0
[   87.448834][ T5851]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   87.448867][ T5851] RIP: 0033:0x7fa7bbf1c6a9
[   87.448885][ T5851] Code: 48 83 c4 28 c3 e8 37 17 00 00 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[   87.448901][ T5851] RSP: 002b:00007fff7139c908 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   87.448916][ T5851] RAX: ffffffffffffffda RBX: 00007fff7139cad8 RCX: 00007fa7bbf1c6a9
[   87.448928][ T5851] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000003
[   87.448937][ T5851] RBP: 00007fa7bbf8f610 R08: 0000000000000002 R09: 00007fff7139cad8
[   87.448947][ T5851] R10: 0000000000000009 R11: 0000000000000246 R12: 0000000000000001
[   87.448956][ T5851] R13: 00007fff7139cac8 R14: 0000000000000001 R15: 0000000000000001
[   87.448972][ T5851]  </TASK>
[   87.448977][ T5851] 
[   87.909735][ T5851] Allocated by task 5851:
[   87.914072][ T5851]  kasan_save_track+0x3e/0x80
[   87.918771][ T5851]  __kasan_kmalloc+0x93/0xb0
[   87.923374][ T5851]  __kmalloc_noprof+0x27a/0x4f0
[   87.928237][ T5851]  nf_tables_newrule+0x1506/0x2890
[   87.933381][ T5851]  nfnetlink_rcv+0x1132/0x2520
[   87.938172][ T5851]  netlink_unicast+0x759/0x8e0
[   87.942947][ T5851]  netlink_sendmsg+0x805/0xb30
[   87.947725][ T5851]  __sock_sendmsg+0x219/0x270
[   87.952411][ T5851]  ____sys_sendmsg+0x505/0x830
[   87.957183][ T5851]  ___sys_sendmsg+0x21f/0x2a0
[   87.961871][ T5851]  __x64_sys_sendmsg+0x19b/0x260
[   87.966841][ T5851]  do_syscall_64+0xfa/0x3b0
[   87.971354][ T5851]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   87.977255][ T5851] 
[   87.979585][ T5851] The buggy address belongs to the object at ffff88801eac9580
[   87.979585][ T5851]  which belongs to the cache kmalloc-cg-96 of size 96
[   87.993739][ T5851] The buggy address is located 0 bytes to the right of
[   87.993739][ T5851]  allocated 72-byte region [ffff88801eac9580, ffff88801eac95c8)
[   88.008155][ T5851] 
[   88.010486][ T5851] The buggy address belongs to the physical page:
[   88.016899][ T5851] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1eac9
[   88.025696][ T5851] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[   88.032819][ T5851] page_type: f5(slab)
[   88.036809][ T5851] raw: 00fff00000000000 ffff88801a449640 dead000000000122 0000000000000000
[   88.045408][ T5851] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000
[   88.053992][ T5851] page dumped because: kasan: bad access detected
[   88.060424][ T5851] page_owner tracks the page as allocated
[   88.066138][ T5851] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x52cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 1, tgid 1 (swapper/0), ts 2776913905, free_ts 0
[   88.083767][ T5851]  post_alloc_hook+0x240/0x2a0
[   88.088562][ T5851]  get_page_from_freelist+0x21e4/0x22c0
[   88.094125][ T5851]  __alloc_frozen_pages_noprof+0x181/0x370
[   88.099961][ T5851]  alloc_pages_mpol+0x232/0x4a0
[   88.104834][ T5851]  allocate_slab+0x8a/0x3b0
[   88.109356][ T5851]  ___slab_alloc+0xbfc/0x1480
[   88.114054][ T5851]  __kmalloc_noprof+0x305/0x4f0
[   88.118923][ T5851]  __register_sysctl_table+0x72/0x1340
[   88.124421][ T5851]  user_namespace_sysctl_init+0x25/0x150
[   88.130079][ T5851]  do_one_initcall+0x233/0x820
[   88.134871][ T5851]  do_initcall_level+0x137/0x1f0
[   88.139848][ T5851]  do_initcalls+0x69/0xd0
[   88.144203][ T5851]  kernel_init_freeable+0x3d9/0x570
[   88.149432][ T5851]  kernel_init+0x1d/0x1d0
[   88.153782][ T5851]  ret_from_fork+0x3fc/0x770
[   88.158390][ T5851]  ret_from_fork_asm+0x1a/0x30
[   88.163195][ T5851] page_owner free stack trace missing
[   88.168573][ T5851] 
[   88.170921][ T5851] Memory state around the buggy address:
[   88.176558][ T5851]  ffff88801eac9480: 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc fc
[   88.184663][ T5851]  ffff88801eac9500: 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc fc
[   88.192734][ T5851] >ffff88801eac9580: 00 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc
[   88.200807][ T5851]                                               ^
[   88.207223][ T5851]  ffff88801eac9600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   88.215286][ T5851]  ffff88801eac9680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   88.223348][ T5851] ==================================================================
[   88.231424][ T5851] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[   88.238624][ T5851] CPU: 0 UID: 0 PID: 5851 Comm: syz-executor183 Not tainted 6.16.0-rc5-syzkaller-00276-g5d5d62298b8b #0 PREEMPT(full) 
[   88.251064][ T5851] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[   88.261124][ T5851] Call Trace:
[   88.264418][ T5851]  <TASK>
[   88.267359][ T5851]  dump_stack_lvl+0x99/0x250
[   88.271967][ T5851]  ? __asan_memcpy+0x40/0x70
[   88.276567][ T5851]  ? __pfx_dump_stack_lvl+0x10/0x10
[   88.281778][ T5851]  ? __pfx__printk+0x10/0x10
[   88.286388][ T5851]  panic+0x2db/0x790
[   88.290294][ T5851]  ? __pfx_panic+0x10/0x10
[   88.294723][ T5851]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[   88.300651][ T5851]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[   88.306997][ T5851]  ? print_memory_metadata+0x314/0x400
[   88.312464][ T5851]  ? string+0x231/0x2b0
[   88.316639][ T5851]  check_panic_on_warn+0x89/0xb0
[   88.321609][ T5851]  ? string+0x231/0x2b0
[   88.325784][ T5851]  end_report+0x78/0x160
[   88.330044][ T5851]  kasan_report+0x129/0x150
[   88.334565][ T5851]  ? __kasan_check_byte+0x12/0x40
[   88.339607][ T5851]  ? string+0x231/0x2b0
[   88.343787][ T5851]  string+0x231/0x2b0
[   88.347788][ T5851]  vsnprintf+0x739/0xf00
[   88.352052][ T5851]  vprintk_store+0x3c7/0xd00
[   88.356663][ T5851]  ? __pfx_vprintk_store+0x10/0x10
[   88.361789][ T5851]  ? stack_trace_save+0x9c/0xe0
[   88.366662][ T5851]  ? __pfx_stack_trace_save+0x10/0x10
[   88.372050][ T5851]  ? __is_module_percpu_address+0x28/0x3f0
[   88.377870][ T5851]  ? __lock_acquire+0xab9/0xd20
[   88.382747][ T5851]  ? is_printk_cpu_sync_owner+0x32/0x40
[   88.388317][ T5851]  vprintk_emit+0x21e/0x7a0
[   88.392839][ T5851]  ? __pfx_vprintk_emit+0x10/0x10
[   88.397885][ T5851]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[   88.403799][ T5851]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[   88.410153][ T5851]  _printk+0xcf/0x120
[   88.414156][ T5851]  ? __pfx____ratelimit+0x10/0x10
[   88.419205][ T5851]  ? __pfx__printk+0x10/0x10
[   88.423816][ T5851]  ? __flush_work+0xd2/0xbc0
[   88.428427][ T5851]  ? __flush_work+0xa5b/0xbc0
[   88.433126][ T5851]  nfacct_mt_checkentry+0xd2/0xe0
[   88.438167][ T5851]  xt_check_match+0x3d1/0xab0
[   88.442863][ T5851]  ? __pfx___flush_work+0x10/0x10
[   88.447905][ T5851]  ? __pfx_xt_check_match+0x10/0x10
[   88.453122][ T5851]  ? __pfx___might_resched+0x10/0x10
[   88.458428][ T5851]  ? nft_pernet+0x23/0x240
[   88.462865][ T5851]  ? nft_pernet+0x23/0x240
[   88.467300][ T5851]  ? nft_pernet+0x23/0x240
[   88.471733][ T5851]  __nft_match_init+0x63a/0x840
[   88.476600][ T5851]  ? __pfx___nft_match_init+0x10/0x10
[   88.482006][ T5851]  ? rcu_is_watching+0x15/0xb0
[   88.486788][ T5851]  ? trace_kmalloc+0x1f/0xd0
[   88.491388][ T5851]  ? nf_tables_newrule+0x1506/0x2890
[   88.496689][ T5851]  nf_tables_newrule+0x178c/0x2890
[   88.501824][ T5851]  ? __pfx_nf_tables_newrule+0x10/0x10
[   88.507364][ T5851]  ? nfnl_pernet+0x23/0x240
[   88.511894][ T5851]  ? __nla_parse+0x40/0x60
[   88.516324][ T5851]  nfnetlink_rcv+0x1132/0x2520
[   88.521123][ T5851]  ? __pfx_nfnetlink_rcv+0x10/0x10
[   88.526260][ T5851]  ? __lock_acquire+0xab9/0xd20
[   88.531143][ T5851]  ? netlink_deliver_tap+0x2e/0x1b0
[   88.536368][ T5851]  ? netlink_deliver_tap+0x2e/0x1b0
[   88.541582][ T5851]  netlink_unicast+0x759/0x8e0
[   88.546368][ T5851]  netlink_sendmsg+0x805/0xb30
[   88.551150][ T5851]  ? __pfx_netlink_sendmsg+0x10/0x10
[   88.556448][ T5851]  ? aa_sock_msg_perm+0x94/0x160
[   88.561406][ T5851]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[   88.566715][ T5851]  ? __pfx_netlink_sendmsg+0x10/0x10
[   88.572015][ T5851]  __sock_sendmsg+0x219/0x270
[   88.576703][ T5851]  ____sys_sendmsg+0x505/0x830
[   88.581508][ T5851]  ? __pfx_____sys_sendmsg+0x10/0x10
[   88.586836][ T5851]  ? import_iovec+0x74/0xa0
[   88.591360][ T5851]  ___sys_sendmsg+0x21f/0x2a0
[   88.596057][ T5851]  ? __pfx____sys_sendmsg+0x10/0x10
[   88.601273][ T5851]  ? do_raw_spin_lock+0x121/0x290
[   88.606335][ T5851]  __x64_sys_sendmsg+0x19b/0x260
[   88.611290][ T5851]  ? _raw_spin_unlock_irq+0x2e/0x50
[   88.616513][ T5851]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[   88.621993][ T5851]  ? rcu_is_watching+0x15/0xb0
[   88.626775][ T5851]  do_syscall_64+0xfa/0x3b0
[   88.631298][ T5851]  ? lockdep_hardirqs_on+0x9c/0x150
[   88.636513][ T5851]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   88.642589][ T5851]  ? clear_bhb_loop+0x60/0xb0
[   88.647284][ T5851]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   88.653190][ T5851] RIP: 0033:0x7fa7bbf1c6a9
[   88.657623][ T5851] Code: 48 83 c4 28 c3 e8 37 17 00 00 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[   88.677239][ T5851] RSP: 002b:00007fff7139c908 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   88.685668][ T5851] RAX: ffffffffffffffda RBX: 00007fff7139cad8 RCX: 00007fa7bbf1c6a9
[   88.693669][ T5851] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000003
[   88.701662][ T5851] RBP: 00007fa7bbf8f610 R08: 0000000000000002 R09: 00007fff7139cad8
[   88.709643][ T5851] R10: 0000000000000009 R11: 0000000000000246 R12: 0000000000000001
[   88.717631][ T5851] R13: 00007fff7139cac8 R14: 0000000000000001 R15: 0000000000000001
[   88.725627][ T5851]  </TASK>
[   88.729027][ T5851] Kernel Offset: disabled
[   88.733356][ T5851] Rebooting in 86400 seconds..