./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor2708836564

<...>
Warning: Permanently added '10.128.0.122' (ED25519) to the list of known hosts.
execve("./syz-executor2708836564", ["./syz-executor2708836564"], 0x7ffff1aa6b60 /* 10 vars */) = 0
brk(NULL)                               = 0x55558e4e6000
brk(0x55558e4e6d00)                     = 0x55558e4e6d00
arch_prctl(ARCH_SET_FS, 0x55558e4e6380) = 0
set_tid_address(0x55558e4e6650)         = 5835
set_robust_list(0x55558e4e6660, 24)     = 0
rseq(0x55558e4e6ca0, 0x20, 0, 0x53053053) = 0
prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0
readlink("/proc/self/exe", "/root/syz-executor2708836564", 4096) = 28
getrandom("\x49\x88\x26\x4b\x6e\xfb\x23\x62", 8, GRND_NONBLOCK) = 8
brk(NULL)                               = 0x55558e4e6d00
brk(0x55558e507d00)                     = 0x55558e507d00
brk(0x55558e508000)                     = 0x55558e508000
mprotect(0x7f96a73b3000, 16384, PROT_READ) = 0
mmap(0x1ffffffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffffffff000
mmap(0x200000000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x200000000000
mmap(0x200001000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x200001000000
executing program
write(1, "executing program\n", 18)     = 18
socket(AF_KEY, SOCK_RAW, 2)             = 3
sendmsg(3, {msg_name=0x3, msg_namelen=0, msg_iov=[{iov_base="\x02\x03\xfb\x02\x1e\x00\x00\x00\x2c\xbd\x70\x00\xfc\xdb\xdf\x25\x02\x00\x09\x00\x08\x00\x00\x00\x0a\x00\x00\x00\x00\x00\x00\x00\x05\x00\x06\x00\x00\x00\x00\x00\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x02\x00\x00\x00\x00\x00\x00\x00\x02\x00\x01\x00\x00\x00\x00\x00\x04\x00\x07\x0c\x00\x00\x00\x00\x05\x00\x05\x00\x00\x00\x00\x00\x0a\x00\x00\x00"..., iov_len=240}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 240
socket(AF_NETLINK, SOCK_RAW, NETLINK_XFRM) = 4
sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="\xfc\x00\x00\x00\x19\x00\x67\x4c\x00\x00\x00\x00\x00\x00\x00\x00\xe0\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xe0\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x40\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=252}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 252
socket(AF_INET6, SOCK_DGRAM, IPPROTO_L2TP) = 5
[   76.014817][ T5835] ------------[ cut here ]------------
[   76.020954][ T5835] memcpy: detected field-spanning write (size 40) of single field "&top_iph->saddr" at net/ipv6/ah6.c:439 (size 16)
[   76.034069][ T5835] WARNING: net/ipv6/ah6.c:439 at ah6_output+0xece/0x1510, CPU#1: syz-executor270/5835
[   76.043671][ T5835] Modules linked in:
[   76.047700][ T5835] CPU: 1 UID: 0 PID: 5835 Comm: syz-executor270 Not tainted 6.16.0-rc3-next-20250626-syzkaller #0 PREEMPT(full) 
[   76.059617][ T5835] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[   76.069723][ T5835] RIP: 0010:ah6_output+0xece/0x1510
[   76.074932][ T5835] Code: ff e8 66 29 82 f7 c6 05 60 e1 6e 05 01 90 b9 10 00 00 00 48 c7 c7 80 a1 a2 8c 4c 89 f6 48 c7 c2 e0 a3 a2 8c e8 e3 db 45 f7 90 <0f> 0b 90 90 e9 ab fe ff ff e8 d4 20 38 01 48 8b 4c 24 28 80 e1 07
[   76.094582][ T5835] RSP: 0018:ffffc90003f370a0 EFLAGS: 00010246
[   76.100718][ T5835] RAX: 26d747fa118b3400 RBX: ffff8880267e5808 RCX: ffff88807a09bc00
[   76.108747][ T5835] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000002
[   76.116980][ T5835] RBP: ffffc90003f37230 R08: 0000000000000003 R09: 0000000000000004
[   76.124997][ T5835] R10: dffffc0000000000 R11: fffffbfff1c3a428 R12: dffffc0000000000
[   76.133086][ T5835] R13: 1ffff920007e6e34 R14: 0000000000000028 R15: 0000000000000030
[   76.141108][ T5835] FS:  000055558e4e6380(0000) GS:ffff888125ae6000(0000) knlGS:0000000000000000
[   76.150087][ T5835] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   76.156661][ T5835] CR2: 000000000045ad50 CR3: 0000000075b5e000 CR4: 00000000003526f0
[   76.164729][ T5835] Call Trace:
[   76.168055][ T5835]  <TASK>
[   76.171024][ T5835]  ? __pfx_ah6_output+0x10/0x10
[   76.175880][ T5835]  xfrm_output_resume+0x2c55/0x6170
[   76.181141][ T5835]  ? __pfx_xfrm_output_resume+0x10/0x10
[   76.186708][ T5835]  ? xfrm_dev_offload_ok+0x129/0x780
[   76.192051][ T5835]  ? xfrm_output+0x9ad/0x1950
[   76.196769][ T5835]  __xfrm6_output+0x2eb/0x1070
[   76.201563][ T5835]  ? __lock_acquire+0xab9/0xd20
[   76.206439][ T5835]  ? __pfx___xfrm6_output+0x10/0x10
[   76.211689][ T5835]  ? xfrm6_output+0x258/0x4f0
[   76.216377][ T5835]  xfrm6_output+0x1c6/0x4f0
[   76.220921][ T5835]  ? xfrm6_output+0x258/0x4f0
[   76.225598][ T5835]  ? __pfx_xfrm6_output+0x10/0x10
[   76.230666][ T5835]  ? __pfx___xfrm6_output+0x10/0x10
[   76.235878][ T5835]  ? skb_dst+0x4f/0xd0
[   76.239998][ T5835]  ? dst_output+0x177/0x1c0
[   76.244514][ T5835]  ? ip6_send_skb+0x10f/0x390
[   76.249260][ T5835]  ip6_send_skb+0x1d5/0x390
[   76.253836][ T5835]  l2tp_ip6_sendmsg+0x12f2/0x17c0
[   76.258916][ T5835]  ? __pfx_l2tp_ip6_sendmsg+0x10/0x10
[   76.264318][ T5835]  ? __pfx_aa_sk_perm+0x10/0x10
[   76.269206][ T5835]  ? tomoyo_socket_sendmsg_permission+0x216/0x300
[   76.275637][ T5835]  ? inet_sendmsg+0x2f4/0x370
[   76.280372][ T5835]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[   76.285675][ T5835]  __sock_sendmsg+0x19c/0x270
[   76.290518][ T5835]  ____sys_sendmsg+0x505/0x830
[   76.295304][ T5835]  ? __pfx_____sys_sendmsg+0x10/0x10
[   76.300643][ T5835]  ? import_iovec+0x74/0xa0
[   76.305155][ T5835]  ___sys_sendmsg+0x21f/0x2a0
[   76.309881][ T5835]  ? __pfx____sys_sendmsg+0x10/0x10
[   76.315094][ T5835]  ? do_raw_spin_lock+0x121/0x290
[   76.320180][ T5835]  __x64_sys_sendmsg+0x19b/0x260
[   76.325129][ T5835]  ? _raw_spin_unlock_irq+0x2e/0x50
[   76.330456][ T5835]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[   76.335935][ T5835]  do_syscall_64+0xfa/0x3b0
[   76.340471][ T5835]  ? lockdep_hardirqs_on+0x9c/0x150
[   76.345672][ T5835]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   76.351805][ T5835]  ? clear_bhb_loop+0x60/0xb0
[   76.356495][ T5835]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   76.362431][ T5835] RIP: 0033:0x7f96a7340669
[   76.366865][ T5835] Code: 48 83 c4 28 c3 e8 37 17 00 00 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[   76.386516][ T5835] RSP: 002b:00007ffcb1680d88 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   76.395001][ T5835] RAX: ffffffffffffffda RBX: 00007ffcb1680f58 RCX: 00007f96a7340669
[   76.403034][ T5835] RDX: 0000000000000800 RSI: 0000200000000540 RDI: 0000000000000005
[   76.411032][ T5835] RBP: 00007f96a73b3610 R08: 00007ffcb1680f58 R09: 00007ffcb1680f58
[   76.419130][ T5835] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   76.427107][ T5835] R13: 00007ffcb1680f48 R14: 0000000000000001 R15: 0000000000000001
[   76.435120][ T5835]  </TASK>
[   76.438187][ T5835] Kernel panic - not syncing: kernel: panic_on_warn set ...
[   76.445456][ T5835] CPU: 1 UID: 0 PID: 5835 Comm: syz-executor270 Not tainted 6.16.0-rc3-next-20250626-syzkaller #0 PREEMPT(full) 
[   76.457324][ T5835] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[   76.467540][ T5835] Call Trace:
[   76.470815][ T5835]  <TASK>
[   76.473731][ T5835]  dump_stack_lvl+0x99/0x250
[   76.478310][ T5835]  ? __asan_memcpy+0x40/0x70
[   76.482896][ T5835]  ? __pfx_dump_stack_lvl+0x10/0x10
[   76.488161][ T5835]  ? __pfx__printk+0x10/0x10
[   76.492738][ T5835]  panic+0x2db/0x790
[   76.496614][ T5835]  ? __pfx_panic+0x10/0x10
[   76.501026][ T5835]  __warn+0x334/0x4c0
[   76.505005][ T5835]  ? ah6_output+0xece/0x1510
[   76.509596][ T5835]  ? ah6_output+0xece/0x1510
[   76.514186][ T5835]  report_bug+0x2be/0x4f0
[   76.518545][ T5835]  ? ah6_output+0xece/0x1510
[   76.523133][ T5835]  ? ah6_output+0xece/0x1510
[   76.527718][ T5835]  ? ah6_output+0xed0/0x1510
[   76.532314][ T5835]  handle_bug+0x84/0x160
[   76.536553][ T5835]  exc_invalid_op+0x1a/0x50
[   76.541048][ T5835]  asm_exc_invalid_op+0x1a/0x20
[   76.545887][ T5835] RIP: 0010:ah6_output+0xece/0x1510
[   76.551080][ T5835] Code: ff e8 66 29 82 f7 c6 05 60 e1 6e 05 01 90 b9 10 00 00 00 48 c7 c7 80 a1 a2 8c 4c 89 f6 48 c7 c2 e0 a3 a2 8c e8 e3 db 45 f7 90 <0f> 0b 90 90 e9 ab fe ff ff e8 d4 20 38 01 48 8b 4c 24 28 80 e1 07
[   76.570689][ T5835] RSP: 0018:ffffc90003f370a0 EFLAGS: 00010246
[   76.576752][ T5835] RAX: 26d747fa118b3400 RBX: ffff8880267e5808 RCX: ffff88807a09bc00
[   76.584716][ T5835] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000002
[   76.592679][ T5835] RBP: ffffc90003f37230 R08: 0000000000000003 R09: 0000000000000004
[   76.600641][ T5835] R10: dffffc0000000000 R11: fffffbfff1c3a428 R12: dffffc0000000000
[   76.608603][ T5835] R13: 1ffff920007e6e34 R14: 0000000000000028 R15: 0000000000000030
[   76.616603][ T5835]  ? __pfx_ah6_output+0x10/0x10
[   76.621473][ T5835]  xfrm_output_resume+0x2c55/0x6170
[   76.626705][ T5835]  ? __pfx_xfrm_output_resume+0x10/0x10
[   76.632258][ T5835]  ? xfrm_dev_offload_ok+0x129/0x780
[   76.637549][ T5835]  ? xfrm_output+0x9ad/0x1950
[   76.642234][ T5835]  __xfrm6_output+0x2eb/0x1070
[   76.646989][ T5835]  ? __lock_acquire+0xab9/0xd20
[   76.651854][ T5835]  ? __pfx___xfrm6_output+0x10/0x10
[   76.657227][ T5835]  ? xfrm6_output+0x258/0x4f0
[   76.661896][ T5835]  xfrm6_output+0x1c6/0x4f0
[   76.666391][ T5835]  ? xfrm6_output+0x258/0x4f0
[   76.671054][ T5835]  ? __pfx_xfrm6_output+0x10/0x10
[   76.676070][ T5835]  ? __pfx___xfrm6_output+0x10/0x10
[   76.681254][ T5835]  ? skb_dst+0x4f/0xd0
[   76.685313][ T5835]  ? dst_output+0x177/0x1c0
[   76.689807][ T5835]  ? ip6_send_skb+0x10f/0x390
[   76.694482][ T5835]  ip6_send_skb+0x1d5/0x390
[   76.698985][ T5835]  l2tp_ip6_sendmsg+0x12f2/0x17c0
[   76.704017][ T5835]  ? __pfx_l2tp_ip6_sendmsg+0x10/0x10
[   76.709436][ T5835]  ? __pfx_aa_sk_perm+0x10/0x10
[   76.714279][ T5835]  ? tomoyo_socket_sendmsg_permission+0x216/0x300
[   76.720693][ T5835]  ? inet_sendmsg+0x2f4/0x370
[   76.725367][ T5835]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[   76.730651][ T5835]  __sock_sendmsg+0x19c/0x270
[   76.735323][ T5835]  ____sys_sendmsg+0x505/0x830
[   76.740088][ T5835]  ? __pfx_____sys_sendmsg+0x10/0x10
[   76.745376][ T5835]  ? import_iovec+0x74/0xa0
[   76.749875][ T5835]  ___sys_sendmsg+0x21f/0x2a0
[   76.754560][ T5835]  ? __pfx____sys_sendmsg+0x10/0x10
[   76.759762][ T5835]  ? do_raw_spin_lock+0x121/0x290
[   76.764816][ T5835]  __x64_sys_sendmsg+0x19b/0x260
[   76.769749][ T5835]  ? _raw_spin_unlock_irq+0x2e/0x50
[   76.774940][ T5835]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[   76.780414][ T5835]  do_syscall_64+0xfa/0x3b0
[   76.784912][ T5835]  ? lockdep_hardirqs_on+0x9c/0x150
[   76.790109][ T5835]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   76.796168][ T5835]  ? clear_bhb_loop+0x60/0xb0
[   76.800837][ T5835]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   76.806721][ T5835] RIP: 0033:0x7f96a7340669
[   76.811127][ T5835] Code: 48 83 c4 28 c3 e8 37 17 00 00 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[   76.830724][ T5835] RSP: 002b:00007ffcb1680d88 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   76.839140][ T5835] RAX: ffffffffffffffda RBX: 00007ffcb1680f58 RCX: 00007f96a7340669
[   76.847121][ T5835] RDX: 0000000000000800 RSI: 0000200000000540 RDI: 0000000000000005
[   76.855092][ T5835] RBP: 00007f96a73b3610 R08: 00007ffcb1680f58 R09: 00007ffcb1680f58
[   76.863055][ T5835] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   76.871017][ T5835] R13: 00007ffcb1680f48 R14: 0000000000000001 R15: 0000000000000001
[   76.878993][ T5835]  </TASK>
[   76.882232][ T5835] Kernel Offset: disabled
[   76.886548][ T5835] Rebooting in 86400 seconds..