Warning: Permanently added '10.128.0.13' (ED25519) to the list of known hosts.
executing program
executing program
executing program
executing program
executing program
executing program
executing program
[   52.576469][ T3526] ==================================================================
[   52.584705][ T3526] BUG: KASAN: use-after-free in unix_stream_read_actor+0x9e/0xa0
[   52.592442][ T3526] Read of size 4 at addr ffff88801a231684 by task syz-executor758/3526
[   52.600676][ T3526] 
[   52.603124][ T3526] CPU: 1 PID: 3526 Comm: syz-executor758 Not tainted 5.15.138-syzkaller #0
[   52.611707][ T3526] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/09/2023
[   52.621746][ T3526] Call Trace:
[   52.625030][ T3526]  <TASK>
[   52.627951][ T3526]  dump_stack_lvl+0x1e3/0x2cb
[   52.632631][ T3526]  ? io_uring_drop_tctx_refs+0x19d/0x19d
[   52.638250][ T3526]  ? _printk+0xd1/0x111
[   52.642400][ T3526]  ? __wake_up_klogd+0xcc/0x100
[   52.647245][ T3526]  ? panic+0x84d/0x84d
[   52.651301][ T3526]  ? _raw_spin_lock_irqsave+0xdd/0x120
[   52.656751][ T3526]  ? preempt_schedule_common+0xa6/0xd0
[   52.662195][ T3526]  print_address_description+0x63/0x3b0
[   52.667816][ T3526]  ? unix_stream_read_actor+0x9e/0xa0
[   52.673174][ T3526]  kasan_report+0x16b/0x1c0
[   52.677670][ T3526]  ? unix_stream_read_actor+0x9e/0xa0
[   52.683028][ T3526]  unix_stream_read_actor+0x9e/0xa0
[   52.688213][ T3526]  unix_stream_recv_urg+0x1bb/0x300
[   52.693399][ T3526]  unix_stream_read_generic+0x21ab/0x22a0
[   52.699108][ T3526]  ? aa_label_sk_perm+0x453/0x630
[   52.704125][ T3526]  ? aa_sk_perm+0xa30/0xa30
[   52.708629][ T3526]  ? unix_stream_read_actor+0xa0/0xa0
[   52.713990][ T3526]  ? reacquire_held_locks+0x660/0x660
[   52.719386][ T3526]  ? aa_sk_perm+0x8fc/0xa30
[   52.723877][ T3526]  unix_stream_recvmsg+0x22d/0x2c0
[   52.728977][ T3526]  ? unix_stream_sendmsg+0x1070/0x1070
[   52.734431][ T3526]  ? __unix_stream_recvmsg+0x210/0x210
[   52.739880][ T3526]  ? aa_sock_msg_perm+0x91/0x150
[   52.744810][ T3526]  ? bpf_lsm_socket_recvmsg+0x5/0x10
[   52.750172][ T3526]  ? security_socket_recvmsg+0x86/0xb0
[   52.755626][ T3526]  ? unix_stream_sendmsg+0x1070/0x1070
[   52.761076][ T3526]  ____sys_recvmsg+0x286/0x530
[   52.765834][ T3526]  ? __sys_recvmsg_sock+0x40/0x40
[   52.770866][ T3526]  ___sys_recvmsg+0x1ec/0x690
[   52.775532][ T3526]  ? __sys_recvmsg+0x260/0x260
[   52.780301][ T3526]  ? __fdget+0x191/0x220
[   52.784534][ T3526]  __x64_sys_recvmsg+0x1dc/0x2b0
[   52.789464][ T3526]  ? ___sys_recvmsg+0x690/0x690
[   52.794311][ T3526]  ? syscall_enter_from_user_mode+0x2e/0x230
[   52.800284][ T3526]  ? lockdep_hardirqs_on+0x94/0x130
[   52.805472][ T3526]  ? syscall_enter_from_user_mode+0x2e/0x230
[   52.811453][ T3526]  do_syscall_64+0x3d/0xb0
[   52.815857][ T3526]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[   52.821735][ T3526] RIP: 0033:0x7f522e1634e9
[   52.826138][ T3526] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[   52.845728][ T3526] RSP: 002b:00007f522e0e2228 EFLAGS: 00000246 ORIG_RAX: 000000000000002f
[   52.854129][ T3526] RAX: ffffffffffffffda RBX: 0000000000000008 RCX: 00007f522e1634e9
[   52.862092][ T3526] RDX: 0000000040010083 RSI: 0000000020000140 RDI: 0000000000000004
[   52.870052][ T3526] RBP: 00007f522e1ed348 R08: 00007f522e0e26c0 R09: 00007f522e0e26c0
[   52.878013][ T3526] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f522e1ed340
[   52.885971][ T3526] R13: 00007f522e1ed34c R14: 00007fff5b9c08c0 R15: 00007fff5b9c09a8
[   52.894047][ T3526]  </TASK>
[   52.897076][ T3526] 
[   52.899401][ T3526] Allocated by task 3525:
[   52.903721][ T3526]  __kasan_slab_alloc+0x8e/0xc0
[   52.908569][ T3526]  slab_post_alloc_hook+0x53/0x380
[   52.913683][ T3526]  kmem_cache_alloc_node+0x121/0x2c0
[   52.918956][ T3526]  __alloc_skb+0xdd/0x590
[   52.923275][ T3526]  alloc_skb_with_frags+0xa3/0x780
[   52.928375][ T3526]  sock_alloc_send_pskb+0x915/0xa50
[   52.933567][ T3526]  queue_oob+0xfd/0x8d0
[   52.937712][ T3526]  unix_stream_sendmsg+0xe0a/0x1070
[   52.942897][ T3526]  ____sys_sendmsg+0x59e/0x8f0
[   52.947647][ T3526]  ___sys_sendmsg+0x252/0x2e0
[   52.952320][ T3526]  __se_sys_sendmsg+0x19a/0x260
[   52.957190][ T3526]  do_syscall_64+0x3d/0xb0
[   52.961593][ T3526]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[   52.967470][ T3526] 
[   52.969778][ T3526] Freed by task 3525:
[   52.973736][ T3526]  kasan_set_track+0x4b/0x80
[   52.978314][ T3526]  kasan_set_free_info+0x1f/0x40
[   52.983234][ T3526]  ____kasan_slab_free+0xd8/0x120
[   52.988240][ T3526]  slab_free_freelist_hook+0xdd/0x160
[   52.993595][ T3526]  kmem_cache_free+0x91/0x1f0
[   52.998255][ T3526]  queue_oob+0x524/0x8d0
[   53.002486][ T3526]  unix_stream_sendmsg+0xe0a/0x1070
[   53.007675][ T3526]  ____sys_sendmsg+0x59e/0x8f0
[   53.012423][ T3526]  ___sys_sendmsg+0x252/0x2e0
[   53.017085][ T3526]  __se_sys_sendmsg+0x19a/0x260
[   53.021916][ T3526]  do_syscall_64+0x3d/0xb0
[   53.026326][ T3526]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[   53.032208][ T3526] 
[   53.034531][ T3526] The buggy address belongs to the object at ffff88801a231640
[   53.034531][ T3526]  which belongs to the cache skbuff_head_cache of size 232
[   53.049086][ T3526] The buggy address is located 68 bytes inside of
[   53.049086][ T3526]  232-byte region [ffff88801a231640, ffff88801a231728)
[   53.062286][ T3526] The buggy address belongs to the page:
[   53.067917][ T3526] page:ffffea0000688c40 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1a231
[   53.078051][ T3526] flags: 0xfff00000000200(slab|node=0|zone=1|lastcpupid=0x7ff)
[   53.085589][ T3526] raw: 00fff00000000200 0000000000000000 dead000000000122 ffff8880165e8500
[   53.094159][ T3526] raw: 0000000000000000 00000000000c000c 00000001ffffffff 0000000000000000
[   53.102723][ T3526] page dumped because: kasan: bad access detected
[   53.109131][ T3526] page_owner tracks the page as allocated
[   53.114831][ T3526] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x12cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY), pid 3525, ts 52575496142, free_ts 45832208612
[   53.130887][ T3526]  get_page_from_freelist+0x322a/0x33c0
[   53.136420][ T3526]  __alloc_pages+0x272/0x700
[   53.140996][ T3526]  new_slab+0xbb/0x4b0
[   53.145051][ T3526]  ___slab_alloc+0x6f6/0xe10
[   53.149628][ T3526]  kmem_cache_alloc_node+0x1ba/0x2c0
[   53.154904][ T3526]  __alloc_skb+0xdd/0x590
[   53.159223][ T3526]  alloc_skb_with_frags+0xa3/0x780
[   53.164346][ T3526]  sock_alloc_send_pskb+0x915/0xa50
[   53.169530][ T3526]  queue_oob+0xfd/0x8d0
[   53.173674][ T3526]  unix_stream_sendmsg+0xe0a/0x1070
[   53.178895][ T3526]  ____sys_sendmsg+0x59e/0x8f0
[   53.183649][ T3526]  ___sys_sendmsg+0x252/0x2e0
[   53.188343][ T3526]  __se_sys_sendmsg+0x19a/0x260
[   53.193187][ T3526]  do_syscall_64+0x3d/0xb0
[   53.197593][ T3526]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[   53.203474][ T3526] page last free stack trace:
[   53.208126][ T3526]  free_unref_page_prepare+0xc34/0xcf0
[   53.213587][ T3526]  free_unref_page+0x95/0x2d0
[   53.218260][ T3526]  pipe_read+0x6e4/0x12b0
[   53.222578][ T3526]  vfs_read+0xa9f/0xe10
[   53.226725][ T3526]  ksys_read+0x1a2/0x2c0
[   53.230963][ T3526]  do_syscall_64+0x3d/0xb0
[   53.235366][ T3526]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[   53.241251][ T3526] 
[   53.243563][ T3526] Memory state around the buggy address:
[   53.249176][ T3526]  ffff88801a231580: fb fb fb fb fb fb fb fb fb fb fb fb fb fc fc fc
[   53.257224][ T3526]  ffff88801a231600: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
[   53.265271][ T3526] >ffff88801a231680: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   53.273339][ T3526]                    ^
[   53.277412][ T3526]  ffff88801a231700: fb fb fb fb fb fc fc fc fc fc fc fc fc fc fc fc
[   53.285478][ T3526]  ffff88801a231780: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   53.293526][ T3526] ==================================================================
[   53.301570][ T3526] Disabling lock debugging due to kernel taint
[   53.308412][ T3526] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[   53.315629][ T3526] CPU: 0 PID: 3526 Comm: syz-executor758 Tainted: G    B             5.15.138-syzkaller #0
[   53.325626][ T3526] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/09/2023
[   53.335678][ T3526] Call Trace:
[   53.338962][ T3526]  <TASK>
[   53.341887][ T3526]  dump_stack_lvl+0x1e3/0x2cb
[   53.346576][ T3526]  ? io_uring_drop_tctx_refs+0x19d/0x19d
[   53.352205][ T3526]  ? panic+0x84d/0x84d
[   53.356264][ T3526]  ? preempt_schedule_common+0xa6/0xd0
[   53.361718][ T3526]  ? preempt_schedule+0xd9/0xe0
[   53.366566][ T3526]  panic+0x318/0x84d
[   53.370453][ T3526]  ? check_panic_on_warn+0x1d/0xa0
[   53.375558][ T3526]  ? fb_is_primary_device+0xcc/0xcc
[   53.380751][ T3526]  ? _raw_spin_unlock_irqrestore+0x128/0x130
[   53.386744][ T3526]  ? _raw_spin_unlock+0x40/0x40
[   53.391590][ T3526]  ? print_memory_metadata+0xe2/0x140
[   53.396964][ T3526]  check_panic_on_warn+0x7e/0xa0
[   53.401902][ T3526]  ? unix_stream_read_actor+0x9e/0xa0
[   53.407284][ T3526]  end_report+0x6d/0xf0
[   53.411432][ T3526]  kasan_report+0x18e/0x1c0
[   53.415928][ T3526]  ? unix_stream_read_actor+0x9e/0xa0
[   53.421298][ T3526]  unix_stream_read_actor+0x9e/0xa0
[   53.426499][ T3526]  unix_stream_recv_urg+0x1bb/0x300
[   53.431695][ T3526]  unix_stream_read_generic+0x21ab/0x22a0
[   53.437415][ T3526]  ? aa_label_sk_perm+0x453/0x630
[   53.442445][ T3526]  ? aa_sk_perm+0xa30/0xa30
[   53.446975][ T3526]  ? unix_stream_read_actor+0xa0/0xa0
[   53.452346][ T3526]  ? reacquire_held_locks+0x660/0x660
[   53.457717][ T3526]  ? aa_sk_perm+0x8fc/0xa30
[   53.462215][ T3526]  unix_stream_recvmsg+0x22d/0x2c0
[   53.467322][ T3526]  ? unix_stream_sendmsg+0x1070/0x1070
[   53.472773][ T3526]  ? __unix_stream_recvmsg+0x210/0x210
[   53.478228][ T3526]  ? aa_sock_msg_perm+0x91/0x150
[   53.483159][ T3526]  ? bpf_lsm_socket_recvmsg+0x5/0x10
[   53.488434][ T3526]  ? security_socket_recvmsg+0x86/0xb0
[   53.493885][ T3526]  ? unix_stream_sendmsg+0x1070/0x1070
[   53.499336][ T3526]  ____sys_recvmsg+0x286/0x530
[   53.504094][ T3526]  ? __sys_recvmsg_sock+0x40/0x40
[   53.509114][ T3526]  ___sys_recvmsg+0x1ec/0x690
[   53.513781][ T3526]  ? __sys_recvmsg+0x260/0x260
[   53.518558][ T3526]  ? __fdget+0x191/0x220
[   53.522823][ T3526]  __x64_sys_recvmsg+0x1dc/0x2b0
[   53.527754][ T3526]  ? ___sys_recvmsg+0x690/0x690
[   53.532801][ T3526]  ? syscall_enter_from_user_mode+0x2e/0x230
[   53.538793][ T3526]  ? lockdep_hardirqs_on+0x94/0x130
[   53.544029][ T3526]  ? syscall_enter_from_user_mode+0x2e/0x230
[   53.550018][ T3526]  do_syscall_64+0x3d/0xb0
[   53.554441][ T3526]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[   53.560342][ T3526] RIP: 0033:0x7f522e1634e9
[   53.564752][ T3526] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[   53.584359][ T3526] RSP: 002b:00007f522e0e2228 EFLAGS: 00000246 ORIG_RAX: 000000000000002f
[   53.592867][ T3526] RAX: ffffffffffffffda RBX: 0000000000000008 RCX: 00007f522e1634e9
[   53.600852][ T3526] RDX: 0000000040010083 RSI: 0000000020000140 RDI: 0000000000000004
[   53.608823][ T3526] RBP: 00007f522e1ed348 R08: 00007f522e0e26c0 R09: 00007f522e0e26c0
[   53.616820][ T3526] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f522e1ed340
[   53.624901][ T3526] R13: 00007f522e1ed34c R14: 00007fff5b9c08c0 R15: 00007fff5b9c09a8
[   53.632912][ T3526]  </TASK>
[   53.636185][ T3526] Kernel Offset: disabled
[   53.640511][ T3526] Rebooting in 86400 seconds..