[ 4.406309][ T99] udevd[99]: starting version 3.2.11
[ 4.505456][ T100] udevd[100]: starting eudev-3.2.11
[ 4.507572][ T99] udevd (99) used greatest stack depth: 22096 bytes left
[ 11.972046][ T30] kauditd_printk_skb: 50 callbacks suppressed
[ 11.972059][ T30] audit: type=1400 audit(1714319727.498:61): avc: denied { transition } for pid=220 comm="sshd" path="/bin/sh" dev="sda1" ino=89 scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[ 11.976895][ T30] audit: type=1400 audit(1714319727.498:62): avc: denied { noatsecure } for pid=220 comm="sshd" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[ 11.980773][ T30] audit: type=1400 audit(1714319727.498:63): avc: denied { write } for pid=220 comm="sh" path="pipe:[12388]" dev="pipefs" ino=12388 scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:sshd_t tclass=fifo_file permissive=1
[ 11.984831][ T30] audit: type=1400 audit(1714319727.498:64): avc: denied { rlimitinh } for pid=220 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[ 11.988792][ T30] audit: type=1400 audit(1714319727.498:65): avc: denied { siginh } for pid=220 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[ 13.316012][ T221] sshd (221) used greatest stack depth: 21952 bytes left
Warning: Permanently added '10.128.0.161' (ED25519) to the list of known hosts.
Setting up swapspace version 1, size = 127995904 bytes
[ 20.231430][ T30] audit: type=1400 audit(1714319735.748:66): avc: denied { execmem } for pid=285 comm="syz-executor281" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[ 20.246729][ T286] SELinux: Context root:object_r:swapfile_t is not valid (left unmapped).
[ 20.250756][ T30] audit: type=1400 audit(1714319735.748:67): avc: denied { integrity } for pid=285 comm="syz-executor281" lockdown_reason="debugfs access" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=lockdown permissive=1
[ 20.267733][ T285] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k
[ 20.281821][ T30] audit: type=1400 audit(1714319735.758:68): avc: denied { setattr } for pid=285 comm="syz-executor281" name="raw-gadget" dev="devtmpfs" ino=162 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
executing program
[ 20.314030][ T30] audit: type=1400 audit(1714319735.788:69): avc: denied { relabelto } for pid=286 comm="mkswap" name="swap-file" dev="sda1" ino=1926 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[ 20.339468][ T30] audit: type=1400 audit(1714319735.788:70): avc: denied { write } for pid=286 comm="mkswap" path="/root/swap-file" dev="sda1" ino=1926 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[ 20.365313][ T30] audit: type=1400 audit(1714319735.788:71): avc: denied { read } for pid=285 comm="syz-executor281" name="swap-file" dev="sda1" ino=1926 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[ 20.391237][ T30] audit: type=1400 audit(1714319735.788:72): avc: denied { open } for pid=285 comm="syz-executor281" path="/root/swap-file" dev="sda1" ino=1926 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[ 20.417608][ T30] audit: type=1400 audit(1714319735.838:73): avc: denied { mounton } for pid=287 comm="syz-executor281" path="/sys/fs/fuse/connections" dev="fusectl" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=dir permissive=1
[ 20.441827][ T30] audit: type=1400 audit(1714319735.838:74): avc: denied { mount } for pid=287 comm="syz-executor281" name="/" dev="fusectl" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=filesystem permissive=1
[ 20.464460][ T30] audit: type=1400 audit(1714319735.838:75): avc: denied { mounton } for pid=287 comm="syz-executor281" path="/" dev="sda1" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:root_t tclass=dir permissive=1
[ 20.514443][ T287] FAULT_INJECTION: forcing a failure.
[ 20.514443][ T287] name failslab, interval 1, probability 0, space 0, times 1
[ 20.527023][ T287] CPU: 0 PID: 287 Comm: syz-executor281 Not tainted 5.15.149-syzkaller-00490-g5d96939590c0 #0
[ 20.537156][ T287] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024
[ 20.548446][ T287] Call Trace:
[ 20.551520][ T287]
[ 20.554433][ T287] dump_stack_lvl+0x151/0x1b7
[ 20.558938][ T287] ? io_uring_drop_tctx_refs+0x190/0x190
[ 20.564405][ T287] dump_stack+0x15/0x17
[ 20.568395][ T287] should_fail+0x3c6/0x510
[ 20.573331][ T287] __should_failslab+0xa4/0xe0
[ 20.578012][ T287] should_failslab+0x9/0x20
[ 20.582349][ T287] slab_pre_alloc_hook+0x37/0xd0
[ 20.587134][ T287] kmem_cache_alloc_trace+0x48/0x210
[ 20.592247][ T287] ? sk_psock_skb_ingress_self+0x60/0x330
[ 20.597805][ T287] ? migrate_disable+0x190/0x190
[ 20.602575][ T287] sk_psock_skb_ingress_self+0x60/0x330
[ 20.607956][ T287] sk_psock_verdict_recv+0x66d/0x840
[ 20.613078][ T287] unix_read_sock+0x132/0x370
[ 20.617588][ T287] ? sk_psock_skb_redirect+0x440/0x440
[ 20.622972][ T287] ? unix_stream_splice_actor+0x120/0x120
[ 20.628722][ T287] ? _raw_spin_lock_irqsave+0xf9/0x210
[ 20.634541][ T287] ? unix_stream_splice_actor+0x120/0x120
[ 20.640094][ T287] sk_psock_verdict_data_ready+0x147/0x1a0
[ 20.645748][ T287] ? sk_psock_start_verdict+0xc0/0xc0
[ 20.650945][ T287] ? _raw_spin_lock+0xa4/0x1b0
[ 20.655547][ T287] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 20.661195][ T287] ? skb_queue_tail+0xfb/0x120
[ 20.666047][ T287] unix_dgram_sendmsg+0x15fa/0x2090
[ 20.671340][ T287] ? unix_dgram_poll+0x710/0x710
[ 20.676111][ T287] ? kmem_cache_free+0x116/0x2e0
[ 20.680896][ T287] ? security_socket_sendmsg+0x82/0xb0
[ 20.686191][ T287] ? unix_dgram_poll+0x710/0x710
[ 20.692142][ T287] ____sys_sendmsg+0x59e/0x8f0
[ 20.696733][ T287] ? __sys_sendmsg_sock+0x40/0x40
[ 20.701595][ T287] ? import_iovec+0xe5/0x120
[ 20.706368][ T287] ___sys_sendmsg+0x252/0x2e0
[ 20.710877][ T287] ? __sys_sendmsg+0x260/0x260
[ 20.715571][ T287] ? __kasan_check_read+0x11/0x20
[ 20.720423][ T287] ? __fdget+0x179/0x240
[ 20.724520][ T287] __se_sys_sendmsg+0x19a/0x260
[ 20.729452][ T287] ? __x64_sys_sendmsg+0x90/0x90
[ 20.734223][ T287] ? ksys_write+0x24f/0x2c0
[ 20.738606][ T287] ? debug_smp_processor_id+0x17/0x20
[ 20.743775][ T287] ? fpregs_assert_state_consistent+0xb6/0xe0
[ 20.749679][ T287] __x64_sys_sendmsg+0x7b/0x90
[ 20.754278][ T287] do_syscall_64+0x3d/0xb0
[ 20.758530][ T287] entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 20.764419][ T287] RIP: 0033:0x7f673fa8b549
[ 20.768747][ T287] Code: d8 5b c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 20.788535][ T287] RSP: 002b:00007ffde944d9c8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 20.796779][ T287] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007f673fa8b549
[ 20.804594][ T287] RDX: 0000000000000000 RSI: 0000000020000500 RDI: 0000000000000004
[ 20.812660][ T287] RBP: 00007ffde944d9d0 R08: 00007ffde944d767 R09: 0000000000000035
[ 20.820560][ T287] R10: 0000000000000001 R11: 0000000000000246 R12: 00007ffde944daf0
[ 20.828558][ T287] R13: 00007ffde944dbd0 R14: 00007ffde944dad0 R15: 00007f673facd0cc
[ 20.836459][ T287]
[ 20.840368][ T20] ==================================================================
[ 20.848241][ T20] BUG: KASAN: use-after-free in consume_skb+0x3c/0x250
[ 20.854917][ T20] Read of size 4 at addr ffff88811d2590ec by task kworker/0:1/20
[ 20.862479][ T20]
[ 20.864638][ T20] CPU: 0 PID: 20 Comm: kworker/0:1 Not tainted 5.15.149-syzkaller-00490-g5d96939590c0 #0
[ 20.874275][ T20] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024
[ 20.884170][ T20] Workqueue: events bpf_map_free_deferred
[ 20.889735][ T20] Call Trace:
[ 20.892853][ T20]
[ 20.895624][ T20] dump_stack_lvl+0x151/0x1b7
[ 20.900141][ T20] ? io_uring_drop_tctx_refs+0x190/0x190
[ 20.905605][ T20] ? panic+0x751/0x751
[ 20.909512][ T20] print_address_description+0x87/0x3b0
[ 20.914891][ T20] kasan_report+0x179/0x1c0
[ 20.919412][ T20] ? consume_skb+0x3c/0x250
[ 20.923831][ T20] ? consume_skb+0x3c/0x250
[ 20.928268][ T20] kasan_check_range+0x293/0x2a0
[ 20.933030][ T20] __kasan_check_read+0x11/0x20
[ 20.937720][ T20] consume_skb+0x3c/0x250
[ 20.941883][ T20] __sk_msg_free+0x2dd/0x370
[ 20.946313][ T20] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 20.951953][ T20] sk_psock_stop+0x44c/0x4d0
[ 20.956378][ T20] sk_psock_drop+0x219/0x310
[ 20.960802][ T20] sock_map_unref+0x48f/0x4d0
[ 20.965317][ T20] sock_map_free+0x137/0x2b0
[ 20.969746][ T20] bpf_map_free_deferred+0x10d/0x1e0
[ 20.974952][ T20] process_one_work+0x6bb/0xc10
[ 20.979997][ T20] worker_thread+0xad5/0x12a0
[ 20.984857][ T20] ? _raw_spin_lock+0x1b0/0x1b0
[ 20.989543][ T20] kthread+0x421/0x510
[ 20.993456][ T20] ? worker_clr_flags+0x180/0x180
[ 20.998305][ T20] ? kthread_blkcg+0xd0/0xd0
[ 21.002732][ T20] ret_from_fork+0x1f/0x30
[ 21.006987][ T20]
[ 21.009848][ T20]
[ 21.012020][ T20] Allocated by task 287:
[ 21.016096][ T20] __kasan_slab_alloc+0xb1/0xe0
[ 21.021131][ T20] slab_post_alloc_hook+0x53/0x2c0
[ 21.026077][ T20] kmem_cache_alloc+0xf5/0x200
[ 21.030696][ T20] skb_clone+0x1d1/0x360
[ 21.034758][ T20] sk_psock_verdict_recv+0x53/0x840
[ 21.039793][ T20] unix_read_sock+0x132/0x370
[ 21.044317][ T20] sk_psock_verdict_data_ready+0x147/0x1a0
[ 21.049947][ T20] unix_dgram_sendmsg+0x15fa/0x2090
[ 21.054980][ T20] ____sys_sendmsg+0x59e/0x8f0
[ 21.059580][ T20] ___sys_sendmsg+0x252/0x2e0
[ 21.064098][ T20] __se_sys_sendmsg+0x19a/0x260
[ 21.068866][ T20] __x64_sys_sendmsg+0x7b/0x90
[ 21.073479][ T20] do_syscall_64+0x3d/0xb0
[ 21.077804][ T20] entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 21.083534][ T20]
[ 21.085704][ T20] Freed by task 20:
[ 21.089347][ T20] kasan_set_track+0x4b/0x70
[ 21.093774][ T20] kasan_set_free_info+0x23/0x40
[ 21.098551][ T20] ____kasan_slab_free+0x126/0x160
[ 21.103501][ T20] __kasan_slab_free+0x11/0x20
[ 21.108105][ T20] slab_free_freelist_hook+0xbd/0x190
[ 21.113303][ T20] kmem_cache_free+0x116/0x2e0
[ 21.117903][ T20] kfree_skbmem+0x104/0x170
[ 21.124874][ T20] kfree_skb+0xc2/0x360
[ 21.128875][ T20] sk_psock_backlog+0xc21/0xd90
[ 21.133651][ T20] process_one_work+0x6bb/0xc10
[ 21.138322][ T20] worker_thread+0xad5/0x12a0
[ 21.142836][ T20] kthread+0x421/0x510
[ 21.146738][ T20] ret_from_fork+0x1f/0x30
[ 21.151001][ T20]
[ 21.153252][ T20] The buggy address belongs to the object at ffff88811d259000
[ 21.153252][ T20] which belongs to the cache skbuff_head_cache of size 248
[ 21.167758][ T20] The buggy address is located 236 bytes inside of
[ 21.167758][ T20] 248-byte region [ffff88811d259000, ffff88811d2590f8)
[ 21.180862][ T20] The buggy address belongs to the page:
[ 21.186435][ T20] page:ffffea0004749640 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x11d259
[ 21.196656][ T20] flags: 0x4000000000000200(slab|zone=1)
[ 21.202130][ T20] raw: 4000000000000200 0000000000000000 dead000000000122 ffff888107f99200
[ 21.210548][ T20] raw: 0000000000000000 00000000800c000c 00000001ffffffff 0000000000000000
[ 21.219046][ T20] page dumped because: kasan: bad access detected
[ 21.225400][ T20] page_owner tracks the page as allocated
[ 21.230939][ T20] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x12cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY), pid 89, ts 20486379160, free_ts 20220737915
[ 21.247255][ T20] post_alloc_hook+0x1a3/0x1b0
[ 21.252026][ T20] prep_new_page+0x1b/0x110
[ 21.256365][ T20] get_page_from_freelist+0x3550/0x35d0
[ 21.261747][ T20] __alloc_pages+0x27e/0x8f0
[ 21.266172][ T20] new_slab+0x9a/0x4e0
[ 21.270081][ T20] ___slab_alloc+0x39e/0x830
[ 21.274505][ T20] __slab_alloc+0x4a/0x90
[ 21.278692][ T20] kmem_cache_alloc+0x134/0x200
[ 21.283362][ T20] __alloc_skb+0xbe/0x550
[ 21.287525][ T20] alloc_skb_with_frags+0xa6/0x680
[ 21.292478][ T20] sock_alloc_send_pskb+0x915/0xa50
[ 21.297504][ T20] unix_dgram_sendmsg+0x6fd/0x2090
[ 21.302450][ T20] __sys_sendto+0x564/0x720
[ 21.306792][ T20] __x64_sys_sendto+0xe5/0x100
[ 21.311392][ T20] do_syscall_64+0x3d/0xb0
[ 21.315644][ T20] entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 21.321379][ T20] page last free stack trace:
[ 21.326404][ T20] free_unref_page_prepare+0x7c8/0x7d0
[ 21.331700][ T20] free_unref_page_list+0x14b/0xa60
[ 21.336737][ T20] release_pages+0x1310/0x1370
[ 21.341336][ T20] free_pages_and_swap_cache+0x8a/0xa0
[ 21.346627][ T20] tlb_finish_mmu+0x177/0x320
[ 21.351141][ T20] exit_mmap+0x3ef/0x6f0
[ 21.355221][ T20] __mmput+0x95/0x310
[ 21.359042][ T20] mmput+0x5b/0x170
[ 21.362688][ T20] do_exit+0xb9c/0x2ca0
[ 21.366692][ T20] do_group_exit+0x141/0x310
[ 21.371102][ T20] __x64_sys_exit_group+0x3f/0x40
[ 21.375962][ T20] do_syscall_64+0x3d/0xb0
[ 21.380215][ T20] entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 21.386130][ T20]
[ 21.388306][ T20] Memory state around the buggy address:
[ 21.393771][ T20] ffff88811d258f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 21.401757][ T20] ffff88811d259000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 21.409770][ T20] >ffff88811d259080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fc
[ 21.417688][ T20] ^
[ 21.424979][ T20] ffff88811d259100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 21.432845][ T20] ffff88811d259180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 21.440745][ T20] ==================================================================
[ 21.448641][ T20] Disabling lock debugging due to kernel taint
[ 21.454683][ T20] ==================================================================
[ 21.462537][ T20] BUG: KASAN: double-free or invalid-free in kmem_cache_free+0x116/0x2e0
[ 21.470784][ T20]
[ 21.472941][ T20] CPU: 0 PID: 20 Comm: kworker/0:1 Tainted: G B 5.15.149-syzkaller-00490-g5d96939590c0 #0
[ 21.483964][ T20] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024
[ 21.493962][ T20] Workqueue: events bpf_map_free_deferred
[ 21.499541][ T20] Call Trace:
[ 21.502636][ T20]
[ 21.505418][ T20] dump_stack_lvl+0x151/0x1b7
[ 21.509922][ T20] ? io_uring_drop_tctx_refs+0x190/0x190
[ 21.515392][ T20] ? panic+0x751/0x751
[ 21.519397][ T20] ? kmem_cache_free+0x116/0x2e0
[ 21.524247][ T20] print_address_description+0x87/0x3b0
[ 21.529626][ T20] ? asm_sysvec_apic_timer_interrupt+0x1b/0x20
[ 21.535615][ T20] ? kmem_cache_free+0x116/0x2e0
[ 21.540386][ T20] ? kmem_cache_free+0x116/0x2e0
[ 21.545160][ T20] kasan_report_invalid_free+0x6b/0xa0
[ 21.550456][ T20] ____kasan_slab_free+0x13e/0x160
[ 21.555402][ T20] __kasan_slab_free+0x11/0x20
[ 21.560001][ T20] slab_free_freelist_hook+0xbd/0x190
[ 21.565346][ T20] ? kfree_skbmem+0x104/0x170
[ 21.569851][ T20] kmem_cache_free+0x116/0x2e0
[ 21.574886][ T20] kfree_skbmem+0x104/0x170
[ 21.579220][ T20] consume_skb+0xb4/0x250
[ 21.583384][ T20] __sk_msg_free+0x2dd/0x370
[ 21.587809][ T20] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 21.593450][ T20] sk_psock_stop+0x44c/0x4d0
[ 21.597879][ T20] sk_psock_drop+0x219/0x310
[ 21.602303][ T20] sock_map_unref+0x48f/0x4d0
[ 21.606817][ T20] sock_map_free+0x137/0x2b0
[ 21.611242][ T20] bpf_map_free_deferred+0x10d/0x1e0
[ 21.616384][ T20] process_one_work+0x6bb/0xc10
[ 21.621053][ T20] worker_thread+0xad5/0x12a0
[ 21.625572][ T20] ? _raw_spin_lock+0x1b0/0x1b0
[ 21.630252][ T20] kthread+0x421/0x510
[ 21.634155][ T20] ? worker_clr_flags+0x180/0x180
[ 21.639015][ T20] ? kthread_blkcg+0xd0/0xd0
[ 21.643442][ T20] ret_from_fork+0x1f/0x30
[ 21.647697][ T20]
[ 21.650557][ T20]
[ 21.652728][ T20] Allocated by task 287:
[ 21.656808][ T20] __kasan_slab_alloc+0xb1/0xe0
[ 21.661493][ T20] slab_post_alloc_hook+0x53/0x2c0
[ 21.666441][ T20] kmem_cache_alloc+0xf5/0x200
[ 21.671041][ T20] skb_clone+0x1d1/0x360
[ 21.675120][ T20] sk_psock_verdict_recv+0x53/0x840
[ 21.680155][ T20] unix_read_sock+0x132/0x370
[ 21.684666][ T20] sk_psock_verdict_data_ready+0x147/0x1a0
[ 21.690317][ T20] unix_dgram_sendmsg+0x15fa/0x2090
[ 21.695621][ T20] ____sys_sendmsg+0x59e/0x8f0
[ 21.700307][ T20] ___sys_sendmsg+0x252/0x2e0
[ 21.704820][ T20] __se_sys_sendmsg+0x19a/0x260
[ 21.709549][ T20] __x64_sys_sendmsg+0x7b/0x90
[ 21.714097][ T20] do_syscall_64+0x3d/0xb0
[ 21.718363][ T20] entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 21.724169][ T20]
[ 21.726420][ T20] Freed by task 20:
[ 21.730086][ T20] kasan_set_track+0x4b/0x70
[ 21.734515][ T20] kasan_set_free_info+0x23/0x40
[ 21.739276][ T20] ____kasan_slab_free+0x126/0x160
[ 21.744312][ T20] __kasan_slab_free+0x11/0x20
[ 21.748909][ T20] slab_free_freelist_hook+0xbd/0x190
[ 21.754212][ T20] kmem_cache_free+0x116/0x2e0
[ 21.758897][ T20] kfree_skbmem+0x104/0x170
[ 21.763230][ T20] kfree_skb+0xc2/0x360
[ 21.767254][ T20] sk_psock_backlog+0xc21/0xd90
[ 21.771909][ T20] process_one_work+0x6bb/0xc10
[ 21.776684][ T20] worker_thread+0xad5/0x12a0
[ 21.781200][ T20] kthread+0x421/0x510
[ 21.785190][ T20] ret_from_fork+0x1f/0x30
[ 21.789442][ T20]
[ 21.791611][ T20] The buggy address belongs to the object at ffff88811d259000
[ 21.791611][ T20] which belongs to the cache skbuff_head_cache of size 248
[ 21.806107][ T20] The buggy address is located 0 bytes inside of
[ 21.806107][ T20] 248-byte region [ffff88811d259000, ffff88811d2590f8)
[ 21.819137][ T20] The buggy address belongs to the page:
[ 21.824604][ T20] page:ffffea0004749640 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x11d259
[ 21.834671][ T20] flags: 0x4000000000000200(slab|zone=1)
[ 21.840158][ T20] raw: 4000000000000200 0000000000000000 dead000000000122 ffff888107f99200
[ 21.848565][ T20] raw: 0000000000000000 00000000800c000c 00000001ffffffff 0000000000000000
[ 21.856977][ T20] page dumped because: kasan: bad access detected
[ 21.863226][ T20] page_owner tracks the page as allocated
[ 21.868959][ T20] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x12cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY), pid 89, ts 20486379160, free_ts 20220737915
[ 21.884753][ T20] post_alloc_hook+0x1a3/0x1b0
[ 21.889345][ T20] prep_new_page+0x1b/0x110
[ 21.893686][ T20] get_page_from_freelist+0x3550/0x35d0
[ 21.899068][ T20] __alloc_pages+0x27e/0x8f0
[ 21.903498][ T20] new_slab+0x9a/0x4e0
[ 21.907485][ T20] ___slab_alloc+0x39e/0x830
[ 21.911925][ T20] __slab_alloc+0x4a/0x90
[ 21.916287][ T20] kmem_cache_alloc+0x134/0x200
[ 21.920976][ T20] __alloc_skb+0xbe/0x550
[ 21.925139][ T20] alloc_skb_with_frags+0xa6/0x680
[ 21.930431][ T20] sock_alloc_send_pskb+0x915/0xa50
[ 21.935465][ T20] unix_dgram_sendmsg+0x6fd/0x2090
[ 21.940496][ T20] __sys_sendto+0x564/0x720
[ 21.944932][ T20] __x64_sys_sendto+0xe5/0x100
[ 21.949610][ T20] do_syscall_64+0x3d/0xb0
[ 21.953860][ T20] entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 21.959690][ T20] page last free stack trace:
[ 21.964199][ T20] free_unref_page_prepare+0x7c8/0x7d0
[ 21.969588][ T20] free_unref_page_list+0x14b/0xa60
[ 21.974620][ T20] release_pages+0x1310/0x1370
[ 21.979299][ T20] free_pages_and_swap_cache+0x8a/0xa0
[ 21.984596][ T20] tlb_finish_mmu+0x177/0x320
[ 21.989108][ T20] exit_mmap+0x3ef/0x6f0
[ 21.993188][ T20] __mmput+0x95/0x310
[ 21.997007][ T20] mmput+0x5b/0x170
[ 22.000651][ T20] do_exit+0xb9c/0x2ca0
[ 22.004819][ T20] do_group_exit+0x141/0x310
[ 22.009249][ T20] __x64_sys_exit_group+0x3f/0x40
[ 22.014104][ T20] do_syscall_64+0x3d/0xb0
[ 22.018364][ T20] entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 22.024184][ T20]
[ 22.026341][ T20] Memory state around the buggy address:
[ 22.031827][ T20] ffff88811d258f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 22.039717][ T20] ffff88811d258f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 22.047617][ T20] >ffff88811d259000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 22.055592][ T20] ^
[ 22.059499][ T20] ffff88811d259080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fc
[ 22.067400][ T20] ffff88811d259100: fc fc f