Warning: Permanently added '10.128.10.3' (ED25519) to the list of known hosts.
2024/12/27 08:47:26 ignoring optional flag "sandboxArg"="0"
2024/12/27 08:47:26 parsed 1 programs
[ 51.886981][ T30] kauditd_printk_skb: 32 callbacks suppressed
[ 51.886998][ T30] audit: type=1400 audit(1735289247.908:108): avc: denied { unlink } for pid=407 comm="syz-executor" name="swap-file" dev="sda1" ino=1929 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[ 51.950086][ T407] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k
[ 52.736521][ T30] audit: type=1401 audit(1735289248.758:109): op=setxattr invalid_context="u:object_r:app_data_file:s0:c512,c768"
[ 52.894669][ T460] bridge0: port 1(bridge_slave_0) entered blocking state
[ 52.901670][ T460] bridge0: port 1(bridge_slave_0) entered disabled state
[ 52.909056][ T460] device bridge_slave_0 entered promiscuous mode
[ 52.915849][ T460] bridge0: port 2(bridge_slave_1) entered blocking state
[ 52.923197][ T460] bridge0: port 2(bridge_slave_1) entered disabled state
[ 52.930381][ T460] device bridge_slave_1 entered promiscuous mode
[ 52.975578][ T460] bridge0: port 2(bridge_slave_1) entered blocking state
[ 52.982465][ T460] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 52.989621][ T460] bridge0: port 1(bridge_slave_0) entered blocking state
[ 52.996580][ T460] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 53.017158][ T369] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 53.024638][ T369] bridge0: port 1(bridge_slave_0) entered disabled state
[ 53.032372][ T369] bridge0: port 2(bridge_slave_1) entered disabled state
[ 53.041802][ T369] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 53.050111][ T369] bridge0: port 1(bridge_slave_0) entered blocking state
[ 53.057084][ T369] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 53.065957][ T369] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 53.074096][ T369] bridge0: port 2(bridge_slave_1) entered blocking state
[ 53.080956][ T369] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 53.093191][ T369] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 53.102861][ T369] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 53.124935][ T369] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 53.136846][ T369] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 53.144833][ T369] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[ 53.152981][ T369] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[ 53.161606][ T460] device veth0_vlan entered promiscuous mode
[ 53.177085][ T369] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 53.186353][ T460] device veth1_macvtap entered promiscuous mode
[ 53.195597][ T369] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 53.205631][ T369] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
2024/12/27 08:47:29 executed programs: 0
[ 53.350660][ T470] bridge0: port 1(bridge_slave_0) entered blocking state
[ 53.358079][ T470] bridge0: port 1(bridge_slave_0) entered disabled state
[ 53.371221][ T470] device bridge_slave_0 entered promiscuous mode
[ 53.378510][ T470] bridge0: port 2(bridge_slave_1) entered blocking state
[ 53.385360][ T470] bridge0: port 2(bridge_slave_1) entered disabled state
[ 53.393014][ T470] device bridge_slave_1 entered promiscuous mode
[ 53.452330][ T470] bridge0: port 2(bridge_slave_1) entered blocking state
[ 53.459288][ T470] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 53.466478][ T470] bridge0: port 1(bridge_slave_0) entered blocking state
[ 53.473354][ T470] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 53.495868][ T331] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 53.503380][ T331] bridge0: port 1(bridge_slave_0) entered disabled state
[ 53.510884][ T331] bridge0: port 2(bridge_slave_1) entered disabled state
[ 53.525614][ T369] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 53.533882][ T369] bridge0: port 1(bridge_slave_0) entered blocking state
[ 53.540743][ T369] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 53.549567][ T369] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 53.557667][ T369] bridge0: port 2(bridge_slave_1) entered blocking state
[ 53.564505][ T369] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 53.582622][ T369] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[ 53.590686][ T369] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 53.600088][ T369] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[ 53.608194][ T369] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 53.627003][ T331] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[ 53.635201][ T331] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 53.645480][ T470] device veth0_vlan entered promiscuous mode
[ 53.652701][ T331] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[ 53.661063][ T331] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 53.675026][ T470] device veth1_macvtap entered promiscuous mode
[ 53.681950][ T331] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[ 53.689575][ T331] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[ 53.697296][ T331] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[ 53.705849][ T331] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 53.714579][ T331] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[ 53.730733][ T331] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[ 53.739002][ T331] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 53.747797][ T331] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[ 53.756502][ T331] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[ 53.778509][ T30] audit: type=1400 audit(1735289249.798:110): avc: denied { prog_load } for pid=475 comm="syz.2.15" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1
[ 53.798016][ T30] audit: type=1400 audit(1735289249.798:111): avc: denied { bpf } for pid=475 comm="syz.2.15" capability=39 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1
[ 53.879560][ T30] audit: type=1400 audit(1735289249.898:112): avc: denied { map_create } for pid=475 comm="syz.2.15" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1
[ 53.880048][ T478] FAULT_INJECTION: forcing a failure.
[ 53.880048][ T478] name fail_usercopy, interval 1, probability 0, space 0, times 1
[ 53.906325][ T30] audit: type=1400 audit(1735289249.898:113): avc: denied { map_read map_write } for pid=475 comm="syz.2.15" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1
[ 53.930797][ T478] CPU: 1 PID: 478 Comm: syz.2.15 Not tainted 5.15.173-syzkaller-1077948-gb4bd207b0380 #0
[ 53.940350][ T478] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[ 53.950342][ T478] Call Trace:
[ 53.953449][ T478]
[ 53.956226][ T478] dump_stack_lvl+0x151/0x1c0
[ 53.960744][ T478] ? io_uring_drop_tctx_refs+0x190/0x190
[ 53.966299][ T478] ? vsnprintf+0x1dd/0x1c70
[ 53.970703][ T478] dump_stack+0x15/0x20
[ 53.974639][ T478] should_fail+0x3c6/0x510
[ 53.978886][ T478] should_fail_usercopy+0x1a/0x20
[ 53.983744][ T478] _copy_from_user+0x20/0xd0
[ 53.988348][ T478] kstrtouint_from_user+0xca/0x2a0
[ 53.993288][ T478] ? kstrtol_from_user+0x310/0x310
[ 53.998241][ T478] ? snprintf+0xd6/0x120
[ 54.002329][ T478] ? check_stack_object+0x114/0x130
[ 54.007359][ T478] ? __kasan_check_read+0x11/0x20
[ 54.012303][ T478] ? _copy_to_user+0x78/0x90
[ 54.016727][ T478] proc_fail_nth_write+0xa6/0x290
[ 54.021587][ T478] ? selinux_file_permission+0x2c4/0x570
[ 54.027056][ T478] ? proc_fail_nth_read+0x210/0x210
[ 54.032176][ T478] ? fsnotify_perm+0x6a/0x5b0
[ 54.036689][ T478] ? security_file_permission+0x86/0xb0
[ 54.042077][ T478] ? proc_fail_nth_read+0x210/0x210
[ 54.047347][ T478] vfs_write+0x406/0x1110
[ 54.051519][ T478] ? file_end_write+0x1c0/0x1c0
[ 54.056273][ T478] ? __kasan_check_write+0x14/0x20
[ 54.061223][ T478] ? mutex_lock+0xb6/0x1e0
[ 54.065472][ T478] ? wait_for_completion_killable_timeout+0x10/0x10
[ 54.071902][ T478] ? __fdget_pos+0x2e7/0x3a0
[ 54.076527][ T478] ? ksys_write+0x77/0x2c0
[ 54.080766][ T478] ksys_write+0x199/0x2c0
[ 54.084931][ T478] ? __ia32_sys_read+0x90/0x90
[ 54.089532][ T478] ? debug_smp_processor_id+0x17/0x20
[ 54.094737][ T478] ? fpregs_assert_state_consistent+0xb6/0xe0
[ 54.100641][ T478] __x64_sys_write+0x7b/0x90
[ 54.105159][ T478] x64_sys_call+0x2f/0x9a0
[ 54.107217][ T30] audit: type=1400 audit(1735289250.128:114): avc: denied { perfmon } for pid=475 comm="syz.2.15" capability=38 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1
[ 54.109735][ T478] do_syscall_64+0x3b/0xb0
[ 54.134295][ T478] ? clear_bhb_loop+0x35/0x90
[ 54.138810][ T478] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 54.144535][ T478] RIP: 0033:0x7f5ed3cbb23f
[ 54.149184][ T478] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 c9 8d 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 1c 8e 02 00 48
[ 54.169225][ T478] RSP: 002b:00007f5ed36fb030 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[ 54.177467][ T478] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f5ed3cbb23f
[ 54.185365][ T478] RDX: 0000000000000001 RSI: 00007f5ed36fb0a0 RDI: 0000000000000006
[ 54.193177][ T478] RBP: 00007f5ed36fb090 R08: 0000000000000000 R09: 0000000000000000
[ 54.200989][ T478] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000001
[ 54.208884][ T478] R13: 0000000000000000 R14: 00007f5ed3e74130 R15: 00007ffd296bba08
[ 54.216699][ T478]
[ 54.222401][ T30] audit: type=1400 audit(1735289250.238:115): avc: denied { append } for pid=83 comm="syslogd" name="messages" dev="tmpfs" ino=2 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[ 54.245795][ T30] audit: type=1400 audit(1735289250.238:116): avc: denied { open } for pid=83 comm="syslogd" path="/tmp/messages" dev="tmpfs" ino=2 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[ 54.268161][ T30] audit: type=1400 audit(1735289250.238:117): avc: denied { getattr } for pid=83 comm="syslogd" path="/tmp/messages" dev="tmpfs" ino=2 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[ 54.294839][ T481] FAULT_INJECTION: forcing a failure.
[ 54.294839][ T481] name failslab, interval 1, probability 0, space 0, times 1
[ 54.307890][ T481] CPU: 1 PID: 481 Comm: syz.2.16 Not tainted 5.15.173-syzkaller-1077948-gb4bd207b0380 #0
[ 54.317527][ T481] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[ 54.327595][ T481] Call Trace:
[ 54.330716][ T481]
[ 54.333710][ T481] dump_stack_lvl+0x151/0x1c0
[ 54.338213][ T481] ? io_uring_drop_tctx_refs+0x190/0x190
[ 54.343683][ T481] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 54.349322][ T481] ? __skb_try_recv_datagram+0x495/0x6a0
[ 54.354802][ T481] dump_stack+0x15/0x20
[ 54.358893][ T481] should_fail+0x3c6/0x510
[ 54.363144][ T481] __should_failslab+0xa4/0xe0
[ 54.367746][ T481] ? skb_clone+0x1d1/0x360
[ 54.372087][ T481] should_failslab+0x9/0x20
[ 54.376535][ T481] slab_pre_alloc_hook+0x37/0xd0
[ 54.381400][ T481] ? skb_clone+0x1d1/0x360
[ 54.385644][ T481] kmem_cache_alloc+0x44/0x250
[ 54.390246][ T481] skb_clone+0x1d1/0x360
[ 54.394325][ T481] sk_psock_verdict_recv+0x53/0x840
[ 54.399360][ T481] ? avc_has_perm_noaudit+0x430/0x430
[ 54.404656][ T481] unix_read_sock+0x132/0x370
[ 54.409177][ T481] ? sk_psock_skb_redirect+0x440/0x440
[ 54.414468][ T481] ? unix_stream_splice_actor+0x120/0x120
[ 54.420021][ T481] ? _raw_spin_lock_irqsave+0xf9/0x210
[ 54.425316][ T481] ? unix_stream_splice_actor+0x120/0x120
[ 54.430870][ T481] sk_psock_verdict_data_ready+0x147/0x1a0
[ 54.436601][ T481] ? sk_psock_start_verdict+0xc0/0xc0
[ 54.441806][ T481] ? _raw_spin_lock+0xa4/0x1b0
[ 54.446404][ T481] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 54.452047][ T481] ? skb_queue_tail+0xfb/0x120
[ 54.456648][ T481] unix_dgram_sendmsg+0x15fa/0x2090
[ 54.461686][ T481] ? unix_dgram_poll+0x690/0x690
[ 54.466454][ T481] ? kasan_set_track+0x5d/0x70
[ 54.471050][ T481] ? kasan_set_track+0x4b/0x70
[ 54.475656][ T481] ? security_socket_sendmsg+0x82/0xb0
[ 54.480945][ T481] ? unix_dgram_poll+0x690/0x690
[ 54.485724][ T481] ____sys_sendmsg+0x59e/0x8f0
[ 54.490326][ T481] ? __sys_sendmsg_sock+0x40/0x40
[ 54.495183][ T481] ? import_iovec+0xe5/0x120
[ 54.499700][ T481] ___sys_sendmsg+0x252/0x2e0
[ 54.504210][ T481] ? __sys_sendmsg+0x260/0x260
[ 54.508815][ T481] ? putname+0xfa/0x150
[ 54.512805][ T481] ? __fdget+0x1bc/0x240
[ 54.516879][ T481] __se_sys_sendmsg+0x19a/0x260
[ 54.521570][ T481] ? __x64_sys_sendmsg+0x90/0x90
[ 54.526338][ T481] ? ksys_write+0x260/0x2c0
[ 54.530681][ T481] ? debug_smp_processor_id+0x17/0x20
[ 54.535890][ T481] ? fpregs_assert_state_consistent+0xb6/0xe0
[ 54.541791][ T481] __x64_sys_sendmsg+0x7b/0x90
[ 54.546399][ T481] x64_sys_call+0x16a/0x9a0
[ 54.551002][ T481] do_syscall_64+0x3b/0xb0
[ 54.555342][ T481] ? clear_bhb_loop+0x35/0x90
[ 54.559931][ T481] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 54.565664][ T481] RIP: 0033:0x7f5ed3cbc759
[ 54.569913][ T481] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 54.589737][ T481] RSP: 002b:00007f5ed373d038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 54.597969][ T481] RAX: ffffffffffffffda RBX: 00007f5ed3e73f80 RCX: 00007f5ed3cbc759
[ 54.606005][ T481] RDX: 0000000000000000 RSI: 0000000020000500 RDI: 0000000000000004
[ 54.613819][ T481] RBP: 00007f5ed373d090 R08: 0000000000000000 R09: 0000000000000000
[ 54.621627][ T481] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 54.629448][ T481] R13: 0000000000000000 R14: 00007f5ed3e73f80 R15: 00007ffd296bba08
[ 54.637431][ T481]
[ 54.653050][ T483] FAULT_INJECTION: forcing a failure.
[ 54.653050][ T483] name failslab, interval 1, probability 0, space 0, times 0
[ 54.666422][ T483] CPU: 0 PID: 483 Comm: syz.2.17 Not tainted 5.15.173-syzkaller-1077948-gb4bd207b0380 #0
[ 54.676503][ T483] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[ 54.686401][ T483] Call Trace:
[ 54.689621][ T483]
[ 54.692567][ T483] dump_stack_lvl+0x151/0x1c0
[ 54.697077][ T483] ? io_uring_drop_tctx_refs+0x190/0x190
[ 54.702545][ T483] dump_stack+0x15/0x20
[ 54.706532][ T483] should_fail+0x3c6/0x510
[ 54.710789][ T483] __should_failslab+0xa4/0xe0
[ 54.715383][ T483] should_failslab+0x9/0x20
[ 54.719732][ T483] slab_pre_alloc_hook+0x37/0xd0
[ 54.724494][ T483] kmem_cache_alloc_trace+0x48/0x270
[ 54.729659][ T483] ? sk_psock_skb_ingress_self+0x60/0x330
[ 54.735171][ T483] ? migrate_disable+0x190/0x190
[ 54.739943][ T483] sk_psock_skb_ingress_self+0x60/0x330
[ 54.745325][ T483] sk_psock_verdict_recv+0x66d/0x840
[ 54.750446][ T483] unix_read_sock+0x132/0x370
[ 54.754959][ T483] ? sk_psock_skb_redirect+0x440/0x440
[ 54.760251][ T483] ? unix_stream_splice_actor+0x120/0x120
[ 54.765814][ T483] ? _raw_spin_lock_irqsave+0xf9/0x210
[ 54.771106][ T483] ? unix_stream_splice_actor+0x120/0x120
[ 54.776778][ T483] sk_psock_verdict_data_ready+0x147/0x1a0
[ 54.782423][ T483] ? sk_psock_start_verdict+0xc0/0xc0
[ 54.787617][ T483] ? _raw_spin_lock+0xa4/0x1b0
[ 54.792229][ T483] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 54.797861][ T483] ? skb_queue_tail+0xfb/0x120
[ 54.802549][ T483] unix_dgram_sendmsg+0x15fa/0x2090
[ 54.807735][ T483] ? unix_dgram_poll+0x690/0x690
[ 54.812576][ T483] ? kasan_set_track+0x5d/0x70
[ 54.817147][ T483] ? kasan_set_track+0x4b/0x70
[ 54.821750][ T483] ? security_socket_sendmsg+0x82/0xb0
[ 54.827042][ T483] ? unix_dgram_poll+0x690/0x690
[ 54.831909][ T483] ____sys_sendmsg+0x59e/0x8f0
[ 54.836509][ T483] ? __sys_sendmsg_sock+0x40/0x40
[ 54.841363][ T483] ? import_iovec+0xe5/0x120
[ 54.845801][ T483] ___sys_sendmsg+0x252/0x2e0
[ 54.850391][ T483] ? __sys_sendmsg+0x260/0x260
[ 54.854994][ T483] ? putname+0xfa/0x150
[ 54.859009][ T483] ? __fdget+0x1bc/0x240
[ 54.863071][ T483] __se_sys_sendmsg+0x19a/0x260
[ 54.867751][ T483] ? __x64_sys_sendmsg+0x90/0x90
[ 54.872528][ T483] ? ksys_write+0x260/0x2c0
[ 54.876872][ T483] ? debug_smp_processor_id+0x17/0x20
[ 54.882075][ T483] ? fpregs_assert_state_consistent+0xb6/0xe0
[ 54.888068][ T483] __x64_sys_sendmsg+0x7b/0x90
[ 54.892668][ T483] x64_sys_call+0x16a/0x9a0
[ 54.897086][ T483] do_syscall_64+0x3b/0xb0
[ 54.901422][ T483] ? clear_bhb_loop+0x35/0x90
[ 54.906029][ T483] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 54.911754][ T483] RIP: 0033:0x7f5ed3cbc759
[ 54.916096][ T483] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 54.935665][ T483] RSP: 002b:00007f5ed373d038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 54.944236][ T483] RAX: ffffffffffffffda RBX: 00007f5ed3e73f80 RCX: 00007f5ed3cbc759
[ 54.952157][ T483] RDX: 0000000000000000 RSI: 0000000020000500 RDI: 0000000000000004
[ 54.960141][ T483] RBP: 00007f5ed373d090 R08: 0000000000000000 R09: 0000000000000000
[ 54.968125][ T483] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 54.976036][ T483] R13: 0000000000000000 R14: 00007f5ed3e73f80 R15: 00007ffd296bba08
[ 54.983850][ T483]
[ 54.988853][ T482] ==================================================================
[ 54.996752][ T482] BUG: KASAN: use-after-free in consume_skb+0x3c/0x250
[ 55.003420][ T482] Read of size 4 at addr ffff88812218422c by task syz.2.17/482
[ 55.010900][ T482]
[ 55.013097][ T482] CPU: 1 PID: 482 Comm: syz.2.17 Not tainted 5.15.173-syzkaller-1077948-gb4bd207b0380 #0
[ 55.022852][ T482] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[ 55.033077][ T482] Call Trace:
[ 55.036201][ T482]
[ 55.039000][ T482] dump_stack_lvl+0x151/0x1c0
[ 55.043751][ T482] ? io_uring_drop_tctx_refs+0x190/0x190
[ 55.049157][ T482] ? panic+0x760/0x760
[ 55.053062][ T482] print_address_description+0x87/0x3b0
[ 55.058461][ T482] ? bpf_ksym_del+0x145/0x150
[ 55.063143][ T482] kasan_report+0x179/0x1c0
[ 55.067487][ T482] ? consume_skb+0x3c/0x250
[ 55.071932][ T482] ? consume_skb+0x3c/0x250
[ 55.076269][ T482] kasan_check_range+0x293/0x2a0
[ 55.081130][ T482] __kasan_check_read+0x11/0x20
[ 55.085989][ T482] consume_skb+0x3c/0x250
[ 55.090270][ T482] __sk_msg_free+0x2dd/0x370
[ 55.095131][ T482] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 55.100772][ T482] sk_psock_stop+0x44c/0x4d0
[ 55.105198][ T482] sk_psock_drop+0x219/0x310
[ 55.109625][ T482] sock_map_unref+0x48f/0x4d0
[ 55.114136][ T482] ? __local_bh_enable_ip+0x58/0x80
[ 55.119268][ T482] ? _raw_spin_unlock_bh+0x51/0x60
[ 55.124208][ T482] sock_map_remove_links+0x41c/0x650
[ 55.129327][ T482] ? sock_map_unhash+0x120/0x120
[ 55.134556][ T482] ? locks_remove_posix+0x610/0x610
[ 55.139685][ T482] sock_map_close+0x114/0x530
[ 55.144350][ T482] ? unix_peer_get+0xe0/0xe0
[ 55.148727][ T482] ? sock_map_remove_links+0x650/0x650
[ 55.154191][ T482] ? rwsem_mark_wake+0x770/0x770
[ 55.158980][ T482] unix_release+0x82/0xc0
[ 55.163429][ T482] sock_close+0xdf/0x270
[ 55.167516][ T482] ? sock_mmap+0xa0/0xa0
[ 55.171583][ T482] __fput+0x228/0x8c0
[ 55.175491][ T482] ____fput+0x15/0x20
[ 55.179307][ T482] task_work_run+0x129/0x190
[ 55.183734][ T482] exit_to_user_mode_loop+0xc4/0xe0
[ 55.188768][ T482] exit_to_user_mode_prepare+0x5a/0xa0
[ 55.194152][ T482] syscall_exit_to_user_mode+0x26/0x160
[ 55.199735][ T482] do_syscall_64+0x47/0xb0
[ 55.204071][ T482] ? clear_bhb_loop+0x35/0x90
[ 55.208586][ T482] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 55.214511][ T482] RIP: 0033:0x7f5ed3cbc759
[ 55.218767][ T482] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 55.238465][ T482] RSP: 002b:00007ffd296bbb68 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4
[ 55.246918][ T482] RAX: 0000000000000000 RBX: 000000000000d560 RCX: 00007f5ed3cbc759
[ 55.254824][ T482] RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003
[ 55.262724][ T482] RBP: 00007f5ed3e75a80 R08: 0000000000000001 R09: 00007ffd296bbe5f
[ 55.270622][ T482] R10: 00007f5ed3b3e000 R11: 0000000000000246 R12: 000000000000d594
[ 55.278438][ T482] R13: 00007ffd296bbc70 R14: 0000000000000032 R15: ffffffffffffffff
[ 55.286259][ T482]
[ 55.289179][ T482]
[ 55.291278][ T482] Allocated by task 483:
[ 55.295357][ T482] __kasan_slab_alloc+0xb1/0xe0
[ 55.300131][ T482] slab_post_alloc_hook+0x53/0x2c0
[ 55.305078][ T482] kmem_cache_alloc+0xf5/0x250
[ 55.309686][ T482] skb_clone+0x1d1/0x360
[ 55.313937][ T482] sk_psock_verdict_recv+0x53/0x840
[ 55.319128][ T482] unix_read_sock+0x132/0x370
[ 55.323566][ T482] sk_psock_verdict_data_ready+0x147/0x1a0
[ 55.329203][ T482] unix_dgram_sendmsg+0x15fa/0x2090
[ 55.334238][ T482] ____sys_sendmsg+0x59e/0x8f0
[ 55.338931][ T482] ___sys_sendmsg+0x252/0x2e0
[ 55.343605][ T482] __se_sys_sendmsg+0x19a/0x260
[ 55.348301][ T482] __x64_sys_sendmsg+0x7b/0x90
[ 55.353073][ T482] x64_sys_call+0x16a/0x9a0
[ 55.357604][ T482] do_syscall_64+0x3b/0xb0
[ 55.361937][ T482] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 55.367712][ T482]
[ 55.369840][ T482] Freed by task 26:
[ 55.373703][ T482] kasan_set_track+0x4b/0x70
[ 55.378083][ T482] kasan_set_free_info+0x23/0x40
[ 55.382859][ T482] ____kasan_slab_free+0x126/0x160
[ 55.387903][ T482] __kasan_slab_free+0x11/0x20
[ 55.392580][ T482] slab_free_freelist_hook+0xbd/0x190
[ 55.397792][ T482] kmem_cache_free+0x115/0x330
[ 55.402384][ T482] kfree_skbmem+0x104/0x170
[ 55.406735][ T482] kfree_skb+0xc2/0x360
[ 55.410718][ T482] sk_psock_backlog+0xc21/0xd90
[ 55.415507][ T482] process_one_work+0x6bb/0xc10
[ 55.420353][ T482] worker_thread+0xad5/0x12a0
[ 55.424895][ T482] kthread+0x421/0x510
[ 55.428857][ T482] ret_from_fork+0x1f/0x30
[ 55.433291][ T482]
[ 55.435550][ T482] The buggy address belongs to the object at ffff888122184140
[ 55.435550][ T482] which belongs to the cache skbuff_head_cache of size 248
[ 55.450033][ T482] The buggy address is located 236 bytes inside of
[ 55.450033][ T482] 248-byte region [ffff888122184140, ffff888122184238)
[ 55.463142][ T482] The buggy address belongs to the page:
[ 55.468622][ T482] page:ffffea0004886100 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x122184
[ 55.478772][ T482] flags: 0x4000000000000200(slab|zone=1)
[ 55.484335][ T482] raw: 4000000000000200 0000000000000000 dead000000000122 ffff8881081aaf00
[ 55.492751][ T482] raw: 0000000000000000 00000000000c000c 00000001ffffffff 0000000000000000
[ 55.501154][ T482] page dumped because: kasan: bad access detected
[ 55.507417][ T482] page_owner tracks the page as allocated
[ 55.512978][ T482] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x112cc0(GFP_USER|__GFP_NOWARN|__GFP_NORETRY), pid 335, ts 54645272683, free_ts 54245073360
[ 55.528845][ T482] post_alloc_hook+0x1a3/0x1b0
[ 55.533578][ T482] prep_new_page+0x1b/0x110
[ 55.537867][ T482] get_page_from_freelist+0x3550/0x35d0
[ 55.543248][ T482] __alloc_pages+0x27e/0x8f0
[ 55.547687][ T482] new_slab+0x9a/0x4e0
[ 55.551583][ T482] ___slab_alloc+0x39e/0x830
[ 55.556007][ T482] __slab_alloc+0x4a/0x90
[ 55.560268][ T482] kmem_cache_alloc+0x139/0x250
[ 55.564955][ T482] __alloc_skb+0xbe/0x550
[ 55.569133][ T482] alloc_skb_with_frags+0xa6/0x680
[ 55.574095][ T482] sock_alloc_send_pskb+0x915/0xa50
[ 55.579192][ T482] sock_alloc_send_skb+0x32/0x40
[ 55.584051][ T482] mld_newpack+0x1b4/0xa20
[ 55.588435][ T482] add_grec+0xdc8/0x13a0
[ 55.592469][ T482] ipv6_mc_dad_complete+0x245/0x5f0
[ 55.597519][ T482] addrconf_dad_completed+0x6d0/0xd80
[ 55.602806][ T482] page last free stack trace:
[ 55.607399][ T482] free_unref_page_prepare+0x7c8/0x7d0
[ 55.612688][ T482] free_unref_page+0xe8/0x750
[ 55.617229][ T482] __free_pages+0x61/0xf0
[ 55.621515][ T482] free_pages+0x7c/0x90
[ 55.625447][ T482] kasan_depopulate_vmalloc_pte+0x6a/0x90
[ 55.631006][ T482] __apply_to_page_range+0x8dd/0xbe0
[ 55.636334][ T482] apply_to_existing_page_range+0x38/0x50
[ 55.641980][ T482] kasan_release_vmalloc+0x9a/0xb0
[ 55.646951][ T482] __purge_vmap_area_lazy+0x154a/0x1690
[ 55.652584][ T482] _vm_unmap_aliases+0x339/0x3b0
[ 55.657425][ T482] vm_unmap_aliases+0x19/0x20
[ 55.662031][ T482] change_page_attr_set_clr+0x308/0x1050
[ 55.667495][ T482] set_memory_ro+0xa1/0xe0
[ 55.671746][ T482] bpf_int_jit_compile+0xbf21/0xc6b0
[ 55.676872][ T482] bpf_prog_select_runtime+0x724/0xa10
[ 55.682165][ T482] bpf_prog_load+0x1315/0x1b50
[ 55.686765][ T482]
[ 55.689018][ T482] Memory state around the buggy address:
[ 55.694567][ T482] ffff888122184100: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
[ 55.702391][ T482] ffff888122184180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 55.710383][ T482] >ffff888122184200: fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc fc
[ 55.718383][ T482] ^
[ 55.723595][ T482] ffff888122184280: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 55.731600][ T482] ffff888122184300: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fc
[ 55.739646][ T482] ==================================================================
[ 55.747625][ T482] Disabling lock debugging due to kernel taint
[ 55.753826][ T482] ==================================================================
[ 55.761624][ T482] BUG: KASAN: double-free or invalid-free in kmem_cache_free+0x115/0x330
[ 55.769872][ T482]
[ 55.772038][ T482] CPU: 1 PID: 482 Comm: syz.2.17 Tainted: G B 5.15.173-syzkaller-1077948-gb4bd207b0380 #0
[ 55.783074][ T482] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[ 55.793054][ T482] Call Trace:
[ 55.796213][ T482]
[ 55.799678][ T482] dump_stack_lvl+0x151/0x1c0
[ 55.804132][ T482] ? io_uring_drop_tctx_refs+0x190/0x190
[ 55.809704][ T482] ? __wake_up_klogd+0xd5/0x110
[ 55.814650][ T482] ? panic+0x760/0x760
[ 55.818637][ T482] ? kmem_cache_free+0x115/0x330
[ 55.823387][ T482] print_address_description+0x87/0x3b0
[ 55.828888][ T482] ? asm_sysvec_apic_timer_interrupt+0x1b/0x20
[ 55.834966][ T482] ? kmem_cache_free+0x115/0x330
[ 55.839748][ T482] ? kmem_cache_free+0x115/0x330
[ 55.844506][ T482] kasan_report_invalid_free+0x6b/0xa0
[ 55.850501][ T482] ____kasan_slab_free+0x13e/0x160
[ 55.855378][ T482] __kasan_slab_free+0x11/0x20
[ 55.860064][ T482] slab_free_freelist_hook+0xbd/0x190
[ 55.865281][ T482] kmem_cache_free+0x115/0x330
[ 55.869866][ T482] ? kfree_skbmem+0x104/0x170
[ 55.874468][ T482] kfree_skbmem+0x104/0x170
[ 55.878990][ T482] consume_skb+0xb4/0x250
[ 55.883489][ T482] __sk_msg_free+0x2dd/0x370
[ 55.887941][ T482] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 55.893679][ T482] sk_psock_stop+0x44c/0x4d0
[ 55.898241][ T482] sk_psock_drop+0x219/0x310
[ 55.902802][ T482] sock_map_unref+0x48f/0x4d0
[ 55.907321][ T482] ? __local_bh_enable_ip+0x58/0x80
[ 55.912429][ T482] ? _raw_spin_unlock_bh+0x51/0x60
[ 55.917406][ T482] sock_map_remove_links+0x41c/0x650
[ 55.922597][ T482] ? sock_map_unhash+0x120/0x120
[ 55.927377][ T482] ? locks_remove_posix+0x610/0x610
[ 55.932841][ T482] sock_map_close+0x114/0x530
[ 55.937367][ T482] ? unix_peer_get+0xe0/0xe0
[ 55.942062][ T482] ? sock_map_remove_links+0x650/0x650
[ 55.947506][ T482] ? rwsem_mark_wake+0x770/0x770
[ 55.952510][ T482] unix_release+0x82/0xc0
[ 55.956824][ T482] sock_close+0xdf/0x270
[ 55.960896][ T482] ? sock_mmap+0xa0/0xa0
[ 55.964993][ T482] __fput+0x228/0x8c0
[ 55.968801][ T482] ____fput+0x15/0x20
[ 55.972616][ T482] task_work_run+0x129/0x190
[ 55.977045][ T482] exit_to_user_mode_loop+0xc4/0xe0
[ 55.982168][ T482] exit_to_user_mode_prepare+0x5a/0xa0
[ 55.987521][ T482] syscall_exit_to_user_mode+0x26/0x160
[ 55.992962][ T482] do_syscall_64+0x47/0xb0
[ 55.997229][ T482] ? clear_bhb_loop+0x35/0x90
[ 56.001732][ T482] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 56.007541][ T482] RIP: 0033:0x7f5ed3cbc759
[ 56.011910][ T482] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 56.031515][ T482] RSP: 002b:00007ffd296bbb68 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4
[ 56.039751][ T482] RAX: 0000000000000000 RBX: 000000000000d560 RCX: 00007f5ed3cbc759
[ 56.047562][ T482] RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003
[ 56.055372][ T482] RBP: 00007f5ed3e75a80 R08: 0000000000000001 R09: 00007ffd296bbe5f
[ 56.063274][ T482] R10: 00007f5ed3b3e000 R11: 0000000000000246 R12: 000000000000d594
[ 56.071209][ T482] R13: 00007ffd296bbc70 R14: 0000000000000032 R15: ffffffffffffffff
[ 56.079010][ T482]
[ 56.081863][ T482]
[ 56.084054][ T482] Allocated by task 483:
[ 56.088117][ T482] __kasan_slab_alloc+0xb1/0xe0
[ 56.092892][ T482] slab_post_alloc_hook+0x53/0x2c0
[ 56.097835][ T482] kmem_cache_alloc+0xf5/0x250
[ 56.102475][ T482] skb_clone+0x1d1/0x360
[ 56.106510][ T482] sk_psock_verdict_recv+0x53/0x840
[ 56.111574][ T482] unix_read_sock+0x132/0x370
[ 56.116079][ T482] sk_psock_verdict_data_ready+0x147/0x1a0
[ 56.121703][ T482] unix_dgram_sendmsg+0x15fa/0x2090
[ 56.126872][ T482] ____sys_sendmsg+0x59e/0x8f0
[ 56.131540][ T482] ___sys_sendmsg+0x252/0x2e0
[ 56.136152][ T482] __se_sys_sendmsg+0x19a/0x260
[ 56.141024][ T482] __x64_sys_sendmsg+0x7b/0x90
[ 56.145949][ T482] x64_sys_call+0x16a/0x9a0
[ 56.150503][ T482] do_syscall_64+0x3b/0xb0
[ 56.154990][ T482] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 56.160813][ T482]
[ 56.163114][ T482] Freed by task 26:
[ 56.166925][ T482] kasan_set_track+0x4b/0x70
[ 56.171370][ T482] kasan_set_free_info+0x23/0x40
[ 56.176134][ T482] ____kasan_slab_free+0x126/0x160
[ 56.181067][ T482] __kasan_slab_free+0x11/0x20
[ 56.185676][ T482] slab_free_freelist_hook+0xbd/0x190
[ 56.190923][ T482] kmem_cache_free+0x115/0x330
[ 56.195475][ T482] kfree_skbmem+0x104/0x170
[ 56.200200][ T482] kfree_skb+0xc2/0x360
[ 56.204247][ T482] sk_psock_backlog+0xc21/0xd90
[ 56.208938][ T482] process_one_work+0x6bb/0xc10
[ 56.213771][ T482] worker_thread+0xad5/0x12a0
[ 56.218443][ T482] kthread+0x421/0x510
[ 56.222473][ T482] ret_from_fork+0x1f/0x30
[ 56.226707][ T482]
[ 56.228951][ T482] The buggy address belongs to the object at ffff888122184140
[ 56.228951][ T482] which belongs to the cache skbuff_head_cache of size 248
[ 56.243484][ T482] The buggy address is located 0 bytes inside of
[ 56.243484][ T482] 248-byte region [ffff888122184140, ffff888122184238)
[ 56.256393][ T482] The buggy address belongs to the page:
[ 56.261864][ T482] page:ffffea0004886100 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x122184
[ 56.272032][ T482] flags: 0x4000000000000200(slab|zone=1)
[ 56.277505][ T482] raw: 4000000000000200 0000000000000000 dead000000000122 ffff8881081aaf00
[ 56.286019][ T482] raw: 0000000000000000 00000000000c000c 00000001ffffffff 0000000000000000
[ 56.294534][ T482] page dumped because: kasan: bad access detected
[ 56.300969][ T482] page_owner tracks the page as allocated
[ 56.306517][ T482] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x112cc0(GFP_USER|__GFP_NOWARN|__GFP_NORETRY), pid 335, ts 54645272683, free_ts 54245073360
[ 56.322509][ T482] post_alloc_hook+0x1a3/0x1b0
[ 56.327114][ T482] prep_new_page+0x1b/0x110
[ 56.331454][ T482] get_page_from_freelist+0x3550/0x35d0
[ 56.336836][ T482] __alloc_pages+0x27e/0x8f0
[ 56.341262][ T482] new_slab+0x9a/0x4e0
[ 56.345169][ T482] ___slab_alloc+0x39e/0x830
[ 56.349595][ T482] __slab_alloc+0x4a/0x90
[ 56.353796][ T482] kmem_cache_alloc+0x139/0x250
[ 56.358477][ T482] __alloc_skb+0xbe/0x550
[ 56.362628][ T482] alloc_skb_with_frags+0xa6/0x680
[ 56.367739][ T482] sock_alloc_send_pskb+0x915/0xa50
[ 56.372770][ T482] sock_alloc_send_skb+0x32/0x40
[ 56.377544][ T482] mld_newpack+0x1b4/0xa20
[ 56.381797][ T482] add_grec+0xdc8/0x13a0
[ 56.385963][ T482] ipv6_mc_dad_complete+0x245/0x5f0
[ 56.391167][ T482] addrconf_dad_completed+0x6d0/0xd80
[ 56.396418][ T482] page last free stack trace:
[ 56.400904][ T482] free_unref_page_prepare+0x7c8/0x7d0
[ 56.406191][ T482] free_unref_page+0xe8/0x750
[ 56.410738][ T482] __free_pages+0x61/0xf0
[ 56.415127][ T482] free_pages+0x7c/0x90
[ 56.419129][ T482] kasan_depopulate_vmalloc_pte+0x6a/0x90
[ 56.424994][ T482] __apply_to_page_range+0x8dd/0xbe0
[ 56.430187][ T482] apply_to_existing_page_range+0x38/0x50
[ 56.435829][ T482] kasan_release_vmalloc+0x9a/0xb0
[ 56.440775][ T482] __purge_vmap_area_lazy+0x154a/0x1690
[ 56.446258][ T482] _vm_unmap_aliases+0x339/0x3b0
[ 56.451014][ T482] vm_unmap_aliases+0x19/0x20
[ 56.455539][ T482] change_page_attr_set_clr+0x308/0x1050
[ 56.460999][ T482] set_memory_ro+0xa1/0xe0
[ 56.465256][ T482] bpf_int_jit_compile+0xbf21/0xc6b0
[ 56.470369][ T482] bpf_prog_select_runtime+0x724/0xa10
[ 56.475666][ T482] bpf_prog_load+0x1315/0x1b50
[ 56.480267][ T482]
[ 56.482435][ T482] Memory state around the buggy address:
[ 56.487918][ T482] ffff888122184000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 56.495818][ T482] ffff888122184080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fc
[ 56.503799][ T482] >ffff888122184100: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
[ 56.511698][ T482] ^
[ 56.517688][ T482] ffff888122184180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 56.525580][ T482] ffff888122184200: fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc fc
[ 56.533473][ T482] ==================================================================
[ 56.564308][ T485] FAULT_INJECTION: forcing a failure.
[ 56.564308][ T485] name failslab, interval 1, probability 0, space 0, times 0
[ 56.576762][ T485] CPU: 1 PID: 485 Comm: syz.2.18 Tainted: G B 5.15.173-syzkaller-1077948-gb4bd207b0380 #0
[ 56.587738][ T485] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[ 56.597721][ T485] Call Trace:
[ 56.600970][ T485]
[ 56.603776][ T485] dump_stack_lvl+0x151/0x1c0
[ 56.608345][ T485] ? io_uring_drop_tctx_refs+0x190/0x190
[ 56.613833][ T485] dump_stack+0x15/0x20
[ 56.617906][ T485] should_fail+0x3c6/0x510
[ 56.622161][ T485] __should_failslab+0xa4/0xe0
[ 56.626762][ T485] should_failslab+0x9/0x20
[ 56.631104][ T485] slab_pre_alloc_hook+0x37/0xd0
[ 56.635872][ T485] kmem_cache_alloc_trace+0x48/0x270
[ 56.641050][ T485] ? sk_psock_skb_ingress_self+0x60/0x330
[ 56.646690][ T485] ? migrate_disable+0x190/0x190
[ 56.651498][ T485] sk_psock_skb_ingress_self+0x60/0x330
[ 56.657051][ T485] sk_psock_verdict_recv+0x66d/0x840
[ 56.662173][ T485] unix_read_sock+0x132/0x370
[ 56.666686][ T485] ? sk_psock_skb_redirect+0x440/0x440
[ 56.672328][ T485] ? unix_stream_splice_actor+0x120/0x120
[ 56.677962][ T485] ? _raw_spin_lock_irqsave+0xf9/0x210
[ 56.683374][ T485] ? unix_stream_splice_actor+0x120/0x120
[ 56.688898][ T485] sk_psock_verdict_data_ready+0x147/0x1a0
[ 56.694561][ T485] ? sk_psock_start_verdict+0xc0/0xc0
[ 56.700477][ T485] ? _raw_spin_lock+0xa4/0x1b0
[ 56.705022][ T485] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 56.710658][ T485] ? skb_queue_tail+0xfb/0x120
[ 56.715590][ T485] unix_dgram_sendmsg+0x15fa/0x2090
[ 56.720631][ T485] ? unix_dgram_poll+0x690/0x690
[ 56.725578][ T485] ? kasan_set_track+0x5d/0x70
[ 56.730165][ T485] ? kasan_set_track+0x4b/0x70
[ 56.734851][ T485] ? security_socket_sendmsg+0x82/0xb0
[ 56.740147][ T485] ? unix_dgram_poll+0x690/0x690
[ 56.744919][ T485] ____sys_sendmsg+0x59e/0x8f0
[ 56.749529][ T485] ? __sys_sendmsg_sock+0x40/0x40
[ 56.754838][ T485] ? import_iovec+0xe5/0x120
[ 56.759246][ T485] ___sys_sendmsg+0x252/0x2e0
[ 56.763903][ T485] ? __sys_sendmsg+0x260/0x260
[ 56.768707][ T485] ? putname+0xfa/0x150
[ 56.772666][ T485] ? __fdget+0x1bc/0x240
[ 56.776750][ T485] __se_sys_sendmsg+0x19a/0x260
[ 56.781429][ T485] ? __x64_sys_sendmsg+0x90/0x90
[ 56.786424][ T485] ? ksys_write+0x260/0x2c0
[ 56.790698][ T485] ? debug_smp_processor_id+0x17/0x20
[ 56.796162][ T485] ? fpregs_assert_state_consistent+0xb6/0xe0
[ 56.802173][ T485] __x64_sys_sendmsg+0x7b/0x90
[ 56.806777][ T485] x64_sys_call+0x16a/0x9a0
[ 56.811201][ T485] do_syscall_64+0x3b/0xb0
[ 56.815458][ T485] ? clear_bhb_loop+0x35/0x90
[ 56.820058][ T485] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 56.825778][ T485] RIP: 0033:0x7f5ed3cbc759
[ 56.830033][ T485] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 56.849826][ T485] RSP: 002b:00007f5ed373d038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 56.858020][ T485] RAX: ffffffffffffffda RBX: 00007f5ed3e73f80 RCX: 00007f5ed3cbc759
[ 56.865836][ T485] RDX: 0000000000000000 RSI: 0000000020000500 RDI: 0000000000000004
[ 56.873676][ T485] RBP: 00007f5ed373d090 R08: 0000000000000000 R09: 0000000000000000
[ 56.881458][ T485] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 56.889464][ T485] R13: 0000000000000000 R14: 00007f5ed3e73f80 R15: 00007ffd296bba08
[ 56.897481][ T485]
[ 56.901476][ T39] ==================================================================
[ 56.909444][ T39] BUG: KASAN: double-free or invalid-free in kmem_cache_free+0x115/0x330
[ 56.917859][ T39]
[ 56.920030][ T39] CPU: 1 PID: 39 Comm: kworker/1:1 Tainted: G B 5.15.173-syzkaller-1077948-gb4bd207b0380 #0
[ 56.931485][ T39] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[ 56.941387][ T39] Workqueue: events bpf_map_free_deferred
[ 56.946932][ T39] Call Trace:
[ 56.950156][ T39]
[ 56.952921][ T39] dump_stack_lvl+0x151/0x1c0
[ 56.957527][ T39] ? io_uring_drop_tctx_refs+0x190/0x190
[ 56.963077][ T39] ? panic+0x760/0x760
[ 56.966981][ T39] ? kasan_set_free_info+0x23/0x40
[ 56.971929][ T39] ? ____kasan_slab_free+0x126/0x160
[ 56.977230][ T39] ? kmem_cache_free+0x115/0x330
[ 56.981995][ T39] print_address_description+0x87/0x3b0
[ 56.987381][ T39] ? worker_thread+0xad5/0x12a0
[ 56.992063][ T39] ? kthread+0x421/0x510
[ 56.996158][ T39] ? kmem_cache_free+0x115/0x330
[ 57.001363][ T39] ? kmem_cache_free+0x115/0x330
[ 57.006123][ T39] kasan_report_invalid_free+0x6b/0xa0
[ 57.011423][ T39] ____kasan_slab_free+0x13e/0x160
[ 57.016368][ T39] __kasan_slab_free+0x11/0x20
[ 57.020972][ T39] slab_free_freelist_hook+0xbd/0x190
[ 57.026176][ T39] kmem_cache_free+0x115/0x330
[ 57.030775][ T39] ? kfree_skbmem+0x104/0x170
[ 57.035288][ T39] kfree_skbmem+0x104/0x170
[ 57.039625][ T39] consume_skb+0xb4/0x250
[ 57.043790][ T39] __sk_msg_free+0x2dd/0x370
[ 57.048227][ T39] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 57.053871][ T39] sk_psock_stop+0x44c/0x4d0
[ 57.058483][ T39] sk_psock_drop+0x219/0x310
[ 57.062908][ T39] sock_map_unref+0x48f/0x4d0
[ 57.067422][ T39] sock_map_free+0x137/0x2b0
[ 57.071848][ T39] bpf_map_free_deferred+0x10d/0x1e0
[ 57.076965][ T39] process_one_work+0x6bb/0xc10
[ 57.081652][ T39] worker_thread+0xad5/0x12a0
[ 57.086363][ T39] ? _raw_spin_lock+0x1b0/0x1b0
[ 57.091058][ T39] kthread+0x421/0x510
[ 57.094950][ T39] ? worker_clr_flags+0x180/0x180
[ 57.099897][ T39] ? kthread_blkcg+0xd0/0xd0
[ 57.104323][ T39] ret_from_fork+0x1f/0x30
[ 57.108582][ T39]
[ 57.111535][ T39]
[ 57.113711][ T39] Allocated by task 485:
[ 57.117874][ T39] __kasan_slab_alloc+0xb1/0xe0
[ 57.122670][ T39] slab_post_alloc_hook+0x53/0x2c0
[ 57.127610][ T39] kmem_cache_alloc+0xf5/0x250
[ 57.132210][ T39] skb_clone+0x1d1/0x360
[ 57.136419][ T39] sk_psock_verdict_recv+0x53/0x840
[ 57.141532][ T39] unix_read_sock+0x132/0x370
[ 57.146045][ T39] sk_psock_verdict_data_ready+0x147/0x1a0
[ 57.151871][ T39] unix_dgram_sendmsg+0x15fa/0x2090
[ 57.157016][ T39] ____sys_sendmsg+0x59e/0x8f0
[ 57.162240][ T39] ___sys_sendmsg+0x252/0x2e0
[ 57.166735][ T39] __se_sys_sendmsg+0x19a/0x260
[ 57.171419][ T39] __x64_sys_sendmsg+0x7b/0x90
[ 57.176547][ T39] x64_sys_call+0x16a/0x9a0
[ 57.180875][ T39] do_syscall_64+0x3b/0xb0
[ 57.185223][ T39] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 57.191038][ T39]
[ 57.193204][ T39] Freed by task 39:
[ 57.196875][ T39] kasan_set_track+0x4b/0x70
[ 57.201407][ T39] kasan_set_free_info+0x23/0x40
[ 57.206170][ T39] ____kasan_slab_free+0x126/0x160
[ 57.211215][ T39] __kasan_slab_free+0x11/0x20
[ 57.215817][ T39] slab_free_freelist_hook+0xbd/0x190
[ 57.221024][ T39] kmem_cache_free+0x115/0x330
[ 57.225620][ T39] kfree_skbmem+0x104/0x170
[ 57.230160][ T39] kfree_skb+0xc2/0x360
[ 57.234316][ T39] sk_psock_backlog+0xc21/0xd90
[ 57.238991][ T39] process_one_work+0x6bb/0xc10
[ 57.243677][ T39] worker_thread+0xad5/0x12a0
[ 57.248201][ T39] kthread+0x421/0x510
[ 57.252094][ T39] ret_from_fork+0x1f/0x30
[ 57.256347][ T39]
[ 57.258519][ T39] The buggy address belongs to the object at ffff88811099fa00
[ 57.258519][ T39] which belongs to the cache skbuff_head_cache of size 248
[ 57.273235][ T39] The buggy address is located 0 bytes inside of
[ 57.273235][ T39] 248-byte region [ffff88811099fa00, ffff88811099faf8)
[ 57.286170][ T39] The buggy address belongs to the page:
[ 57.291636][ T39] page:ffffea00044267c0 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x11099f
[ 57.301799][ T39] flags: 0x4000000000000200(slab|zone=1)
[ 57.307284][ T39] raw: 4000000000000200 0000000000000000 dead000000000122 ffff8881081aaf00
[ 57.315864][ T39] raw: 0000000000000000 00000000000c000c 00000001ffffffff 0000000000000000
[ 57.324274][ T39] page dumped because: kasan: bad access detected
[ 57.330701][ T39] page_owner tracks the page as allocated
[ 57.336374][ T39] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x112cc0(GFP_USER|__GFP_NOWARN|__GFP_NORETRY), pid 90, ts 56561939368, free_ts 56556315643
[ 57.352096][ T39] post_alloc_hook+0x1a3/0x1b0
[ 57.356839][ T39] prep_new_page+0x1b/0x110
[ 57.361178][ T39] get_page_from_freelist+0x3550/0x35d0
[ 57.366559][ T39] __alloc_pages+0x27e/0x8f0
[ 57.371096][ T39] new_slab+0x9a/0x4e0
[ 57.374987][ T39] ___slab_alloc+0x39e/0x830
[ 57.379420][ T39] __slab_alloc+0x4a/0x90
[ 57.383762][ T39] kmem_cache_alloc+0x139/0x250
[ 57.388555][ T39] __alloc_skb+0xbe/0x550
[ 57.392848][ T39] alloc_skb_with_frags+0xa6/0x680
[ 57.398101][ T39] sock_alloc_send_pskb+0x915/0xa50
[ 57.403132][ T39] unix_dgram_sendmsg+0x6fd/0x2090
[ 57.408082][ T39] __sys_sendto+0x564/0x720
[ 57.412550][ T39] __x64_sys_sendto+0xe5/0x100
[ 57.417115][ T39] x64_sys_call+0x15c/0x9a0
[ 57.421453][ T39] do_syscall_64+0x3b/0xb0
[ 57.425697][ T39] page last free stack trace:
[ 57.430210][ T39] free_unref_page_prepare+0x7c8/0x7d0
[ 57.435592][ T39] free_unref_page+0xe8/0x750
[ 57.440107][ T39] __free_pages+0x61/0xf0
[ 57.444296][ T39] __vunmap+0x7bc/0x8f0
[ 57.448263][ T39] vfree+0x7f/0xb0
[ 57.451822][ T39] module_memfree+0x17/0x30
[ 57.456259][ T39] bpf_jit_free_exec+0x15/0x20
[ 57.460936][ T39] bpf_jit_free+0x98/0x240
[ 57.465296][ T39] bpf_prog_free_deferred+0x61e/0x730
[ 57.470615][ T39] process_one_work+0x6bb/0xc10
[ 57.475378][ T39] worker_thread+0xad5/0x12a0
[ 57.479925][ T39] kthread+0x421/0x510
[ 57.483792][ T39] ret_from_fork+0x1f/0x30
[ 57.488148][ T39]
[ 57.490419][ T39] Memory state around the buggy address:
[ 57.495981][ T39] ffff88811099f900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 57.503967][ T39] ffff88811099f980: fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc fc
[ 57.512016][ T39] >ffff88811099fa00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 57.519891][ T39] ^
[ 57.523801][ T39] ffff88811099fa80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fc
[ 57.531697][ T39] ffff88811099fb00: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
[ 57.539592][ T39] ==================================================================
[ 57.552600][ T30] kauditd_printk_skb: 1 callbacks suppressed
[ 57.552615][ T30] audit: type=1400 audit(1735289253.568:119): avc: denied { remove_name } for pid=83 comm="syslogd" name="messages" dev="tmpfs" ino=2 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[ 57.584632][ T30] audit: type=1400 audit(1735289253.568:120): avc: denied { rename } for pid=83 comm="syslogd" name="messages" dev="tmpfs" ino=2 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[ 57.606747][ T30] audit: type=1400 audit(1735289253.568:121): avc: denied { create } for pid=83 comm="syslogd" name="messages" scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[ 57.628634][ T488] FAULT_INJECTION: forcing a failure.
[ 57.628634][ T488] name failslab, interval 1, probability 0, space 0, times 0
[ 57.641466][ T488] CPU: 0 PID: 488 Comm: syz.2.19 Tainted: G B 5.15.173-syzkaller-1077948-gb4bd207b0380 #0
[ 57.652496][ T488] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[ 57.662386][ T488] Call Trace:
[ 57.665525][ T488]
[ 57.668374][ T488] dump_stack_lvl+0x151/0x1c0
[ 57.672906][ T488] ? io_uring_drop_tctx_refs+0x190/0x190
[ 57.678350][ T488] dump_stack+0x15/0x20
[ 57.682339][ T488] should_fail+0x3c6/0x510
[ 57.686592][ T488] __should_failslab+0xa4/0xe0
[ 57.691191][ T488] should_failslab+0x9/0x20
[ 57.695534][ T488] slab_pre_alloc_hook+0x37/0xd0
[ 57.700307][ T488] kmem_cache_alloc_trace+0x48/0x270
[ 57.705421][ T488] ? sk_psock_skb_ingress_self+0x60/0x330
[ 57.710976][ T488] ? migrate_disable+0x190/0x190
[ 57.715757][ T488] sk_psock_skb_ingress_self+0x60/0x330
[ 57.721134][ T488] sk_psock_verdict_recv+0x66d/0x840
[ 57.726257][ T488] unix_read_sock+0x132/0x370
[ 57.730769][ T488] ? sk_psock_skb_redirect+0x440/0x440
[ 57.736063][ T488] ? unix_stream_splice_actor+0x120/0x120
[ 57.741909][ T488] ? _raw_spin_lock_irqsave+0xf9/0x210
[ 57.747205][ T488] ? unix_stream_splice_actor+0x120/0x120
[ 57.752862][ T488] sk_psock_verdict_data_ready+0x147/0x1a0
[ 57.758672][ T488] ? sk_psock_start_verdict+0xc0/0xc0
[ 57.763880][ T488] ? _raw_spin_lock+0xa4/0x1b0
[ 57.768483][ T488] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 57.774122][ T488] ? skb_queue_tail+0xfb/0x120
[ 57.778726][ T488] unix_dgram_sendmsg+0x15fa/0x2090
[ 57.783758][ T488] ? unix_dgram_poll+0x690/0x690
[ 57.788530][ T488] ? kasan_set_track+0x5d/0x70
[ 57.793129][ T488] ? kasan_set_track+0x4b/0x70
[ 57.797737][ T488] ? security_socket_sendmsg+0x82/0xb0
[ 57.803045][ T488] ? unix_dgram_poll+0x690/0x690
[ 57.808017][ T488] ____sys_sendmsg+0x59e/0x8f0
[ 57.813031][ T488] ? __sys_sendmsg_sock+0x40/0x40
[ 57.817889][ T488] ? import_iovec+0xe5/0x120
[ 57.822339][ T488] ___sys_sendmsg+0x252/0x2e0
[ 57.826830][ T488] ? __sys_sendmsg+0x260/0x260
[ 57.831428][ T488] ? putname+0xfa/0x150
[ 57.835434][ T488] ? __fdget+0x1bc/0x240
[ 57.839500][ T488] __se_sys_sendmsg+0x19a/0x260
[ 57.844187][ T488] ? __x64_sys_sendmsg+0x90/0x90
[ 57.848962][ T488] ? ksys_write+0x260/0x2c0
[ 57.853473][ T488] ? debug_smp_processor_id+0x17/0x20
[ 57.858678][ T488] ? fpregs_assert_state_consistent+0xb6/0xe0
[ 57.864584][ T488] __x64_sys_sendmsg+0x7b/0x90
[ 57.869289][ T488] x64_sys_call+0x16a/0x9a0
[ 57.873632][ T488] do_syscall_64+0x3b/0xb0
[ 57.878031][ T488] ? clear_bhb_loop+0x35/0x90
[ 57.882498][ T488] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 57.888223][ T488] RIP: 0033:0x7f5ed3cbc759
[ 57.892473][ T488] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 57.911915][ T488] RSP: 002b:00007f5ed373d038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 57.920157][ T488] RAX: ffffffffffffffda RBX: 00007f5ed3e73f80 RCX: 00007f5ed3cbc759
[ 57.927977][ T488] RDX: 0000000000000000 RSI: 0000000020000500 RDI: 0000000000000004
[ 57.935781][ T488] RBP: 00007f5ed373d090 R08: 0000000000000000 R09: 0000000000000000
[ 57.943792][ T488] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 57.951806][ T488] R13: 0000000000000000 R14: 00007f5ed3e73f80 R15: 00007ffd296bba08
[ 57.959641][ T488]
[ 57.967062][ T39] ==================================================================
[ 57.975002][ T39] BUG: KASAN: double-free or invalid-free in kmem_cache_free+0x115/0x330
[ 57.983225][ T39]
[ 57.985369][ T39] CPU: 1 PID: 39 Comm: kworker/1:1 Tainted: G B 5.15.173-syzkaller-1077948-gb4bd207b0380 #0
[ 57.996676][ T39] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[ 58.006747][ T39] Workqueue: events bpf_map_free_deferred
[ 58.012451][ T39] Call Trace:
[ 58.015568][ T39]
[ 58.018341][ T39] dump_stack_lvl+0x151/0x1c0
[ 58.022854][ T39] ? io_uring_drop_tctx_refs+0x190/0x190
[ 58.028322][ T39] ? panic+0x760/0x760
[ 58.032224][ T39] ? kasan_set_free_info+0x23/0x40
[ 58.037171][ T39] ? ____kasan_slab_free+0x126/0x160
[ 58.042293][ T39] ? kmem_cache_free+0x115/0x330
[ 58.047067][ T39] print_address_description+0x87/0x3b0
[ 58.052446][ T39] ? worker_thread+0xad5/0x12a0
[ 58.057223][ T39] ? kthread+0x421/0x510
[ 58.061402][ T39] ? kmem_cache_free+0x115/0x330
[ 58.066170][ T39] ? kmem_cache_free+0x115/0x330
[ 58.070938][ T39] kasan_report_invalid_free+0x6b/0xa0
[ 58.076356][ T39] ____kasan_slab_free+0x13e/0x160
[ 58.081313][ T39] __kasan_slab_free+0x11/0x20
[ 58.085894][ T39] slab_free_freelist_hook+0xbd/0x190
[ 58.091074][ T39] kmem_cache_free+0x115/0x330
[ 58.095671][ T39] ? kfree_skbmem+0x104/0x170
[ 58.100679][ T39] kfree_skbmem+0x104/0x170
[ 58.105012][ T39] consume_skb+0xb4/0x250
[ 58.109319][ T39] __sk_msg_free+0x2dd/0x370
[ 58.113742][ T39] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 58.119476][ T39] sk_psock_stop+0x44c/0x4d0
[ 58.123900][ T39] sk_psock_drop+0x219/0x310
[ 58.128340][ T39] sock_map_unref+0x48f/0x4d0
[ 58.133013][ T39] sock_map_free+0x137/0x2b0
[ 58.137437][ T39] bpf_map_free_deferred+0x10d/0x1e0
[ 58.142571][ T39] process_one_work+0x6bb/0xc10
[ 58.147248][ T39] worker_thread+0xad5/0x12a0
[ 58.151782][ T39] ? _raw_spin_lock+0x1b0/0x1b0
[ 58.156460][ T39] kthread+0x421/0x510
[ 58.160356][ T39] ? worker_clr_flags+0x180/0x180
[ 58.165314][ T39] ? kthread_blkcg+0xd0/0xd0
[ 58.169739][ T39] ret_from_fork+0x1f/0x30
[ 58.174003][ T39]
[ 58.176862][ T39]
[ 58.179038][ T39] Allocated by task 488:
[ 58.183563][ T39] __kasan_slab_alloc+0xb1/0xe0
[ 58.188247][ T39] slab_post_alloc_hook+0x53/0x2c0
[ 58.193197][ T39] kmem_cache_alloc+0xf5/0x250
[ 58.197825][ T39] skb_clone+0x1d1/0x360
[ 58.201871][ T39] sk_psock_verdict_recv+0x53/0x840
[ 58.206903][ T39] unix_read_sock+0x132/0x370
[ 58.211416][ T39] sk_psock_verdict_data_ready+0x147/0x1a0
[ 58.217062][ T39] unix_dgram_sendmsg+0x15fa/0x2090
[ 58.222093][ T39] ____sys_sendmsg+0x59e/0x8f0
[ 58.226705][ T39] ___sys_sendmsg+0x252/0x2e0
[ 58.231220][ T39] __se_sys_sendmsg+0x19a/0x260
[ 58.235893][ T39] __x64_sys_sendmsg+0x7b/0x90
[ 58.240496][ T39] x64_sys_call+0x16a/0x9a0
[ 58.244832][ T39] do_syscall_64+0x3b/0xb0
[ 58.249086][ T39] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 58.255038][ T39]
[ 58.257207][ T39] Freed by task 39:
[ 58.260962][ T39] kasan_set_track+0x4b/0x70
[ 58.265387][ T39] kasan_set_free_info+0x23/0x40
[ 58.270172][ T39] ____kasan_slab_free+0x126/0x160
[ 58.275108][ T39] __kasan_slab_free+0x11/0x20
[ 58.279708][ T39] slab_free_freelist_hook+0xbd/0x190
[ 58.284918][ T39] kmem_cache_free+0x115/0x330
[ 58.289601][ T39] kfree_skbmem+0x104/0x170
[ 58.293941][ T39] kfree_skb+0xc2/0x360
[ 58.297933][ T39] sk_psock_backlog+0xc21/0xd90
[ 58.302624][ T39] process_one_work+0x6bb/0xc10
[ 58.307336][ T39] worker_thread+0xad5/0x12a0
[ 58.312036][ T39] kthread+0x421/0x510
[ 58.315971][ T39] ret_from_fork+0x1f/0x30
[ 58.320199][ T39]
[ 58.322456][ T39] The buggy address belongs to the object at ffff888110999b40
[ 58.322456][ T39] which belongs to the cache skbuff_head_cache of size 248
[ 58.336951][ T39] The buggy address is located 0 bytes inside of
[ 58.336951][ T39] 248-byte region [ffff888110999b40, ffff888110999c38)
[ 58.349882][ T39] The buggy address belongs to the page:
[ 58.355352][ T39] page:ffffea0004426640 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x110999
[ 58.365671][ T39] flags: 0x4000000000000200(slab|zone=1)
[ 58.371160][ T39] raw: 4000000000000200 0000000000000000 dead000000000122 ffff8881081aaf00
[ 58.379740][ T39] raw: 0000000000000000 00000000000c000c 00000001ffffffff 0000000000000000
[ 58.388151][ T39] page dumped because: kasan: bad access detected
[ 58.394410][ T39] page_owner tracks the page as allocated
[ 58.399954][ T39] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x112cc0(GFP_USER|__GFP_NOWARN|__GFP_NORETRY), pid 26, ts 57583880745, free_ts 57581901525
[ 58.415581][ T39] post_alloc_hook+0x1a3/0x1b0
[ 58.420183][ T39] prep_new_page+0x1b/0x110
[ 58.424530][ T39] get_page_from_freelist+0x3550/0x35d0
[ 58.429991][ T39] __alloc_pages+0x27e/0x8f0
[ 58.434410][ T39] new_slab+0x9a/0x4e0
[ 58.438318][ T39] ___slab_alloc+0x39e/0x830
[ 58.442739][ T39] __slab_alloc+0x4a/0x90
[ 58.446912][ T39] kmem_cache_alloc+0x139/0x250
[ 58.451595][ T39] __alloc_skb+0xbe/0x550
[ 58.455760][ T39] alloc_skb_with_frags+0xa6/0x680
[ 58.460715][ T39] sock_alloc_send_pskb+0x915/0xa50
[ 58.465832][ T39] sock_alloc_send_skb+0x32/0x40
[ 58.470604][ T39] mld_newpack+0x1b4/0xa20
[ 58.474858][ T39] add_grec+0xdc8/0x13a0
[ 58.478936][ T39] mld_dad_work+0x1f8/0x620
[ 58.483366][ T39] process_one_work+0x6bb/0xc10
[ 58.488047][ T39] page last free stack trace:
[ 58.492736][ T39] free_unref_page_prepare+0x7c8/0x7d0
[ 58.498033][ T39] free_unref_page+0xe8/0x750
[ 58.502648][ T39] __free_pages+0x61/0xf0
[ 58.506811][ T39] __vunmap+0x7bc/0x8f0
[ 58.510803][ T39] vfree+0x7f/0xb0
[ 58.514360][ T39] bpf_jit_free+0x1e3/0x240
[ 58.518702][ T39] bpf_prog_free_deferred+0x61e/0x730
[ 58.524006][ T39] process_one_work+0x6bb/0xc10
[ 58.528682][ T39] worker_thread+0xad5/0x12a0
[ 58.533297][ T39] kthread+0x421/0x510
[ 58.537190][ T39] ret_from_fork+0x1f/0x30
[ 58.541530][ T39]
[ 58.543699][ T39] Memory state around the buggy address:
[ 58.549171][ T39] ffff888110999a00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 58.557335][ T39] ffff888110999a80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fc
[ 58.565402][ T39] >ffff888110999b00: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
[ 58.573305][ T39] ^
[ 58.579289][ T39] ffff888110999b80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 58.587186][ T39] ffff888110999c00: fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc fc
[ 58.595086][ T39] ==================================================================
[ 58.615418][ T491] FAULT_INJECTION: forcing a failure.
[ 58.615418][ T491] name failslab, interval 1, probability 0, space 0, times 0
[ 58.628176][ T491] CPU: 0 PID: 491 Comm: syz.2.20 Tainted: G B 5.15.173-syzkaller-1077948-gb4bd207b0380 #0
[ 58.639532][ T491] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[ 58.649412][ T491] Call Trace:
[ 58.652624][ T491]
[ 58.655401][ T491] dump_stack_lvl+0x151/0x1c0
[ 58.659926][ T491] ? io_uring_drop_tctx_refs+0x190/0x190
[ 58.665396][ T491] dump_stack+0x15/0x20
[ 58.669379][ T491] should_fail+0x3c6/0x510
[ 58.673639][ T491] __should_failslab+0xa4/0xe0
[ 58.678258][ T491] should_failslab+0x9/0x20
[ 58.682569][ T491] slab_pre_alloc_hook+0x37/0xd0
[ 58.687467][ T491] kmem_cache_alloc_trace+0x48/0x270
[ 58.692641][ T491] ? sk_psock_skb_ingress_self+0x60/0x330
[ 58.698377][ T491] ? migrate_disable+0x190/0x190
[ 58.703138][ T491] sk_psock_skb_ingress_self+0x60/0x330
[ 58.708619][ T491] sk_psock_verdict_recv+0x66d/0x840
[ 58.714108][ T491] unix_read_sock+0x132/0x370
[ 58.718618][ T491] ? sk_psock_skb_redirect+0x440/0x440
[ 58.723910][ T491] ? unix_stream_splice_actor+0x120/0x120
[ 58.729468][ T491] ? _raw_spin_lock_irqsave+0xf9/0x210
[ 58.734765][ T491] ? unix_stream_splice_actor+0x120/0x120
[ 58.740439][ T491] sk_psock_verdict_data_ready+0x147/0x1a0
[ 58.746082][ T491] ? sk_psock_start_verdict+0xc0/0xc0
[ 58.751288][ T491] ? _raw_spin_lock+0xa4/0x1b0
[ 58.755888][ T491] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 58.761529][ T491] ? skb_queue_tail+0xfb/0x120
[ 58.766130][ T491] unix_dgram_sendmsg+0x15fa/0x2090
[ 58.771167][ T491] ? unix_dgram_poll+0x690/0x690
[ 58.775938][ T491] ? kasan_set_track+0x5d/0x70
[ 58.780646][ T491] ? kasan_set_track+0x4b/0x70
[ 58.785414][ T491] ? security_socket_sendmsg+0x82/0xb0
[ 58.790705][ T491] ? unix_dgram_poll+0x690/0x690
[ 58.795572][ T491] ____sys_sendmsg+0x59e/0x8f0
[ 58.800296][ T491] ? __sys_sendmsg_sock+0x40/0x40
[ 58.805150][ T491] ? import_iovec+0xe5/0x120
[ 58.809573][ T491] ___sys_sendmsg+0x252/0x2e0
[ 58.814087][ T491] ? __sys_sendmsg+0x260/0x260
[ 58.818699][ T491] ? putname+0xfa/0x150
[ 58.822690][ T491] ? __fdget+0x1bc/0x240
[ 58.826845][ T491] __se_sys_sendmsg+0x19a/0x260
[ 58.831969][ T491] ? __x64_sys_sendmsg+0x90/0x90
[ 58.836738][ T491] ? ksys_write+0x260/0x2c0
[ 58.841100][ T491] ? debug_smp_processor_id+0x17/0x20
[ 58.846287][ T491] ? fpregs_assert_state_consistent+0xb6/0xe0
[ 58.852411][ T491] __x64_sys_sendmsg+0x7b/0x90
[ 58.856973][ T491] x64_sys_call+0x16a/0x9a0
[ 58.861304][ T491] do_syscall_64+0x3b/0xb0
[ 58.865557][ T491] ? clear_bhb_loop+0x35/0x90
[ 58.870071][ T491] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 58.875909][ T491] RIP: 0033:0x7f5ed3cbc759
[ 58.880161][ T491] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 58.899705][ T491] RSP: 002b:00007f5ed373d038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 58.908034][ T491] RAX: ffffffffffffffda RBX: 00007f5ed3e73f80 RCX: 00007f5ed3cbc759
[ 58.916185][ T491] RDX: 0000000000000000 RSI: 0000000020000500 RDI: 0000000000000004
2024/12/27 08:47:34 executed programs: 7
[ 58.923994][ T491] RBP: 00007f5ed373d090 R08: 0000000000000000 R09: 0000000000000000
[ 58.931803][ T491] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 58.939778][ T491] R13: 0000000000000000 R14: 00007f5ed3e73f80 R15: 00007ffd296bba08
[ 58.947785][ T491]
[ 58.954087][ T60] ==================================================================
[ 58.961965][ T60] BUG: KASAN: double-free or invalid-free in kmem_cache_free+0x115/0x330
[ 58.970212][ T60]
[ 58.972395][ T60] CPU: 1 PID: 60 Comm: kworker/1:2 Tainted: G B 5.15.173-syzkaller-1077948-gb4bd207b0380 #0
[ 58.983675][ T60] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[ 58.993656][ T60] Workqueue: events bpf_map_free_deferred
[ 58.999286][ T60] Call Trace:
[ 59.002416][ T60]
[ 59.005274][ T60] dump_stack_lvl+0x151/0x1c0
[ 59.009786][ T60] ? io_uring_drop_tctx_refs+0x190/0x190
[ 59.015258][ T60] ? panic+0x760/0x760
[ 59.019366][ T60] ? kmem_cache_free+0x115/0x330
[ 59.024213][ T60] print_address_description+0x87/0x3b0
[ 59.029696][ T60] ? kmem_cache_free+0x115/0x330
[ 59.034637][ T60] ? kmem_cache_free+0x115/0x330
[ 59.039589][ T60] kasan_report_invalid_free+0x6b/0xa0
[ 59.044875][ T60] ____kasan_slab_free+0x13e/0x160
[ 59.049827][ T60] __kasan_slab_free+0x11/0x20
[ 59.054421][ T60] slab_free_freelist_hook+0xbd/0x190
[ 59.059638][ T60] kmem_cache_free+0x115/0x330
[ 59.064252][ T60] ? kfree_skbmem+0x104/0x170
[ 59.068853][ T60] kfree_skbmem+0x104/0x170
[ 59.073190][ T60] consume_skb+0xb4/0x250
[ 59.077440][ T60] __sk_msg_free+0x2dd/0x370
[ 59.081876][ T60] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 59.087512][ T60] sk_psock_stop+0x44c/0x4d0
[ 59.092026][ T60] sk_psock_drop+0x219/0x310
[ 59.096460][ T60] sock_map_unref+0x48f/0x4d0
[ 59.101085][ T60] sock_map_free+0x137/0x2b0
[ 59.105595][ T60] bpf_map_free_deferred+0x10d/0x1e0
[ 59.110725][ T60] process_one_work+0x6bb/0xc10
[ 59.115589][ T60] worker_thread+0xad5/0x12a0
[ 59.120256][ T60] kthread+0x421/0x510
[ 59.124086][ T60] ? worker_clr_flags+0x180/0x180
[ 59.129124][ T60] ? kthread_blkcg+0xd0/0xd0
[ 59.133634][ T60] ret_from_fork+0x1f/0x30
[ 59.137888][ T60]
[ 59.140751][ T60]
[ 59.142921][ T60] Allocated by task 491:
[ 59.147003][ T60] __kasan_slab_alloc+0xb1/0xe0
[ 59.152034][ T60] slab_post_alloc_hook+0x53/0x2c0
[ 59.157418][ T60] kmem_cache_alloc+0xf5/0x250
[ 59.162014][ T60] skb_clone+0x1d1/0x360
[ 59.166092][ T60] sk_psock_verdict_recv+0x53/0x840
[ 59.171126][ T60] unix_read_sock+0x132/0x370
[ 59.175727][ T60] sk_psock_verdict_data_ready+0x147/0x1a0
[ 59.181456][ T60] unix_dgram_sendmsg+0x15fa/0x2090
[ 59.186511][ T60] ____sys_sendmsg+0x59e/0x8f0
[ 59.191175][ T60] ___sys_sendmsg+0x252/0x2e0
[ 59.195805][ T60] __se_sys_sendmsg+0x19a/0x260
[ 59.200497][ T60] __x64_sys_sendmsg+0x7b/0x90
[ 59.205205][ T60] x64_sys_call+0x16a/0x9a0
[ 59.209551][ T60] do_syscall_64+0x3b/0xb0
[ 59.213896][ T60] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 59.219733][ T60]
[ 59.221985][ T60] Freed by task 6:
[ 59.225546][ T60] kasan_set_track+0x4b/0x70
[ 59.230055][ T60] kasan_set_free_info+0x23/0x40
[ 59.234825][ T60] ____kasan_slab_free+0x126/0x160
[ 59.239779][ T60] __kasan_slab_free+0x11/0x20
[ 59.244377][ T60] slab_free_freelist_hook+0xbd/0x190
[ 59.249678][ T60] kmem_cache_free+0x115/0x330
[ 59.254354][ T60] kfree_skbmem+0x104/0x170
[ 59.258706][ T60] kfree_skb+0xc2/0x360
[ 59.262688][ T60] sk_psock_backlog+0xc21/0xd90
[ 59.267461][ T60] process_one_work+0x6bb/0xc10
[ 59.272148][ T60] worker_thread+0xad5/0x12a0
[ 59.276671][ T60] kthread+0x421/0x510
[ 59.280665][ T60] ret_from_fork+0x1f/0x30
[ 59.285010][ T60]
[ 59.287175][ T60] The buggy address belongs to the object at ffff888117e21b40
[ 59.287175][ T60] which belongs to the cache skbuff_head_cache of size 248
[ 59.301693][ T60] The buggy address is located 0 bytes inside of
[ 59.301693][ T60] 248-byte region [ffff888117e21b40, ffff888117e21c38)
[ 59.314702][ T60] The buggy address belongs to the page:
[ 59.320269][ T60] page:ffffea00045f8840 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x117e21
[ 59.330334][ T60] flags: 0x4000000000000200(slab|zone=1)
[ 59.335861][ T60] raw: 4000000000000200 0000000000000000 dead000000000122 ffff8881081aaf00
[ 59.344513][ T60] raw: 0000000000000000 00000000000c000c 00000001ffffffff 0000000000000000
[ 59.352914][ T60] page dumped because: kasan: bad access detected
[ 59.359165][ T60] page_owner tracks the page as allocated
[ 59.364724][ T60] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x112a20(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_HARDWALL), pid 488, ts 58566185819, free_ts 57627739699
[ 59.382110][ T60] post_alloc_hook+0x1a3/0x1b0
[ 59.386705][ T60] prep_new_page+0x1b/0x110
[ 59.391044][ T60] get_page_from_freelist+0x3550/0x35d0
[ 59.396423][ T60] __alloc_pages+0x27e/0x8f0
[ 59.400850][ T60] new_slab+0x9a/0x4e0
[ 59.404755][ T60] ___slab_alloc+0x39e/0x830
[ 59.409181][ T60] __slab_alloc+0x4a/0x90
[ 59.413373][ T60] kmem_cache_alloc+0x139/0x250
[ 59.418037][ T60] __alloc_skb+0xbe/0x550
[ 59.422297][ T60] ndisc_alloc_skb+0xf3/0x2d0
[ 59.426800][ T60] ndisc_send_rs+0x26c/0x6a0
[ 59.431405][ T60] addrconf_rs_timer+0x2d1/0x600
[ 59.436212][ T60] call_timer_fn+0x3b/0x2d0
[ 59.440512][ T60] __run_timers+0x72a/0xa10
[ 59.444938][ T60] run_timer_softirq+0x69/0xf0
[ 59.449540][ T60] handle_softirqs+0x25e/0x5c0
[ 59.454155][ T60] page last free stack trace:
[ 59.458660][ T60] free_unref_page_prepare+0x7c8/0x7d0
[ 59.464106][ T60] free_unref_page+0xe8/0x750
[ 59.468623][ T60] __free_pages+0x61/0xf0
[ 59.472870][ T60] __vunmap+0x7bc/0x8f0
[ 59.476862][ T60] vfree+0x7f/0xb0
[ 59.480420][ T60] module_memfree+0x17/0x30
[ 59.484762][ T60] bpf_jit_free_exec+0x15/0x20
[ 59.489360][ T60] bpf_jit_free+0x98/0x240
[ 59.493610][ T60] bpf_prog_free_deferred+0x61e/0x730
[ 59.498820][ T60] process_one_work+0x6bb/0xc10
[ 59.503526][ T60] worker_thread+0xad5/0x12a0
[ 59.508027][ T60] kthread+0x421/0x510
[ 59.511929][ T60] ret_from_fork+0x1f/0x30
[ 59.516202][ T60]
[ 59.518346][ T60] Memory state around the buggy address:
[ 59.523995][ T60] ffff888117e21a00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 59.531887][ T60] ffff888117e21a80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fc
[ 59.539819][ T60] >ffff888117e21b00: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
[ 59.547696][ T60] ^
[ 59.553678][ T60] ffff888117e21b80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 59.561576][ T60] ffff888117e21c00: fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc fc
[ 59.569473][ T60] ==================================================================
[ 59.587048][ T494] FAULT_INJECTION: forcing a failure.
[ 59.587048][ T494] name failslab, interval 1, probability 0, space 0, times 0
[ 59.599680][ T494] CPU: 1 PID: 494 Comm: syz.2.21 Tainted: G B 5.15.173-syzkaller-1077948-gb4bd207b0380 #0
[ 59.610701][ T494] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[ 59.620701][ T494] Call Trace:
[ 59.623817][ T494]
[ 59.626689][ T494] dump_stack_lvl+0x151/0x1c0
[ 59.631292][ T494] ? io_uring_drop_tctx_refs+0x190/0x190
[ 59.636754][ T494] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 59.642393][ T494] ? __skb_try_recv_datagram+0x495/0x6a0
[ 59.648070][ T494] dump_stack+0x15/0x20
[ 59.652058][ T494] should_fail+0x3c6/0x510
[ 59.656394][ T494] __should_failslab+0xa4/0xe0
[ 59.660995][ T494] ? skb_clone+0x1d1/0x360
[ 59.665245][ T494] should_failslab+0x9/0x20
[ 59.669707][ T494] slab_pre_alloc_hook+0x37/0xd0
[ 59.674454][ T494] ? skb_clone+0x1d1/0x360
[ 59.678797][ T494] kmem_cache_alloc+0x44/0x250
[ 59.683396][ T494] skb_clone+0x1d1/0x360
[ 59.687584][ T494] sk_psock_verdict_recv+0x53/0x840
[ 59.692623][ T494] ? avc_has_perm_noaudit+0x430/0x430
[ 59.697817][ T494] unix_read_sock+0x132/0x370
[ 59.702534][ T494] ? sk_psock_skb_redirect+0x440/0x440
[ 59.707819][ T494] ? unix_stream_splice_actor+0x120/0x120
[ 59.713374][ T494] ? _raw_spin_lock_irqsave+0xf9/0x210
[ 59.718683][ T494] ? unix_stream_splice_actor+0x120/0x120
[ 59.724224][ T494] sk_psock_verdict_data_ready+0x147/0x1a0
[ 59.730138][ T494] ? sk_psock_start_verdict+0xc0/0xc0
[ 59.735335][ T494] ? _raw_spin_lock+0xa4/0x1b0
[ 59.739939][ T494] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 59.745586][ T494] ? skb_queue_tail+0xfb/0x120
[ 59.750293][ T494] unix_dgram_sendmsg+0x15fa/0x2090
[ 59.755352][ T494] ? unix_dgram_poll+0x690/0x690
[ 59.760185][ T494] ? kasan_set_track+0x5d/0x70
[ 59.764784][ T494] ? kasan_set_track+0x4b/0x70
[ 59.769490][ T494] ? security_socket_sendmsg+0x82/0xb0
[ 59.774793][ T494] ? unix_dgram_poll+0x690/0x690
[ 59.779645][ T494] ____sys_sendmsg+0x59e/0x8f0
[ 59.784283][ T494] ? __sys_sendmsg_sock+0x40/0x40
[ 59.789106][ T494] ? import_iovec+0xe5/0x120
[ 59.793530][ T494] ___sys_sendmsg+0x252/0x2e0
[ 59.798044][ T494] ? __sys_sendmsg+0x260/0x260
[ 59.802652][ T494] ? putname+0xfa/0x150
[ 59.806656][ T494] ? __fdget+0x1bc/0x240
[ 59.810745][ T494] __se_sys_sendmsg+0x19a/0x260
[ 59.815489][ T494] ? __x64_sys_sendmsg+0x90/0x90
[ 59.820287][ T494] ? ksys_write+0x260/0x2c0
[ 59.824784][ T494] ? debug_smp_processor_id+0x17/0x20
[ 59.829986][ T494] ? fpregs_assert_state_consistent+0xb6/0xe0
[ 59.836073][ T494] __x64_sys_sendmsg+0x7b/0x90
[ 59.840756][ T494] x64_sys_call+0x16a/0x9a0
[ 59.845095][ T494] do_syscall_64+0x3b/0xb0
[ 59.849350][ T494] ? clear_bhb_loop+0x35/0x90
[ 59.853864][ T494] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 59.859884][ T494] RIP: 0033:0x7f5ed3cbc759
[ 59.864138][ T494] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 59.883781][ T494] RSP: 002b:00007f5ed373d038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 59.892200][ T494] RAX: ffffffffffffffda RBX: 00007f5ed3e73f80 RCX: 00007f5ed3cbc759
[ 59.900010][ T494] RDX: 0000000000000000 RSI: 0000000020000500 RDI: 0000000000000004
[ 59.907930][ T494] RBP: 00007f5ed373d090 R08: 0000000000000000 R09: 0000000000000000
[ 59.915912][ T494] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 59.923778][ T494] R13: 0000000000000000 R14: 00007f5ed3e73f80 R15: 00007ffd296bba08
[ 59.931674][ T494]
[ 59.944600][ T496] FAULT_INJECTION: forcing a failure.
[ 59.944600][ T496] name failslab, interval 1, probability 0, space 0, times 0
[ 59.957388][ T496] CPU: 0 PID: 496 Comm: syz.2.22 Tainted: G B 5.15.173-syzkaller-1077948-gb4bd207b0380 #0
[ 59.968370][ T496] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[ 59.978348][ T496] Call Trace:
[ 59.981578][ T496]
[ 59.984379][ T496] dump_stack_lvl+0x151/0x1c0
[ 59.988998][ T496] ? io_uring_drop_tctx_refs+0x190/0x190
[ 59.994475][ T496] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 60.000223][ T496] ? __skb_try_recv_datagram+0x495/0x6a0
[ 60.005660][ T496] dump_stack+0x15/0x20
[ 60.009740][ T496] should_fail+0x3c6/0x510
[ 60.013994][ T496] __should_failslab+0xa4/0xe0
[ 60.018678][ T496] ? skb_clone+0x1d1/0x360
[ 60.022943][ T496] should_failslab+0x9/0x20
[ 60.027268][ T496] slab_pre_alloc_hook+0x37/0xd0
[ 60.032132][ T496] ? skb_clone+0x1d1/0x360
[ 60.036500][ T496] kmem_cache_alloc+0x44/0x250
[ 60.041192][ T496] skb_clone+0x1d1/0x360
[ 60.045352][ T496] sk_psock_verdict_recv+0x53/0x840
[ 60.050416][ T496] ? avc_has_perm_noaudit+0x430/0x430
[ 60.055601][ T496] unix_read_sock+0x132/0x370
[ 60.060656][ T496] ? sk_psock_skb_redirect+0x440/0x440
[ 60.065930][ T496] ? unix_stream_splice_actor+0x120/0x120
[ 60.071577][ T496] ? _raw_spin_lock_irqsave+0xf9/0x210
[ 60.076886][ T496] ? unix_stream_splice_actor+0x120/0x120
[ 60.082536][ T496] sk_psock_verdict_data_ready+0x147/0x1a0
[ 60.088263][ T496] ? sk_psock_start_verdict+0xc0/0xc0
[ 60.093698][ T496] ? _raw_spin_lock+0xa4/0x1b0
[ 60.098300][ T496] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 60.103935][ T496] ? skb_queue_tail+0xfb/0x120
[ 60.108651][ T496] unix_dgram_sendmsg+0x15fa/0x2090
[ 60.113678][ T496] ? unix_dgram_poll+0x690/0x690
[ 60.118447][ T496] ? kasan_set_track+0x5d/0x70
[ 60.123203][ T496] ? kasan_set_track+0x4b/0x70
[ 60.127751][ T496] ? security_socket_sendmsg+0x82/0xb0
[ 60.133179][ T496] ? unix_dgram_poll+0x690/0x690
[ 60.137905][ T496] ____sys_sendmsg+0x59e/0x8f0
[ 60.142595][ T496] ? __sys_sendmsg_sock+0x40/0x40
[ 60.147542][ T496] ? import_iovec+0xe5/0x120
[ 60.152122][ T496] ___sys_sendmsg+0x252/0x2e0
[ 60.156566][ T496] ? __sys_sendmsg+0x260/0x260
[ 60.161263][ T496] ? putname+0xfa/0x150
[ 60.165258][ T496] ? __fdget+0x1bc/0x240
[ 60.169335][ T496] __se_sys_sendmsg+0x19a/0x260
[ 60.174042][ T496] ? __x64_sys_sendmsg+0x90/0x90
[ 60.178874][ T496] ? ksys_write+0x260/0x2c0
[ 60.183322][ T496] ? debug_smp_processor_id+0x17/0x20
[ 60.188511][ T496] ? fpregs_assert_state_consistent+0xb6/0xe0
[ 60.194422][ T496] __x64_sys_sendmsg+0x7b/0x90
[ 60.199013][ T496] x64_sys_call+0x16a/0x9a0
[ 60.203353][ T496] do_syscall_64+0x3b/0xb0
[ 60.207608][ T496] ? clear_bhb_loop+0x35/0x90
[ 60.212123][ T496] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 60.217849][ T496] RIP: 0033:0x7f5ed3cbc759
[ 60.222105][ T496] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 60.241540][ T496] RSP: 002b:00007f5ed373d038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 60.249803][ T496] RAX: ffffffffffffffda RBX: 00007f5ed3e73f80 RCX: 00007f5ed3cbc759
[ 60.257597][ T496] RDX: 0000000000000000 RSI: 0000000020000500 RDI: 0000000000000004
[ 60.265411][ T496] RBP: 00007f5ed373d090 R08: 0000000000000000 R09: 0000000000000000
[ 60.273348][ T496] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 60.281117][ T496] R13: 0000000000000000 R14: 00007f5ed3e73f80 R15: 00007ffd296bba08
[ 60.288939][ T496]
[ 60.304194][ T498] FAULT_INJECTION: forcing a failure.
[ 60.304194][ T498] name failslab, interval 1, probability 0, space 0, times 0
[ 60.317187][ T498] CPU: 1 PID: 498 Comm: syz.2.23 Tainted: G B 5.15.173-syzkaller-1077948-gb4bd207b0380 #0
[ 60.328222][ T498] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[ 60.338111][ T498] Call Trace:
[ 60.341316][ T498]
[ 60.344121][ T498] dump_stack_lvl+0x151/0x1c0
[ 60.348785][ T498] ? io_uring_drop_tctx_refs+0x190/0x190
[ 60.354253][ T498] dump_stack+0x15/0x20
[ 60.358598][ T498] should_fail+0x3c6/0x510
[ 60.362807][ T498] __should_failslab+0xa4/0xe0
[ 60.367414][ T498] should_failslab+0x9/0x20
[ 60.371744][ T498] slab_pre_alloc_hook+0x37/0xd0
[ 60.376739][ T498] kmem_cache_alloc_trace+0x48/0x270
[ 60.382002][ T498] ? sk_psock_skb_ingress_self+0x60/0x330
[ 60.387709][ T498] ? migrate_disable+0x190/0x190
[ 60.392486][ T498] sk_psock_skb_ingress_self+0x60/0x330
[ 60.398048][ T498] sk_psock_verdict_recv+0x66d/0x840
[ 60.403156][ T498] unix_read_sock+0x132/0x370
[ 60.407759][ T498] ? sk_psock_skb_redirect+0x440/0x440
[ 60.413053][ T498] ? unix_stream_splice_actor+0x120/0x120
[ 60.418603][ T498] ? _raw_spin_lock_irqsave+0xf9/0x210
[ 60.424125][ T498] ? unix_stream_splice_actor+0x120/0x120
[ 60.429674][ T498] sk_psock_verdict_data_ready+0x147/0x1a0
[ 60.435429][ T498] ? sk_psock_start_verdict+0xc0/0xc0
[ 60.440631][ T498] ? _raw_spin_lock+0xa4/0x1b0
[ 60.445239][ T498] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 60.450871][ T498] ? skb_queue_tail+0xfb/0x120
[ 60.455472][ T498] unix_dgram_sendmsg+0x15fa/0x2090
[ 60.460509][ T498] ? unix_dgram_poll+0x690/0x690
[ 60.465285][ T498] ? kasan_set_track+0x5d/0x70
[ 60.470051][ T498] ? kasan_set_track+0x4b/0x70
[ 60.474806][ T498] ? security_socket_sendmsg+0x82/0xb0
[ 60.480082][ T498] ? unix_dgram_poll+0x690/0x690
[ 60.484861][ T498] ____sys_sendmsg+0x59e/0x8f0
[ 60.489459][ T498] ? __sys_sendmsg_sock+0x40/0x40
[ 60.494401][ T498] ? import_iovec+0xe5/0x120
[ 60.498829][ T498] ___sys_sendmsg+0x252/0x2e0
[ 60.503343][ T498] ? __sys_sendmsg+0x260/0x260
[ 60.507942][ T498] ? putname+0xfa/0x150
[ 60.511943][ T498] ? __fdget+0x1bc/0x240
[ 60.516038][ T498] __se_sys_sendmsg+0x19a/0x260
[ 60.520703][ T498] ? __x64_sys_sendmsg+0x90/0x90
[ 60.525497][ T498] ? ksys_write+0x260/0x2c0
[ 60.529826][ T498] ? debug_smp_processor_id+0x17/0x20
[ 60.535021][ T498] ? fpregs_assert_state_consistent+0xb6/0xe0
[ 60.540954][ T498] __x64_sys_sendmsg+0x7b/0x90
[ 60.545524][ T498] x64_sys_call+0x16a/0x9a0
[ 60.549874][ T498] do_syscall_64+0x3b/0xb0
[ 60.554122][ T498] ? clear_bhb_loop+0x35/0x90
[ 60.558632][ T498] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 60.564570][ T498] RIP: 0033:0x7f5ed3cbc759
[ 60.568823][ T498] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 60.588263][ T498] RSP: 002b:00007f5ed373d038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 60.596501][ T498] RAX: ffffffffffffffda RBX: 00007f5ed3e73f80 RCX: 00007f5ed3cbc759
[ 60.604485][ T498] RDX: 0000000000000000 RSI: 0000000020000500 RDI: 0000000000000004
[ 60.612382][ T498] RBP: 00007f5ed373d090 R08: 0000000000000000 R09: 0000000000000000
[ 60.620473][ T498] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 60.628755][ T498] R13: 0000000000000000 R14: 00007f5ed3e73f80 R15: 00007ffd296bba08
[ 60.636541][ T498]
[ 60.643716][ T60] ==================================================================
[ 60.651612][ T60] BUG: KASAN: double-free or invalid-free in kmem_cache_free+0x115/0x330
[ 60.660032][ T60]
[ 60.662206][ T60] CPU: 1 PID: 60 Comm: kworker/1:2 Tainted: G B 5.15.173-syzkaller-1077948-gb4bd207b0380 #0
[ 60.673824][ T60] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[ 60.683717][ T60] Workqueue: events bpf_map_free_deferred
[ 60.689544][ T60] Call Trace:
[ 60.692671][ T60]
[ 60.695447][ T60] dump_stack_lvl+0x151/0x1c0
[ 60.699962][ T60] ? io_uring_drop_tctx_refs+0x190/0x190
[ 60.705529][ T60] ? panic+0x760/0x760
[ 60.709446][ T60] ? kasan_set_free_info+0x23/0x40
[ 60.714654][ T60] ? ____kasan_slab_free+0x126/0x160
[ 60.719775][ T60] ? kmem_cache_free+0x115/0x330
[ 60.724641][ T60] print_address_description+0x87/0x3b0
[ 60.730031][ T60] ? worker_thread+0xad5/0x12a0
[ 60.734881][ T60] ? kthread+0x421/0x510
[ 60.738969][ T60] ? kmem_cache_free+0x115/0x330
[ 60.743825][ T60] ? kmem_cache_free+0x115/0x330
[ 60.748599][ T60] kasan_report_invalid_free+0x6b/0xa0
[ 60.753912][ T60] ____kasan_slab_free+0x13e/0x160
[ 60.758925][ T60] __kasan_slab_free+0x11/0x20
[ 60.763526][ T60] slab_free_freelist_hook+0xbd/0x190
[ 60.768735][ T60] kmem_cache_free+0x115/0x330
[ 60.773340][ T60] ? kfree_skbmem+0x104/0x170
[ 60.777855][ T60] kfree_skbmem+0x104/0x170
[ 60.782183][ T60] consume_skb+0xb4/0x250
[ 60.786363][ T60] __sk_msg_free+0x2dd/0x370
[ 60.790778][ T60] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 60.796416][ T60] sk_psock_stop+0x44c/0x4d0
[ 60.800845][ T60] sk_psock_drop+0x219/0x310
[ 60.805272][ T60] sock_map_unref+0x48f/0x4d0
[ 60.809827][ T60] sock_map_free+0x137/0x2b0
[ 60.814216][ T60] bpf_map_free_deferred+0x10d/0x1e0
[ 60.819336][ T60] process_one_work+0x6bb/0xc10
[ 60.824050][ T60] worker_thread+0xad5/0x12a0
[ 60.828538][ T60] kthread+0x421/0x510
[ 60.832435][ T60] ? worker_clr_flags+0x180/0x180
[ 60.837300][ T60] ? kthread_blkcg+0xd0/0xd0
[ 60.841724][ T60] ret_from_fork+0x1f/0x30
[ 60.846020][ T60]
[ 60.848929][ T60]
[ 60.851102][ T60] Allocated by task 498:
[ 60.855272][ T60] __kasan_slab_alloc+0xb1/0xe0
[ 60.859955][ T60] slab_post_alloc_hook+0x53/0x2c0
[ 60.864896][ T60] kmem_cache_alloc+0xf5/0x250
[ 60.869497][ T60] skb_clone+0x1d1/0x360
[ 60.873577][ T60] sk_psock_verdict_recv+0x53/0x840
[ 60.878611][ T60] unix_read_sock+0x132/0x370
[ 60.883123][ T60] sk_psock_verdict_data_ready+0x147/0x1a0
[ 60.888761][ T60] unix_dgram_sendmsg+0x15fa/0x2090
[ 60.893806][ T60] ____sys_sendmsg+0x59e/0x8f0
[ 60.899043][ T60] ___sys_sendmsg+0x252/0x2e0
[ 60.903559][ T60] __se_sys_sendmsg+0x19a/0x260
[ 60.908245][ T60] __x64_sys_sendmsg+0x7b/0x90
[ 60.912847][ T60] x64_sys_call+0x16a/0x9a0
[ 60.917267][ T60] do_syscall_64+0x3b/0xb0
[ 60.921521][ T60] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 60.927454][ T60]
[ 60.929609][ T60] Freed by task 60:
[ 60.933255][ T60] kasan_set_track+0x4b/0x70
[ 60.937694][ T60] kasan_set_free_info+0x23/0x40
[ 60.942458][ T60] ____kasan_slab_free+0x126/0x160
[ 60.947405][ T60] __kasan_slab_free+0x11/0x20
[ 60.952004][ T60] slab_free_freelist_hook+0xbd/0x190
[ 60.957273][ T60] kmem_cache_free+0x115/0x330
[ 60.961826][ T60] kfree_skbmem+0x104/0x170
[ 60.966150][ T60] kfree_skb+0xc2/0x360
[ 60.970148][ T60] sk_psock_backlog+0xc21/0xd90
[ 60.974921][ T60] process_one_work+0x6bb/0xc10
[ 60.979606][ T60] worker_thread+0xad5/0x12a0
[ 60.984204][ T60] kthread+0x421/0x510
[ 60.988176][ T60] ret_from_fork+0x1f/0x30
[ 60.992536][ T60]
[ 60.994707][ T60] The buggy address belongs to the object at ffff888118cfbb40
[ 60.994707][ T60] which belongs to the cache skbuff_head_cache of size 248
[ 61.009307][ T60] The buggy address is located 0 bytes inside of
[ 61.009307][ T60] 248-byte region [ffff888118cfbb40, ffff888118cfbc38)
[ 61.022374][ T60] The buggy address belongs to the page:
[ 61.027820][ T60] page:ffffea0004633ec0 refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff888118cfbdc0 pfn:0x118cfb
[ 61.039736][ T60] flags: 0x4000000000000200(slab|zone=1)
[ 61.045303][ T60] raw: 4000000000000200 ffffea000462ab48 ffffea000463aa88 ffff8881081aaf00
[ 61.053718][ T60] raw: ffff888118cfbdc0 00000000000c000b 00000001ffffffff 0000000000000000
[ 61.062227][ T60] page dumped because: kasan: bad access detected
[ 61.068475][ T60] page_owner tracks the page as allocated
[ 61.074024][ T60] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x12a20(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY), pid 136, ts 5513476725, free_ts 0
[ 61.089275][ T60] post_alloc_hook+0x1a3/0x1b0
[ 61.094009][ T60] prep_new_page+0x1b/0x110
[ 61.098305][ T60] get_page_from_freelist+0x3550/0x35d0
[ 61.103684][ T60] __alloc_pages+0x27e/0x8f0
[ 61.108145][ T60] new_slab+0x9a/0x4e0
[ 61.112018][ T60] ___slab_alloc+0x39e/0x830
[ 61.116447][ T60] __slab_alloc+0x4a/0x90
[ 61.120611][ T60] kmem_cache_alloc+0x139/0x250
[ 61.125385][ T60] __alloc_skb+0xbe/0x550
[ 61.129722][ T60] audit_log_start+0x456/0xa80
[ 61.134321][ T60] common_lsm_audit+0xd8/0x18b0
[ 61.139012][ T60] slow_avc_audit+0x26c/0x3c0
[ 61.143611][ T60] avc_has_perm+0x1f5/0x260
[ 61.147954][ T60] selinux_task_setrlimit+0x1c0/0x220
[ 61.153245][ T60] security_task_setrlimit+0x74/0xb0
[ 61.158394][ T60] do_prlimit+0x2a4/0x460
[ 61.162533][ T60] page_owner free stack trace missing
[ 61.167746][ T60]
[ 61.169928][ T60] Memory state around the buggy address:
[ 61.175396][ T60] ffff888118cfba00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 61.183459][ T60] ffff888118cfba80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fc
[ 61.191464][ T60] >ffff888118cfbb00: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
[ 61.199328][ T60] ^
[ 61.205323][ T60] ffff888118cfbb80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 61.213223][ T60] ffff888118cfbc00: fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc fc
[ 61.221135][ T60] ==================================================================
[ 61.240453][ T501] FAULT_INJECTION: forcing a failure.
[ 61.240453][ T501] name failslab, interval 1, probability 0, space 0, times 0
[ 61.253913][ T501] CPU: 0 PID: 501 Comm: syz.2.24 Tainted: G B 5.15.173-syzkaller-1077948-gb4bd207b0380 #0
[ 61.264925][ T501] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[ 61.275008][ T501] Call Trace:
[ 61.278119][ T501]
[ 61.280986][ T501] dump_stack_lvl+0x151/0x1c0
[ 61.285495][ T501] ? io_uring_drop_tctx_refs+0x190/0x190
[ 61.290971][ T501] dump_stack+0x15/0x20
[ 61.294954][ T501] should_fail+0x3c6/0x510
[ 61.299203][ T501] __should_failslab+0xa4/0xe0
[ 61.303812][ T501] should_failslab+0x9/0x20
[ 61.308231][ T501] slab_pre_alloc_hook+0x37/0xd0
[ 61.313138][ T501] kmem_cache_alloc_trace+0x48/0x270
[ 61.318475][ T501] ? sk_psock_skb_ingress_self+0x60/0x330
[ 61.324181][ T501] ? migrate_disable+0x190/0x190
[ 61.329006][ T501] sk_psock_skb_ingress_self+0x60/0x330
[ 61.334559][ T501] sk_psock_verdict_recv+0x66d/0x840
[ 61.339684][ T501] unix_read_sock+0x132/0x370
[ 61.344457][ T501] ? sk_psock_skb_redirect+0x440/0x440
[ 61.349840][ T501] ? unix_stream_splice_actor+0x120/0x120
[ 61.355740][ T501] ? _raw_spin_lock_irqsave+0xf9/0x210
[ 61.361033][ T501] ? unix_stream_splice_actor+0x120/0x120
[ 61.366592][ T501] sk_psock_verdict_data_ready+0x147/0x1a0
[ 61.372314][ T501] ? sk_psock_start_verdict+0xc0/0xc0
[ 61.377609][ T501] ? _raw_spin_lock+0xa4/0x1b0
[ 61.382309][ T501] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 61.387967][ T501] ? skb_queue_tail+0xfb/0x120
[ 61.392553][ T501] unix_dgram_sendmsg+0x15fa/0x2090
[ 61.397643][ T501] ? unix_dgram_poll+0x690/0x690
[ 61.402358][ T501] ? kasan_set_track+0x5d/0x70
[ 61.406960][ T501] ? kasan_set_track+0x4b/0x70
[ 61.411557][ T501] ? security_socket_sendmsg+0x82/0xb0
[ 61.417167][ T501] ? unix_dgram_poll+0x690/0x690
[ 61.421886][ T501] ____sys_sendmsg+0x59e/0x8f0
[ 61.426573][ T501] ? __sys_sendmsg_sock+0x40/0x40
[ 61.431436][ T501] ? import_iovec+0xe5/0x120
[ 61.435860][ T501] ___sys_sendmsg+0x252/0x2e0
[ 61.440381][ T501] ? __sys_sendmsg+0x260/0x260
[ 61.444989][ T501] ? putname+0xfa/0x150
[ 61.448982][ T501] ? __fdget+0x1bc/0x240
[ 61.453047][ T501] __se_sys_sendmsg+0x19a/0x260
[ 61.457738][ T501] ? __x64_sys_sendmsg+0x90/0x90
[ 61.462505][ T501] ? ksys_write+0x260/0x2c0
[ 61.466945][ T501] ? debug_smp_processor_id+0x17/0x20
[ 61.472137][ T501] ? fpregs_assert_state_consistent+0xb6/0xe0
[ 61.478241][ T501] __x64_sys_sendmsg+0x7b/0x90
[ 61.482848][ T501] x64_sys_call+0x16a/0x9a0
[ 61.487284][ T501] do_syscall_64+0x3b/0xb0
[ 61.491532][ T501] ? clear_bhb_loop+0x35/0x90
[ 61.496073][ T501] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 61.501995][ T501] RIP: 0033:0x7f5ed3cbc759
[ 61.506332][ T501] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 61.525772][ T501] RSP: 002b:00007f5ed373d038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 61.534205][ T501] RAX: ffffffffffffffda RBX: 00007f5ed3e73f80 RCX: 00007f5ed3cbc759
[ 61.542003][ T501] RDX: 0000000000000000 RSI: 0000000020000500 RDI: 0000000000000004
[ 61.549895][ T501] RBP: 00007f5ed373d090 R08: 0000000000000000 R09: 0000000000000000
[ 61.557895][ T501] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 61.565877][ T501] R13: 0000000000000000 R14: 00007f5ed3e73f80 R15: 00007ffd296bba08
[ 61.573868][ T501]
[ 61.583126][ T500] ==================================================================
[ 61.591157][ T500] BUG: KASAN: double-free or invalid-free in kmem_cache_free+0x115/0x330
[ 61.599834][ T500]
[ 61.602132][ T500] CPU: 1 PID: 500 Comm: syz.2.24 Tainted: G B 5.15.173-syzkaller-1077948-gb4bd207b0380 #0
[ 61.613299][ T500] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[ 61.623418][ T500] Call Trace:
[ 61.626533][ T500]
[ 61.629313][ T500] dump_stack_lvl+0x151/0x1c0
[ 61.633919][ T500] ? io_uring_drop_tctx_refs+0x190/0x190
[ 61.639377][ T500] ? __wake_up_klogd+0xd5/0x110
[ 61.644069][ T500] ? panic+0x760/0x760
[ 61.647983][ T500] ? kmem_cache_free+0x115/0x330
[ 61.652747][ T500] print_address_description+0x87/0x3b0
[ 61.658299][ T500] ? kmem_cache_free+0x115/0x330
[ 61.663074][ T500] ? kmem_cache_free+0x115/0x330
[ 61.667943][ T500] kasan_report_invalid_free+0x6b/0xa0
[ 61.673227][ T500] ____kasan_slab_free+0x13e/0x160
[ 61.678266][ T500] __kasan_slab_free+0x11/0x20
[ 61.682881][ T500] slab_free_freelist_hook+0xbd/0x190
[ 61.688332][ T500] kmem_cache_free+0x115/0x330
[ 61.692930][ T500] ? kfree_skbmem+0x104/0x170
[ 61.697528][ T500] kfree_skbmem+0x104/0x170
[ 61.701870][ T500] consume_skb+0xb4/0x250
[ 61.706042][ T500] __sk_msg_free+0x2dd/0x370
[ 61.710671][ T500] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 61.716311][ T500] sk_psock_stop+0x44c/0x4d0
[ 61.720845][ T500] sk_psock_drop+0x219/0x310
[ 61.725268][ T500] sock_map_unref+0x48f/0x4d0
[ 61.729779][ T500] ? __local_bh_enable_ip+0x58/0x80
[ 61.735020][ T500] ? _raw_spin_unlock_bh+0x51/0x60
[ 61.739957][ T500] sock_map_remove_links+0x41c/0x650
[ 61.745082][ T500] ? sock_map_unhash+0x120/0x120
[ 61.749861][ T500] ? locks_remove_posix+0x610/0x610
[ 61.754987][ T500] sock_map_close+0x114/0x530
[ 61.759586][ T500] ? unix_peer_get+0xe0/0xe0
[ 61.763999][ T500] ? sock_map_remove_links+0x650/0x650
[ 61.769293][ T500] ? rwsem_mark_wake+0x770/0x770
[ 61.774065][ T500] unix_release+0x82/0xc0
[ 61.778320][ T500] sock_close+0xdf/0x270
[ 61.782398][ T500] ? sock_mmap+0xa0/0xa0
[ 61.786507][ T500] __fput+0x228/0x8c0
[ 61.790300][ T500] ____fput+0x15/0x20
[ 61.794115][ T500] task_work_run+0x129/0x190
[ 61.798725][ T500] exit_to_user_mode_loop+0xc4/0xe0
[ 61.803843][ T500] exit_to_user_mode_prepare+0x5a/0xa0
[ 61.809130][ T500] syscall_exit_to_user_mode+0x26/0x160
[ 61.814556][ T500] do_syscall_64+0x47/0xb0
[ 61.818806][ T500] ? clear_bhb_loop+0x35/0x90
[ 61.823464][ T500] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 61.829353][ T500] RIP: 0033:0x7f5ed3cbc759
[ 61.833612][ T500] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 61.853139][ T500] RSP: 002b:00007ffd296bbb68 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4
[ 61.861394][ T500] RAX: 0000000000000000 RBX: 000000000000ef1c RCX: 00007f5ed3cbc759
[ 61.869433][ T500] RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003
[ 61.877498][ T500] RBP: 00007f5ed3e75a80 R08: 0000000000000001 R09: 00007ffd296bbe5f
[ 61.885397][ T500] R10: 00007f5ed3b3e000 R11: 0000000000000246 R12: 000000000000ef50
[ 61.893198][ T500] R13: 00007ffd296bbc70 R14: 0000000000000032 R15: ffffffffffffffff
[ 61.901195][ T500]
[ 61.904065][ T500]
[ 61.906229][ T500] Allocated by task 501:
[ 61.910307][ T500] __kasan_slab_alloc+0xb1/0xe0
[ 61.915043][ T500] slab_post_alloc_hook+0x53/0x2c0
[ 61.920113][ T500] kmem_cache_alloc+0xf5/0x250
[ 61.924758][ T500] skb_clone+0x1d1/0x360
[ 61.928880][ T500] sk_psock_verdict_recv+0x53/0x840
[ 61.933914][ T500] unix_read_sock+0x132/0x370
[ 61.938513][ T500] sk_psock_verdict_data_ready+0x147/0x1a0
[ 61.944416][ T500] unix_dgram_sendmsg+0x15fa/0x2090
[ 61.949544][ T500] ____sys_sendmsg+0x59e/0x8f0
[ 61.954483][ T500] ___sys_sendmsg+0x252/0x2e0
[ 61.959121][ T500] __se_sys_sendmsg+0x19a/0x260
[ 61.963775][ T500] __x64_sys_sendmsg+0x7b/0x90
[ 61.968370][ T500] x64_sys_call+0x16a/0x9a0
[ 61.972709][ T500] do_syscall_64+0x3b/0xb0
[ 61.977077][ T500] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 61.982915][ T500]
[ 61.985086][ T500] Freed by task 6:
[ 61.988642][ T500] kasan_set_track+0x4b/0x70
[ 61.993159][ T500] kasan_set_free_info+0x23/0x40
[ 61.997929][ T500] ____kasan_slab_free+0x126/0x160
[ 62.002883][ T500] __kasan_slab_free+0x11/0x20
[ 62.007474][ T500] slab_free_freelist_hook+0xbd/0x190
[ 62.012683][ T500] kmem_cache_free+0x115/0x330
[ 62.017287][ T500] kfree_skbmem+0x104/0x170
[ 62.021624][ T500] kfree_skb+0xc2/0x360
[ 62.025619][ T500] sk_psock_backlog+0xc21/0xd90
[ 62.030300][ T500] process_one_work+0x6bb/0xc10
[ 62.035165][ T500] worker_thread+0xad5/0x12a0
[ 62.039782][ T500] kthread+0x421/0x510
[ 62.043700][ T500] ret_from_fork+0x1f/0x30
[ 62.048062][ T500]
[ 62.050224][ T500] The buggy address belongs to the object at ffff888118eb3000
[ 62.050224][ T500] which belongs to the cache skbuff_head_cache of size 248
[ 62.064894][ T500] The buggy address is located 0 bytes inside of
[ 62.064894][ T500] 248-byte region [ffff888118eb3000, ffff888118eb30f8)
[ 62.077983][ T500] The buggy address belongs to the page:
[ 62.083381][ T500] page:ffffea000463acc0 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x118eb3
[ 62.093445][ T500] flags: 0x4000000000000200(slab|zone=1)
[ 62.098977][ T500] raw: 4000000000000200 dead000000000100 dead000000000122 ffff8881081aaf00
[ 62.107431][ T500] raw: 0000000000000000 00000000000c000c 00000001ffffffff 0000000000000000
[ 62.115995][ T500] page dumped because: kasan: bad access detected
[ 62.122175][ T500] page_owner tracks the page as allocated
[ 62.127728][ T500] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x12cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY), pid 139, ts 5549465223, free_ts 5547156614
[ 62.143525][ T500] post_alloc_hook+0x1a3/0x1b0
[ 62.148337][ T500] prep_new_page+0x1b/0x110
[ 62.152659][ T500] get_page_from_freelist+0x3550/0x35d0
[ 62.158067][ T500] __alloc_pages+0x27e/0x8f0
[ 62.162549][ T500] new_slab+0x9a/0x4e0
[ 62.166472][ T500] ___slab_alloc+0x39e/0x830
[ 62.170880][ T500] __slab_alloc+0x4a/0x90
[ 62.175051][ T500] kmem_cache_alloc+0x139/0x250
[ 62.179973][ T500] __alloc_skb+0xbe/0x550
[ 62.184070][ T500] alloc_skb_with_frags+0xa6/0x680
[ 62.189023][ T500] sock_alloc_send_pskb+0x915/0xa50
[ 62.194055][ T500] unix_dgram_sendmsg+0x6fd/0x2090
[ 62.200389][ T500] sock_write_iter+0x39b/0x530
[ 62.204991][ T500] do_iter_readv_writev+0x58e/0x790
[ 62.210290][ T500] do_iter_write+0x1f1/0x760
[ 62.214803][ T500] vfs_writev+0x2ac/0x560
[ 62.218974][ T500] page last free stack trace:
[ 62.223571][ T500] free_unref_page_prepare+0x7c8/0x7d0
[ 62.228860][ T500] free_unref_page+0xe8/0x750
[ 62.233458][ T500] __free_pages+0x61/0xf0
[ 62.237715][ T500] free_pages+0x7c/0x90
[ 62.241702][ T500] selinux_genfs_get_sid+0x24d/0x2a0
[ 62.246824][ T500] inode_doinit_with_dentry+0x8d2/0x1070
[ 62.252294][ T500] selinux_d_instantiate+0x27/0x40
[ 62.257327][ T500] security_d_instantiate+0x9f/0x100
[ 62.262444][ T500] d_splice_alias+0x6d/0x390
[ 62.266874][ T500] proc_sys_lookup+0x6b3/0x7b0
[ 62.271476][ T500] path_openat+0x1194/0x2f40
[ 62.275900][ T500] do_filp_open+0x21c/0x460
[ 62.280428][ T500] do_sys_openat2+0x13f/0x820
[ 62.284969][ T500] __x64_sys_openat+0x243/0x290
[ 62.289625][ T500] x64_sys_call+0x6bf/0x9a0
[ 62.294072][ T500] do_syscall_64+0x3b/0xb0
[ 62.298389][ T500]
[ 62.300566][ T500] Memory state around the buggy address:
[ 62.306028][ T500] ffff888118eb2f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 62.314271][ T500] ffff888118eb2f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 62.322248][ T500] >ffff888118eb3000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 62.330146][ T500] ^
[ 62.334056][ T500] ffff888118eb3080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fc
[ 62.341968][ T500] ffff888118eb3100: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
[ 62.349949][ T500] ==================================================================
[ 62.366059][ T504] FAULT_INJECTION: forcing a failure.
[ 62.366059][ T504] name failslab, interval 1, probability 0, space 0, times 0
[ 62.378594][ T504] CPU: 1 PID: 504 Comm: syz.2.25 Tainted: G B 5.15.173-syzkaller-1077948-gb4bd207b0380 #0
[ 62.389792][ T504] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[ 62.399761][ T504] Call Trace:
[ 62.403053][ T504]
[ 62.405836][ T504] dump_stack_lvl+0x151/0x1c0
[ 62.410357][ T504] ? io_uring_drop_tctx_refs+0x190/0x190
[ 62.415904][ T504] dump_stack+0x15/0x20
[ 62.419932][ T504] should_fail+0x3c6/0x510
[ 62.424162][ T504] __should_failslab+0xa4/0xe0
[ 62.428768][ T504] should_failslab+0x9/0x20
[ 62.433087][ T504] slab_pre_alloc_hook+0x37/0xd0
[ 62.437973][ T504] kmem_cache_alloc_trace+0x48/0x270
[ 62.443070][ T504] ? sk_psock_skb_ingress_self+0x60/0x330
[ 62.448632][ T504] ? migrate_disable+0x190/0x190
[ 62.453615][ T504] sk_psock_skb_ingress_self+0x60/0x330
[ 62.458990][ T504] sk_psock_verdict_recv+0x66d/0x840
[ 62.464211][ T504] unix_read_sock+0x132/0x370
[ 62.468716][ T504] ? sk_psock_skb_redirect+0x440/0x440
[ 62.474129][ T504] ? unix_stream_splice_actor+0x120/0x120
[ 62.479685][ T504] ? _raw_spin_lock_irqsave+0xf9/0x210
[ 62.484977][ T504] ? unix_stream_splice_actor+0x120/0x120
[ 62.490652][ T504] sk_psock_verdict_data_ready+0x147/0x1a0
[ 62.496374][ T504] ? sk_psock_start_verdict+0xc0/0xc0
[ 62.501583][ T504] ? _raw_spin_lock+0xa4/0x1b0
[ 62.506183][ T504] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 62.511824][ T504] ? skb_queue_tail+0xfb/0x120
[ 62.516434][ T504] unix_dgram_sendmsg+0x15fa/0x2090
[ 62.521550][ T504] ? unix_dgram_poll+0x690/0x690
[ 62.526317][ T504] ? kasan_set_track+0x5d/0x70
[ 62.531022][ T504] ? kasan_set_track+0x4b/0x70
[ 62.535632][ T504] ? security_socket_sendmsg+0x82/0xb0
[ 62.540926][ T504] ? unix_dgram_poll+0x690/0x690
[ 62.545786][ T504] ____sys_sendmsg+0x59e/0x8f0
[ 62.550379][ T504] ? __sys_sendmsg_sock+0x40/0x40
[ 62.555239][ T504] ? import_iovec+0xe5/0x120
[ 62.559790][ T504] ___sys_sendmsg+0x252/0x2e0
[ 62.564298][ T504] ? __sys_sendmsg+0x260/0x260
[ 62.568901][ T504] ? putname+0xfa/0x150
[ 62.572891][ T504] ? __fdget+0x1bc/0x240
[ 62.576968][ T504] __se_sys_sendmsg+0x19a/0x260
[ 62.581938][ T504] ? __x64_sys_sendmsg+0x90/0x90
[ 62.586709][ T504] ? ksys_write+0x260/0x2c0
[ 62.591047][ T504] ? debug_smp_processor_id+0x17/0x20
[ 62.596247][ T504] ? fpregs_assert_state_consistent+0xb6/0xe0
[ 62.602168][ T504] __x64_sys_sendmsg+0x7b/0x90
[ 62.606755][ T504] x64_sys_call+0x16a/0x9a0
[ 62.611088][ T504] do_syscall_64+0x3b/0xb0
[ 62.615341][ T504] ? clear_bhb_loop+0x35/0x90
[ 62.619856][ T504] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 62.625713][ T504] RIP: 0033:0x7f5ed3cbc759
[ 62.629964][ T504] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 62.649516][ T504] RSP: 002b:00007f5ed373d038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 62.658144][ T504] RAX: ffffffffffffffda RBX: 00007f5ed3e73f80 RCX: 00007f5ed3cbc759
[ 62.665952][ T504] RDX: 0000000000000000 RSI: 0000000020000500 RDI: 0000000000000004
[ 62.673770][ T504] RBP: 00007f5ed373d090 R08: 0000000000000000 R09: 0000000000000000
[ 62.681675][ T504] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 62.689479][ T504] R13: 0000000000000000 R14: 00007f5ed3e73f80 R15: 00007ffd296bba08
[ 62.697589][ T504]
[ 62.703174][ T39] ==================================================================
[ 62.711188][ T39] BUG: KASAN: double-free or invalid-free in kmem_cache_free+0x115/0x330
[ 62.719430][ T39]
[ 62.721604][ T39] CPU: 1 PID: 39 Comm: kworker/1:1 Tainted: G B 5.15.173-syzkaller-1077948-gb4bd207b0380 #0
[ 62.733149][ T39] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[ 62.743260][ T39] Workqueue: events bpf_map_free_deferred
[ 62.748884][ T39] Call Trace:
[ 62.752014][ T39]
[ 62.754789][ T39] dump_stack_lvl+0x151/0x1c0
[ 62.759331][ T39] ? io_uring_drop_tctx_refs+0x190/0x190
[ 62.764766][ T39] ? panic+0x760/0x760
[ 62.768673][ T39] ? kasan_set_free_info+0x23/0x40
[ 62.773621][ T39] ? ____kasan_slab_free+0x126/0x160
[ 62.778774][ T39] ? kmem_cache_free+0x115/0x330
[ 62.783526][ T39] print_address_description+0x87/0x3b0
[ 62.789019][ T39] ? worker_thread+0xad5/0x12a0
[ 62.793701][ T39] ? kthread+0x421/0x510
[ 62.797787][ T39] ? kmem_cache_free+0x115/0x330
[ 62.802988][ T39] ? kmem_cache_free+0x115/0x330
[ 62.807764][ T39] kasan_report_invalid_free+0x6b/0xa0
[ 62.813066][ T39] ____kasan_slab_free+0x13e/0x160
[ 62.818007][ T39] __kasan_slab_free+0x11/0x20
[ 62.822602][ T39] slab_free_freelist_hook+0xbd/0x190
[ 62.827825][ T39] kmem_cache_free+0x115/0x330
[ 62.832412][ T39] ? kfree_skbmem+0x104/0x170
[ 62.836974][ T39] kfree_skbmem+0x104/0x170
[ 62.841263][ T39] consume_skb+0xb4/0x250
[ 62.845440][ T39] __sk_msg_free+0x2dd/0x370
[ 62.849860][ T39] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 62.855502][ T39] sk_psock_stop+0x44c/0x4d0
[ 62.859928][ T39] sk_psock_drop+0x219/0x310
[ 62.864465][ T39] sock_map_unref+0x48f/0x4d0
[ 62.868970][ T39] sock_map_free+0x137/0x2b0
[ 62.873494][ T39] bpf_map_free_deferred+0x10d/0x1e0
[ 62.878697][ T39] process_one_work+0x6bb/0xc10
[ 62.883588][ T39] worker_thread+0xad5/0x12a0
[ 62.888156][ T39] ? _raw_spin_lock+0x1b0/0x1b0
[ 62.892781][ T39] kthread+0x421/0x510
[ 62.896680][ T39] ? worker_clr_flags+0x180/0x180
[ 62.901655][ T39] ? kthread_blkcg+0xd0/0xd0
[ 62.906089][ T39] ret_from_fork+0x1f/0x30
[ 62.910331][ T39]
[ 62.913193][ T39]
[ 62.915365][ T39] Allocated by task 504:
[ 62.919444][ T39] __kasan_slab_alloc+0xb1/0xe0
[ 62.924128][ T39] slab_post_alloc_hook+0x53/0x2c0
[ 62.929076][ T39] kmem_cache_alloc+0xf5/0x250
[ 62.933718][ T39] skb_clone+0x1d1/0x360
[ 62.937753][ T39] sk_psock_verdict_recv+0x53/0x840
[ 62.942786][ T39] unix_read_sock+0x132/0x370
[ 62.947399][ T39] sk_psock_verdict_data_ready+0x147/0x1a0
[ 62.953160][ T39] unix_dgram_sendmsg+0x15fa/0x2090
[ 62.958187][ T39] ____sys_sendmsg+0x59e/0x8f0
[ 62.962795][ T39] ___sys_sendmsg+0x252/0x2e0
[ 62.967388][ T39] __se_sys_sendmsg+0x19a/0x260
[ 62.972159][ T39] __x64_sys_sendmsg+0x7b/0x90
[ 62.976762][ T39] x64_sys_call+0x16a/0x9a0
[ 62.981100][ T39] do_syscall_64+0x3b/0xb0
[ 62.985352][ T39] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 62.991081][ T39]
[ 62.993253][ T39] Freed by task 39:
[ 62.996898][ T39] kasan_set_track+0x4b/0x70
[ 63.001323][ T39] kasan_set_free_info+0x23/0x40
[ 63.006108][ T39] ____kasan_slab_free+0x126/0x160
[ 63.011055][ T39] __kasan_slab_free+0x11/0x20
[ 63.015641][ T39] slab_free_freelist_hook+0xbd/0x190
[ 63.020855][ T39] kmem_cache_free+0x115/0x330
[ 63.025449][ T39] kfree_skbmem+0x104/0x170
[ 63.030050][ T39] kfree_skb+0xc2/0x360
[ 63.034045][ T39] sk_psock_backlog+0xc21/0xd90
[ 63.038727][ T39] process_one_work+0x6bb/0xc10
[ 63.043721][ T39] worker_thread+0xad5/0x12a0
[ 63.048238][ T39] kthread+0x421/0x510
[ 63.052144][ T39] ret_from_fork+0x1f/0x30
[ 63.056474][ T39]
[ 63.058654][ T39] The buggy address belongs to the object at ffff888118cffdc0
[ 63.058654][ T39] which belongs to the cache skbuff_head_cache of size 248
[ 63.073063][ T39] The buggy address is located 0 bytes inside of
[ 63.073063][ T39] 248-byte region [ffff888118cffdc0, ffff888118cffeb8)
[ 63.085998][ T39] The buggy address belongs to the page:
[ 63.091562][ T39] page:ffffea0004633fc0 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x118cff
[ 63.101726][ T39] flags: 0x4000000000000200(slab|zone=1)
[ 63.107288][ T39] raw: 4000000000000200 ffffea000463ad80 0000000900000009 ffff8881081aaf00
[ 63.115706][ T39] raw: 0000000000000000 00000000000c000c 00000001ffffffff 0000000000000000
[ 63.124120][ T39] page dumped because: kasan: bad access detected
[ 63.130379][ T39] page_owner tracks the page as allocated
[ 63.135921][ T39] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x12cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY), pid 138, ts 5561805182, free_ts 0
[ 63.150788][ T39] post_alloc_hook+0x1a3/0x1b0
[ 63.155537][ T39] prep_new_page+0x1b/0x110
[ 63.159874][ T39] get_page_from_freelist+0x3550/0x35d0
[ 63.165270][ T39] __alloc_pages+0x27e/0x8f0
[ 63.169859][ T39] new_slab+0x9a/0x4e0
[ 63.173760][ T39] ___slab_alloc+0x39e/0x830
[ 63.178196][ T39] __slab_alloc+0x4a/0x90
[ 63.182355][ T39] kmem_cache_alloc+0x139/0x250
[ 63.187041][ T39] __alloc_skb+0xbe/0x550
[ 63.191248][ T39] alloc_skb_with_frags+0xa6/0x680
[ 63.196335][ T39] sock_alloc_send_pskb+0x915/0xa50
[ 63.201489][ T39] unix_dgram_sendmsg+0x6fd/0x2090
[ 63.206434][ T39] sock_write_iter+0x39b/0x530
[ 63.211119][ T39] do_iter_readv_writev+0x58e/0x790
[ 63.216162][ T39] do_iter_write+0x1f1/0x760
[ 63.220578][ T39] vfs_writev+0x2ac/0x560
[ 63.224745][ T39] page_owner free stack trace missing
[ 63.229961][ T39]
[ 63.232216][ T39] Memory state around the buggy address:
[ 63.237678][ T39] ffff888118cffc80: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 63.245579][ T39] ffff888118cffd00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fc
[ 63.253485][ T39] >ffff888118cffd80: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
[ 63.261370][ T39] ^
[ 63.267716][ T39] ffff888118cffe00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 63.275643][ T39] ffff888118cffe80: fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc fc
[ 63.283543][ T39] ==================================================================
[ 63.304256][ T507] FAULT_INJECTION: forcing a failure.
[ 63.304256][ T507] name failslab, interval 1, probability 0, space 0, times 0
[ 63.317176][ T507] CPU: 0 PID: 507 Comm: syz.2.26 Tainted: G B 5.15.173-syzkaller-1077948-gb4bd207b0380 #0
[ 63.328373][ T507] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[ 63.338247][ T507] Call Trace:
[ 63.341466][ T507]
[ 63.344234][ T507] dump_stack_lvl+0x151/0x1c0
[ 63.348749][ T507] ? io_uring_drop_tctx_refs+0x190/0x190
[ 63.354231][ T507] dump_stack+0x15/0x20
[ 63.358207][ T507] should_fail+0x3c6/0x510
[ 63.362472][ T507] __should_failslab+0xa4/0xe0
[ 63.367068][ T507] should_failslab+0x9/0x20
[ 63.371401][ T507] slab_pre_alloc_hook+0x37/0xd0
[ 63.376266][ T507] kmem_cache_alloc_trace+0x48/0x270
[ 63.381408][ T507] ? sk_psock_skb_ingress_self+0x60/0x330
[ 63.386999][ T507] ? migrate_disable+0x190/0x190
[ 63.391717][ T507] sk_psock_skb_ingress_self+0x60/0x330
[ 63.397180][ T507] sk_psock_verdict_recv+0x66d/0x840
[ 63.402393][ T507] unix_read_sock+0x132/0x370
[ 63.406914][ T507] ? sk_psock_skb_redirect+0x440/0x440
[ 63.412197][ T507] ? unix_stream_splice_actor+0x120/0x120
[ 63.417747][ T507] ? _raw_spin_lock_irqsave+0xf9/0x210
[ 63.423044][ T507] ? unix_stream_splice_actor+0x120/0x120
[ 63.428609][ T507] sk_psock_verdict_data_ready+0x147/0x1a0
[ 63.434334][ T507] ? sk_psock_start_verdict+0xc0/0xc0
[ 63.439662][ T507] ? _raw_spin_lock+0xa4/0x1b0
[ 63.444262][ T507] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 63.449908][ T507] ? skb_queue_tail+0xfb/0x120
[ 63.454516][ T507] unix_dgram_sendmsg+0x15fa/0x2090
[ 63.459534][ T507] ? unix_dgram_poll+0x690/0x690
[ 63.464393][ T507] ? kasan_set_track+0x5d/0x70
[ 63.468997][ T507] ? kasan_set_track+0x4b/0x70
[ 63.473594][ T507] ? security_socket_sendmsg+0x82/0xb0
[ 63.478885][ T507] ? unix_dgram_poll+0x690/0x690
[ 63.483658][ T507] ____sys_sendmsg+0x59e/0x8f0
[ 63.488387][ T507] ? __sys_sendmsg_sock+0x40/0x40
[ 63.493530][ T507] ? import_iovec+0xe5/0x120
[ 63.497949][ T507] ___sys_sendmsg+0x252/0x2e0
[ 63.502464][ T507] ? __sys_sendmsg+0x260/0x260
[ 63.507061][ T507] ? putname+0xfa/0x150
[ 63.511053][ T507] ? __fdget+0x1bc/0x240
[ 63.515131][ T507] __se_sys_sendmsg+0x19a/0x260
[ 63.519839][ T507] ? __x64_sys_sendmsg+0x90/0x90
[ 63.524588][ T507] ? ksys_write+0x260/0x2c0
[ 63.529020][ T507] ? debug_smp_processor_id+0x17/0x20
[ 63.534221][ T507] ? fpregs_assert_state_consistent+0xb6/0xe0
[ 63.540122][ T507] __x64_sys_sendmsg+0x7b/0x90
[ 63.544731][ T507] x64_sys_call+0x16a/0x9a0
[ 63.549094][ T507] do_syscall_64+0x3b/0xb0
[ 63.553330][ T507] ? clear_bhb_loop+0x35/0x90
[ 63.557919][ T507] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 63.563649][ T507] RIP: 0033:0x7f5ed3cbc759
[ 63.567897][ T507] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 63.587516][ T507] RSP: 002b:00007f5ed373d038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 63.595965][ T507] RAX: ffffffffffffffda RBX: 00007f5ed3e73f80 RCX: 00007f5ed3cbc759
[ 63.603907][ T507] RDX: 0000000000000000 RSI: 0000000020000500 RDI: 0000000000000004
[ 63.612011][ T507] RBP: 00007f5ed373d090 R08: 0000000000000000 R09: 0000000000000000
[ 63.619895][ T507] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 63.627701][ T507] R13: 0000000000000000 R14: 00007f5ed3e73f80 R15: 00007ffd296bba08
[ 63.635526][ T507]
[ 63.642400][ T39] ==================================================================
[ 63.650410][ T39] BUG: KASAN: double-free or invalid-free in kmem_cache_free+0x115/0x330
[ 63.658733][ T39]
[ 63.661113][ T39] CPU: 1 PID: 39 Comm: kworker/1:1 Tainted: G B 5.15.173-syzkaller-1077948-gb4bd207b0380 #0
[ 63.672295][ T39] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[ 63.682190][ T39] Workqueue: events bpf_map_free_deferred
[ 63.687745][ T39] Call Trace:
[ 63.691000][ T39]
[ 63.693847][ T39] dump_stack_lvl+0x151/0x1c0
[ 63.698348][ T39] ? io_uring_drop_tctx_refs+0x190/0x190
[ 63.703902][ T39] ? panic+0x760/0x760
[ 63.707809][ T39] ? kasan_set_free_info+0x23/0x40
[ 63.712756][ T39] ? ____kasan_slab_free+0x126/0x160
[ 63.717879][ T39] ? kmem_cache_free+0x115/0x330
[ 63.722649][ T39] print_address_description+0x87/0x3b0
[ 63.728033][ T39] ? worker_thread+0xad5/0x12a0
[ 63.732717][ T39] ? kthread+0x421/0x510
[ 63.736795][ T39] ? kmem_cache_free+0x115/0x330
[ 63.741830][ T39] ? kmem_cache_free+0x115/0x330
[ 63.746603][ T39] kasan_report_invalid_free+0x6b/0xa0
[ 63.751905][ T39] ____kasan_slab_free+0x13e/0x160
[ 63.756845][ T39] __kasan_slab_free+0x11/0x20
[ 63.761442][ T39] slab_free_freelist_hook+0xbd/0x190
[ 63.766656][ T39] kmem_cache_free+0x115/0x330
[ 63.771253][ T39] ? kfree_skbmem+0x104/0x170
[ 63.775767][ T39] kfree_skbmem+0x104/0x170
[ 63.780107][ T39] consume_skb+0xb4/0x250
[ 63.784367][ T39] __sk_msg_free+0x2dd/0x370
[ 63.788788][ T39] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 63.794455][ T39] sk_psock_stop+0x44c/0x4d0
[ 63.798857][ T39] sk_psock_drop+0x219/0x310
[ 63.803285][ T39] sock_map_unref+0x48f/0x4d0
[ 63.807805][ T39] sock_map_free+0x137/0x2b0
[ 63.812324][ T39] bpf_map_free_deferred+0x10d/0x1e0
[ 63.817529][ T39] process_one_work+0x6bb/0xc10
[ 63.822309][ T39] worker_thread+0xad5/0x12a0
[ 63.826822][ T39] ? _raw_spin_lock+0x1b0/0x1b0
[ 63.831592][ T39] kthread+0x421/0x510
[ 63.835928][ T39] ? worker_clr_flags+0x180/0x180
[ 63.840816][ T39] ? kthread_blkcg+0xd0/0xd0
[ 63.845306][ T39] ret_from_fork+0x1f/0x30
[ 63.849563][ T39]
[ 63.852514][ T39]
[ 63.854702][ T39] Allocated by task 507:
[ 63.858765][ T39] __kasan_slab_alloc+0xb1/0xe0
[ 63.863442][ T39] slab_post_alloc_hook+0x53/0x2c0
[ 63.868387][ T39] kmem_cache_alloc+0xf5/0x250
[ 63.872999][ T39] skb_clone+0x1d1/0x360
[ 63.877426][ T39] sk_psock_verdict_recv+0x53/0x840
[ 63.882448][ T39] unix_read_sock+0x132/0x370
[ 63.886962][ T39] sk_psock_verdict_data_ready+0x147/0x1a0
[ 63.892605][ T39] unix_dgram_sendmsg+0x15fa/0x2090
[ 63.897750][ T39] ____sys_sendmsg+0x59e/0x8f0
[ 63.902511][ T39] ___sys_sendmsg+0x252/0x2e0
[ 63.907032][ T39] __se_sys_sendmsg+0x19a/0x260
[ 63.911706][ T39] __x64_sys_sendmsg+0x7b/0x90
[ 63.916308][ T39] x64_sys_call+0x16a/0x9a0
[ 63.920771][ T39] do_syscall_64+0x3b/0xb0
[ 63.925016][ T39] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 63.930745][ T39]
[ 63.932918][ T39] Freed by task 39:
[ 63.936561][ T39] kasan_set_track+0x4b/0x70
[ 63.940998][ T39] kasan_set_free_info+0x23/0x40
[ 63.945761][ T39] ____kasan_slab_free+0x126/0x160
[ 63.950708][ T39] __kasan_slab_free+0x11/0x20
[ 63.955307][ T39] slab_free_freelist_hook+0xbd/0x190
[ 63.960518][ T39] kmem_cache_free+0x115/0x330
[ 63.965111][ T39] kfree_skbmem+0x104/0x170
[ 63.969546][ T39] kfree_skb+0xc2/0x360
[ 63.973531][ T39] sk_psock_backlog+0xc21/0xd90
[ 63.978220][ T39] process_one_work+0x6bb/0xc10
[ 63.983013][ T39] worker_thread+0xad5/0x12a0
[ 63.987506][ T39] kthread+0x421/0x510
[ 63.991419][ T39] ret_from_fork+0x1f/0x30
[ 63.995667][ T39]
[ 63.998476][ T39] The buggy address belongs to the object at ffff88811975f8c0
[ 63.998476][ T39] which belongs to the cache skbuff_head_cache of size 248
[ 64.012970][ T39] The buggy address is located 0 bytes inside of
[ 64.012970][ T39] 248-byte region [ffff88811975f8c0, ffff88811975f9b8)
[ 64.025908][ T39] The buggy address belongs to the page:
[ 64.031572][ T39] page:ffffea000465d7c0 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x11975f
[ 64.041626][ T39] flags: 0x4000000000000200(slab|zone=1)
[ 64.047188][ T39] raw: 4000000000000200 0000000000000000 dead000000000122 ffff8881081aaf00
[ 64.055684][ T39] raw: 0000000000000000 00000000000c000c 00000001ffffffff 0000000000000000
[ 64.064100][ T39] page dumped because: kasan: bad access detected
[ 64.070451][ T39] page_owner tracks the page as allocated
[ 64.076077][ T39] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x112cc0(GFP_USER|__GFP_NOWARN|__GFP_NORETRY), pid 45, ts 63301159690, free_ts 62646259029
[ 64.092057][ T39] post_alloc_hook+0x1a3/0x1b0
[ 64.096757][ T39] prep_new_page+0x1b/0x110
[ 64.101180][ T39] get_page_from_freelist+0x3550/0x35d0
[ 64.106543][ T39] __alloc_pages+0x27e/0x8f0
[ 64.110967][ T39] new_slab+0x9a/0x4e0
[ 64.114874][ T39] ___slab_alloc+0x39e/0x830
[ 64.119302][ T39] __slab_alloc+0x4a/0x90
[ 64.123471][ T39] kmem_cache_alloc+0x139/0x250
[ 64.128156][ T39] __alloc_skb+0xbe/0x550
[ 64.132320][ T39] inet_netconf_notify_devconf+0x173/0x220
[ 64.137960][ T39] inetdev_event+0x79d/0x10a0
[ 64.142489][ T39] raw_notifier_call_chain+0x8c/0xf0
[ 64.147696][ T39] unregister_netdevice_many+0xe0a/0x17c0
[ 64.153536][ T39] ip_tunnel_delete_nets+0x33b/0x380
[ 64.158811][ T39] ipgre_tap_exit_batch_net+0x22/0x30
[ 64.164313][ T39] cleanup_net+0x6ce/0xc00
[ 64.168543][ T39] page last free stack trace:
[ 64.173307][ T39] free_unref_page_prepare+0x7c8/0x7d0
[ 64.178935][ T39] free_unref_page+0xe8/0x750
[ 64.183381][ T39] __free_pages+0x61/0xf0
[ 64.187553][ T39] __free_slab+0xec/0x1d0
[ 64.191713][ T39] __unfreeze_partials+0x165/0x1a0
[ 64.196765][ T39] put_cpu_partial+0xc4/0x120
[ 64.201278][ T39] __slab_free+0x1c8/0x290
[ 64.205571][ T39] ___cache_free+0x109/0x120
[ 64.209984][ T39] qlink_free+0x4d/0x90
[ 64.214035][ T39] qlist_free_all+0x44/0xb0
[ 64.218383][ T39] kasan_quarantine_reduce+0x15a/0x180
[ 64.223667][ T39] __kasan_slab_alloc+0x2f/0xe0
[ 64.228356][ T39] slab_post_alloc_hook+0x53/0x2c0
[ 64.233300][ T39] kmem_cache_alloc+0xf5/0x250
[ 64.237901][ T39] dup_task_struct+0x53/0xc60
[ 64.242430][ T39] copy_process+0x5c4/0x3290
[ 64.246843][ T39]
[ 64.249010][ T39] Memory state around the buggy address:
[ 64.254485][ T39] ffff88811975f780: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 64.262523][ T39] ffff88811975f800: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fc
[ 64.270467][ T39] >ffff88811975f880: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
[ 64.278587][ T39] ^
[ 64.284587][ T39] ffff88811975f900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 64.292655][ T39] ffff88811975f980: fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc fc
[ 64.300581][ T39] ==================================================================
[ 64.323008][ T510] FAULT_INJECTION: forcing a failure.
[ 64.323008][ T510] name failslab, interval 1, probability 0, space 0, times 0
[ 64.335644][ T510] CPU: 1 PID: 510 Comm: syz.2.27 Tainted: G B 5.15.173-syzkaller-1077948-gb4bd207b0380 #0
[ 64.346785][ T510] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[ 64.356644][ T510] Call Trace:
[ 64.359767][ T510]
[ 64.362537][ T510] dump_stack_lvl+0x151/0x1c0
[ 64.367050][ T510] ? io_uring_drop_tctx_refs+0x190/0x190
[ 64.372640][ T510] dump_stack+0x15/0x20
[ 64.376633][ T510] should_fail+0x3c6/0x510
[ 64.380982][ T510] __should_failslab+0xa4/0xe0
[ 64.385572][ T510] should_failslab+0x9/0x20
[ 64.389922][ T510] slab_pre_alloc_hook+0x37/0xd0
[ 64.394794][ T510] kmem_cache_alloc_trace+0x48/0x270
[ 64.400256][ T510] ? sk_psock_skb_ingress_self+0x60/0x330
[ 64.406166][ T510] ? migrate_disable+0x190/0x190
[ 64.410933][ T510] sk_psock_skb_ingress_self+0x60/0x330
[ 64.416541][ T510] sk_psock_verdict_recv+0x66d/0x840
[ 64.421690][ T510] unix_read_sock+0x132/0x370
[ 64.426486][ T510] ? sk_psock_skb_redirect+0x440/0x440
[ 64.431784][ T510] ? unix_stream_splice_actor+0x120/0x120
[ 64.437363][ T510] ? _raw_spin_lock_irqsave+0xf9/0x210
[ 64.442661][ T510] ? unix_stream_splice_actor+0x120/0x120
[ 64.448405][ T510] sk_psock_verdict_data_ready+0x147/0x1a0
[ 64.454196][ T510] ? sk_psock_start_verdict+0xc0/0xc0
[ 64.459453][ T510] ? _raw_spin_lock+0xa4/0x1b0
[ 64.464178][ T510] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 64.469821][ T510] ? skb_queue_tail+0xfb/0x120
[ 64.474520][ T510] unix_dgram_sendmsg+0x15fa/0x2090
[ 64.479560][ T510] ? unix_dgram_poll+0x690/0x690
[ 64.484329][ T510] ? kasan_set_track+0x5d/0x70
[ 64.489101][ T510] ? kasan_set_track+0x4b/0x70
[ 64.493729][ T510] ? security_socket_sendmsg+0x82/0xb0
[ 64.499083][ T510] ? unix_dgram_poll+0x690/0x690
[ 64.503888][ T510] ____sys_sendmsg+0x59e/0x8f0
[ 64.508469][ T510] ? __sys_sendmsg_sock+0x40/0x40
[ 64.513321][ T510] ? import_iovec+0xe5/0x120
[ 64.517747][ T510] ___sys_sendmsg+0x252/0x2e0
[ 64.522259][ T510] ? __sys_sendmsg+0x260/0x260
[ 64.526857][ T510] ? putname+0xfa/0x150
[ 64.530854][ T510] ? __fdget+0x1bc/0x240
[ 64.534936][ T510] __se_sys_sendmsg+0x19a/0x260
[ 64.539620][ T510] ? __x64_sys_sendmsg+0x90/0x90
[ 64.544394][ T510] ? ksys_write+0x260/0x2c0
[ 64.548728][ T510] ? debug_smp_processor_id+0x17/0x20
[ 64.554074][ T510] ? fpregs_assert_state_consistent+0xb6/0xe0
[ 64.560251][ T510] __x64_sys_sendmsg+0x7b/0x90
[ 64.564856][ T510] x64_sys_call+0x16a/0x9a0
[ 64.569215][ T510] do_syscall_64+0x3b/0xb0
[ 64.573439][ T510] ? clear_bhb_loop+0x35/0x90
[ 64.577956][ T510] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 64.583816][ T510] RIP: 0033:0x7f5ed3cbc759
[ 64.588024][ T510] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 64.607779][ T510] RSP: 002b:00007f5ed373d038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 64.616023][ T510] RAX: ffffffffffffffda RBX: 00007f5ed3e73f80 RCX: 00007f5ed3cbc759
2024/12/27 08:47:40 executed programs: 14
[ 64.623920][ T510] RDX: 0000000000000000 RSI: 0000000020000500 RDI: 0000000000000004
[ 64.631859][ T510] RBP: 00007f5ed373d090 R08: 0000000000000000 R09: 0000000000000000
[ 64.639757][ T510] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 64.647712][ T510] R13: 0000000000000000 R14: 00007f5ed3e73f80 R15: 00007ffd296bba08
[ 64.655646][ T510]
[ 64.664205][ T509] ==================================================================
[ 64.672194][ T509] BUG: KASAN: double-free or invalid-free in kmem_cache_free+0x115/0x330
[ 64.680632][ T509]
[ 64.682796][ T509] CPU: 0 PID: 509 Comm: syz.2.27 Tainted: G B 5.15.173-syzkaller-1077948-gb4bd207b0380 #0
[ 64.693908][ T509] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[ 64.704085][ T509] Call Trace:
[ 64.707130][ T509]
[ 64.709906][ T509] dump_stack_lvl+0x151/0x1c0
[ 64.714523][ T509] ? io_uring_drop_tctx_refs+0x190/0x190
[ 64.719980][ T509] ? __wake_up_klogd+0xd5/0x110
[ 64.724670][ T509] ? panic+0x760/0x760
[ 64.728568][ T509] ? kmem_cache_free+0x115/0x330
[ 64.733441][ T509] print_address_description+0x87/0x3b0
[ 64.738941][ T509] ? kmem_cache_free+0x115/0x330
[ 64.744020][ T509] ? kmem_cache_free+0x115/0x330
[ 64.748792][ T509] kasan_report_invalid_free+0x6b/0xa0
[ 64.754080][ T509] ____kasan_slab_free+0x13e/0x160
[ 64.759033][ T509] __kasan_slab_free+0x11/0x20
[ 64.763640][ T509] slab_free_freelist_hook+0xbd/0x190
[ 64.768902][ T509] kmem_cache_free+0x115/0x330
[ 64.773434][ T509] ? kfree_skbmem+0x104/0x170
[ 64.778045][ T509] kfree_skbmem+0x104/0x170
[ 64.782433][ T509] consume_skb+0xb4/0x250
[ 64.786541][ T509] __sk_msg_free+0x2dd/0x370
[ 64.791073][ T509] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 64.796694][ T509] sk_psock_stop+0x44c/0x4d0
[ 64.801212][ T509] sk_psock_drop+0x219/0x310
[ 64.805641][ T509] sock_map_unref+0x48f/0x4d0
[ 64.810152][ T509] ? __local_bh_enable_ip+0x58/0x80
[ 64.815183][ T509] ? _raw_spin_unlock_bh+0x51/0x60
[ 64.820132][ T509] sock_map_remove_links+0x41c/0x650
[ 64.825251][ T509] ? sock_map_unhash+0x120/0x120
[ 64.830037][ T509] ? locks_remove_posix+0x610/0x610
[ 64.835143][ T509] sock_map_close+0x114/0x530
[ 64.839761][ T509] ? unix_peer_get+0xe0/0xe0
[ 64.844182][ T509] ? sock_map_remove_links+0x650/0x650
[ 64.849475][ T509] ? rwsem_mark_wake+0x770/0x770
[ 64.854252][ T509] unix_release+0x82/0xc0
[ 64.858719][ T509] sock_close+0xdf/0x270
[ 64.862770][ T509] ? sock_mmap+0xa0/0xa0
[ 64.866840][ T509] __fput+0x228/0x8c0
[ 64.870660][ T509] ____fput+0x15/0x20
[ 64.874474][ T509] task_work_run+0x129/0x190
[ 64.878988][ T509] exit_to_user_mode_loop+0xc4/0xe0
[ 64.884022][ T509] exit_to_user_mode_prepare+0x5a/0xa0
[ 64.889337][ T509] syscall_exit_to_user_mode+0x26/0x160
[ 64.894713][ T509] do_syscall_64+0x47/0xb0
[ 64.899615][ T509] ? clear_bhb_loop+0x35/0x90
[ 64.904137][ T509] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 64.909859][ T509] RIP: 0033:0x7f5ed3cbc759
[ 64.914190][ T509] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 64.934156][ T509] RSP: 002b:00007ffd296bbb68 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4
[ 64.942398][ T509] RAX: 0000000000000000 RBX: 00007f5ed3e75a80 RCX: 00007f5ed3cbc759
[ 64.950206][ T509] RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003
[ 64.958016][ T509] RBP: 00007f5ed3e75a80 R08: 0000000000000000 R09: 00007ffd296bbe5f
[ 64.965826][ T509] R10: 000000000003fda8 R11: 0000000000000246 R12: 000000000000fe67
[ 64.973640][ T509] R13: 00007ffd296bbc70 R14: 0000000000000032 R15: ffffffffffffffff
[ 64.981541][ T509]
[ 64.984411][ T509]
[ 64.986570][ T509] Allocated by task 510:
[ 64.990747][ T509] __kasan_slab_alloc+0xb1/0xe0
[ 64.995521][ T509] slab_post_alloc_hook+0x53/0x2c0
[ 65.000577][ T509] kmem_cache_alloc+0xf5/0x250
[ 65.005178][ T509] skb_clone+0x1d1/0x360
[ 65.009363][ T509] sk_psock_verdict_recv+0x53/0x840
[ 65.014386][ T509] unix_read_sock+0x132/0x370
[ 65.018986][ T509] sk_psock_verdict_data_ready+0x147/0x1a0