Warning: Permanently added '10.128.1.99' (ED25519) to the list of known hosts.
2024/12/27 08:31:37 ignoring optional flag "sandboxArg"="0"
2024/12/27 08:31:37 ignoring optional flag "type"="gce"
2024/12/27 08:31:38 parsed 1 programs
[ 44.890547][ T30] kauditd_printk_skb: 19 callbacks suppressed
[ 44.890563][ T30] audit: type=1400 audit(1735288298.114:95): avc: denied { unlink } for pid=346 comm="syz-executor" name="swap-file" dev="sda1" ino=1930 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
2024/12/27 08:31:38 executed programs: 0
[ 44.922601][ T30] audit: type=1400 audit(1735288298.144:96): avc: denied { read } for pid=83 comm="syslogd" name="log" dev="sda1" ino=1915 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:var_t tclass=lnk_file permissive=1
[ 44.945086][ T346] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k
[ 45.002749][ T352] bridge0: port 1(bridge_slave_0) entered blocking state
[ 45.009598][ T352] bridge0: port 1(bridge_slave_0) entered disabled state
[ 45.016925][ T352] device bridge_slave_0 entered promiscuous mode
[ 45.023619][ T352] bridge0: port 2(bridge_slave_1) entered blocking state
[ 45.030494][ T352] bridge0: port 2(bridge_slave_1) entered disabled state
[ 45.037673][ T352] device bridge_slave_1 entered promiscuous mode
[ 45.082822][ T352] bridge0: port 2(bridge_slave_1) entered blocking state
[ 45.089676][ T352] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 45.096836][ T352] bridge0: port 1(bridge_slave_0) entered blocking state
[ 45.103785][ T352] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 45.122966][ T8] bridge0: port 1(bridge_slave_0) entered disabled state
[ 45.130417][ T8] bridge0: port 2(bridge_slave_1) entered disabled state
[ 45.137749][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[ 45.145091][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 45.153790][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 45.161837][ T8] bridge0: port 1(bridge_slave_0) entered blocking state
[ 45.168672][ T8] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 45.177164][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 45.185245][ T8] bridge0: port 2(bridge_slave_1) entered blocking state
[ 45.192283][ T8] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 45.204906][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 45.214726][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 45.228705][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 45.239689][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 45.247860][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[ 45.255379][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[ 45.263604][ T352] device veth0_vlan entered promiscuous mode
[ 45.273741][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 45.282797][ T352] device veth1_macvtap entered promiscuous mode
[ 45.292795][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 45.302643][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[ 45.317396][ T30] audit: type=1400 audit(1735288298.534:97): avc: denied { mounton } for pid=352 comm="syz-executor.0" path="/dev/binderfs" dev="devtmpfs" ino=514 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:device_t tclass=dir permissive=1
[ 45.344971][ T30] audit: type=1400 audit(1735288298.564:98): avc: denied { prog_load } for pid=357 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1
[ 45.364189][ T30] audit: type=1400 audit(1735288298.564:99): avc: denied { bpf } for pid=357 comm="syz-executor.0" capability=39 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1
[ 45.447413][ T30] audit: type=1400 audit(1735288298.664:100): avc: denied { map_create } for pid=357 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1
[ 45.447972][ T360] FAULT_INJECTION: forcing a failure.
[ 45.447972][ T360] name fail_usercopy, interval 1, probability 0, space 0, times 1
[ 45.479675][ T360] CPU: 1 PID: 360 Comm: syz-executor.0 Not tainted 5.15.173-syzkaller-1077948-gb4bd207b0380 #0
[ 45.480257][ T30] audit: type=1400 audit(1735288298.664:101): avc: denied { map_read map_write } for pid=357 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1
[ 45.489823][ T360] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[ 45.519533][ T360] Call Trace:
[ 45.522647][ T360]
[ 45.525417][ T360] dump_stack_lvl+0x151/0x1c0
[ 45.529930][ T360] ? io_uring_drop_tctx_refs+0x190/0x190
[ 45.535709][ T360] ? vsnprintf+0x1dd/0x1c70
[ 45.540045][ T360] dump_stack+0x15/0x20
[ 45.544033][ T360] should_fail+0x3c6/0x510
[ 45.548285][ T360] should_fail_usercopy+0x1a/0x20
[ 45.553155][ T360] _copy_from_user+0x20/0xd0
[ 45.557574][ T360] kstrtouint_from_user+0xca/0x2a0
[ 45.562522][ T360] ? kstrtol_from_user+0x310/0x310
[ 45.567467][ T360] ? snprintf+0xd6/0x120
[ 45.571550][ T360] ? check_stack_object+0x114/0x130
[ 45.576587][ T360] ? __kasan_check_read+0x11/0x20
[ 45.581441][ T360] ? _copy_to_user+0x78/0x90
[ 45.585870][ T360] proc_fail_nth_write+0xa6/0x290
[ 45.590728][ T360] ? selinux_file_permission+0x2c4/0x570
[ 45.596210][ T360] ? proc_fail_nth_read+0x210/0x210
[ 45.601379][ T360] ? fsnotify_perm+0x6a/0x5b0
[ 45.605885][ T360] ? security_file_permission+0x86/0xb0
[ 45.611268][ T360] ? proc_fail_nth_read+0x210/0x210
[ 45.616454][ T360] vfs_write+0x406/0x1110
[ 45.620760][ T360] ? file_end_write+0x1c0/0x1c0
[ 45.625447][ T360] ? __kasan_check_write+0x14/0x20
[ 45.630394][ T360] ? mutex_lock+0xb6/0x1e0
[ 45.634648][ T360] ? wait_for_completion_killable_timeout+0x10/0x10
[ 45.641080][ T360] ? __fdget_pos+0x2e7/0x3a0
[ 45.645507][ T360] ? ksys_write+0x77/0x2c0
[ 45.649746][ T360] ksys_write+0x199/0x2c0
[ 45.654015][ T360] ? __ia32_sys_read+0x90/0x90
[ 45.658621][ T360] ? debug_smp_processor_id+0x17/0x20
[ 45.663818][ T360] ? fpregs_assert_state_consistent+0xb6/0xe0
[ 45.669725][ T360] __x64_sys_write+0x7b/0x90
[ 45.674148][ T360] x64_sys_call+0x2f/0x9a0
[ 45.676011][ T30] audit: type=1400 audit(1735288298.894:102): avc: denied { perfmon } for pid=357 comm="syz-executor.0" capability=38 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1
[ 45.678397][ T360] do_syscall_64+0x3b/0xb0
[ 45.703481][ T360] ? clear_bhb_loop+0x35/0x90
[ 45.708113][ T360] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 45.713840][ T360] RIP: 0033:0x7ff7fd958bef
[ 45.718093][ T360] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 b9 80 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 0c 81 02 00 48
[ 45.737726][ T360] RSP: 002b:00007ff7fd4990c0 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[ 45.746115][ T360] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007ff7fd958bef
[ 45.753920][ T360] RDX: 0000000000000001 RSI: 00007ff7fd499130 RDI: 0000000000000006
[ 45.761732][ T360] RBP: 00007ff7fd499120 R08: 0000000000000000 R09: 0000000000000000
[ 45.769648][ T360] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000001
[ 45.777455][ T360] R13: 000000000000006e R14: 00007ff7fda88120 R15: 00007ffd6fb492c8
[ 45.785311][ T360]
[ 45.790314][ T30] audit: type=1400 audit(1735288299.004:103): avc: denied { prog_run } for pid=357 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1
[ 45.811269][ T362] FAULT_INJECTION: forcing a failure.
[ 45.811269][ T362] name failslab, interval 1, probability 0, space 0, times 1
[ 45.823807][ T362] CPU: 1 PID: 362 Comm: syz-executor.0 Not tainted 5.15.173-syzkaller-1077948-gb4bd207b0380 #0
[ 45.833955][ T362] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[ 45.843811][ T362] Call Trace:
[ 45.846926][ T362]
[ 45.849706][ T362] dump_stack_lvl+0x151/0x1c0
[ 45.854317][ T362] ? io_uring_drop_tctx_refs+0x190/0x190
[ 45.859772][ T362] dump_stack+0x15/0x20
[ 45.863770][ T362] should_fail+0x3c6/0x510
[ 45.868020][ T362] __should_failslab+0xa4/0xe0
[ 45.872618][ T362] should_failslab+0x9/0x20
[ 45.876956][ T362] slab_pre_alloc_hook+0x37/0xd0
[ 45.881737][ T362] kmem_cache_alloc_trace+0x48/0x270
[ 45.886851][ T362] ? sk_psock_skb_ingress_self+0x60/0x330
[ 45.892514][ T362] ? migrate_disable+0x190/0x190
[ 45.897279][ T362] sk_psock_skb_ingress_self+0x60/0x330
[ 45.902665][ T362] sk_psock_verdict_recv+0x66d/0x840
[ 45.907781][ T362] unix_read_sock+0x132/0x370
[ 45.912305][ T362] ? sk_psock_skb_redirect+0x440/0x440
[ 45.917589][ T362] ? unix_stream_splice_actor+0x120/0x120
[ 45.923144][ T362] ? _raw_spin_lock_irqsave+0xf9/0x210
[ 45.928441][ T362] ? unix_stream_splice_actor+0x120/0x120
[ 45.934006][ T362] sk_psock_verdict_data_ready+0x147/0x1a0
[ 45.939641][ T362] ? sk_psock_start_verdict+0xc0/0xc0
[ 45.944943][ T362] ? _raw_spin_lock+0xa4/0x1b0
[ 45.949554][ T362] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 45.955192][ T362] ? skb_queue_tail+0xfb/0x120
[ 45.959792][ T362] unix_dgram_sendmsg+0x15fa/0x2090
[ 45.964917][ T362] ? unix_dgram_poll+0x690/0x690
[ 45.969697][ T362] ? security_socket_sendmsg+0x82/0xb0
[ 45.974981][ T362] ? unix_dgram_poll+0x690/0x690
[ 45.979769][ T362] ____sys_sendmsg+0x59e/0x8f0
[ 45.984357][ T362] ? __sys_sendmsg_sock+0x40/0x40
[ 45.989213][ T362] ? import_iovec+0xe5/0x120
[ 45.993644][ T362] ___sys_sendmsg+0x252/0x2e0
[ 45.998159][ T362] ? __sys_sendmsg+0x260/0x260
[ 46.002757][ T362] ? putname+0xfa/0x150
[ 46.006757][ T362] ? __fdget+0x1bc/0x240
[ 46.010833][ T362] __se_sys_sendmsg+0x19a/0x260
[ 46.015513][ T362] ? __x64_sys_sendmsg+0x90/0x90
[ 46.020593][ T362] ? ksys_write+0x260/0x2c0
[ 46.025021][ T362] ? debug_smp_processor_id+0x17/0x20
[ 46.030227][ T362] ? fpregs_assert_state_consistent+0xb6/0xe0
[ 46.036129][ T362] __x64_sys_sendmsg+0x7b/0x90
[ 46.040727][ T362] x64_sys_call+0x16a/0x9a0
[ 46.045062][ T362] do_syscall_64+0x3b/0xb0
[ 46.049320][ T362] ? clear_bhb_loop+0x35/0x90
[ 46.053922][ T362] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 46.059645][ T362] RIP: 0033:0x7ff7fd959ea9
[ 46.063909][ T362] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[ 46.083432][ T362] RSP: 002b:00007ff7fd4db0c8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 46.091674][ T362] RAX: ffffffffffffffda RBX: 00007ff7fda87f80 RCX: 00007ff7fd959ea9
[ 46.099636][ T362] RDX: 0000000000000000 RSI: 0000000020000500 RDI: 0000000000000004
[ 46.107586][ T362] RBP: 00007ff7fd4db120 R08: 0000000000000000 R09: 0000000000000000
[ 46.115409][ T362] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 46.123216][ T362] R13: 000000000000000b R14: 00007ff7fda87f80 R15: 00007ffd6fb492c8
[ 46.131034][ T362]
[ 46.136536][ T361] ==================================================================
[ 46.144499][ T361] BUG: KASAN: use-after-free in consume_skb+0x3c/0x250
[ 46.151182][ T361] Read of size 4 at addr ffff88810f016d6c by task syz-executor.0/361
[ 46.159095][ T361]
[ 46.161247][ T361] CPU: 0 PID: 361 Comm: syz-executor.0 Not tainted 5.15.173-syzkaller-1077948-gb4bd207b0380 #0
[ 46.171399][ T361] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[ 46.181298][ T361] Call Trace:
[ 46.184463][ T361]
[ 46.187209][ T361] dump_stack_lvl+0x151/0x1c0
[ 46.191722][ T361] ? io_uring_drop_tctx_refs+0x190/0x190
[ 46.197187][ T361] ? panic+0x760/0x760
[ 46.201084][ T361] ? __update_load_avg_cfs_rq+0xb1/0x2f0
[ 46.206553][ T361] print_address_description+0x87/0x3b0
[ 46.211941][ T361] kasan_report+0x179/0x1c0
[ 46.216274][ T361] ? consume_skb+0x3c/0x250
[ 46.220617][ T361] ? consume_skb+0x3c/0x250
[ 46.224955][ T361] kasan_check_range+0x293/0x2a0
[ 46.229732][ T361] __kasan_check_read+0x11/0x20
[ 46.234422][ T361] consume_skb+0x3c/0x250
[ 46.238581][ T361] __sk_msg_free+0x2dd/0x370
[ 46.243004][ T361] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 46.248648][ T361] sk_psock_stop+0x44c/0x4d0
[ 46.253075][ T361] sk_psock_drop+0x219/0x310
[ 46.257528][ T361] sock_map_unref+0x48f/0x4d0
[ 46.262013][ T361] ? __local_bh_enable_ip+0x58/0x80
[ 46.267132][ T361] ? _raw_spin_unlock_bh+0x51/0x60
[ 46.273577][ T361] sock_map_remove_links+0x41c/0x650
[ 46.278677][ T361] ? __kasan_record_aux_stack+0xd3/0xf0
[ 46.284059][ T361] ? kasan_record_aux_stack+0xe/0x10
[ 46.289189][ T361] ? task_work_add+0x27/0x1d0
[ 46.293699][ T361] ? sock_map_unhash+0x120/0x120
[ 46.298560][ T361] ? x64_sys_call+0x3d/0x9a0
[ 46.303079][ T361] ? locks_remove_posix+0x610/0x610
[ 46.308106][ T361] sock_map_close+0x114/0x530
[ 46.312614][ T361] ? unix_peer_get+0xe0/0xe0
[ 46.317044][ T361] ? sock_map_remove_links+0x650/0x650
[ 46.322781][ T361] ? rwsem_mark_wake+0x770/0x770
[ 46.327546][ T361] unix_release+0x82/0xc0
[ 46.331713][ T361] sock_close+0xdf/0x270
[ 46.335801][ T361] ? sock_mmap+0xa0/0xa0
[ 46.339871][ T361] __fput+0x228/0x8c0
[ 46.343689][ T361] ____fput+0x15/0x20
[ 46.347508][ T361] task_work_run+0x129/0x190
[ 46.351939][ T361] exit_to_user_mode_loop+0xc4/0xe0
[ 46.356976][ T361] exit_to_user_mode_prepare+0x5a/0xa0
[ 46.362272][ T361] syscall_exit_to_user_mode+0x26/0x160
[ 46.367640][ T361] do_syscall_64+0x47/0xb0
[ 46.371900][ T361] ? clear_bhb_loop+0x35/0x90
[ 46.376432][ T361] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 46.382145][ T361] RIP: 0033:0x7ff7fd958d9a
[ 46.386392][ T361] Code: 48 3d 00 f0 ff ff 77 48 c3 0f 1f 80 00 00 00 00 48 83 ec 18 89 7c 24 0c e8 03 7f 02 00 8b 7c 24 0c 89 c2 b8 03 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 36 89 d7 89 44 24 0c e8 63 7f 02 00 8b 44 24
[ 46.406094][ T361] RSP: 002b:00007ffd6fb49390 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[ 46.414337][ T361] RAX: 0000000000000000 RBX: 0000000000000004 RCX: 00007ff7fd958d9a
[ 46.422145][ T361] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003
[ 46.429959][ T361] RBP: 00007ff7fda89980 R08: 0000001b31b60000 R09: 0000000000000001
[ 46.437772][ T361] R10: 0000000000000001 R11: 0000000000000293 R12: 000000000000b613
[ 46.445586][ T361] R13: 000000000000b2df R14: 00007ffd6fb49550 R15: 00007ff7fd910cb0
[ 46.453399][ T361]
[ 46.456258][ T361]
[ 46.458426][ T361] Allocated by task 362:
[ 46.462505][ T361] __kasan_slab_alloc+0xb1/0xe0
[ 46.467216][ T361] slab_post_alloc_hook+0x53/0x2c0
[ 46.472143][ T361] kmem_cache_alloc+0xf5/0x250
[ 46.476739][ T361] skb_clone+0x1d1/0x360
[ 46.480820][ T361] sk_psock_verdict_recv+0x53/0x840
[ 46.485864][ T361] unix_read_sock+0x132/0x370
[ 46.490375][ T361] sk_psock_verdict_data_ready+0x147/0x1a0
[ 46.496035][ T361] unix_dgram_sendmsg+0x15fa/0x2090
[ 46.501665][ T361] ____sys_sendmsg+0x59e/0x8f0
[ 46.506473][ T361] ___sys_sendmsg+0x252/0x2e0
[ 46.510945][ T361] __se_sys_sendmsg+0x19a/0x260
[ 46.515649][ T361] __x64_sys_sendmsg+0x7b/0x90
[ 46.520313][ T361] x64_sys_call+0x16a/0x9a0
[ 46.524653][ T361] do_syscall_64+0x3b/0xb0
[ 46.528906][ T361] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 46.534778][ T361]
[ 46.536940][ T361] Freed by task 307:
[ 46.540671][ T361] kasan_set_track+0x4b/0x70
[ 46.545095][ T361] kasan_set_free_info+0x23/0x40
[ 46.549869][ T361] ____kasan_slab_free+0x126/0x160
[ 46.554817][ T361] __kasan_slab_free+0x11/0x20
[ 46.559450][ T361] slab_free_freelist_hook+0xbd/0x190
[ 46.564630][ T361] kmem_cache_free+0x115/0x330
[ 46.569223][ T361] kfree_skbmem+0x104/0x170
[ 46.573566][ T361] kfree_skb+0xc2/0x360
[ 46.577556][ T361] sk_psock_backlog+0xc21/0xd90
[ 46.582247][ T361] process_one_work+0x6bb/0xc10
[ 46.586937][ T361] worker_thread+0xad5/0x12a0
[ 46.591443][ T361] kthread+0x421/0x510
[ 46.595349][ T361] ret_from_fork+0x1f/0x30
[ 46.599612][ T361]
[ 46.601775][ T361] The buggy address belongs to the object at ffff88810f016c80
[ 46.601775][ T361] which belongs to the cache skbuff_head_cache of size 248
[ 46.616478][ T361] The buggy address is located 236 bytes inside of
[ 46.616478][ T361] 248-byte region [ffff88810f016c80, ffff88810f016d78)
[ 46.629807][ T361] The buggy address belongs to the page:
[ 46.635298][ T361] page:ffffea00043c0580 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10f016
[ 46.645341][ T361] flags: 0x4000000000000200(slab|zone=1)
[ 46.650818][ T361] raw: 4000000000000200 ffffea00043d4880 0000000600000006 ffff8881081aa180
[ 46.659252][ T361] raw: 0000000000000000 00000000000c000c 00000001ffffffff 0000000000000000
[ 46.667657][ T361] page dumped because: kasan: bad access detected
[ 46.673915][ T361] page_owner tracks the page as allocated
[ 46.679450][ T361] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x12cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY), pid 102, ts 4639760545, free_ts 4639683145
[ 46.695075][ T361] post_alloc_hook+0x1a3/0x1b0
[ 46.699837][ T361] prep_new_page+0x1b/0x110
[ 46.704175][ T361] get_page_from_freelist+0x3550/0x35d0
[ 46.709562][ T361] __alloc_pages+0x27e/0x8f0
[ 46.713978][ T361] new_slab+0x9a/0x4e0
[ 46.717884][ T361] ___slab_alloc+0x39e/0x830
[ 46.722316][ T361] __slab_alloc+0x4a/0x90
[ 46.726578][ T361] kmem_cache_alloc+0x139/0x250
[ 46.731259][ T361] skb_clone+0x1d1/0x360
[ 46.735339][ T361] netlink_broadcast_filtered+0x692/0x1220
[ 46.740976][ T361] netlink_broadcast+0x3a/0x50
[ 46.745573][ T361] kobject_uevent_net_broadcast+0x3a1/0x590
[ 46.751300][ T361] kobject_uevent_env+0x525/0x700
[ 46.756161][ T361] kobject_synth_uevent+0x4eb/0xae0
[ 46.761637][ T361] store_uevent+0x16/0x30
[ 46.765794][ T361] module_attr_store+0x5c/0x80
[ 46.770396][ T361] page last free stack trace:
[ 46.774911][ T361] free_unref_page_prepare+0x7c8/0x7d0
[ 46.780207][ T361] free_unref_page+0xe8/0x750
[ 46.784716][ T361] __free_pages+0x61/0xf0
[ 46.788968][ T361] free_pages+0x7c/0x90
[ 46.792962][ T361] selinux_genfs_get_sid+0x24d/0x2a0
[ 46.798091][ T361] inode_doinit_with_dentry+0x8d2/0x1070
[ 46.803548][ T361] selinux_d_instantiate+0x27/0x40
[ 46.808495][ T361] security_d_instantiate+0x9f/0x100
[ 46.813617][ T361] d_splice_alias+0x6d/0x390
[ 46.818139][ T361] kernfs_iop_lookup+0x29e/0x2f0
[ 46.822907][ T361] path_openat+0x1194/0x2f40
[ 46.827338][ T361] do_filp_open+0x21c/0x460
[ 46.831670][ T361] do_sys_openat2+0x13f/0x820
[ 46.836191][ T361] __x64_sys_openat+0x243/0x290
[ 46.840875][ T361] x64_sys_call+0x6bf/0x9a0
[ 46.845211][ T361] do_syscall_64+0x3b/0xb0
[ 46.849468][ T361]
[ 46.851642][ T361] Memory state around the buggy address:
[ 46.857108][ T361] ffff88810f016c00: fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc fc
[ 46.865013][ T361] ffff88810f016c80: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 46.873008][ T361] >ffff88810f016d00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fc
[ 46.880900][ T361] ^
[ 46.888187][ T361] ffff88810f016d80: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
[ 46.896235][ T361] ffff88810f016e00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 46.904123][ T361] ==================================================================
[ 46.912189][ T361] Disabling lock debugging due to kernel taint
[ 46.918266][ T361] ==================================================================
[ 46.926082][ T361] BUG: KASAN: double-free or invalid-free in kmem_cache_free+0x115/0x330
[ 46.934335][ T361]
[ 46.936496][ T361] CPU: 0 PID: 361 Comm: syz-executor.0 Tainted: G B 5.15.173-syzkaller-1077948-gb4bd207b0380 #0
[ 46.948036][ T361] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[ 46.957932][ T361] Call Trace:
[ 46.961057][ T361]
[ 46.963845][ T361] dump_stack_lvl+0x151/0x1c0
[ 46.968345][ T361] ? io_uring_drop_tctx_refs+0x190/0x190
[ 46.973824][ T361] ? __wake_up_klogd+0xd5/0x110
[ 46.978611][ T361] ? panic+0x760/0x760
[ 46.982674][ T361] ? kmem_cache_free+0x115/0x330
[ 46.987625][ T361] print_address_description+0x87/0x3b0
[ 46.993268][ T361] ? asm_sysvec_apic_timer_interrupt+0x1b/0x20
[ 46.999256][ T361] ? kmem_cache_free+0x115/0x330
[ 47.004038][ T361] ? kmem_cache_free+0x115/0x330
[ 47.008828][ T361] kasan_report_invalid_free+0x6b/0xa0
[ 47.014110][ T361] ____kasan_slab_free+0x13e/0x160
[ 47.019144][ T361] __kasan_slab_free+0x11/0x20
[ 47.023734][ T361] slab_free_freelist_hook+0xbd/0x190
[ 47.029165][ T361] kmem_cache_free+0x115/0x330
[ 47.034802][ T361] ? kfree_skbmem+0x104/0x170
[ 47.039323][ T361] kfree_skbmem+0x104/0x170
[ 47.043656][ T361] consume_skb+0xb4/0x250
[ 47.047819][ T361] __sk_msg_free+0x2dd/0x370
[ 47.052254][ T361] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 47.057889][ T361] sk_psock_stop+0x44c/0x4d0
[ 47.062323][ T361] sk_psock_drop+0x219/0x310
[ 47.066741][ T361] sock_map_unref+0x48f/0x4d0
[ 47.071252][ T361] ? __local_bh_enable_ip+0x58/0x80
[ 47.076290][ T361] ? _raw_spin_unlock_bh+0x51/0x60
[ 47.081237][ T361] sock_map_remove_links+0x41c/0x650
[ 47.086355][ T361] ? __kasan_record_aux_stack+0xd3/0xf0
[ 47.091739][ T361] ? kasan_record_aux_stack+0xe/0x10
[ 47.096852][ T361] ? task_work_add+0x27/0x1d0
[ 47.101368][ T361] ? sock_map_unhash+0x120/0x120
[ 47.106141][ T361] ? x64_sys_call+0x3d/0x9a0
[ 47.110570][ T361] ? locks_remove_posix+0x610/0x610
[ 47.115696][ T361] sock_map_close+0x114/0x530
[ 47.120212][ T361] ? unix_peer_get+0xe0/0xe0
[ 47.124643][ T361] ? sock_map_remove_links+0x650/0x650
[ 47.130021][ T361] ? rwsem_mark_wake+0x770/0x770
[ 47.134787][ T361] unix_release+0x82/0xc0
[ 47.138952][ T361] sock_close+0xdf/0x270
[ 47.143122][ T361] ? sock_mmap+0xa0/0xa0
[ 47.147203][ T361] __fput+0x228/0x8c0
[ 47.151113][ T361] ____fput+0x15/0x20
[ 47.154926][ T361] task_work_run+0x129/0x190
[ 47.159400][ T361] exit_to_user_mode_loop+0xc4/0xe0
[ 47.164468][ T361] exit_to_user_mode_prepare+0x5a/0xa0
[ 47.169786][ T361] syscall_exit_to_user_mode+0x26/0x160
[ 47.175335][ T361] do_syscall_64+0x47/0xb0
[ 47.179589][ T361] ? clear_bhb_loop+0x35/0x90
[ 47.184141][ T361] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 47.189821][ T361] RIP: 0033:0x7ff7fd958d9a
[ 47.194163][ T361] Code: 48 3d 00 f0 ff ff 77 48 c3 0f 1f 80 00 00 00 00 48 83 ec 18 89 7c 24 0c e8 03 7f 02 00 8b 7c 24 0c 89 c2 b8 03 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 36 89 d7 89 44 24 0c e8 63 7f 02 00 8b 44 24
[ 47.213689][ T361] RSP: 002b:00007ffd6fb49390 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[ 47.221932][ T361] RAX: 0000000000000000 RBX: 0000000000000004 RCX: 00007ff7fd958d9a
[ 47.229753][ T361] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003
[ 47.237558][ T361] RBP: 00007ff7fda89980 R08: 0000001b31b60000 R09: 0000000000000001
[ 47.245369][ T361] R10: 0000000000000001 R11: 0000000000000293 R12: 000000000000b613
[ 47.253182][ T361] R13: 000000000000b2df R14: 00007ffd6fb49550 R15: 00007ff7fd910cb0
[ 47.260996][ T361]
[ 47.263860][ T361]
[ 47.266025][ T361] Allocated by task 362:
[ 47.270105][ T361] __kasan_slab_alloc+0xb1/0xe0
[ 47.274790][ T361] slab_post_alloc_hook+0x53/0x2c0
[ 47.279744][ T361] kmem_cache_alloc+0xf5/0x250
[ 47.284338][ T361] skb_clone+0x1d1/0x360
[ 47.288417][ T361] sk_psock_verdict_recv+0x53/0x840
[ 47.293536][ T361] unix_read_sock+0x132/0x370
[ 47.298054][ T361] sk_psock_verdict_data_ready+0x147/0x1a0
[ 47.303720][ T361] unix_dgram_sendmsg+0x15fa/0x2090
[ 47.308727][ T361] ____sys_sendmsg+0x59e/0x8f0
[ 47.313503][ T361] ___sys_sendmsg+0x252/0x2e0
[ 47.318012][ T361] __se_sys_sendmsg+0x19a/0x260
[ 47.322701][ T361] __x64_sys_sendmsg+0x7b/0x90
[ 47.327300][ T361] x64_sys_call+0x16a/0x9a0
[ 47.331640][ T361] do_syscall_64+0x3b/0xb0
[ 47.335899][ T361] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 47.341726][ T361]
[ 47.343892][ T361] Freed by task 307:
[ 47.347624][ T361] kasan_set_track+0x4b/0x70
[ 47.352050][ T361] kasan_set_free_info+0x23/0x40
[ 47.356823][ T361] ____kasan_slab_free+0x126/0x160
[ 47.361770][ T361] __kasan_slab_free+0x11/0x20
[ 47.366372][ T361] slab_free_freelist_hook+0xbd/0x190
[ 47.371577][ T361] kmem_cache_free+0x115/0x330
[ 47.376178][ T361] kfree_skbmem+0x104/0x170
[ 47.380522][ T361] kfree_skb+0xc2/0x360
[ 47.384509][ T361] sk_psock_backlog+0xc21/0xd90
[ 47.389202][ T361] process_one_work+0x6bb/0xc10
[ 47.393883][ T361] worker_thread+0xad5/0x12a0
[ 47.398395][ T361] kthread+0x421/0x510
[ 47.402302][ T361] ret_from_fork+0x1f/0x30
[ 47.406554][ T361]
[ 47.408727][ T361] The buggy address belongs to the object at ffff88810f016c80
[ 47.408727][ T361] which belongs to the cache skbuff_head_cache of size 248
[ 47.423132][ T361] The buggy address is located 0 bytes inside of
[ 47.423132][ T361] 248-byte region [ffff88810f016c80, ffff88810f016d78)
[ 47.436070][ T361] The buggy address belongs to the page:
[ 47.441541][ T361] page:ffffea00043c0580 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10f016
[ 47.451605][ T361] flags: 0x4000000000000200(slab|zone=1)
[ 47.457092][ T361] raw: 4000000000000200 ffffea00043d4880 0000000600000006 ffff8881081aa180
[ 47.465503][ T361] raw: 0000000000000000 00000000000c000c 00000001ffffffff 0000000000000000
[ 47.473909][ T361] page dumped because: kasan: bad access detected
[ 47.480182][ T361] page_owner tracks the page as allocated
[ 47.485712][ T361] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x12cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY), pid 102, ts 4639760545, free_ts 4639683145
[ 47.501336][ T361] post_alloc_hook+0x1a3/0x1b0
[ 47.506028][ T361] prep_new_page+0x1b/0x110
[ 47.510361][ T361] get_page_from_freelist+0x3550/0x35d0
[ 47.515828][ T361] __alloc_pages+0x27e/0x8f0
[ 47.520253][ T361] new_slab+0x9a/0x4e0
[ 47.524198][ T361] ___slab_alloc+0x39e/0x830
[ 47.528587][ T361] __slab_alloc+0x4a/0x90
[ 47.532752][ T361] kmem_cache_alloc+0x139/0x250
[ 47.537439][ T361] skb_clone+0x1d1/0x360
[ 47.541526][ T361] netlink_broadcast_filtered+0x692/0x1220
[ 47.547336][ T361] netlink_broadcast+0x3a/0x50
[ 47.551937][ T361] kobject_uevent_net_broadcast+0x3a1/0x590
[ 47.557837][ T361] kobject_uevent_env+0x525/0x700
[ 47.562701][ T361] kobject_synth_uevent+0x4eb/0xae0
[ 47.567730][ T361] store_uevent+0x16/0x30
[ 47.571901][ T361] module_attr_store+0x5c/0x80
[ 47.576498][ T361] page last free stack trace:
[ 47.581017][ T361] free_unref_page_prepare+0x7c8/0x7d0
[ 47.586311][ T361] free_unref_page+0xe8/0x750
[ 47.590815][ T361] __free_pages+0x61/0xf0
[ 47.594983][ T361] free_pages+0x7c/0x90
[ 47.598976][ T361] selinux_genfs_get_sid+0x24d/0x2a0
[ 47.604100][ T361] inode_doinit_with_dentry+0x8d2/0x1070
[ 47.609565][ T361] selinux_d_instantiate+0x27/0x40
[ 47.614535][ T361] security_d_instantiate+0x9f/0x100
[ 47.619641][ T361] d_splice_alias+0x6d/0x390
[ 47.624063][ T361] kernfs_iop_lookup+0x29e/0x2f0
[ 47.628839][ T361] path_openat+0x1194/0x2f40
[ 47.633269][ T361] do_filp_open+0x21c/0x460
[ 47.637600][ T361] do_sys_openat2+0x13f/0x820
[ 47.642114][ T361] __x64_sys_openat+0x243/0x290
[ 47.646797][ T361] x64_sys_call+0x6bf/0x9a0
[ 47.651140][ T361] do_syscall_64+0x3b/0xb0
[ 47.655392][ T361]
[ 47.657561][ T361] Memory state around the buggy address:
[ 47.663041][ T361] ffff88810f016b80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 47.670934][ T361] ffff88810f016c00: fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc fc
[ 47.678838][ T361] >ffff88810f016c80: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 47.686723][ T361] ^
[ 47.690642][ T361] ffff88810f016d00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fc
[ 47.698532][ T361] ffff88810f016d80: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
[ 47.706435][ T361] ==================================================================
[ 47.725934][ T365] FAULT_INJECTION: forcing a failure.
[ 47.725934][ T365] name failslab, interval 1, probability 0, space 0, times 0
[ 47.738418][ T365] CPU: 1 PID: 365 Comm: syz-executor.0 Tainted: G B 5.15.173-syzkaller-1077948-gb4bd207b0380 #0
[ 47.749901][ T365] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[ 47.759792][ T365] Call Trace:
[ 47.762918][ T365]
[ 47.765693][ T365] dump_stack_lvl+0x151/0x1c0
[ 47.770208][ T365] ? io_uring_drop_tctx_refs+0x190/0x190
[ 47.775676][ T365] dump_stack+0x15/0x20
[ 47.779666][ T365] should_fail+0x3c6/0x510
[ 47.783921][ T365] __should_failslab+0xa4/0xe0
[ 47.788520][ T365] should_failslab+0x9/0x20
[ 47.792858][ T365] slab_pre_alloc_hook+0x37/0xd0
[ 47.797656][ T365] kmem_cache_alloc_trace+0x48/0x270
[ 47.802752][ T365] ? sk_psock_skb_ingress_self+0x60/0x330
[ 47.808336][ T365] ? migrate_disable+0x190/0x190
[ 47.813084][ T365] sk_psock_skb_ingress_self+0x60/0x330
[ 47.818585][ T365] sk_psock_verdict_recv+0x66d/0x840
[ 47.823799][ T365] unix_read_sock+0x132/0x370
[ 47.828324][ T365] ? sk_psock_skb_redirect+0x440/0x440
[ 47.833598][ T365] ? unix_stream_splice_actor+0x120/0x120
[ 47.839151][ T365] ? _raw_spin_lock_irqsave+0xf9/0x210
[ 47.844449][ T365] ? unix_stream_splice_actor+0x120/0x120
[ 47.850011][ T365] sk_psock_verdict_data_ready+0x147/0x1a0
[ 47.855790][ T365] ? sk_psock_start_verdict+0xc0/0xc0
[ 47.861128][ T365] ? _raw_spin_lock+0xa4/0x1b0
[ 47.865729][ T365] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 47.871370][ T365] ? skb_queue_tail+0xfb/0x120
[ 47.875970][ T365] unix_dgram_sendmsg+0x15fa/0x2090
[ 47.881007][ T365] ? unix_dgram_poll+0x690/0x690
[ 47.885781][ T365] ? security_socket_sendmsg+0x82/0xb0
[ 47.891083][ T365] ? unix_dgram_poll+0x690/0x690
[ 47.895874][ T365] ____sys_sendmsg+0x59e/0x8f0
[ 47.900454][ T365] ? __sys_sendmsg_sock+0x40/0x40
[ 47.905306][ T365] ? import_iovec+0xe5/0x120
[ 47.909733][ T365] ___sys_sendmsg+0x252/0x2e0
[ 47.914248][ T365] ? __sys_sendmsg+0x260/0x260
[ 47.918849][ T365] ? putname+0xfa/0x150
[ 47.922855][ T365] ? __fdget+0x1bc/0x240
[ 47.926915][ T365] __se_sys_sendmsg+0x19a/0x260
[ 47.931695][ T365] ? __x64_sys_sendmsg+0x90/0x90
[ 47.936471][ T365] ? ksys_write+0x260/0x2c0
[ 47.940806][ T365] ? debug_smp_processor_id+0x17/0x20
[ 47.946099][ T365] ? fpregs_assert_state_consistent+0xb6/0xe0
[ 47.952014][ T365] __x64_sys_sendmsg+0x7b/0x90
[ 47.956598][ T365] x64_sys_call+0x16a/0x9a0
[ 47.960941][ T365] do_syscall_64+0x3b/0xb0
[ 47.965190][ T365] ? clear_bhb_loop+0x35/0x90
[ 47.969712][ T365] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 47.975438][ T365] RIP: 0033:0x7ff7fd959ea9
[ 47.979689][ T365] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[ 47.999130][ T365] RSP: 002b:00007ff7fd4db0c8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 48.007377][ T365] RAX: ffffffffffffffda RBX: 00007ff7fda87f80 RCX: 00007ff7fd959ea9
[ 48.015188][ T365] RDX: 0000000000000000 RSI: 0000000020000500 RDI: 0000000000000004
[ 48.022993][ T365] RBP: 00007ff7fd4db120 R08: 0000000000000000 R09: 0000000000000000
[ 48.030809][ T365] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 48.038619][ T365] R13: 000000000000000b R14: 00007ff7fda87f80 R15: 00007ffd6fb492c8
[ 48.046437][ T365]
[ 48.050140][ T364] ==================================================================
[ 48.058025][ T364] BUG: KASAN: double-free or invalid-free in kmem_cache_free+0x115/0x330
[ 48.066260][ T364]
[ 48.068445][ T364] CPU: 1 PID: 364 Comm: syz-executor.0 Tainted: G B 5.15.173-syzkaller-1077948-gb4bd207b0380 #0
[ 48.079976][ T364] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[ 48.090049][ T364] Call Trace:
[ 48.093180][ T364]
[ 48.095945][ T364] dump_stack_lvl+0x151/0x1c0
[ 48.100470][ T364] ? io_uring_drop_tctx_refs+0x190/0x190
[ 48.105926][ T364] ? __wake_up_klogd+0xd5/0x110
[ 48.110623][ T364] ? panic+0x760/0x760
[ 48.114524][ T364] ? kmem_cache_free+0x115/0x330
[ 48.119381][ T364] print_address_description+0x87/0x3b0
[ 48.124810][ T364] ? kmem_cache_free+0x115/0x330
[ 48.129540][ T364] ? kmem_cache_free+0x115/0x330
[ 48.134395][ T364] kasan_report_invalid_free+0x6b/0xa0
[ 48.139690][ T364] ____kasan_slab_free+0x13e/0x160
[ 48.144731][ T364] __kasan_slab_free+0x11/0x20
[ 48.149496][ T364] slab_free_freelist_hook+0xbd/0x190
[ 48.154708][ T364] kmem_cache_free+0x115/0x330
[ 48.159308][ T364] ? kfree_skbmem+0x104/0x170
[ 48.163824][ T364] kfree_skbmem+0x104/0x170
[ 48.168159][ T364] consume_skb+0xb4/0x250
[ 48.172349][ T364] __sk_msg_free+0x2dd/0x370
[ 48.176750][ T364] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 48.182394][ T364] sk_psock_stop+0x44c/0x4d0
[ 48.186820][ T364] sk_psock_drop+0x219/0x310
[ 48.191246][ T364] sock_map_unref+0x48f/0x4d0
[ 48.195862][ T364] ? __local_bh_enable_ip+0x58/0x80
[ 48.200987][ T364] ? _raw_spin_unlock_bh+0x51/0x60
[ 48.205939][ T364] sock_map_remove_links+0x41c/0x650
[ 48.211062][ T364] ? __kasan_record_aux_stack+0xd3/0xf0
[ 48.216724][ T364] ? kasan_record_aux_stack+0xe/0x10
[ 48.221813][ T364] ? task_work_add+0x27/0x1d0
[ 48.226328][ T364] ? sock_map_unhash+0x120/0x120
[ 48.231102][ T364] ? x64_sys_call+0x3d/0x9a0
[ 48.235634][ T364] ? locks_remove_posix+0x610/0x610
[ 48.240648][ T364] sock_map_close+0x114/0x530
[ 48.245160][ T364] ? unix_peer_get+0xe0/0xe0
[ 48.249634][ T364] ? sock_map_remove_links+0x650/0x650
[ 48.254886][ T364] ? rwsem_mark_wake+0x770/0x770
[ 48.259660][ T364] unix_release+0x82/0xc0
[ 48.263910][ T364] sock_close+0xdf/0x270
[ 48.267988][ T364] ? sock_mmap+0xa0/0xa0
[ 48.272074][ T364] __fput+0x228/0x8c0
[ 48.275892][ T364] ____fput+0x15/0x20
[ 48.279716][ T364] task_work_run+0x129/0x190
[ 48.284137][ T364] exit_to_user_mode_loop+0xc4/0xe0
[ 48.289172][ T364] exit_to_user_mode_prepare+0x5a/0xa0
[ 48.294464][ T364] syscall_exit_to_user_mode+0x26/0x160
[ 48.299856][ T364] do_syscall_64+0x47/0xb0
[ 48.304095][ T364] ? clear_bhb_loop+0x35/0x90
[ 48.308696][ T364] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 48.314428][ T364] RIP: 0033:0x7ff7fd958d9a
[ 48.318680][ T364] Code: 48 3d 00 f0 ff ff 77 48 c3 0f 1f 80 00 00 00 00 48 83 ec 18 89 7c 24 0c e8 03 7f 02 00 8b 7c 24 0c 89 c2 b8 03 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 36 89 d7 89 44 24 0c e8 63 7f 02 00 8b 44 24
[ 48.338118][ T364] RSP: 002b:00007ffd6fb49390 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[ 48.346363][ T364] RAX: 0000000000000000 RBX: 0000000000000004 RCX: 00007ff7fd958d9a
[ 48.354182][ T364] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003
[ 48.361995][ T364] RBP: 00007ff7fda89980 R08: 00007ff7fd8dc000 R09: 0000000000000001
[ 48.369796][ T364] R10: 0000000000000001 R11: 0000000000000293 R12: 000000000000ba8b
[ 48.377607][ T364] R13: 000000000000ba59 R14: 00007ffd6fb49550 R15: 00007ff7fd910cb0
[ 48.385423][ T364]
[ 48.388327][ T364]
[ 48.390455][ T364] Allocated by task 365:
[ 48.394532][ T364] __kasan_slab_alloc+0xb1/0xe0
[ 48.399226][ T364] slab_post_alloc_hook+0x53/0x2c0
[ 48.404166][ T364] kmem_cache_alloc+0xf5/0x250
[ 48.408853][ T364] skb_clone+0x1d1/0x360
[ 48.412936][ T364] sk_psock_verdict_recv+0x53/0x840
[ 48.417965][ T364] unix_read_sock+0x132/0x370
[ 48.422484][ T364] sk_psock_verdict_data_ready+0x147/0x1a0
[ 48.428120][ T364] unix_dgram_sendmsg+0x15fa/0x2090
[ 48.433176][ T364] ____sys_sendmsg+0x59e/0x8f0
[ 48.437775][ T364] ___sys_sendmsg+0x252/0x2e0
[ 48.442266][ T364] __se_sys_sendmsg+0x19a/0x260
[ 48.446955][ T364] __x64_sys_sendmsg+0x7b/0x90
[ 48.451555][ T364] x64_sys_call+0x16a/0x9a0
[ 48.455894][ T364] do_syscall_64+0x3b/0xb0
[ 48.460147][ T364] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 48.465889][ T364]
[ 48.468047][ T364] Freed by task 42:
[ 48.471694][ T364] kasan_set_track+0x4b/0x70
[ 48.476135][ T364] kasan_set_free_info+0x23/0x40
[ 48.480891][ T364] ____kasan_slab_free+0x126/0x160
[ 48.485841][ T364] __kasan_slab_free+0x11/0x20
[ 48.490441][ T364] slab_free_freelist_hook+0xbd/0x190
[ 48.495650][ T364] kmem_cache_free+0x115/0x330
[ 48.500300][ T364] kfree_skbmem+0x104/0x170
[ 48.504698][ T364] kfree_skb+0xc2/0x360
[ 48.508691][ T364] sk_psock_backlog+0xc21/0xd90
[ 48.513377][ T364] process_one_work+0x6bb/0xc10
[ 48.518061][ T364] worker_thread+0xad5/0x12a0
[ 48.522575][ T364] kthread+0x421/0x510
[ 48.526482][ T364] ret_from_fork+0x1f/0x30
[ 48.530824][ T364]
[ 48.532987][ T364] The buggy address belongs to the object at ffff88810f52db40
[ 48.532987][ T364] which belongs to the cache skbuff_head_cache of size 248
[ 48.547397][ T364] The buggy address is located 0 bytes inside of
[ 48.547397][ T364] 248-byte region [ffff88810f52db40, ffff88810f52dc38)
[ 48.560502][ T364] The buggy address belongs to the page:
[ 48.565983][ T364] page:ffffea00043d4b40 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10f52d
[ 48.576216][ T364] flags: 0x4000000000000200(slab|zone=1)
[ 48.581772][ T364] raw: 4000000000000200 ffffea00043f1280 0000000b0000000b ffff8881081aa180
[ 48.590208][ T364] raw: 0000000000000000 00000000800c000c 00000001ffffffff 0000000000000000
[ 48.598692][ T364] page dumped because: kasan: bad access detected
[ 48.604941][ T364] page_owner tracks the page as allocated
[ 48.610498][ T364] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x12cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY), pid 108, ts 4671367941, free_ts 0
[ 48.625440][ T364] post_alloc_hook+0x1a3/0x1b0
[ 48.630045][ T364] prep_new_page+0x1b/0x110
[ 48.634383][ T364] get_page_from_freelist+0x3550/0x35d0
[ 48.639758][ T364] __alloc_pages+0x27e/0x8f0
[ 48.644267][ T364] new_slab+0x9a/0x4e0
[ 48.648171][ T364] ___slab_alloc+0x39e/0x830
[ 48.652600][ T364] __slab_alloc+0x4a/0x90
[ 48.656849][ T364] kmem_cache_alloc+0x139/0x250
[ 48.661548][ T364] __alloc_skb+0xbe/0x550
[ 48.665798][ T364] netlink_sendmsg+0x797/0xd20
[ 48.670477][ T364] ____sys_sendmsg+0x59e/0x8f0
[ 48.675269][ T364] ___sys_sendmsg+0x252/0x2e0
[ 48.679955][ T364] __se_sys_sendmsg+0x19a/0x260
[ 48.684743][ T364] __x64_sys_sendmsg+0x7b/0x90
[ 48.689339][ T364] x64_sys_call+0x16a/0x9a0
[ 48.693678][ T364] do_syscall_64+0x3b/0xb0
[ 48.697933][ T364] page_owner free stack trace missing
[ 48.703659][ T364]
[ 48.705872][ T364] Memory state around the buggy address:
[ 48.711304][ T364] ffff88810f52da00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 48.719199][ T364] ffff88810f52da80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fc
[ 48.727102][ T364] >ffff88810f52db00: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
[ 48.734992][ T364] ^
[ 48.740990][ T364] ffff88810f52db80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 48.748970][ T364] ffff88810f52dc00: fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc fc
[ 48.756864][ T364] ==================================================================
[ 48.774989][ T368] FAULT_INJECTION: forcing a failure.
[ 48.774989][ T368] name failslab, interval 1, probability 0, space 0, times 0
[ 48.787760][ T368] CPU: 1 PID: 368 Comm: syz-executor.0 Tainted: G B 5.15.173-syzkaller-1077948-gb4bd207b0380 #0
[ 48.799379][ T368] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[ 48.809281][ T368] Call Trace:
[ 48.812396][ T368]
[ 48.815181][ T368] dump_stack_lvl+0x151/0x1c0
[ 48.819686][ T368] ? io_uring_drop_tctx_refs+0x190/0x190
[ 48.825159][ T368] dump_stack+0x15/0x20
[ 48.829159][ T368] should_fail+0x3c6/0x510
[ 48.833404][ T368] __should_failslab+0xa4/0xe0
[ 48.837998][ T368] should_failslab+0x9/0x20
[ 48.842345][ T368] slab_pre_alloc_hook+0x37/0xd0
[ 48.847121][ T368] kmem_cache_alloc_trace+0x48/0x270
[ 48.852337][ T368] ? sk_psock_skb_ingress_self+0x60/0x330
[ 48.857990][ T368] ? migrate_disable+0x190/0x190
[ 48.862764][ T368] sk_psock_skb_ingress_self+0x60/0x330
[ 48.868147][ T368] sk_psock_verdict_recv+0x66d/0x840
[ 48.873268][ T368] unix_read_sock+0x132/0x370
[ 48.877782][ T368] ? sk_psock_skb_redirect+0x440/0x440
[ 48.883074][ T368] ? unix_stream_splice_actor+0x120/0x120
[ 48.888625][ T368] ? _raw_spin_lock_irqsave+0xf9/0x210
[ 48.893926][ T368] ? unix_stream_splice_actor+0x120/0x120
[ 48.899474][ T368] sk_psock_verdict_data_ready+0x147/0x1a0
[ 48.905120][ T368] ? sk_psock_start_verdict+0xc0/0xc0
[ 48.910329][ T368] ? _raw_spin_lock+0xa4/0x1b0
[ 48.914923][ T368] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 48.920570][ T368] ? skb_queue_tail+0xfb/0x120
[ 48.925165][ T368] unix_dgram_sendmsg+0x15fa/0x2090
[ 48.930204][ T368] ? unix_dgram_poll+0x690/0x690
[ 48.934978][ T368] ? security_socket_sendmsg+0x82/0xb0
[ 48.940388][ T368] ? unix_dgram_poll+0x690/0x690
[ 48.945276][ T368] ____sys_sendmsg+0x59e/0x8f0
[ 48.949840][ T368] ? __sys_sendmsg_sock+0x40/0x40
[ 48.954695][ T368] ? import_iovec+0xe5/0x120
[ 48.959128][ T368] ___sys_sendmsg+0x252/0x2e0
[ 48.963637][ T368] ? __sys_sendmsg+0x260/0x260
[ 48.968246][ T368] ? putname+0xfa/0x150
[ 48.972260][ T368] ? __fdget+0x1bc/0x240
[ 48.976312][ T368] __se_sys_sendmsg+0x19a/0x260
[ 48.980993][ T368] ? __x64_sys_sendmsg+0x90/0x90
[ 48.985765][ T368] ? ksys_write+0x260/0x2c0
[ 48.990117][ T368] ? debug_smp_processor_id+0x17/0x20
[ 48.995359][ T368] ? fpregs_assert_state_consistent+0xb6/0xe0
[ 49.001217][ T368] __x64_sys_sendmsg+0x7b/0x90
[ 49.005816][ T368] x64_sys_call+0x16a/0x9a0
[ 49.010155][ T368] do_syscall_64+0x3b/0xb0
[ 49.014407][ T368] ? clear_bhb_loop+0x35/0x90
[ 49.018920][ T368] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 49.024653][ T368] RIP: 0033:0x7ff7fd959ea9
[ 49.028903][ T368] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[ 49.048345][ T368] RSP: 002b:00007ff7fd4db0c8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 49.056590][ T368] RAX: ffffffffffffffda RBX: 00007ff7fda87f80 RCX: 00007ff7fd959ea9
[ 49.064399][ T368] RDX: 0000000000000000 RSI: 0000000020000500 RDI: 0000000000000004
[ 49.072309][ T368] RBP: 00007ff7fd4db120 R08: 0000000000000000 R09: 0000000000000000
[ 49.080109][ T368] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 49.087919][ T368] R13: 000000000000000b R14: 00007ff7fda87f80 R15: 00007ffd6fb492c8
[ 49.095735][ T368]
[ 49.101102][ T367] ==================================================================
[ 49.101755][ T30] audit: type=1400 audit(1735288302.324:104): avc: denied { remove_name } for pid=83 comm="syslogd" name="messages" dev="tmpfs" ino=2 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[ 49.108984][ T367] BUG: KASAN: double-free or invalid-free in kmem_cache_free+0x115/0x330
[ 49.139451][ T367]
[ 49.141634][ T367] CPU: 0 PID: 367 Comm: syz-executor.0 Tainted: G B 5.15.173-syzkaller-1077948-gb4bd207b0380 #0
[ 49.153161][ T367] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[ 49.163084][ T367] Call Trace:
[ 49.166182][ T367]
[ 49.169217][ T367] dump_stack_lvl+0x151/0x1c0
[ 49.173763][ T367] ? io_uring_drop_tctx_refs+0x190/0x190
[ 49.179201][ T367] ? __wake_up_klogd+0xd5/0x110
[ 49.183891][ T367] ? panic+0x760/0x760
[ 49.187880][ T367] ? kvm_sched_clock_read+0x18/0x40
[ 49.192916][ T367] ? kmem_cache_free+0x115/0x330
[ 49.197948][ T367] print_address_description+0x87/0x3b0
[ 49.203419][ T367] ? kmem_cache_free+0x115/0x330
[ 49.208187][ T367] ? kmem_cache_free+0x115/0x330
[ 49.212973][ T367] kasan_report_invalid_free+0x6b/0xa0
[ 49.218258][ T367] ____kasan_slab_free+0x13e/0x160
[ 49.223243][ T367] __kasan_slab_free+0x11/0x20
[ 49.227806][ T367] slab_free_freelist_hook+0xbd/0x190
[ 49.233011][ T367] kmem_cache_free+0x115/0x330
[ 49.237609][ T367] ? kfree_skbmem+0x104/0x170
[ 49.242126][ T367] kfree_skbmem+0x104/0x170
[ 49.246468][ T367] consume_skb+0xb4/0x250
[ 49.250632][ T367] __sk_msg_free+0x2dd/0x370
[ 49.255152][ T367] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 49.260795][ T367] sk_psock_stop+0x44c/0x4d0
[ 49.265224][ T367] sk_psock_drop+0x219/0x310
[ 49.269649][ T367] sock_map_unref+0x48f/0x4d0
[ 49.274162][ T367] ? __local_bh_enable_ip+0x58/0x80
[ 49.279229][ T367] ? _raw_spin_unlock_bh+0x51/0x60
[ 49.284146][ T367] sock_map_remove_links+0x41c/0x650
[ 49.289268][ T367] ? __kasan_record_aux_stack+0xd3/0xf0
[ 49.294646][ T367] ? kasan_record_aux_stack+0xe/0x10
[ 49.299767][ T367] ? task_work_add+0x27/0x1d0
[ 49.304366][ T367] ? sock_map_unhash+0x120/0x120
[ 49.309137][ T367] ? x64_sys_call+0x3d/0x9a0
[ 49.313566][ T367] ? locks_remove_posix+0x610/0x610
[ 49.318600][ T367] sock_map_close+0x114/0x530
[ 49.323112][ T367] ? unix_peer_get+0xe0/0xe0
[ 49.327556][ T367] ? sock_map_remove_links+0x650/0x650
[ 49.332844][ T367] ? rwsem_mark_wake+0x770/0x770
[ 49.337605][ T367] unix_release+0x82/0xc0
[ 49.341775][ T367] sock_close+0xdf/0x270
[ 49.345856][ T367] ? sock_mmap+0xa0/0xa0
[ 49.349932][ T367] __fput+0x228/0x8c0
[ 49.353759][ T367] ____fput+0x15/0x20
[ 49.357566][ T367] task_work_run+0x129/0x190
[ 49.361998][ T367] exit_to_user_mode_loop+0xc4/0xe0
[ 49.367028][ T367] exit_to_user_mode_prepare+0x5a/0xa0
[ 49.372419][ T367] syscall_exit_to_user_mode+0x26/0x160
[ 49.377791][ T367] do_syscall_64+0x47/0xb0
[ 49.382047][ T367] ? clear_bhb_loop+0x35/0x90
[ 49.386556][ T367] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 49.392286][ T367] RIP: 0033:0x7ff7fd958d9a
[ 49.396543][ T367] Code: 48 3d 00 f0 ff ff 77 48 c3 0f 1f 80 00 00 00 00 48 83 ec 18 89 7c 24 0c e8 03 7f 02 00 8b 7c 24 0c 89 c2 b8 03 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 36 89 d7 89 44 24 0c e8 63 7f 02 00 8b 44 24
[ 49.415989][ T367] RSP: 002b:00007ffd6fb49390 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[ 49.424239][ T367] RAX: 0000000000000000 RBX: 0000000000000004 RCX: 00007ff7fd958d9a
[ 49.432194][ T367] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003
[ 49.439935][ T367] RBP: 00007ff7fda89980 R08: 0000001b31b60000 R09: 0000000000000001
[ 49.447746][ T367] R10: 0000000000000001 R11: 0000000000000293 R12: 000000000000c1b2
[ 49.455561][ T367] R13: 000000000000be72 R14: 00007ffd6fb49550 R15: 00007ff7fd910cb0
[ 49.463374][ T367]
[ 49.466236][ T367]
[ 49.468411][ T367] Allocated by task 368:
[ 49.472662][ T367] __kasan_slab_alloc+0xb1/0xe0
[ 49.477342][ T367] slab_post_alloc_hook+0x53/0x2c0
[ 49.482289][ T367] kmem_cache_alloc+0xf5/0x250
[ 49.486891][ T367] skb_clone+0x1d1/0x360
[ 49.490969][ T367] sk_psock_verdict_recv+0x53/0x840
[ 49.496013][ T367] unix_read_sock+0x132/0x370
[ 49.501041][ T367] sk_psock_verdict_data_ready+0x147/0x1a0
[ 49.506769][ T367] unix_dgram_sendmsg+0x15fa/0x2090
[ 49.511804][ T367] ____sys_sendmsg+0x59e/0x8f0
[ 49.516406][ T367] ___sys_sendmsg+0x252/0x2e0
[ 49.521000][ T367] __se_sys_sendmsg+0x19a/0x260
[ 49.525688][ T367] __x64_sys_sendmsg+0x7b/0x90
[ 49.530291][ T367] x64_sys_call+0x16a/0x9a0
[ 49.534632][ T367] do_syscall_64+0x3b/0xb0
[ 49.538891][ T367] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 49.544609][ T367]
[ 49.546780][ T367] Freed by task 307:
[ 49.550598][ T367] kasan_set_track+0x4b/0x70
[ 49.555110][ T367] kasan_set_free_info+0x23/0x40
[ 49.559884][ T367] ____kasan_slab_free+0x126/0x160
[ 49.564917][ T367] __kasan_slab_free+0x11/0x20
[ 49.569517][ T367] slab_free_freelist_hook+0xbd/0x190
[ 49.574827][ T367] kmem_cache_free+0x115/0x330
[ 49.579501][ T367] kfree_skbmem+0x104/0x170
[ 49.583934][ T367] kfree_skb+0xc2/0x360
[ 49.587928][ T367] sk_psock_backlog+0xc21/0xd90
[ 49.592624][ T367] process_one_work+0x6bb/0xc10
[ 49.597301][ T367] worker_thread+0xad5/0x12a0
[ 49.601812][ T367] kthread+0x421/0x510
[ 49.605719][ T367] ret_from_fork+0x1f/0x30
[ 49.610232][ T367]
[ 49.612402][ T367] The buggy address belongs to the object at ffff88810f52d000
[ 49.612402][ T367] which belongs to the cache skbuff_head_cache of size 248
[ 49.626814][ T367] The buggy address is located 0 bytes inside of
[ 49.626814][ T367] 248-byte region [ffff88810f52d000, ffff88810f52d0f8)
[ 49.639831][ T367] The buggy address belongs to the page:
[ 49.645477][ T367] page:ffffea00043d4b40 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10f52d
[ 49.655582][ T367] flags: 0x4000000000000200(slab|zone=1)
[ 49.661018][ T367] raw: 4000000000000200 ffffea00043f1280 0000000b0000000b ffff8881081aa180
[ 49.669437][ T367] raw: 0000000000000000 00000000000c000c 00000001ffffffff 0000000000000000
[ 49.677844][ T367] page dumped because: kasan: bad access detected
[ 49.684100][ T367] page_owner tracks the page as allocated
[ 49.689648][ T367] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x12cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY), pid 108, ts 4671367941, free_ts 0
[ 49.705321][ T367] post_alloc_hook+0x1a3/0x1b0
[ 49.710033][ T367] prep_new_page+0x1b/0x110
[ 49.714448][ T367] get_page_from_freelist+0x3550/0x35d0
[ 49.719828][ T367] __alloc_pages+0x27e/0x8f0
[ 49.724255][ T367] new_slab+0x9a/0x4e0
[ 49.728196][ T367] ___slab_alloc+0x39e/0x830
[ 49.732584][ T367] __slab_alloc+0x4a/0x90
[ 49.736926][ T367] kmem_cache_alloc+0x139/0x250
[ 49.741612][ T367] __alloc_skb+0xbe/0x550
[ 49.745779][ T367] netlink_sendmsg+0x797/0xd20
[ 49.750376][ T367] ____sys_sendmsg+0x59e/0x8f0
[ 49.754976][ T367] ___sys_sendmsg+0x252/0x2e0
[ 49.759492][ T367] __se_sys_sendmsg+0x19a/0x260
[ 49.764191][ T367] __x64_sys_sendmsg+0x7b/0x90
[ 49.768776][ T367] x64_sys_call+0x16a/0x9a0
[ 49.773121][ T367] do_syscall_64+0x3b/0xb0
[ 49.777369][ T367] page_owner free stack trace missing
[ 49.782583][ T367]
[ 49.784752][ T367] Memory state around the buggy address:
[ 49.790309][ T367] ffff88810f52cf00: fb fb fc fc fb fb fc fc fb fb fc fc fb fb fc fc
[ 49.798207][ T367] ffff88810f52cf80: fb fb fc fc fb fb fc fc fb fb fc fc fb fb fc fc
[ 49.806102][ T367] >ffff88810f52d000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 49.813998][ T367] ^
[ 49.817908][ T367] ffff88810f52d080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fc
[ 49.825802][ T367] ffff88810f52d100: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
[ 49.833784][ T367] ==================================================================
[ 49.854917][ T371] FAULT_INJECTION: forcing a failure.
[ 49.854917][ T371] name failslab, interval 1, probability 0, space 0, times 0
[ 49.867356][ T371] CPU: 1 PID: 371 Comm: syz-executor.0 Tainted: G B 5.15.173-syzkaller-1077948-gb4bd207b0380 #0
[ 49.878861][ T371] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[ 49.888761][ T371] Call Trace:
[ 49.891880][ T371]
[ 49.894669][ T371] dump_stack_lvl+0x151/0x1c0
[ 49.899183][ T371] ? io_uring_drop_tctx_refs+0x190/0x190
[ 49.904643][ T371] dump_stack+0x15/0x20
[ 49.908631][ T371] should_fail+0x3c6/0x510
[ 49.912887][ T371] __should_failslab+0xa4/0xe0
[ 49.917486][ T371] should_failslab+0x9/0x20
[ 49.921858][ T371] slab_pre_alloc_hook+0x37/0xd0
[ 49.926599][ T371] kmem_cache_alloc_trace+0x48/0x270
[ 49.931750][ T371] ? sk_psock_skb_ingress_self+0x60/0x330
[ 49.937378][ T371] ? migrate_disable+0x190/0x190
[ 49.942240][ T371] sk_psock_skb_ingress_self+0x60/0x330
[ 49.947615][ T371] sk_psock_verdict_recv+0x66d/0x840
[ 49.952734][ T371] unix_read_sock+0x132/0x370
[ 49.957247][ T371] ? sk_psock_skb_redirect+0x440/0x440
[ 49.962626][ T371] ? unix_stream_splice_actor+0x120/0x120
[ 49.968184][ T371] ? _raw_spin_lock_irqsave+0xf9/0x210
[ 49.973476][ T371] ? unix_stream_splice_actor+0x120/0x120
[ 49.979032][ T371] sk_psock_verdict_data_ready+0x147/0x1a0
[ 49.984671][ T371] ? sk_psock_start_verdict+0xc0/0xc0
[ 49.989879][ T371] ? _raw_spin_lock+0xa4/0x1b0
[ 49.994487][ T371] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 50.000124][ T371] ? skb_queue_tail+0xfb/0x120
[ 50.004722][ T371] unix_dgram_sendmsg+0x15fa/0x2090
[ 50.009765][ T371] ? unix_dgram_poll+0x690/0x690
[ 50.014533][ T371] ? security_socket_sendmsg+0x82/0xb0
[ 50.019824][ T371] ? unix_dgram_poll+0x690/0x690
[ 50.024601][ T371] ____sys_sendmsg+0x59e/0x8f0
[ 50.029201][ T371] ? __sys_sendmsg_sock+0x40/0x40
[ 50.034057][ T371] ? import_iovec+0xe5/0x120
[ 50.038484][ T371] ___sys_sendmsg+0x252/0x2e0
[ 50.042998][ T371] ? __sys_sendmsg+0x260/0x260
[ 50.047604][ T371] ? putname+0xfa/0x150
[ 50.051594][ T371] ? __fdget+0x1bc/0x240
[ 50.055671][ T371] __se_sys_sendmsg+0x19a/0x260
[ 50.060357][ T371] ? __x64_sys_sendmsg+0x90/0x90
[ 50.065129][ T371] ? ksys_write+0x260/0x2c0
[ 50.069473][ T371] ? debug_smp_processor_id+0x17/0x20
[ 50.074678][ T371] ? fpregs_assert_state_consistent+0xb6/0xe0
[ 50.080584][ T371] __x64_sys_sendmsg+0x7b/0x90
[ 50.085272][ T371] x64_sys_call+0x16a/0x9a0
[ 50.089630][ T371] do_syscall_64+0x3b/0xb0
[ 50.093856][ T371] ? clear_bhb_loop+0x35/0x90
[ 50.098371][ T371] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 50.104099][ T371] RIP: 0033:0x7ff7fd959ea9
[ 50.108357][ T371] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[ 50.127950][ T371] RSP: 002b:00007ff7fd4db0c8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 50.136210][ T371] RAX: ffffffffffffffda RBX: 00007ff7fda87f80 RCX: 00007ff7fd959ea9
[ 50.144089][ T371] RDX: 0000000000000000 RSI: 0000000020000500 RDI: 0000000000000004
[ 50.151992][ T371] RBP: 00007ff7fd4db120 R08: 0000000000000000 R09: 0000000000000000
[ 50.159800][ T371] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 50.167609][ T371] R13: 000000000000000b R14: 00007ff7fda87f80 R15: 00007ffd6fb492c8
[ 50.175434][ T371]
[ 50.180468][ T370] ==================================================================
[ 50.188355][ T370] BUG: KASAN: double-free or invalid-free in kmem_cache_free+0x115/0x330
[ 50.196597][ T370]
[ 50.198773][ T370] CPU: 0 PID: 370 Comm: syz-executor.0 Tainted: G B 5.15.173-syzkaller-1077948-gb4bd207b0380 #0
[ 50.210311][ T370] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[ 50.220206][ T370] Call Trace:
[ 50.223331][ T370]
[ 50.226175][ T370] dump_stack_lvl+0x151/0x1c0
[ 50.230620][ T370] ? io_uring_drop_tctx_refs+0x190/0x190
[ 50.236088][ T370] ? __wake_up_klogd+0xd5/0x110
[ 50.240775][ T370] ? panic+0x760/0x760
[ 50.244684][ T370] ? kvm_sched_clock_read+0x18/0x40
[ 50.249715][ T370] ? kmem_cache_free+0x115/0x330
[ 50.254487][ T370] print_address_description+0x87/0x3b0
[ 50.259886][ T370] ? kmem_cache_free+0x115/0x330
[ 50.264660][ T370] ? kmem_cache_free+0x115/0x330
[ 50.269413][ T370] kasan_report_invalid_free+0x6b/0xa0
[ 50.274710][ T370] ____kasan_slab_free+0x13e/0x160
[ 50.279659][ T370] __kasan_slab_free+0x11/0x20
[ 50.284257][ T370] slab_free_freelist_hook+0xbd/0x190
[ 50.289466][ T370] kmem_cache_free+0x115/0x330
[ 50.294165][ T370] ? kfree_skbmem+0x104/0x170
[ 50.298677][ T370] kfree_skbmem+0x104/0x170
[ 50.303736][ T370] consume_skb+0xb4/0x250
[ 50.307910][ T370] __sk_msg_free+0x2dd/0x370
[ 50.312320][ T370] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 50.317962][ T370] sk_psock_stop+0x44c/0x4d0
[ 50.322387][ T370] sk_psock_drop+0x219/0x310
[ 50.326813][ T370] sock_map_unref+0x48f/0x4d0
[ 50.331369][ T370] ? __local_bh_enable_ip+0x58/0x80
[ 50.336362][ T370] ? _raw_spin_unlock_bh+0x51/0x60
[ 50.341316][ T370] sock_map_remove_links+0x41c/0x650
[ 50.346430][ T370] ? __kasan_record_aux_stack+0xd3/0xf0
[ 50.351810][ T370] ? kasan_record_aux_stack+0xe/0x10
[ 50.356931][ T370] ? task_work_add+0x27/0x1d0
[ 50.361446][ T370] ? sock_map_unhash+0x120/0x120
[ 50.366216][ T370] ? x64_sys_call+0x3d/0x9a0
[ 50.370732][ T370] ? locks_remove_posix+0x610/0x610
[ 50.375851][ T370] sock_map_close+0x114/0x530
[ 50.380367][ T370] ? unix_peer_get+0xe0/0xe0
[ 50.384888][ T370] ? sock_map_remove_links+0x650/0x650
[ 50.390174][ T370] ? rwsem_mark_wake+0x770/0x770
[ 50.394947][ T370] unix_release+0x82/0xc0
[ 50.399129][ T370] sock_close+0xdf/0x270
[ 50.403192][ T370] ? sock_mmap+0xa0/0xa0
[ 50.407268][ T370] __fput+0x228/0x8c0
[ 50.411092][ T370] ____fput+0x15/0x20
[ 50.414911][ T370] task_work_run+0x129/0x190
[ 50.419335][ T370] exit_to_user_mode_loop+0xc4/0xe0
[ 50.424371][ T370] exit_to_user_mode_prepare+0x5a/0xa0
[ 50.429662][ T370] syscall_exit_to_user_mode+0x26/0x160
[ 50.435047][ T370] do_syscall_64+0x47/0xb0
[ 50.439297][ T370] ? clear_bhb_loop+0x35/0x90
[ 50.444116][ T370] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 50.449835][ T370] RIP: 0033:0x7ff7fd958d9a
[ 50.454080][ T370] Code: 48 3d 00 f0 ff ff 77 48 c3 0f 1f 80 00 00 00 00 48 83 ec 18 89 7c 24 0c e8 03 7f 02 00 8b 7c 24 0c 89 c2 b8 03 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 36 89 d7 89 44 24 0c e8 63 7f 02 00 8b 44 24
[ 50.473524][ T370] RSP: 002b:00007ffd6fb49390 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[ 50.481792][ T370] RAX: 0000000000000000 RBX: 0000000000000004 RCX: 00007ff7fd958d9a
[ 50.489570][ T370] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003
[ 50.497385][ T370] RBP: 00007ff7fda89980 R08: 0000001b31b60000 R09: 0000000000000001
[ 50.505722][ T370] R10: 0000000000000001 R11: 0000000000000293 R12: 000000000000c5ea
[ 50.513731][ T370] R13: 000000000000c2aa R14: 00007ffd6fb49550 R15: 00007ff7fd910cb0
[ 50.521515][ T370]
[ 50.524406][ T370]
[ 50.526638][ T370] Allocated by task 371:
[ 50.530806][ T370] __kasan_slab_alloc+0xb1/0xe0
[ 50.535496][ T370] slab_post_alloc_hook+0x53/0x2c0
[ 50.540521][ T370] kmem_cache_alloc+0xf5/0x250
[ 50.545120][ T370] skb_clone+0x1d1/0x360
[ 50.549321][ T370] sk_psock_verdict_recv+0x53/0x840
[ 50.554370][ T370] unix_read_sock+0x132/0x370
[ 50.558961][ T370] sk_psock_verdict_data_ready+0x147/0x1a0
[ 50.564594][ T370] unix_dgram_sendmsg+0x15fa/0x2090
[ 50.569623][ T370] ____sys_sendmsg+0x59e/0x8f0
[ 50.574222][ T370] ___sys_sendmsg+0x252/0x2e0
[ 50.578737][ T370] __se_sys_sendmsg+0x19a/0x260
[ 50.583423][ T370] __x64_sys_sendmsg+0x7b/0x90
[ 50.588027][ T370] x64_sys_call+0x16a/0x9a0
[ 50.592363][ T370] do_syscall_64+0x3b/0xb0
[ 50.596623][ T370] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 50.602344][ T370]
[ 50.604515][ T370] Freed by task 307:
[ 50.608245][ T370] kasan_set_track+0x4b/0x70
[ 50.612672][ T370] kasan_set_free_info+0x23/0x40
[ 50.617449][ T370] ____kasan_slab_free+0x126/0x160
[ 50.622395][ T370] __kasan_slab_free+0x11/0x20
[ 50.627003][ T370] slab_free_freelist_hook+0xbd/0x190
[ 50.632201][ T370] kmem_cache_free+0x115/0x330
[ 50.636810][ T370] kfree_skbmem+0x104/0x170
[ 50.641141][ T370] kfree_skb+0xc2/0x360
[ 50.645137][ T370] sk_psock_backlog+0xc21/0xd90
[ 50.649821][ T370] process_one_work+0x6bb/0xc10
[ 50.654509][ T370] worker_thread+0xad5/0x12a0
[ 50.659029][ T370] kthread+0x421/0x510
[ 50.662927][ T370] ret_from_fork+0x1f/0x30
[ 50.667190][ T370]
[ 50.669351][ T370] The buggy address belongs to the object at ffff88810f527dc0
[ 50.669351][ T370] which belongs to the cache skbuff_head_cache of size 248
[ 50.683759][ T370] The buggy address is located 0 bytes inside of
[ 50.683759][ T370] 248-byte region [ffff88810f527dc0, ffff88810f527eb8)
[ 50.696689][ T370] The buggy address belongs to the page:
[ 50.702160][ T370] page:ffffea00043d49c0 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10f527
[ 50.712235][ T370] flags: 0x4000000000000200(slab|zone=1)
[ 50.717702][ T370] raw: 4000000000000200 0000000000000000 0000000100000001 ffff8881081aa180
[ 50.726121][ T370] raw: 0000000000000000 00000000800c000c 00000001ffffffff 0000000000000000
[ 50.734533][ T370] page dumped because: kasan: bad access detected
[ 50.740782][ T370] page_owner tracks the page as allocated
[ 50.746340][ T370] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x12cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY), pid 106, ts 4661459022, free_ts 0
[ 50.761347][ T370] post_alloc_hook+0x1a3/0x1b0
[ 50.765974][ T370] prep_new_page+0x1b/0x110
[ 50.770276][ T370] get_page_from_freelist+0x3550/0x35d0
[ 50.775659][ T370] __alloc_pages+0x27e/0x8f0
[ 50.780095][ T370] new_slab+0x9a/0x4e0
[ 50.783988][ T370] ___slab_alloc+0x39e/0x830
[ 50.788416][ T370] __slab_alloc+0x4a/0x90
[ 50.792671][ T370] kmem_cache_alloc+0x139/0x250
[ 50.797362][ T370] __alloc_skb+0xbe/0x550
[ 50.801521][ T370] netlink_sendmsg+0x797/0xd20
[ 50.806125][ T370] ____sys_sendmsg+0x59e/0x8f0
[ 50.810724][ T370] ___sys_sendmsg+0x252/0x2e0
[ 50.815233][ T370] __se_sys_sendmsg+0x19a/0x260
[ 50.819925][ T370] __x64_sys_sendmsg+0x7b/0x90
[ 50.824520][ T370] x64_sys_call+0x16a/0x9a0
[ 50.828862][ T370] do_syscall_64+0x3b/0xb0
[ 50.833126][ T370] page_owner free stack trace missing
[ 50.838323][ T370]
[ 50.840491][ T370] Memory state around the buggy address:
[ 50.845969][ T370] ffff88810f527c80: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 50.853861][ T370] ffff88810f527d00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fc
[ 50.861770][ T370] >ffff88810f527d80: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
2024/12/27 08:31:44 executed programs: 5
[ 50.869666][ T370] ^
[ 50.875648][ T370] ffff88810f527e00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 50.883673][ T370] ffff88810f527e80: fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc fc
[ 50.891529][ T370] ==================================================================
[ 50.937291][ T374] FAULT_INJECTION: forcing a failure.
[ 50.937291][ T374] name failslab, interval 1, probability 0, space 0, times 0
[ 50.949773][ T374] CPU: 0 PID: 374 Comm: syz-executor.0 Tainted: G B 5.15.173-syzkaller-1077948-gb4bd207b0380 #0
[ 50.961239][ T374] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[ 50.971319][ T374] Call Trace:
[ 50.974446][ T374]
[ 50.977236][ T374] dump_stack_lvl+0x151/0x1c0
[ 50.981731][ T374] ? io_uring_drop_tctx_refs+0x190/0x190
[ 50.987216][ T374] dump_stack+0x15/0x20
[ 50.991194][ T374] should_fail+0x3c6/0x510
[ 50.995443][ T374] __should_failslab+0xa4/0xe0
[ 51.000046][ T374] should_failslab+0x9/0x20
[ 51.004386][ T374] slab_pre_alloc_hook+0x37/0xd0
[ 51.009165][ T374] kmem_cache_alloc_trace+0x48/0x270
[ 51.014276][ T374] ? sk_psock_skb_ingress_self+0x60/0x330
[ 51.019831][ T374] ? migrate_disable+0x190/0x190
[ 51.024607][ T374] sk_psock_skb_ingress_self+0x60/0x330
[ 51.030003][ T374] sk_psock_verdict_recv+0x66d/0x840
[ 51.035114][ T374] unix_read_sock+0x132/0x370
[ 51.039633][ T374] ? sk_psock_skb_redirect+0x440/0x440
[ 51.044917][ T374] ? unix_stream_splice_actor+0x120/0x120
[ 51.050472][ T374] ? _raw_spin_lock_irqsave+0xf9/0x210
[ 51.055809][ T374] ? unix_stream_splice_actor+0x120/0x120
[ 51.061324][ T374] sk_psock_verdict_data_ready+0x147/0x1a0
[ 51.066962][ T374] ? sk_psock_start_verdict+0xc0/0xc0
[ 51.072178][ T374] ? _raw_spin_lock+0xa4/0x1b0
[ 51.076769][ T374] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 51.082411][ T374] ? skb_queue_tail+0xfb/0x120
[ 51.087010][ T374] unix_dgram_sendmsg+0x15fa/0x2090
[ 51.092049][ T374] ? unix_dgram_poll+0x690/0x690
[ 51.096817][ T374] ? security_socket_sendmsg+0x82/0xb0
[ 51.102111][ T374] ? unix_dgram_poll+0x690/0x690
[ 51.106885][ T374] ____sys_sendmsg+0x59e/0x8f0
[ 51.111496][ T374] ? __sys_sendmsg_sock+0x40/0x40
[ 51.116383][ T374] ? import_iovec+0xe5/0x120
[ 51.120799][ T374] ___sys_sendmsg+0x252/0x2e0
[ 51.125300][ T374] ? __sys_sendmsg+0x260/0x260
[ 51.129902][ T374] ? putname+0xfa/0x150
[ 51.133883][ T374] ? __fdget+0x1bc/0x240
[ 51.138086][ T374] __se_sys_sendmsg+0x19a/0x260
[ 51.142757][ T374] ? __x64_sys_sendmsg+0x90/0x90
[ 51.147535][ T374] ? ksys_write+0x260/0x2c0
[ 51.152000][ T374] ? debug_smp_processor_id+0x17/0x20
[ 51.157199][ T374] ? fpregs_assert_state_consistent+0xb6/0xe0
[ 51.163099][ T374] __x64_sys_sendmsg+0x7b/0x90
[ 51.167700][ T374] x64_sys_call+0x16a/0x9a0
[ 51.172078][ T374] do_syscall_64+0x3b/0xb0
[ 51.176293][ T374] ? clear_bhb_loop+0x35/0x90
[ 51.180815][ T374] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 51.186618][ T374] RIP: 0033:0x7ff7fd959ea9
[ 51.190870][ T374] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[ 51.210399][ T374] RSP: 002b:00007ff7fd4db0c8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 51.218642][ T374] RAX: ffffffffffffffda RBX: 00007ff7fda87f80 RCX: 00007ff7fd959ea9
[ 51.226456][ T374] RDX: 0000000000000000 RSI: 0000000020000500 RDI: 0000000000000004
[ 51.234269][ T374] RBP: 00007ff7fd4db120 R08: 0000000000000000 R09: 0000000000000000
[ 51.242166][ T374] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 51.249974][ T374] R13: 000000000000000b R14: 00007ff7fda87f80 R15: 00007ffd6fb492c8
[ 51.257795][ T374]
[ 51.262893][ T373] ==================================================================
[ 51.270765][ T373] BUG: KASAN: double-free or invalid-free in kmem_cache_free+0x115/0x330
[ 51.279011][ T373]
[ 51.281187][ T373] CPU: 1 PID: 373 Comm: syz-executor.0 Tainted: G B 5.15.173-syzkaller-1077948-gb4bd207b0380 #0
[ 51.292825][ T373] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[ 51.302722][ T373] Call Trace:
[ 51.305847][ T373]
[ 51.308626][ T373] dump_stack_lvl+0x151/0x1c0
[ 51.313254][ T373] ? io_uring_drop_tctx_refs+0x190/0x190
[ 51.318724][ T373] ? __wake_up_klogd+0xd5/0x110
[ 51.323435][ T373] ? panic+0x760/0x760
[ 51.327312][ T373] ? kvm_sched_clock_read+0x18/0x40
[ 51.332357][ T373] ? kmem_cache_free+0x115/0x330
[ 51.337123][ T373] print_address_description+0x87/0x3b0
[ 51.342510][ T373] ? kmem_cache_free+0x115/0x330
[ 51.347359][ T373] ? kmem_cache_free+0x115/0x330
[ 51.352134][ T373] kasan_report_invalid_free+0x6b/0xa0
[ 51.357428][ T373] ____kasan_slab_free+0x13e/0x160
[ 51.362376][ T373] __kasan_slab_free+0x11/0x20
[ 51.366974][ T373] slab_free_freelist_hook+0xbd/0x190
[ 51.372308][ T373] kmem_cache_free+0x115/0x330
[ 51.376887][ T373] ? kfree_skbmem+0x104/0x170
[ 51.381388][ T373] kfree_skbmem+0x104/0x170
[ 51.385814][ T373] consume_skb+0xb4/0x250
[ 51.389990][ T373] __sk_msg_free+0x2dd/0x370
[ 51.394406][ T373] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 51.400052][ T373] sk_psock_stop+0x44c/0x4d0
[ 51.404478][ T373] sk_psock_drop+0x219/0x310
[ 51.408900][ T373] sock_map_unref+0x48f/0x4d0
[ 51.413411][ T373] ? __local_bh_enable_ip+0x58/0x80
[ 51.418446][ T373] ? _raw_spin_unlock_bh+0x51/0x60
[ 51.423394][ T373] sock_map_remove_links+0x41c/0x650
[ 51.428517][ T373] ? __kasan_record_aux_stack+0xd3/0xf0
[ 51.433894][ T373] ? kasan_record_aux_stack+0xe/0x10
[ 51.439029][ T373] ? task_work_add+0x27/0x1d0
[ 51.443527][ T373] ? sock_map_unhash+0x120/0x120
[ 51.448303][ T373] ? x64_sys_call+0x3d/0x9a0
[ 51.452738][ T373] ? locks_remove_posix+0x610/0x610
[ 51.457765][ T373] sock_map_close+0x114/0x530
[ 51.462276][ T373] ? unix_peer_get+0xe0/0xe0
[ 51.466710][ T373] ? sock_map_remove_links+0x650/0x650
[ 51.472002][ T373] ? rwsem_mark_wake+0x770/0x770
[ 51.476776][ T373] unix_release+0x82/0xc0
[ 51.480937][ T373] sock_close+0xdf/0x270
[ 51.485115][ T373] ? sock_mmap+0xa0/0xa0
[ 51.489186][ T373] __fput+0x228/0x8c0
[ 51.493003][ T373] ____fput+0x15/0x20
[ 51.496819][ T373] task_work_run+0x129/0x190
[ 51.501256][ T373] exit_to_user_mode_loop+0xc4/0xe0
[ 51.506279][ T373] exit_to_user_mode_prepare+0x5a/0xa0
[ 51.511576][ T373] syscall_exit_to_user_mode+0x26/0x160
[ 51.516957][ T373] do_syscall_64+0x47/0xb0
[ 51.521209][ T373] ? clear_bhb_loop+0x35/0x90
[ 51.525722][ T373] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 51.531450][ T373] RIP: 0033:0x7ff7fd958d9a
[ 51.535703][ T373] Code: 48 3d 00 f0 ff ff 77 48 c3 0f 1f 80 00 00 00 00 48 83 ec 18 89 7c 24 0c e8 03 7f 02 00 8b 7c 24 0c 89 c2 b8 03 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 36 89 d7 89 44 24 0c e8 63 7f 02 00 8b 44 24
[ 51.555337][ T373] RSP: 002b:00007ffd6fb49390 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[ 51.563573][ T373] RAX: 0000000000000000 RBX: 0000000000000004 RCX: 00007ff7fd958d9a
[ 51.571388][ T373] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003
[ 51.579193][ T373] RBP: 00007ff7fda89980 R08: 0000001b31b60000 R09: 0000000000000001
[ 51.587002][ T373] R10: 0000000000000001 R11: 0000000000000293 R12: 000000000000ca24
[ 51.594814][ T373] R13: 000000000000c6e5 R14: 00007ffd6fb49550 R15: 00007ff7fd910cb0
[ 51.602633][ T373]
[ 51.605490][ T373]
[ 51.607759][ T373] Allocated by task 374:
[ 51.611916][ T373] __kasan_slab_alloc+0xb1/0xe0
[ 51.616604][ T373] slab_post_alloc_hook+0x53/0x2c0
[ 51.621550][ T373] kmem_cache_alloc+0xf5/0x250
[ 51.626150][ T373] skb_clone+0x1d1/0x360
[ 51.630228][ T373] sk_psock_verdict_recv+0x53/0x840
[ 51.635285][ T373] unix_read_sock+0x132/0x370
[ 51.639774][ T373] sk_psock_verdict_data_ready+0x147/0x1a0
[ 51.645417][ T373] unix_dgram_sendmsg+0x15fa/0x2090
[ 51.650451][ T373] ____sys_sendmsg+0x59e/0x8f0
[ 51.655076][ T373] ___sys_sendmsg+0x252/0x2e0
[ 51.659566][ T373] __se_sys_sendmsg+0x19a/0x260
[ 51.664361][ T373] __x64_sys_sendmsg+0x7b/0x90
[ 51.668961][ T373] x64_sys_call+0x16a/0x9a0
[ 51.673301][ T373] do_syscall_64+0x3b/0xb0
[ 51.677551][ T373] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 51.683281][ T373]
[ 51.685450][ T373] Freed by task 60:
[ 51.689097][ T373] kasan_set_track+0x4b/0x70
[ 51.693526][ T373] kasan_set_free_info+0x23/0x40
[ 51.698297][ T373] ____kasan_slab_free+0x126/0x160
[ 51.703244][ T373] __kasan_slab_free+0x11/0x20
[ 51.707842][ T373] slab_free_freelist_hook+0xbd/0x190
[ 51.713053][ T373] kmem_cache_free+0x115/0x330
[ 51.717661][ T373] kfree_skbmem+0x104/0x170
[ 51.721998][ T373] kfree_skb+0xc2/0x360
[ 51.725984][ T373] sk_psock_backlog+0xc21/0xd90
[ 51.730672][ T373] process_one_work+0x6bb/0xc10
[ 51.735472][ T373] worker_thread+0xad5/0x12a0
[ 51.739955][ T373] kthread+0x421/0x510
[ 51.743864][ T373] ret_from_fork+0x1f/0x30
[ 51.748125][ T373]
[ 51.750375][ T373] The buggy address belongs to the object at ffff88810dae9000
[ 51.750375][ T373] which belongs to the cache skbuff_head_cache of size 248
[ 51.764870][ T373] The buggy address is located 0 bytes inside of
[ 51.764870][ T373] 248-byte region [ffff88810dae9000, ffff88810dae90f8)
[ 51.778150][ T373] The buggy address belongs to the page:
[ 51.783620][ T373] page:ffffea000436ba40 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10dae9
[ 51.793797][ T373] flags: 0x4000000000000200(slab|zone=1)
[ 51.799356][ T373] raw: 4000000000000200 0000000000000000 dead000000000122 ffff8881081aa180
[ 51.807776][ T373] raw: 0000000000000000 00000000000c000c 00000001ffffffff 0000000000000000
[ 51.816186][ T373] page dumped because: kasan: bad access detected
[ 51.822445][ T373] page_owner tracks the page as allocated
[ 51.827989][ T373] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x112cc0(GFP_USER|__GFP_NOWARN|__GFP_NORETRY), pid 90, ts 50906461681, free_ts 50905975639
[ 51.843620][ T373] post_alloc_hook+0x1a3/0x1b0
[ 51.848213][ T373] prep_new_page+0x1b/0x110
[ 51.852555][ T373] get_page_from_freelist+0x3550/0x35d0
[ 51.857935][ T373] __alloc_pages+0x27e/0x8f0
[ 51.862479][ T373] new_slab+0x9a/0x4e0
[ 51.866381][ T373] ___slab_alloc+0x39e/0x830
[ 51.870805][ T373] __slab_alloc+0x4a/0x90
[ 51.874973][ T373] kmem_cache_alloc+0x139/0x250
[ 51.879658][ T373] __alloc_skb+0xbe/0x550
[ 51.883829][ T373] alloc_skb_with_frags+0xa6/0x680
[ 51.889041][ T373] sock_alloc_send_pskb+0x915/0xa50
[ 51.894071][ T373] unix_dgram_sendmsg+0x6fd/0x2090
[ 51.899015][ T373] __sys_sendto+0x564/0x720
[ 51.903355][ T373] __x64_sys_sendto+0xe5/0x100
[ 51.908070][ T373] x64_sys_call+0x15c/0x9a0
[ 51.912406][ T373] do_syscall_64+0x3b/0xb0
[ 51.916758][ T373] page last free stack trace:
[ 51.921261][ T373] free_unref_page_prepare+0x7c8/0x7d0
[ 51.926565][ T373] free_unref_page+0xe8/0x750
[ 51.931177][ T373] __free_pages+0x61/0xf0
[ 51.935322][ T373] __vunmap+0x7bc/0x8f0
[ 51.939321][ T373] free_work+0x5b/0x80
[ 51.943315][ T373] process_one_work+0x6bb/0xc10
[ 51.948022][ T373] worker_thread+0xad5/0x12a0
[ 51.952516][ T373] kthread+0x421/0x510
[ 51.956556][ T373] ret_from_fork+0x1f/0x30
[ 51.960810][ T373]
[ 51.962977][ T373] Memory state around the buggy address:
[ 51.968486][ T373] ffff88810dae8f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 51.976347][ T373] ffff88810dae8f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 51.984243][ T373] >ffff88810dae9000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 51.992195][ T373] ^
[ 51.996056][ T373] ffff88810dae9080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fc
[ 52.004032][ T373] ffff88810dae9100: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
[ 52.011929][ T373] ==================================================================
[ 52.031725][ T377] FAULT_INJECTION: forcing a failure.
[ 52.031725][ T377] name failslab, interval 1, probability 0, space 0, times 0
[ 52.044198][ T377] CPU: 1 PID: 377 Comm: syz-executor.0 Tainted: G B 5.15.173-syzkaller-1077948-gb4bd207b0380 #0
[ 52.055674][ T377] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[ 52.065739][ T377] Call Trace:
[ 52.068869][ T377]
[ 52.071643][ T377] dump_stack_lvl+0x151/0x1c0
[ 52.076155][ T377] ? io_uring_drop_tctx_refs+0x190/0x190
[ 52.081718][ T377] dump_stack+0x15/0x20
[ 52.085703][ T377] should_fail+0x3c6/0x510
[ 52.089956][ T377] __should_failslab+0xa4/0xe0
[ 52.094554][ T377] should_failslab+0x9/0x20
[ 52.098893][ T377] slab_pre_alloc_hook+0x37/0xd0
[ 52.103671][ T377] kmem_cache_alloc_trace+0x48/0x270
[ 52.108788][ T377] ? sk_psock_skb_ingress_self+0x60/0x330
[ 52.114344][ T377] ? migrate_disable+0x190/0x190
[ 52.119121][ T377] sk_psock_skb_ingress_self+0x60/0x330
[ 52.124502][ T377] sk_psock_verdict_recv+0x66d/0x840
[ 52.129619][ T377] unix_read_sock+0x132/0x370
[ 52.134133][ T377] ? sk_psock_skb_redirect+0x440/0x440
[ 52.139430][ T377] ? unix_stream_splice_actor+0x120/0x120
[ 52.145073][ T377] ? _raw_spin_lock_irqsave+0xf9/0x210
[ 52.150362][ T377] ? unix_stream_splice_actor+0x120/0x120
[ 52.155921][ T377] sk_psock_verdict_data_ready+0x147/0x1a0
[ 52.161577][ T377] ? sk_psock_start_verdict+0xc0/0xc0
[ 52.166773][ T377] ? _raw_spin_lock+0xa4/0x1b0
[ 52.171373][ T377] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 52.177137][ T377] ? skb_queue_tail+0xfb/0x120
[ 52.181735][ T377] unix_dgram_sendmsg+0x15fa/0x2090
[ 52.186778][ T377] ? unix_dgram_poll+0x690/0x690
[ 52.191548][ T377] ? security_socket_sendmsg+0x82/0xb0
[ 52.196835][ T377] ? unix_dgram_poll+0x690/0x690
[ 52.201605][ T377] ____sys_sendmsg+0x59e/0x8f0
[ 52.206209][ T377] ? __sys_sendmsg_sock+0x40/0x40
[ 52.211068][ T377] ? import_iovec+0xe5/0x120
[ 52.215492][ T377] ___sys_sendmsg+0x252/0x2e0
[ 52.220011][ T377] ? __sys_sendmsg+0x260/0x260
[ 52.224610][ T377] ? putname+0xfa/0x150
[ 52.228615][ T377] ? __fdget+0x1bc/0x240
[ 52.232682][ T377] __se_sys_sendmsg+0x19a/0x260
[ 52.237369][ T377] ? __x64_sys_sendmsg+0x90/0x90
[ 52.242136][ T377] ? ksys_write+0x260/0x2c0
[ 52.246478][ T377] ? debug_smp_processor_id+0x17/0x20
[ 52.251684][ T377] ? fpregs_assert_state_consistent+0xb6/0xe0
[ 52.257589][ T377] __x64_sys_sendmsg+0x7b/0x90
[ 52.262197][ T377] x64_sys_call+0x16a/0x9a0
[ 52.266529][ T377] do_syscall_64+0x3b/0xb0
[ 52.270780][ T377] ? clear_bhb_loop+0x35/0x90
[ 52.275293][ T377] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 52.281025][ T377] RIP: 0033:0x7ff7fd959ea9
[ 52.285276][ T377] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[ 52.304728][ T377] RSP: 002b:00007ff7fd4db0c8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 52.312961][ T377] RAX: ffffffffffffffda RBX: 00007ff7fda87f80 RCX: 00007ff7fd959ea9
[ 52.320772][ T377] RDX: 0000000000000000 RSI: 0000000020000500 RDI: 0000000000000004
[ 52.328595][ T377] RBP: 00007ff7fd4db120 R08: 0000000000000000 R09: 0000000000000000
[ 52.336403][ T377] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 52.344360][ T377] R13: 000000000000000b R14: 00007ff7fda87f80 R15: 00007ffd6fb492c8
[ 52.352128][ T377]
[ 52.357889][ T376] ==================================================================
[ 52.365772][ T376] BUG: KASAN: double-free or invalid-free in kmem_cache_free+0x115/0x330
[ 52.374210][ T376]
[ 52.376380][ T376] CPU: 1 PID: 376 Comm: syz-executor.0 Tainted: G B 5.15.173-syzkaller-1077948-gb4bd207b0380 #0
[ 52.387927][ T376] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[ 52.397840][ T376] Call Trace:
[ 52.400949][ T376]
[ 52.403826][ T376] dump_stack_lvl+0x151/0x1c0
[ 52.408336][ T376] ? io_uring_drop_tctx_refs+0x190/0x190
[ 52.413804][ T376] ? __wake_up_klogd+0xd5/0x110
[ 52.418489][ T376] ? panic+0x760/0x760
[ 52.422404][ T376] ? kvm_sched_clock_read+0x18/0x40
[ 52.427431][ T376] ? kmem_cache_free+0x115/0x330
[ 52.432236][ T376] print_address_description+0x87/0x3b0
[ 52.437583][ T376] ? kmem_cache_free+0x115/0x330
[ 52.442372][ T376] ? kmem_cache_free+0x115/0x330
[ 52.447214][ T376] kasan_report_invalid_free+0x6b/0xa0
[ 52.452437][ T376] ____kasan_slab_free+0x13e/0x160
[ 52.457371][ T376] __kasan_slab_free+0x11/0x20
[ 52.462061][ T376] slab_free_freelist_hook+0xbd/0x190
[ 52.467269][ T376] kmem_cache_free+0x115/0x330
[ 52.471957][ T376] ? kfree_skbmem+0x104/0x170
[ 52.476466][ T376] kfree_skbmem+0x104/0x170
[ 52.480818][ T376] consume_skb+0xb4/0x250
[ 52.484974][ T376] __sk_msg_free+0x2dd/0x370
[ 52.489422][ T376] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 52.495039][ T376] sk_psock_stop+0x44c/0x4d0
[ 52.499468][ T376] sk_psock_drop+0x219/0x310
[ 52.503897][ T376] sock_map_unref+0x48f/0x4d0
[ 52.508413][ T376] ? __local_bh_enable_ip+0x58/0x80
[ 52.513440][ T376] ? _raw_spin_unlock_bh+0x51/0x60
[ 52.518389][ T376] sock_map_remove_links+0x41c/0x650
[ 52.523513][ T376] ? __kasan_record_aux_stack+0xd3/0xf0
[ 52.528890][ T376] ? kasan_record_aux_stack+0xe/0x10
[ 52.534013][ T376] ? task_work_add+0x27/0x1d0
[ 52.538539][ T376] ? sock_map_unhash+0x120/0x120
[ 52.543302][ T376] ? x64_sys_call+0x3d/0x9a0
[ 52.547725][ T376] ? locks_remove_posix+0x610/0x610
[ 52.552847][ T376] sock_map_close+0x114/0x530
[ 52.557450][ T376] ? unix_peer_get+0xe0/0xe0
[ 52.561875][ T376] ? sock_map_remove_links+0x650/0x650
[ 52.567169][ T376] ? rwsem_mark_wake+0x770/0x770
[ 52.571940][ T376] unix_release+0x82/0xc0
[ 52.576108][ T376] sock_close+0xdf/0x270
[ 52.580194][ T376] ? sock_mmap+0xa0/0xa0
[ 52.584268][ T376] __fput+0x228/0x8c0
[ 52.588089][ T376] ____fput+0x15/0x20
[ 52.591904][ T376] task_work_run+0x129/0x190
[ 52.596339][ T376] exit_to_user_mode_loop+0xc4/0xe0
[ 52.601363][ T376] exit_to_user_mode_prepare+0x5a/0xa0
[ 52.606744][ T376] syscall_exit_to_user_mode+0x26/0x160
[ 52.612212][ T376] do_syscall_64+0x47/0xb0
[ 52.616469][ T376] ? clear_bhb_loop+0x35/0x90
[ 52.620980][ T376] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 52.626708][ T376] RIP: 0033:0x7ff7fd958d9a
[ 52.630962][ T376] Code: 48 3d 00 f0 ff ff 77 48 c3 0f 1f 80 00 00 00 00 48 83 ec 18 89 7c 24 0c e8 03 7f 02 00 8b 7c 24 0c 89 c2 b8 03 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 36 89 d7 89 44 24 0c e8 63 7f 02 00 8b 44 24
[ 52.650402][ T376] RSP: 002b:00007ffd6fb49390 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[ 52.658648][ T376] RAX: 0000000000000000 RBX: 0000000000000004 RCX: 00007ff7fd958d9a
[ 52.666459][ T376] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003
[ 52.674267][ T376] RBP: 00007ff7fda89980 R08: 0000001b31b60000 R09: 0000000000000001
[ 52.682082][ T376] R10: 0000000000000001 R11: 0000000000000293 R12: 000000000000ce6a
[ 52.689894][ T376] R13: 000000000000cb2b R14: 00007ffd6fb49550 R15: 00007ff7fd910cb0
[ 52.697710][ T376]
[ 52.700668][ T376]
[ 52.702832][ T376] Allocated by task 377:
[ 52.706907][ T376] __kasan_slab_alloc+0xb1/0xe0
[ 52.711591][ T376] slab_post_alloc_hook+0x53/0x2c0
[ 52.716550][ T376] kmem_cache_alloc+0xf5/0x250
[ 52.721140][ T376] skb_clone+0x1d1/0x360
[ 52.725221][ T376] sk_psock_verdict_recv+0x53/0x840
[ 52.730428][ T376] unix_read_sock+0x132/0x370
[ 52.734974][ T376] sk_psock_verdict_data_ready+0x147/0x1a0
[ 52.740580][ T376] unix_dgram_sendmsg+0x15fa/0x2090
[ 52.745610][ T376] ____sys_sendmsg+0x59e/0x8f0
[ 52.750228][ T376] ___sys_sendmsg+0x252/0x2e0
[ 52.754814][ T376] __se_sys_sendmsg+0x19a/0x260
[ 52.759502][ T376] __x64_sys_sendmsg+0x7b/0x90
[ 52.764287][ T376] x64_sys_call+0x16a/0x9a0
[ 52.768626][ T376] do_syscall_64+0x3b/0xb0
[ 52.772966][ T376] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 52.778783][ T376]
[ 52.780950][ T376] Freed by task 42:
[ 52.784593][ T376] kasan_set_track+0x4b/0x70
[ 52.789022][ T376] kasan_set_free_info+0x23/0x40
[ 52.793805][ T376] ____kasan_slab_free+0x126/0x160
[ 52.798838][ T376] __kasan_slab_free+0x11/0x20
[ 52.803427][ T376] slab_free_freelist_hook+0xbd/0x190
[ 52.808637][ T376] kmem_cache_free+0x115/0x330
[ 52.813235][ T376] kfree_skbmem+0x104/0x170
[ 52.817578][ T376] kfree_skb+0xc2/0x360
[ 52.821569][ T376] sk_psock_backlog+0xc21/0xd90
[ 52.826253][ T376] process_one_work+0x6bb/0xc10
[ 52.830942][ T376] worker_thread+0xad5/0x12a0
[ 52.835456][ T376] kthread+0x421/0x510
[ 52.839361][ T376] ret_from_fork+0x1f/0x30
[ 52.843624][ T376]
[ 52.845792][ T376] The buggy address belongs to the object at ffff888124858000
[ 52.845792][ T376] which belongs to the cache skbuff_head_cache of size 248
[ 52.860194][ T376] The buggy address is located 0 bytes inside of
[ 52.860194][ T376] 248-byte region [ffff888124858000, ffff8881248580f8)
[ 52.873212][ T376] The buggy address belongs to the page:
[ 52.878683][ T376] page:ffffea0004921600 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x124858
[ 52.889022][ T376] flags: 0x4000000000000200(slab|zone=1)
[ 52.894494][ T376] raw: 4000000000000200 0000000000000000 dead000000000122 ffff8881081aa180
[ 52.903604][ T376] raw: 0000000000000000 00000000800c000c 00000001ffffffff 0000000000000000
[ 52.912016][ T376] page dumped because: kasan: bad access detected
[ 52.918271][ T376] page_owner tracks the page as allocated
[ 52.923907][ T376] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x112cc0(GFP_USER|__GFP_NOWARN|__GFP_NORETRY), pid 90, ts 51261749599, free_ts 45538775918
[ 52.939528][ T376] post_alloc_hook+0x1a3/0x1b0
[ 52.944132][ T376] prep_new_page+0x1b/0x110
[ 52.948469][ T376] get_page_from_freelist+0x3550/0x35d0
[ 52.953935][ T376] __alloc_pages+0x27e/0x8f0
[ 52.958361][ T376] new_slab+0x9a/0x4e0
[ 52.962270][ T376] ___slab_alloc+0x39e/0x830
[ 52.966705][ T376] __slab_alloc+0x4a/0x90
[ 52.970867][ T376] kmem_cache_alloc+0x139/0x250
[ 52.975548][ T376] __alloc_skb+0xbe/0x550
[ 52.979839][ T376] alloc_skb_with_frags+0xa6/0x680
[ 52.984747][ T376] sock_alloc_send_pskb+0x915/0xa50
[ 52.989788][ T376] unix_dgram_sendmsg+0x6fd/0x2090
[ 52.994822][ T376] __sys_sendto+0x564/0x720
[ 52.999155][ T376] __x64_sys_sendto+0xe5/0x100
[ 53.004363][ T376] x64_sys_call+0x15c/0x9a0
[ 53.008711][ T376] do_syscall_64+0x3b/0xb0
[ 53.012957][ T376] page last free stack trace:
[ 53.017470][ T376] __free_pages_ok+0x985/0xa50
[ 53.022072][ T376] __free_pages+0xe9/0xf0
[ 53.026291][ T376] free_nonslab_page+0x82/0xc0
[ 53.030835][ T376] kfree+0x1a3/0x270
[ 53.034565][ T376] kvfree+0x35/0x40
[ 53.038215][ T376] btf_check_all_metas+0x5c4/0xa40
[ 53.043164][ T376] btf_parse_vmlinux+0x403/0xe00
[ 53.047933][ T376] bpf_check+0x757/0x12c60
[ 53.052190][ T376] bpf_prog_load+0x12ac/0x1b50
[ 53.056895][ T376] __sys_bpf+0x4bc/0x760
[ 53.060977][ T376] __x64_sys_bpf+0x7c/0x90
[ 53.065228][ T376] x64_sys_call+0x87f/0x9a0
[ 53.069566][ T376] do_syscall_64+0x3b/0xb0
[ 53.073825][ T376] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 53.079649][ T376]
[ 53.081816][ T376] Memory state around the buggy address:
[ 53.087285][ T376] ffff888124857f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 53.095185][ T376] ffff888124857f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 53.103085][ T376] >ffff888124858000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 53.111075][ T376] ^
[ 53.115060][ T376] ffff888124858080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fc
[ 53.122958][ T376] ffff888124858100: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
[ 53.130866][ T376] ==================================================================
[ 53.149753][ T380] FAULT_INJECTION: forcing a failure.
[ 53.149753][ T380] name failslab, interval 1, probability 0, space 0, times 0
[ 53.162257][ T380] CPU: 1 PID: 380 Comm: syz-executor.0 Tainted: G B 5.15.173-syzkaller-1077948-gb4bd207b0380 #0
[ 53.173801][ T380] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[ 53.183781][ T380] Call Trace:
[ 53.186938][ T380]
[ 53.189811][ T380] dump_stack_lvl+0x151/0x1c0
[ 53.194282][ T380] ? io_uring_drop_tctx_refs+0x190/0x190
[ 53.199841][ T380] dump_stack+0x15/0x20
[ 53.203830][ T380] should_fail+0x3c6/0x510
[ 53.208080][ T380] __should_failslab+0xa4/0xe0
[ 53.212679][ T380] should_failslab+0x9/0x20
[ 53.217033][ T380] slab_pre_alloc_hook+0x37/0xd0
[ 53.221802][ T380] kmem_cache_alloc_trace+0x48/0x270
[ 53.226915][ T380] ? sk_psock_skb_ingress_self+0x60/0x330
[ 53.232472][ T380] ? migrate_disable+0x190/0x190
[ 53.237254][ T380] sk_psock_skb_ingress_self+0x60/0x330
[ 53.242712][ T380] sk_psock_verdict_recv+0x66d/0x840
[ 53.247836][ T380] unix_read_sock+0x132/0x370
[ 53.252348][ T380] ? sk_psock_skb_redirect+0x440/0x440
[ 53.257638][ T380] ? unix_stream_splice_actor+0x120/0x120
[ 53.263204][ T380] ? _raw_spin_lock_irqsave+0xf9/0x210
[ 53.268489][ T380] ? unix_stream_splice_actor+0x120/0x120
[ 53.274043][ T380] sk_psock_verdict_data_ready+0x147/0x1a0
[ 53.279684][ T380] ? sk_psock_start_verdict+0xc0/0xc0
[ 53.284927][ T380] ? _raw_spin_lock+0xa4/0x1b0
[ 53.289493][ T380] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 53.295144][ T380] ? skb_queue_tail+0xfb/0x120
[ 53.299740][ T380] unix_dgram_sendmsg+0x15fa/0x2090
[ 53.304773][ T380] ? unix_dgram_poll+0x690/0x690
[ 53.309544][ T380] ? security_socket_sendmsg+0x82/0xb0
[ 53.314845][ T380] ? unix_dgram_poll+0x690/0x690
[ 53.319636][ T380] ____sys_sendmsg+0x59e/0x8f0
[ 53.324306][ T380] ? __sys_sendmsg_sock+0x40/0x40
[ 53.329167][ T380] ? import_iovec+0xe5/0x120
[ 53.333778][ T380] ___sys_sendmsg+0x252/0x2e0
[ 53.338280][ T380] ? __sys_sendmsg+0x260/0x260
[ 53.342880][ T380] ? putname+0xfa/0x150
[ 53.346879][ T380] ? __fdget+0x1bc/0x240
[ 53.350948][ T380] __se_sys_sendmsg+0x19a/0x260
[ 53.355633][ T380] ? __x64_sys_sendmsg+0x90/0x90
[ 53.360405][ T380] ? ksys_write+0x260/0x2c0
[ 53.364749][ T380] ? debug_smp_processor_id+0x17/0x20
[ 53.370042][ T380] ? fpregs_assert_state_consistent+0xb6/0xe0
[ 53.376387][ T380] __x64_sys_sendmsg+0x7b/0x90
[ 53.380979][ T380] x64_sys_call+0x16a/0x9a0
[ 53.385316][ T380] do_syscall_64+0x3b/0xb0
[ 53.389567][ T380] ? clear_bhb_loop+0x35/0x90
[ 53.394082][ T380] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 53.399810][ T380] RIP: 0033:0x7ff7fd959ea9
[ 53.404064][ T380] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[ 53.423604][ T380] RSP: 002b:00007ff7fd4db0c8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 53.431841][ T380] RAX: ffffffffffffffda RBX: 00007ff7fda87f80 RCX: 00007ff7fd959ea9
[ 53.439681][ T380] RDX: 0000000000000000 RSI: 0000000020000500 RDI: 0000000000000004
[ 53.447476][ T380] RBP: 00007ff7fd4db120 R08: 0000000000000000 R09: 0000000000000000
[ 53.455273][ T380] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 53.463084][ T380] R13: 000000000000000b R14: 00007ff7fda87f80 R15: 00007ffd6fb492c8
[ 53.470897][ T380]
[ 53.475031][ T379] ==================================================================
[ 53.482922][ T379] BUG: KASAN: double-free or invalid-free in kmem_cache_free+0x115/0x330
[ 53.491243][ T379]
[ 53.493408][ T379] CPU: 1 PID: 379 Comm: syz-executor.0 Tainted: G B 5.15.173-syzkaller-1077948-gb4bd207b0380 #0
[ 53.504949][ T379] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[ 53.515116][ T379] Call Trace:
[ 53.518256][ T379]
[ 53.521019][ T379] dump_stack_lvl+0x151/0x1c0
[ 53.525809][ T379] ? io_uring_drop_tctx_refs+0x190/0x190
[ 53.531429][ T379] ? __wake_up_klogd+0xd5/0x110
[ 53.536267][ T379] ? panic+0x760/0x760
[ 53.540252][ T379] ? kmem_cache_free+0x115/0x330
[ 53.545467][ T379] print_address_description+0x87/0x3b0
[ 53.550840][ T379] ? kmem_cache_free+0x115/0x330
[ 53.555624][ T379] ? kmem_cache_free+0x115/0x330
[ 53.560388][ T379] kasan_report_invalid_free+0x6b/0xa0
[ 53.565685][ T379] ____kasan_slab_free+0x13e/0x160
[ 53.570637][ T379] __kasan_slab_free+0x11/0x20
[ 53.575231][ T379] slab_free_freelist_hook+0xbd/0x190
[ 53.580447][ T379] kmem_cache_free+0x115/0x330
[ 53.585041][ T379] ? kfree_skbmem+0x104/0x170
[ 53.589554][ T379] kfree_skbmem+0x104/0x170
[ 53.593894][ T379] consume_skb+0xb4/0x250
[ 53.598058][ T379] __sk_msg_free+0x2dd/0x370
[ 53.602572][ T379] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 53.608211][ T379] sk_psock_stop+0x44c/0x4d0
[ 53.612642][ T379] sk_psock_drop+0x219/0x310
[ 53.617065][ T379] sock_map_unref+0x48f/0x4d0
[ 53.621586][ T379] ? __local_bh_enable_ip+0x58/0x80
[ 53.626613][ T379] ? _raw_spin_unlock_bh+0x51/0x60
[ 53.631564][ T379] sock_map_remove_links+0x41c/0x650
[ 53.636686][ T379] ? __kasan_record_aux_stack+0xd3/0xf0
[ 53.642069][ T379] ? kasan_record_aux_stack+0xe/0x10
[ 53.647183][ T379] ? task_work_add+0x27/0x1d0
[ 53.651695][ T379] ? sock_map_unhash+0x120/0x120
[ 53.656466][ T379] ? x64_sys_call+0x3d/0x9a0
[ 53.660903][ T379] ? locks_remove_posix+0x610/0x610
[ 53.666032][ T379] sock_map_close+0x114/0x530
[ 53.670530][ T379] ? unix_peer_get+0xe0/0xe0
[ 53.674968][ T379] ? sock_map_remove_links+0x650/0x650
[ 53.680257][ T379] ? rwsem_mark_wake+0x770/0x770
[ 53.685023][ T379] unix_release+0x82/0xc0
[ 53.689193][ T379] sock_close+0xdf/0x270
[ 53.693271][ T379] ? sock_mmap+0xa0/0xa0
[ 53.697350][ T379] __fput+0x228/0x8c0
[ 53.701181][ T379] ____fput+0x15/0x20
[ 53.704990][ T379] task_work_run+0x129/0x190
[ 53.709593][ T379] exit_to_user_mode_loop+0xc4/0xe0
[ 53.714620][ T379] exit_to_user_mode_prepare+0x5a/0xa0
[ 53.720015][ T379] syscall_exit_to_user_mode+0x26/0x160
[ 53.725394][ T379] do_syscall_64+0x47/0xb0
[ 53.729649][ T379] ? clear_bhb_loop+0x35/0x90
[ 53.734160][ T379] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 53.739901][ T379] RIP: 0033:0x7ff7fd958d9a
[ 53.744150][ T379] Code: 48 3d 00 f0 ff ff 77 48 c3 0f 1f 80 00 00 00 00 48 83 ec 18 89 7c 24 0c e8 03 7f 02 00 8b 7c 24 0c 89 c2 b8 03 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 36 89 d7 89 44 24 0c e8 63 7f 02 00 8b 44 24
[ 53.763593][ T379] RSP: 002b:00007ffd6fb49390 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[ 53.771837][ T379] RAX: 0000000000000000 RBX: 0000000000000004 RCX: 00007ff7fd958d9a
[ 53.779645][ T379] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003
[ 53.787455][ T379] RBP: 00007ff7fda89980 R08: 0000001b31b60000 R09: 0000000000000001
[ 53.795352][ T379] R10: 0000000000000001 R11: 0000000000000293 R12: 000000000000d2c8
[ 53.803164][ T379] R13: 000000000000cf89 R14: 00007ffd6fb49550 R15: 00007ff7fd910cb0
[ 53.811030][ T379]
[ 53.813927][ T379]
[ 53.816098][ T379] Allocated by task 380:
[ 53.820185][ T379] __kasan_slab_alloc+0xb1/0xe0
[ 53.824859][ T379] slab_post_alloc_hook+0x53/0x2c0
[ 53.829818][ T379] kmem_cache_alloc+0xf5/0x250
[ 53.834407][ T379] skb_clone+0x1d1/0x360
[ 53.838488][ T379] sk_psock_verdict_recv+0x53/0x840
[ 53.843524][ T379] unix_read_sock+0x132/0x370
[ 53.848034][ T379] sk_psock_verdict_data_ready+0x147/0x1a0
[ 53.853678][ T379] unix_dgram_sendmsg+0x15fa/0x2090
[ 53.858708][ T379] ____sys_sendmsg+0x59e/0x8f0
[ 53.863313][ T379] ___sys_sendmsg+0x252/0x2e0
[ 53.867824][ T379] __se_sys_sendmsg+0x19a/0x260
[ 53.872542][ T379] __x64_sys_sendmsg+0x7b/0x90
[ 53.877117][ T379] x64_sys_call+0x16a/0x9a0
[ 53.881449][ T379] do_syscall_64+0x3b/0xb0
[ 53.885703][ T379] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 53.891433][ T379]
[ 53.893602][ T379] Freed by task 307:
[ 53.897421][ T379] kasan_set_track+0x4b/0x70
[ 53.901882][ T379] kasan_set_free_info+0x23/0x40
[ 53.906623][ T379] ____kasan_slab_free+0x126/0x160
[ 53.911662][ T379] __kasan_slab_free+0x11/0x20
[ 53.916468][ T379] slab_free_freelist_hook+0xbd/0x190
[ 53.921676][ T379] kmem_cache_free+0x115/0x330
[ 53.926276][ T379] kfree_skbmem+0x104/0x170
[ 53.930610][ T379] kfree_skb+0xc2/0x360
[ 53.934604][ T379] sk_psock_backlog+0xc21/0xd90
[ 53.939291][ T379] process_one_work+0x6bb/0xc10
[ 53.943978][ T379] worker_thread+0xad5/0x12a0
[ 53.948495][ T379] kthread+0x421/0x510
[ 53.952397][ T379] ret_from_fork+0x1f/0x30
[ 53.956646][ T379]
[ 53.958817][ T379] The buggy address belongs to the object at ffff88810dad3640
[ 53.958817][ T379] which belongs to the cache skbuff_head_cache of size 248
[ 53.973333][ T379] The buggy address is located 0 bytes inside of
[ 53.973333][ T379] 248-byte region [ffff88810dad3640, ffff88810dad3738)
[ 53.986342][ T379] The buggy address belongs to the page:
[ 53.991907][ T379] page:ffffea000436b4c0 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10dad3
[ 54.001963][ T379] flags: 0x4000000000000200(slab|zone=1)
[ 54.007448][ T379] raw: 4000000000000200 0000000000000000 dead000000000122 ffff8881081aa180
[ 54.015856][ T379] raw: 0000000000000000 00000000000c000c 00000001ffffffff 0000000000000000
[ 54.024443][ T379] page dumped because: kasan: bad access detected
[ 54.030693][ T379] page_owner tracks the page as allocated
[ 54.036332][ T379] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x112cc0(GFP_USER|__GFP_NOWARN|__GFP_NORETRY), pid 90, ts 52356597661, free_ts 52024984712
[ 54.052060][ T379] post_alloc_hook+0x1a3/0x1b0
[ 54.056652][ T379] prep_new_page+0x1b/0x110
[ 54.060992][ T379] get_page_from_freelist+0x3550/0x35d0
[ 54.066374][ T379] __alloc_pages+0x27e/0x8f0
[ 54.070797][ T379] new_slab+0x9a/0x4e0
[ 54.074706][ T379] ___slab_alloc+0x39e/0x830
[ 54.079228][ T379] __slab_alloc+0x4a/0x90
[ 54.083472][ T379] kmem_cache_alloc+0x139/0x250
[ 54.088157][ T379] __alloc_skb+0xbe/0x550
[ 54.092326][ T379] alloc_skb_with_frags+0xa6/0x680
[ 54.097272][ T379] sock_alloc_send_pskb+0x915/0xa50
[ 54.102313][ T379] unix_dgram_sendmsg+0x6fd/0x2090
[ 54.107252][ T379] __sys_sendto+0x564/0x720
[ 54.111605][ T379] __x64_sys_sendto+0xe5/0x100
[ 54.116287][ T379] x64_sys_call+0x15c/0x9a0
[ 54.120622][ T379] do_syscall_64+0x3b/0xb0
[ 54.124877][ T379] page last free stack trace:
[ 54.129471][ T379] free_unref_page_prepare+0x7c8/0x7d0
[ 54.134857][ T379] free_unref_page_list+0x14b/0xa60
[ 54.139984][ T379] release_pages+0x1310/0x1370
[ 54.144582][ T379] free_pages_and_swap_cache+0x8a/0xa0
[ 54.149875][ T379] tlb_finish_mmu+0x177/0x320
[ 54.154390][ T379] exit_mmap+0x40d/0x940
[ 54.158476][ T379] __mmput+0x95/0x310
[ 54.162376][ T379] mmput+0x5b/0x170
[ 54.166023][ T379] do_exit+0xb9c/0x2ca0
[ 54.170100][ T379] do_group_exit+0x141/0x310
[ 54.174537][ T379] get_signal+0x7a3/0x1630
[ 54.178793][ T379] arch_do_signal_or_restart+0xbd/0x1680
[ 54.184257][ T379] exit_to_user_mode_loop+0xa0/0xe0
[ 54.189283][ T379] exit_to_user_mode_prepare+0x5a/0xa0
[ 54.194629][ T379] syscall_exit_to_user_mode+0x26/0x160
[ 54.200041][ T379] do_syscall_64+0x47/0xb0
[ 54.204297][ T379]
[ 54.206463][ T379] Memory state around the buggy address:
[ 54.212025][ T379] ffff88810dad3500: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 54.219951][ T379] ffff88810dad3580: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fc
[ 54.227922][ T379] >ffff88810dad3600: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
[ 54.235802][ T379] ^
[ 54.241796][ T379] ffff88810dad3680: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 54.249801][ T379] ffff88810dad3700: fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc fc
[ 54.257763][ T379] ==================================================================
[ 54.278965][ T383] FAULT_INJECTION: forcing a failure.
[ 54.278965][ T383] name failslab, interval 1, probability 0, space 0, times 0
[ 54.291811][ T383] CPU: 1 PID: 383 Comm: syz-executor.0 Tainted: G B 5.15.173-syzkaller-1077948-gb4bd207b0380 #0
[ 54.303322][ T383] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[ 54.313288][ T383] Call Trace:
[ 54.316678][ T383]
[ 54.319464][ T383] dump_stack_lvl+0x151/0x1c0
[ 54.324055][ T383] ? io_uring_drop_tctx_refs+0x190/0x190
[ 54.329523][ T383] dump_stack+0x15/0x20
[ 54.333510][ T383] should_fail+0x3c6/0x510
[ 54.337767][ T383] __should_failslab+0xa4/0xe0
[ 54.342362][ T383] should_failslab+0x9/0x20
[ 54.346710][ T383] slab_pre_alloc_hook+0x37/0xd0
[ 54.351478][ T383] kmem_cache_alloc_trace+0x48/0x270
[ 54.356595][ T383] ? sk_psock_skb_ingress_self+0x60/0x330
[ 54.362151][ T383] ? migrate_disable+0x190/0x190
[ 54.366923][ T383] sk_psock_skb_ingress_self+0x60/0x330
[ 54.372305][ T383] sk_psock_verdict_recv+0x66d/0x840
[ 54.377437][ T383] unix_read_sock+0x132/0x370
[ 54.381938][ T383] ? sk_psock_skb_redirect+0x440/0x440
[ 54.387232][ T383] ? unix_stream_splice_actor+0x120/0x120
[ 54.392787][ T383] ? _raw_spin_lock_irqsave+0xf9/0x210
[ 54.398085][ T383] ? unix_stream_splice_actor+0x120/0x120
[ 54.403636][ T383] sk_psock_verdict_data_ready+0x147/0x1a0
[ 54.409278][ T383] ? sk_psock_start_verdict+0xc0/0xc0
[ 54.414487][ T383] ? _raw_spin_lock+0xa4/0x1b0
[ 54.419088][ T383] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 54.424736][ T383] ? skb_queue_tail+0xfb/0x120
[ 54.429328][ T383] unix_dgram_sendmsg+0x15fa/0x2090
[ 54.434368][ T383] ? unix_dgram_poll+0x690/0x690
[ 54.439138][ T383] ? security_socket_sendmsg+0x82/0xb0
[ 54.444428][ T383] ? unix_dgram_poll+0x690/0x690
[ 54.449202][ T383] ____sys_sendmsg+0x59e/0x8f0
[ 54.453805][ T383] ? __sys_sendmsg_sock+0x40/0x40
[ 54.458668][ T383] ? import_iovec+0xe5/0x120
[ 54.463093][ T383] ___sys_sendmsg+0x252/0x2e0
[ 54.467606][ T383] ? __sys_sendmsg+0x260/0x260
[ 54.472209][ T383] ? putname+0xfa/0x150
[ 54.476198][ T383] ? __fdget+0x1bc/0x240
[ 54.480275][ T383] __se_sys_sendmsg+0x19a/0x260
[ 54.484968][ T383] ? __x64_sys_sendmsg+0x90/0x90
[ 54.489734][ T383] ? ksys_write+0x260/0x2c0
[ 54.494085][ T383] ? debug_smp_processor_id+0x17/0x20
[ 54.499454][ T383] ? fpregs_assert_state_consistent+0xb6/0xe0
[ 54.505360][ T383] __x64_sys_sendmsg+0x7b/0x90
[ 54.509963][ T383] x64_sys_call+0x16a/0x9a0
[ 54.514393][ T383] do_syscall_64+0x3b/0xb0
[ 54.518775][ T383] ? clear_bhb_loop+0x35/0x90
[ 54.523285][ T383] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 54.529021][ T383] RIP: 0033:0x7ff7fd959ea9
[ 54.533360][ T383] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[ 54.553158][ T383] RSP: 002b:00007ff7fd4db0c8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 54.561397][ T383] RAX: ffffffffffffffda RBX: 00007ff7fda87f80 RCX: 00007ff7fd959ea9
[ 54.569213][ T383] RDX: 0000000000000000 RSI: 0000000020000500 RDI: 0000000000000004
[ 54.577017][ T383] RBP: 00007ff7fd4db120 R08: 0000000000000000 R09: 0000000000000000
[ 54.584831][ T383] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 54.592642][ T383] R13: 000000000000000b R14: 00007ff7fda87f80 R15: 00007ffd6fb492c8
[ 54.600459][ T383]
[ 54.604500][ T382] ==================================================================
[ 54.612561][ T382] BUG: KASAN: double-free or invalid-free in kmem_cache_free+0x115/0x330
[ 54.620802][ T382]
[ 54.622975][ T382] CPU: 0 PID: 382 Comm: syz-executor.0 Tainted: G B 5.15.173-syzkaller-1077948-gb4bd207b0380 #0
[ 54.634610][ T382] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[ 54.644584][ T382] Call Trace:
[ 54.647711][ T382]
[ 54.650487][ T382] dump_stack_lvl+0x151/0x1c0
[ 54.654998][ T382] ? io_uring_drop_tctx_refs+0x190/0x190
[ 54.660464][ T382] ? __wake_up_klogd+0xd5/0x110
[ 54.665153][ T382] ? panic+0x760/0x760
[ 54.669060][ T382] ? kmem_cache_free+0x115/0x330
[ 54.673833][ T382] print_address_description+0x87/0x3b0
[ 54.679213][ T382] ? kmem_cache_free+0x115/0x330
[ 54.684074][ T382] ? kmem_cache_free+0x115/0x330
[ 54.688848][ T382] kasan_report_invalid_free+0x6b/0xa0
[ 54.694141][ T382] ____kasan_slab_free+0x13e/0x160
[ 54.699089][ T382] __kasan_slab_free+0x11/0x20
[ 54.703688][ T382] slab_free_freelist_hook+0xbd/0x190
[ 54.708999][ T382] kmem_cache_free+0x115/0x330
[ 54.713595][ T382] ? kfree_skbmem+0x104/0x170
[ 54.718108][ T382] kfree_skbmem+0x104/0x170
[ 54.722449][ T382] consume_skb+0xb4/0x250
[ 54.726627][ T382] __sk_msg_free+0x2dd/0x370
[ 54.731129][ T382] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 54.736856][ T382] sk_psock_stop+0x44c/0x4d0
[ 54.741294][ T382] sk_psock_drop+0x219/0x310
[ 54.745724][ T382] sock_map_unref+0x48f/0x4d0
[ 54.750225][ T382] ? __local_bh_enable_ip+0x58/0x80
[ 54.755259][ T382] ? _raw_spin_unlock_bh+0x51/0x60
[ 54.760206][ T382] sock_map_remove_links+0x41c/0x650
[ 54.765334][ T382] ? __kasan_record_aux_stack+0xd3/0xf0
[ 54.770708][ T382] ? kasan_record_aux_stack+0xe/0x10
[ 54.775841][ T382] ? task_work_add+0x27/0x1d0
[ 54.780349][ T382] ? sock_map_unhash+0x120/0x120
[ 54.785117][ T382] ? x64_sys_call+0x3d/0x9a0
[ 54.789552][ T382] ? locks_remove_posix+0x610/0x610
[ 54.794577][ T382] sock_map_close+0x114/0x530
[ 54.799088][ T382] ? unix_peer_get+0xe0/0xe0
[ 54.803521][ T382] ? sock_map_remove_links+0x650/0x650
[ 54.808823][ T382] ? rwsem_mark_wake+0x770/0x770
[ 54.813584][ T382] unix_release+0x82/0xc0
[ 54.817762][ T382] sock_close+0xdf/0x270
[ 54.821925][ T382] ? sock_mmap+0xa0/0xa0
[ 54.825992][ T382] __fput+0x228/0x8c0
[ 54.829817][ T382] ____fput+0x15/0x20
[ 54.833756][ T382] task_work_run+0x129/0x190
[ 54.838180][ T382] exit_to_user_mode_loop+0xc4/0xe0
[ 54.843214][ T382] exit_to_user_mode_prepare+0x5a/0xa0
[ 54.848510][ T382] syscall_exit_to_user_mode+0x26/0x160
[ 54.853893][ T382] do_syscall_64+0x47/0xb0
[ 54.858241][ T382] ? clear_bhb_loop+0x35/0x90
[ 54.862744][ T382] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 54.868473][ T382] RIP: 0033:0x7ff7fd958d9a
[ 54.872724][ T382] Code: 48 3d 00 f0 ff ff 77 48 c3 0f 1f 80 00 00 00 00 48 83 ec 18 89 7c 24 0c e8 03 7f 02 00 8b 7c 24 0c 89 c2 b8 03 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 36 89 d7 89 44 24 0c e8 63 7f 02 00 8b 44 24
[ 54.892641][ T382] RSP: 002b:00007ffd6fb49390 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[ 54.900977][ T382] RAX: 0000000000000000 RBX: 0000000000000004 RCX: 00007ff7fd958d9a
[ 54.908794][ T382] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003
[ 54.916600][ T382] RBP: 00007ff7fda89980 R08: 0000001b31b60000 R09: 0000000000000001
[ 54.924413][ T382] R10: 0000000000000001 R11: 0000000000000293 R12: 000000000000d732
[ 54.932223][ T382] R13: 000000000000d3f2 R14: 00007ffd6fb49550 R15: 00007ff7fd910cb0
[ 54.940123][ T382]
[ 54.942984][ T382]
[ 54.945157][ T382] Allocated by task 383:
[ 54.949235][ T382] __kasan_slab_alloc+0xb1/0xe0
[ 54.953924][ T382] slab_post_alloc_hook+0x53/0x2c0
[ 54.958869][ T382] kmem_cache_alloc+0xf5/0x250
[ 54.963553][ T382] skb_clone+0x1d1/0x360
[ 54.967687][ T382] sk_psock_verdict_recv+0x53/0x840
[ 54.972667][ T382] unix_read_sock+0x132/0x370
[ 54.977178][ T382] sk_psock_verdict_data_ready+0x147/0x1a0
[ 54.982822][ T382] unix_dgram_sendmsg+0x15fa/0x2090
[ 54.987856][ T382] ____sys_sendmsg+0x59e/0x8f0
[ 54.992458][ T382] ___sys_sendmsg+0x252/0x2e0
[ 54.996969][ T382] __se_sys_sendmsg+0x19a/0x260
[ 55.001659][ T382] __x64_sys_sendmsg+0x7b/0x90
[ 55.006254][ T382] x64_sys_call+0x16a/0x9a0
[ 55.010599][ T382] do_syscall_64+0x3b/0xb0
[ 55.015025][ T382] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 55.020755][ T382]
[ 55.022921][ T382] Freed by task 42:
[ 55.026578][ T382] kasan_set_track+0x4b/0x70
[ 55.030991][ T382] kasan_set_free_info+0x23/0x40
[ 55.035766][ T382] ____kasan_slab_free+0x126/0x160
[ 55.040804][ T382] __kasan_slab_free+0x11/0x20
[ 55.045402][ T382] slab_free_freelist_hook+0xbd/0x190
[ 55.050607][ T382] kmem_cache_free+0x115/0x330
[ 55.055210][ T382] kfree_skbmem+0x104/0x170
[ 55.059635][ T382] kfree_skb+0xc2/0x360
[ 55.063633][ T382] sk_psock_backlog+0xc21/0xd90
[ 55.068836][ T382] process_one_work+0x6bb/0xc10
[ 55.073527][ T382] worker_thread+0xad5/0x12a0
[ 55.078035][ T382] kthread+0x421/0x510
[ 55.083096][ T382] ret_from_fork+0x1f/0x30
[ 55.087320][ T382]
[ 55.089490][ T382] The buggy address belongs to the object at ffff88811019db40
[ 55.089490][ T382] which belongs to the cache skbuff_head_cache of size 248
[ 55.103994][ T382] The buggy address is located 0 bytes inside of
[ 55.103994][ T382] 248-byte region [ffff88811019db40, ffff88811019dc38)
[ 55.117007][ T382] The buggy address belongs to the page:
[ 55.122477][ T382] page:ffffea0004406740 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x11019d
[ 55.132732][ T382] flags: 0x4000000000000200(slab|zone=1)
[ 55.138479][ T382] raw: 4000000000000200 ffffea00043f1780 0000000a0000000a ffff8881081aa180
[ 55.146988][ T382] raw: 0000000000000000 00000000800c000c 00000001ffffffff 0000000000000000
[ 55.155747][ T382] page dumped because: kasan: bad access detected
[ 55.162099][ T382] page_owner tracks the page as allocated
[ 55.167914][ T382] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x12cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY), pid 108, ts 4698388373, free_ts 0
[ 55.183707][ T382] post_alloc_hook+0x1a3/0x1b0
[ 55.188291][ T382] prep_new_page+0x1b/0x110
[ 55.192654][ T382] get_page_from_freelist+0x3550/0x35d0
[ 55.198008][ T382] __alloc_pages+0x27e/0x8f0
[ 55.202449][ T382] new_slab+0x9a/0x4e0
[ 55.206343][ T382] ___slab_alloc+0x39e/0x830
[ 55.210766][ T382] __slab_alloc+0x4a/0x90
[ 55.214933][ T382] kmem_cache_alloc+0x139/0x250
[ 55.219619][ T382] __alloc_skb+0xbe/0x550
[ 55.223786][ T382] netlink_sendmsg+0x797/0xd20
[ 55.228496][ T382] ____sys_sendmsg+0x59e/0x8f0
[ 55.233071][ T382] ___sys_sendmsg+0x252/0x2e0
[ 55.237594][ T382] __se_sys_sendmsg+0x19a/0x260
[ 55.242274][ T382] __x64_sys_sendmsg+0x7b/0x90
[ 55.246883][ T382] x64_sys_call+0x16a/0x9a0
[ 55.251310][ T382] do_syscall_64+0x3b/0xb0
[ 55.255649][ T382] page_owner free stack trace missing
[ 55.260849][ T382]
[ 55.263024][ T382] Memory state around the buggy address:
[ 55.268488][ T382] ffff88811019da00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 55.276393][ T382] ffff88811019da80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fc
[ 55.284285][ T382] >ffff88811019db00: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
[ 55.292180][ T382] ^
[ 55.298323][ T382] ffff88811019db80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 55.306265][ T382] ffff88811019dc00: fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc fc
[ 55.314249][ T382] ==================================================================
[ 55.335490][ T386] FAULT_INJECTION: forcing a failure.
[ 55.335490][ T386] name failslab, interval 1, probability 0, space 0, times 0
[ 55.348058][ T386] CPU: 0 PID: 386 Comm: syz-executor.0 Tainted: G B 5.15.173-syzkaller-1077948-gb4bd207b0380 #0
[ 55.359526][ T386] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[ 55.369417][ T386] Call Trace:
[ 55.372548][ T386]
[ 55.375327][ T386] dump_stack_lvl+0x151/0x1c0
[ 55.379830][ T386] ? io_uring_drop_tctx_refs+0x190/0x190
[ 55.385300][ T386] dump_stack+0x15/0x20
[ 55.389340][ T386] should_fail+0x3c6/0x510
[ 55.393549][ T386] __should_failslab+0xa4/0xe0
[ 55.398147][ T386] should_failslab+0x9/0x20
[ 55.402485][ T386] slab_pre_alloc_hook+0x37/0xd0
[ 55.407262][ T386] kmem_cache_alloc_trace+0x48/0x270
[ 55.412395][ T386] ? sk_psock_skb_ingress_self+0x60/0x330
[ 55.417937][ T386] ? migrate_disable+0x190/0x190
[ 55.422711][ T386] sk_psock_skb_ingress_self+0x60/0x330
[ 55.428093][ T386] sk_psock_verdict_recv+0x66d/0x840
[ 55.433212][ T386] unix_read_sock+0x132/0x370
[ 55.437724][ T386] ? sk_psock_skb_redirect+0x440/0x440
[ 55.443021][ T386] ? unix_stream_splice_actor+0x120/0x120
[ 55.448596][ T386] ? _raw_spin_lock_irqsave+0xf9/0x210
[ 55.453869][ T386] ? unix_stream_splice_actor+0x120/0x120
[ 55.459426][ T386] sk_psock_verdict_data_ready+0x147/0x1a0
[ 55.465064][ T386] ? sk_psock_start_verdict+0xc0/0xc0
[ 55.470271][ T386] ? _raw_spin_lock+0xa4/0x1b0
[ 55.474962][ T386] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 55.480601][ T386] ? skb_queue_tail+0xfb/0x120
[ 55.485199][ T386] unix_dgram_sendmsg+0x15fa/0x2090
[ 55.490250][ T386] ? unix_dgram_poll+0x690/0x690
[ 55.495251][ T386] ? security_socket_sendmsg+0x82/0xb0
[ 55.500527][ T386] ? unix_dgram_poll+0x690/0x690
[ 55.505301][ T386] ____sys_sendmsg+0x59e/0x8f0
[ 55.509905][ T386] ? __sys_sendmsg_sock+0x40/0x40
[ 55.514917][ T386] ? import_iovec+0xe5/0x120
[ 55.519309][ T386] ___sys_sendmsg+0x252/0x2e0
[ 55.523840][ T386] ? __sys_sendmsg+0x260/0x260
[ 55.528522][ T386] ? putname+0xfa/0x150
[ 55.532659][ T386] ? __fdget+0x1bc/0x240
[ 55.537032][ T386] __se_sys_sendmsg+0x19a/0x260
[ 55.541694][ T386] ? __x64_sys_sendmsg+0x90/0x90
[ 55.546461][ T386] ? ksys_write+0x260/0x2c0
[ 55.550836][ T386] ? debug_smp_processor_id+0x17/0x20
[ 55.556011][ T386] ? fpregs_assert_state_consistent+0xb6/0xe0
[ 55.561912][ T386] __x64_sys_sendmsg+0x7b/0x90
[ 55.566513][ T386] x64_sys_call+0x16a/0x9a0
[ 55.570859][ T386] do_syscall_64+0x3b/0xb0
[ 55.575110][ T386] ? clear_bhb_loop+0x35/0x90
[ 55.579625][ T386] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 55.585347][ T386] RIP: 0033:0x7ff7fd959ea9
[ 55.589602][ T386] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[ 55.609412][ T386] RSP: 002b:00007ff7fd4db0c8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 55.617741][ T386] RAX: ffffffffffffffda RBX: 00007ff7fda87f80 RCX: 00007ff7fd959ea9
[ 55.625549][ T386] RDX: 0000000000000000 RSI: 0000000020000500 RDI: 0000000000000004
[ 55.633358][ T386] RBP: 00007ff7fd4db120 R08: 0000000000000000 R09: 0000000000000000
[ 55.641257][ T386] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 55.649071][ T386] R13: 000000000000000b R14: 00007ff7fda87f80 R15: 00007ffd6fb492c8
[ 55.656889][ T386]
[ 55.661996][ T385] ==================================================================
[ 55.669880][ T385] BUG: KASAN: double-free or invalid-free in kmem_cache_free+0x115/0x330
[ 55.678208][ T385]
[ 55.680380][ T385] CPU: 1 PID: 385 Comm: syz-executor.0 Tainted: G B 5.15.173-syzkaller-1077948-gb4bd207b0380 #0
[ 55.692010][ T385] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[ 55.702183][ T385] Call Trace:
[ 55.705292][ T385]
[ 55.708066][ T385] dump_stack_lvl+0x151/0x1c0
[ 55.712583][ T385] ? io_uring_drop_tctx_refs+0x190/0x190
[ 55.718047][ T385] ? __wake_up_klogd+0xd5/0x110
[ 55.722742][ T385] ? panic+0x760/0x760
[ 55.726642][ T385] ? kvm_sched_clock_read+0x18/0x40
[ 55.731673][ T385] ? kmem_cache_free+0x115/0x330
[ 55.736445][ T385] print_address_description+0x87/0x3b0
[ 55.741922][ T385] ? kmem_cache_free+0x115/0x330
[ 55.746692][ T385] ? kmem_cache_free+0x115/0x330
[ 55.751485][ T385] kasan_report_invalid_free+0x6b/0xa0
[ 55.756758][ T385] ____kasan_slab_free+0x13e/0x160
[ 55.761822][ T385] __kasan_slab_free+0x11/0x20
[ 55.766532][ T385] slab_free_freelist_hook+0xbd/0x190
[ 55.771746][ T385] kmem_cache_free+0x115/0x330
[ 55.776338][ T385] ? kfree_skbmem+0x104/0x170
[ 55.780846][ T385] kfree_skbmem+0x104/0x170
[ 55.785190][ T385] consume_skb+0xb4/0x250
[ 55.789351][ T385] __sk_msg_free+0x2dd/0x370
[ 55.793777][ T385] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 55.799417][ T385] sk_psock_stop+0x44c/0x4d0
[ 55.803846][ T385] sk_psock_drop+0x219/0x310
[ 55.808270][ T385] sock_map_unref+0x48f/0x4d0
[ 55.812792][ T385] ? __local_bh_enable_ip+0x58/0x80
[ 55.817816][ T385] ? _raw_spin_unlock_bh+0x51/0x60
[ 55.822765][ T385] sock_map_remove_links+0x41c/0x650
[ 55.827888][ T385] ? __kasan_record_aux_stack+0xd3/0xf0
[ 55.833441][ T385] ? kasan_record_aux_stack+0xe/0x10
[ 55.838651][ T385] ? task_work_add+0x27/0x1d0
[ 55.843162][ T385] ? sock_map_unhash+0x120/0x120
[ 55.848021][ T385] ? x64_sys_call+0x3d/0x9a0
[ 55.852455][ T385] ? locks_remove_posix+0x610/0x610
[ 55.857486][ T385] sock_map_close+0x114/0x530
[ 55.861999][ T385] ? unix_peer_get+0xe0/0xe0
[ 55.866422][ T385] ? sock_map_remove_links+0x650/0x650
[ 55.871723][ T385] ? rwsem_mark_wake+0x770/0x770
[ 55.876492][ T385] unix_release+0x82/0xc0
[ 55.880663][ T385] sock_close+0xdf/0x270
[ 55.884761][ T385] ? sock_mmap+0xa0/0xa0
[ 55.888820][ T385] __fput+0x228/0x8c0
[ 55.892639][ T385] ____fput+0x15/0x20
[ 55.896451][ T385] task_work_run+0x129/0x190
[ 55.900878][ T385] exit_to_user_mode_loop+0xc4/0xe0
[ 55.905911][ T385] exit_to_user_mode_prepare+0x5a/0xa0
[ 55.911316][ T385] syscall_exit_to_user_mode+0x26/0x160
[ 55.916693][ T385] do_syscall_64+0x47/0xb0
[ 55.920940][ T385] ? clear_bhb_loop+0x35/0x90
[ 55.925456][ T385] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 55.931269][ T385] RIP: 0033:0x7ff7fd958d9a
[ 55.935540][ T385] Code: 48 3d 00 f0 ff ff 77 48 c3 0f 1f 80 00 00 00 00 48 83 ec 18 89 7c 24 0c e8 03 7f 02 00 8b 7c 24 0c 89 c2 b8 03 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 36 89 d7 89 44 24 0c e8 63 7f 02 00 8b 44 24
[ 55.955256][ T385] RSP: 002b:00007ffd6fb49390 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[ 55.963580][ T385] RAX: 0000000000000000 RBX: 0000000000000004 RCX: 00007ff7fd958d9a
[ 55.971661][ T385] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003
[ 55.979477][ T385] RBP: 00007ff7fda89980 R08: 0000001b31b60000 R09: 0000000000000001
[ 55.987603][ T385] R10: 0000000000000001 R11: 0000000000000293 R12: 000000000000db52
[ 55.995551][ T385] R13: 000000000000d813 R14: 00007ffd6fb49550 R15: 00007ff7fd910cb0
[ 56.003365][ T385]
[ 56.006240][ T385]
[ 56.008388][ T385] Allocated by task 386:
[ 56.012489][ T385] __kasan_slab_alloc+0xb1/0xe0
[ 56.017157][ T385] slab_post_alloc_hook+0x53/0x2c0
[ 56.022101][ T385] kmem_cache_alloc+0xf5/0x250
[ 56.026704][ T385] skb_clone+0x1d1/0x360
[ 56.030784][ T385] sk_psock_verdict_recv+0x53/0x840
[ 56.035901][ T385] unix_read_sock+0x132/0x370
[ 56.040423][ T385] sk_psock_verdict_data_ready+0x147/0x1a0
[ 56.046068][ T385] unix_dgram_sendmsg+0x15fa/0x2090
[ 56.051180][ T385] ____sys_sendmsg+0x59e/0x8f0
[ 56.055781][ T385] ___sys_sendmsg+0x252/0x2e0
[ 56.060293][ T385] __se_sys_sendmsg+0x19a/0x260
[ 56.064977][ T385] __x64_sys_sendmsg+0x7b/0x90
[ 56.069577][ T385] x64_sys_call+0x16a/0x9a0
[ 56.073917][ T385] do_syscall_64+0x3b/0xb0
[ 56.078172][ T385] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 56.083898][ T385]
[ 56.086068][ T385] Freed by task 60:
[ 56.089719][ T385] kasan_set_track+0x4b/0x70
[ 56.094139][ T385] kasan_set_free_info+0x23/0x40
[ 56.098915][ T385] ____kasan_slab_free+0x126/0x160
[ 56.103869][ T385] __kasan_slab_free+0x11/0x20
[ 56.108464][ T385] slab_free_freelist_hook+0xbd/0x190
[ 56.113668][ T385] kmem_cache_free+0x115/0x330
[ 56.118356][ T385] kfree_skbmem+0x104/0x170
[ 56.122695][ T385] kfree_skb+0xc2/0x360
[ 56.126783][ T385] sk_psock_backlog+0xc21/0xd90
[ 56.131469][ T385] process_one_work+0x6bb/0xc10
[ 56.136158][ T385] worker_thread+0xad5/0x12a0
[ 56.140665][ T385] kthread+0x421/0x510
[ 56.144568][ T385] ret_from_fork+0x1f/0x30
[ 56.148828][ T385]
[ 56.151169][ T385] The buggy address belongs to the object at ffff88810dfdd780