Warning: Permanently added '10.128.0.66' (ED25519) to the list of known hosts.
2024/12/27 09:02:23 ignoring optional flag "sandboxArg"="0"
2024/12/27 09:02:23 ignoring optional flag "type"="gce"
2024/12/27 09:02:23 parsed 1 programs
[ 51.903725][ T30] kauditd_printk_skb: 30 callbacks suppressed
[ 51.903740][ T30] audit: type=1400 audit(1735290144.902:106): avc: denied { unlink } for pid=406 comm="syz-executor" name="swap-file" dev="sda1" ino=1929 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[ 51.941726][ T406] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k
[ 52.453420][ T424] bridge0: port 1(bridge_slave_0) entered blocking state
[ 52.460300][ T424] bridge0: port 1(bridge_slave_0) entered disabled state
[ 52.467915][ T424] device bridge_slave_0 entered promiscuous mode
[ 52.474817][ T424] bridge0: port 2(bridge_slave_1) entered blocking state
[ 52.481744][ T424] bridge0: port 2(bridge_slave_1) entered disabled state
[ 52.489440][ T424] device bridge_slave_1 entered promiscuous mode
[ 52.539214][ T424] bridge0: port 2(bridge_slave_1) entered blocking state
[ 52.546360][ T424] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 52.553482][ T424] bridge0: port 1(bridge_slave_0) entered blocking state
[ 52.560218][ T424] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 52.580045][ T287] bridge0: port 1(bridge_slave_0) entered disabled state
[ 52.587316][ T287] bridge0: port 2(bridge_slave_1) entered disabled state
[ 52.594870][ T287] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[ 52.602087][ T287] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 52.611845][ T287] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 52.620095][ T287] bridge0: port 1(bridge_slave_0) entered blocking state
[ 52.626957][ T287] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 52.635539][ T287] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 52.643623][ T287] bridge0: port 2(bridge_slave_1) entered blocking state
[ 52.650450][ T287] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 52.664178][ T287] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 52.673666][ T287] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 52.688202][ T287] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 52.699182][ T287] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 52.707248][ T287] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[ 52.714541][ T287] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[ 52.723626][ T424] device veth0_vlan entered promiscuous mode
[ 52.733518][ T287] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 52.742355][ T424] device veth1_macvtap entered promiscuous mode
[ 52.752246][ T287] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 52.764101][ T287] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[ 53.135236][ T30] audit: type=1401 audit(1735290146.132:107): op=setxattr invalid_context="u:object_r:app_data_file:s0:c512,c768"
2024/12/27 09:02:26 executed programs: 0
[ 53.254089][ T467] bridge0: port 1(bridge_slave_0) entered blocking state
[ 53.261121][ T467] bridge0: port 1(bridge_slave_0) entered disabled state
[ 53.269040][ T467] device bridge_slave_0 entered promiscuous mode
[ 53.276036][ T467] bridge0: port 2(bridge_slave_1) entered blocking state
[ 53.282889][ T467] bridge0: port 2(bridge_slave_1) entered disabled state
[ 53.290320][ T467] device bridge_slave_1 entered promiscuous mode
[ 53.313850][ T45] device bridge_slave_1 left promiscuous mode
[ 53.319807][ T45] bridge0: port 2(bridge_slave_1) entered disabled state
[ 53.327276][ T45] device bridge_slave_0 left promiscuous mode
[ 53.333280][ T45] bridge0: port 1(bridge_slave_0) entered disabled state
[ 53.340998][ T45] device veth1_macvtap left promiscuous mode
[ 53.346922][ T45] device veth0_vlan left promiscuous mode
[ 53.473662][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[ 53.480971][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 53.489560][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[ 53.497974][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 53.506223][ T8] bridge0: port 1(bridge_slave_0) entered blocking state
[ 53.513288][ T8] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 53.520721][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[ 53.530420][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[ 53.538698][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 53.546685][ T8] bridge0: port 2(bridge_slave_1) entered blocking state
[ 53.553544][ T8] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 53.565099][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[ 53.573476][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 53.582442][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[ 53.590555][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 53.604848][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 53.616101][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 53.624125][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[ 53.631338][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[ 53.640026][ T467] device veth0_vlan entered promiscuous mode
[ 53.650222][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 53.659797][ T467] device veth1_macvtap entered promiscuous mode
[ 53.670309][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[ 53.679140][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 53.691044][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[ 53.699498][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[ 53.720322][ T30] audit: type=1400 audit(1735290146.712:108): avc: denied { prog_load } for pid=473 comm="syz.0.15" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1
[ 53.738967][ T30] audit: type=1400 audit(1735290146.712:109): avc: denied { bpf } for pid=473 comm="syz.0.15" capability=39 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1
[ 53.821326][ T30] audit: type=1400 audit(1735290146.812:110): avc: denied { map_create } for pid=473 comm="syz.0.15" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1
[ 53.821815][ T476] FAULT_INJECTION: forcing a failure.
[ 53.821815][ T476] name fail_page_alloc, interval 1, probability 0, space 0, times 1
[ 53.852957][ T30] audit: type=1400 audit(1735290146.812:111): avc: denied { map_read map_write } for pid=473 comm="syz.0.15" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1
[ 53.853318][ T476] CPU: 0 PID: 476 Comm: syz.0.15 Not tainted 5.15.173-syzkaller-1077948-gb4bd207b0380 #0
[ 53.882188][ T476] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[ 53.892094][ T476] Call Trace:
[ 53.895316][ T476]
[ 53.898090][ T476] dump_stack_lvl+0x151/0x1c0
[ 53.902600][ T476] ? io_uring_drop_tctx_refs+0x190/0x190
[ 53.908072][ T476] dump_stack+0x15/0x20
[ 53.912058][ T476] should_fail+0x3c6/0x510
[ 53.916321][ T476] should_fail_alloc_page+0x5a/0x80
[ 53.921345][ T476] prepare_alloc_pages+0x15c/0x700
[ 53.926295][ T476] ? __alloc_pages_bulk+0xe40/0xe40
[ 53.931327][ T476] ? unwind_next_frame+0x3cb/0x700
[ 53.936280][ T476] __alloc_pages+0x18c/0x8f0
[ 53.940702][ T476] ? prep_new_page+0x110/0x110
[ 53.945391][ T476] ? __x64_sys_sendmsg+0x7b/0x90
[ 53.950167][ T476] ? stack_trace_save+0x113/0x1c0
[ 53.955032][ T476] __stack_depot_save+0x38d/0x470
[ 53.959888][ T476] stack_depot_save+0xe/0x10
[ 53.964316][ T476] save_stack+0x104/0x1e0
[ 53.968480][ T476] ? __reset_page_owner+0x190/0x190
[ 53.973511][ T476] ? post_alloc_hook+0x1a3/0x1b0
[ 53.978302][ T476] ? prep_new_page+0x1b/0x110
[ 53.982802][ T476] ? get_page_from_freelist+0x3550/0x35d0
[ 53.988366][ T476] ? __alloc_pages+0x27e/0x8f0
[ 53.992957][ T476] ? __stack_depot_save+0x38d/0x470
[ 53.998001][ T476] ? ____kasan_kmalloc+0xed/0x110
[ 54.002852][ T476] ? __kasan_kmalloc+0x9/0x10
[ 54.007597][ T476] ? __kmalloc_track_caller+0x13e/0x2c0
[ 54.013002][ T476] ? __alloc_skb+0x10c/0x550
[ 54.017536][ T476] ? alloc_skb_with_frags+0xa6/0x680
[ 54.022647][ T476] ? sock_alloc_send_pskb+0x915/0xa50
[ 54.027854][ T476] ? unix_dgram_sendmsg+0x6fd/0x2090
[ 54.032983][ T476] ? ____sys_sendmsg+0x59e/0x8f0
[ 54.037777][ T476] ? ___sys_sendmsg+0x252/0x2e0
[ 54.040169][ T30] audit: type=1400 audit(1735290147.012:112): avc: denied { perfmon } for pid=473 comm="syz.0.15" capability=38 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1
[ 54.042432][ T476] ? __se_sys_sendmsg+0x19a/0x260
[ 54.067853][ T476] ? __x64_sys_sendmsg+0x7b/0x90
[ 54.072584][ T476] __set_page_owner+0x28/0x2e0
[ 54.077175][ T476] ? kernel_init_free_pages+0xda/0xf0
[ 54.082503][ T476] post_alloc_hook+0x1a3/0x1b0
[ 54.087107][ T476] prep_new_page+0x1b/0x110
[ 54.091439][ T476] get_page_from_freelist+0x3550/0x35d0
[ 54.096819][ T476] ? is_bpf_text_address+0x172/0x190
[ 54.101948][ T476] ? arch_stack_walk+0xf3/0x140
[ 54.106716][ T476] ? lruvec_init+0x150/0x150
[ 54.111140][ T476] ? __alloc_pages+0x8f0/0x8f0
[ 54.115739][ T476] ? __alloc_pages_bulk+0xe40/0xe40
[ 54.120773][ T476] ? stack_trace_save+0x1c0/0x1c0
[ 54.125637][ T476] __alloc_pages+0x27e/0x8f0
[ 54.130177][ T476] ? prep_new_page+0x110/0x110
[ 54.134869][ T476] ? stack_trace_save+0x113/0x1c0
[ 54.139726][ T476] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 54.145366][ T476] ? stack_trace_snprint+0xf0/0xf0
[ 54.150314][ T476] __stack_depot_save+0x38d/0x470
[ 54.155174][ T476] ? __kasan_slab_alloc+0x63/0xe0
[ 54.160034][ T476] ____kasan_kmalloc+0xed/0x110
[ 54.164723][ T476] ? ____kasan_kmalloc+0xdb/0x110
[ 54.169583][ T476] ? __kasan_kmalloc+0x9/0x10
[ 54.174093][ T476] ? __kmalloc_track_caller+0x13e/0x2c0
[ 54.179474][ T476] ? __alloc_skb+0x10c/0x550
[ 54.183901][ T476] ? alloc_skb_with_frags+0xa6/0x680
[ 54.189023][ T476] ? sock_alloc_send_pskb+0x915/0xa50
[ 54.194230][ T476] ? unix_dgram_sendmsg+0x6fd/0x2090
[ 54.199357][ T476] ? ____sys_sendmsg+0x59e/0x8f0
[ 54.204125][ T476] ? ___sys_sendmsg+0x252/0x2e0
[ 54.208810][ T476] ? __se_sys_sendmsg+0x19a/0x260
[ 54.213673][ T476] ? __x64_sys_sendmsg+0x7b/0x90
[ 54.218445][ T476] ? x64_sys_call+0x16a/0x9a0
[ 54.222960][ T476] ? do_syscall_64+0x3b/0xb0
[ 54.227385][ T476] ? entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 54.233394][ T476] __kasan_kmalloc+0x9/0x10
[ 54.237723][ T476] __kmalloc_track_caller+0x13e/0x2c0
[ 54.242930][ T476] ? alloc_skb_with_frags+0xa6/0x680
[ 54.248052][ T476] ? alloc_skb_with_frags+0xa6/0x680
[ 54.253171][ T476] __alloc_skb+0x10c/0x550
[ 54.257455][ T476] alloc_skb_with_frags+0xa6/0x680
[ 54.262458][ T476] ? memcpy+0x56/0x70
[ 54.266375][ T476] sock_alloc_send_pskb+0x915/0xa50
[ 54.271403][ T476] ? sock_kzfree_s+0x60/0x60
[ 54.275924][ T476] ? __kasan_check_write+0x14/0x20
[ 54.280872][ T476] ? _raw_spin_lock+0xa4/0x1b0
[ 54.285556][ T476] ? _raw_spin_trylock_bh+0x190/0x190
[ 54.290956][ T476] unix_dgram_sendmsg+0x6fd/0x2090
[ 54.295904][ T476] ? unix_dgram_poll+0x690/0x690
[ 54.300684][ T476] ? kasan_set_track+0x5d/0x70
[ 54.305275][ T476] ? kasan_set_track+0x4b/0x70
[ 54.309878][ T476] ? security_socket_sendmsg+0x82/0xb0
[ 54.315261][ T476] ? unix_dgram_poll+0x690/0x690
[ 54.320036][ T476] ____sys_sendmsg+0x59e/0x8f0
[ 54.324632][ T476] ? __sys_sendmsg_sock+0x40/0x40
[ 54.329491][ T476] ? import_iovec+0xe5/0x120
[ 54.333921][ T476] ___sys_sendmsg+0x252/0x2e0
[ 54.338434][ T476] ? __sys_sendmsg+0x260/0x260
[ 54.343037][ T476] ? putname+0xfa/0x150
[ 54.347027][ T476] ? __fdget+0x1bc/0x240
[ 54.351103][ T476] __se_sys_sendmsg+0x19a/0x260
[ 54.355801][ T476] ? __x64_sys_sendmsg+0x90/0x90
[ 54.360563][ T476] ? ksys_write+0x260/0x2c0
[ 54.364914][ T476] ? debug_smp_processor_id+0x17/0x20
[ 54.370111][ T476] ? fpregs_assert_state_consistent+0xb6/0xe0
[ 54.376011][ T476] __x64_sys_sendmsg+0x7b/0x90
[ 54.380614][ T476] x64_sys_call+0x16a/0x9a0
[ 54.384955][ T476] do_syscall_64+0x3b/0xb0
[ 54.389205][ T476] ? clear_bhb_loop+0x35/0x90
[ 54.393720][ T476] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 54.399444][ T476] RIP: 0033:0x7f70dd4b69f9
[ 54.403701][ T476] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 54.423141][ T476] RSP: 002b:00007f70dcefc038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 54.431386][ T476] RAX: ffffffffffffffda RBX: 00007f70dd645130 RCX: 00007f70dd4b69f9
[ 54.439199][ T476] RDX: 0000000000000000 RSI: 0000000020000500 RDI: 0000000000000004
[ 54.447008][ T476] RBP: 00007f70dcefc090 R08: 0000000000000000 R09: 0000000000000000
[ 54.454821][ T476] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 54.462632][ T476] R13: 0000000000000000 R14: 00007f70dd645130 R15: 00007ffc8b920538
[ 54.470445][ T476]
[ 54.475099][ T30] audit: type=1400 audit(1735290147.472:113): avc: denied { prog_run } for pid=473 comm="syz.0.15" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1
[ 54.501961][ T478] FAULT_INJECTION: forcing a failure.
[ 54.501961][ T478] name failslab, interval 1, probability 0, space 0, times 1
[ 54.514722][ T478] CPU: 1 PID: 478 Comm: syz.0.16 Not tainted 5.15.173-syzkaller-1077948-gb4bd207b0380 #0
[ 54.524343][ T478] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[ 54.534332][ T478] Call Trace:
[ 54.537474][ T478]
[ 54.540316][ T478] dump_stack_lvl+0x151/0x1c0
[ 54.544844][ T478] ? io_uring_drop_tctx_refs+0x190/0x190
[ 54.550314][ T478] dump_stack+0x15/0x20
[ 54.554320][ T478] should_fail+0x3c6/0x510
[ 54.558564][ T478] __should_failslab+0xa4/0xe0
[ 54.563183][ T478] should_failslab+0x9/0x20
[ 54.567495][ T478] slab_pre_alloc_hook+0x37/0xd0
[ 54.572272][ T478] kmem_cache_alloc_trace+0x48/0x270
[ 54.577393][ T478] ? sk_psock_skb_ingress_self+0x60/0x330
[ 54.582954][ T478] ? migrate_disable+0x190/0x190
[ 54.587983][ T478] sk_psock_skb_ingress_self+0x60/0x330
[ 54.593443][ T478] sk_psock_verdict_recv+0x66d/0x840
[ 54.598570][ T478] unix_read_sock+0x132/0x370
[ 54.603082][ T478] ? sk_psock_skb_redirect+0x440/0x440
[ 54.608462][ T478] ? unix_stream_splice_actor+0x120/0x120
[ 54.614130][ T478] ? _raw_spin_lock_irqsave+0xf9/0x210
[ 54.619435][ T478] ? unix_stream_splice_actor+0x120/0x120
[ 54.624989][ T478] sk_psock_verdict_data_ready+0x147/0x1a0
[ 54.630616][ T478] ? sk_psock_start_verdict+0xc0/0xc0
[ 54.635910][ T478] ? _raw_spin_lock+0xa4/0x1b0
[ 54.640512][ T478] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 54.646152][ T478] ? skb_queue_tail+0xfb/0x120
[ 54.650759][ T478] unix_dgram_sendmsg+0x15fa/0x2090
[ 54.655877][ T478] ? unix_dgram_poll+0x690/0x690
[ 54.660749][ T478] ? kasan_set_track+0x5d/0x70
[ 54.665346][ T478] ? kasan_set_track+0x4b/0x70
[ 54.669945][ T478] ? security_socket_sendmsg+0x82/0xb0
[ 54.675240][ T478] ? unix_dgram_poll+0x690/0x690
[ 54.680017][ T478] ____sys_sendmsg+0x59e/0x8f0
[ 54.684618][ T478] ? __sys_sendmsg_sock+0x40/0x40
[ 54.689637][ T478] ? import_iovec+0xe5/0x120
[ 54.693990][ T478] ___sys_sendmsg+0x252/0x2e0
[ 54.698523][ T478] ? __sys_sendmsg+0x260/0x260
[ 54.703106][ T478] ? putname+0xfa/0x150
[ 54.707102][ T478] ? __fdget+0x1bc/0x240
[ 54.711180][ T478] __se_sys_sendmsg+0x19a/0x260
[ 54.715862][ T478] ? __x64_sys_sendmsg+0x90/0x90
[ 54.720708][ T478] ? ksys_write+0x260/0x2c0
[ 54.725065][ T478] ? debug_smp_processor_id+0x17/0x20
[ 54.730272][ T478] ? fpregs_assert_state_consistent+0xb6/0xe0
[ 54.736169][ T478] __x64_sys_sendmsg+0x7b/0x90
[ 54.740859][ T478] x64_sys_call+0x16a/0x9a0
[ 54.745196][ T478] do_syscall_64+0x3b/0xb0
[ 54.749449][ T478] ? clear_bhb_loop+0x35/0x90
[ 54.753963][ T478] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 54.759859][ T478] RIP: 0033:0x7f70dd4b69f9
[ 54.764108][ T478] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 54.783833][ T478] RSP: 002b:00007f70dcf3e038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 54.792255][ T478] RAX: ffffffffffffffda RBX: 00007f70dd644f80 RCX: 00007f70dd4b69f9
[ 54.800161][ T478] RDX: 0000000000000000 RSI: 0000000020000500 RDI: 0000000000000004
[ 54.807975][ T478] RBP: 00007f70dcf3e090 R08: 0000000000000000 R09: 0000000000000000
[ 54.815790][ T478] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 54.823598][ T478] R13: 0000000000000000 R14: 00007f70dd644f80 R15: 00007ffc8b920538
[ 54.831410][ T478]
[ 54.838264][ T477] ==================================================================
[ 54.846141][ T477] BUG: KASAN: use-after-free in consume_skb+0x3c/0x250
[ 54.852819][ T477] Read of size 4 at addr ffff88811f8284ac by task syz.0.16/477
[ 54.860199][ T477]
[ 54.862365][ T477] CPU: 0 PID: 477 Comm: syz.0.16 Not tainted 5.15.173-syzkaller-1077948-gb4bd207b0380 #0
[ 54.872227][ T477] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[ 54.882258][ T477] Call Trace:
[ 54.885377][ T477]
[ 54.888236][ T477] dump_stack_lvl+0x151/0x1c0
[ 54.892765][ T477] ? io_uring_drop_tctx_refs+0x190/0x190
[ 54.898349][ T477] ? panic+0x760/0x760
[ 54.902222][ T477] print_address_description+0x87/0x3b0
[ 54.907601][ T477] ? bpf_ksym_del+0x145/0x150
[ 54.912203][ T477] kasan_report+0x179/0x1c0
[ 54.916654][ T477] ? consume_skb+0x3c/0x250
[ 54.920984][ T477] ? consume_skb+0x3c/0x250
[ 54.925346][ T477] kasan_check_range+0x293/0x2a0
[ 54.930181][ T477] __kasan_check_read+0x11/0x20
[ 54.934868][ T477] consume_skb+0x3c/0x250
[ 54.939035][ T477] __sk_msg_free+0x2dd/0x370
[ 54.943676][ T477] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 54.949544][ T477] sk_psock_stop+0x44c/0x4d0
[ 54.953971][ T477] sk_psock_drop+0x219/0x310
[ 54.958389][ T477] sock_map_unref+0x48f/0x4d0
[ 54.963082][ T477] ? __local_bh_enable_ip+0x58/0x80
[ 54.968113][ T477] ? _raw_spin_unlock_bh+0x51/0x60
[ 54.973058][ T477] sock_map_remove_links+0x41c/0x650
[ 54.978192][ T477] ? sock_map_unhash+0x120/0x120
[ 54.982951][ T477] ? locks_remove_posix+0x610/0x610
[ 54.987991][ T477] sock_map_close+0x114/0x530
[ 54.992605][ T477] ? unix_peer_get+0xe0/0xe0
[ 54.996924][ T477] ? sock_map_remove_links+0x650/0x650
[ 55.002217][ T477] ? rwsem_mark_wake+0x770/0x770
[ 55.006995][ T477] unix_release+0x82/0xc0
[ 55.011156][ T477] sock_close+0xdf/0x270
[ 55.015237][ T477] ? sock_mmap+0xa0/0xa0
[ 55.019322][ T477] __fput+0x228/0x8c0
[ 55.023262][ T477] ____fput+0x15/0x20
[ 55.027067][ T477] task_work_run+0x129/0x190
[ 55.031494][ T477] exit_to_user_mode_loop+0xc4/0xe0
[ 55.036568][ T477] exit_to_user_mode_prepare+0x5a/0xa0
[ 55.041939][ T477] syscall_exit_to_user_mode+0x26/0x160
[ 55.047328][ T477] do_syscall_64+0x47/0xb0
[ 55.051571][ T477] ? clear_bhb_loop+0x35/0x90
[ 55.056191][ T477] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 55.062096][ T477] RIP: 0033:0x7f70dd4b69f9
[ 55.066342][ T477] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 55.086047][ T477] RSP: 002b:00007ffc8b920698 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4
[ 55.094413][ T477] RAX: 0000000000000000 RBX: 00007f70dd646a80 RCX: 00007f70dd4b69f9
[ 55.102486][ T477] RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003
[ 55.110295][ T477] RBP: 00007f70dd646a80 R08: 0000000000000000 R09: 00007ffc8b92097f
[ 55.118137][ T477] R10: 000000000003fda8 R11: 0000000000000246 R12: 000000000000d80d
[ 55.125926][ T477] R13: 00007ffc8b920790 R14: 00007ffc8b9207b0 R15: ffffffffffffffff
[ 55.133746][ T477]
[ 55.136598][ T477]
[ 55.138762][ T477] Allocated by task 478:
[ 55.142841][ T477] __kasan_slab_alloc+0xb1/0xe0
[ 55.147529][ T477] slab_post_alloc_hook+0x53/0x2c0
[ 55.152482][ T477] kmem_cache_alloc+0xf5/0x250
[ 55.157113][ T477] skb_clone+0x1d1/0x360
[ 55.161158][ T477] sk_psock_verdict_recv+0x53/0x840
[ 55.166186][ T477] unix_read_sock+0x132/0x370
[ 55.170702][ T477] sk_psock_verdict_data_ready+0x147/0x1a0
[ 55.176428][ T477] unix_dgram_sendmsg+0x15fa/0x2090
[ 55.181471][ T477] ____sys_sendmsg+0x59e/0x8f0
[ 55.186068][ T477] ___sys_sendmsg+0x252/0x2e0
[ 55.190578][ T477] __se_sys_sendmsg+0x19a/0x260
[ 55.195349][ T477] __x64_sys_sendmsg+0x7b/0x90
[ 55.200039][ T477] x64_sys_call+0x16a/0x9a0
[ 55.204376][ T477] do_syscall_64+0x3b/0xb0
[ 55.208647][ T477] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 55.214355][ T477]
[ 55.216582][ T477] Freed by task 322:
[ 55.220258][ T477] kasan_set_track+0x4b/0x70
[ 55.224686][ T477] kasan_set_free_info+0x23/0x40
[ 55.229555][ T477] ____kasan_slab_free+0x126/0x160
[ 55.234491][ T477] __kasan_slab_free+0x11/0x20
[ 55.239097][ T477] slab_free_freelist_hook+0xbd/0x190
[ 55.244309][ T477] kmem_cache_free+0x115/0x330
[ 55.248907][ T477] kfree_skbmem+0x104/0x170
[ 55.253327][ T477] kfree_skb+0xc2/0x360
[ 55.257491][ T477] sk_psock_backlog+0xc21/0xd90
[ 55.262180][ T477] process_one_work+0x6bb/0xc10
[ 55.266869][ T477] worker_thread+0xad5/0x12a0
[ 55.271555][ T477] kthread+0x421/0x510
[ 55.275547][ T477] ret_from_fork+0x1f/0x30
[ 55.279901][ T477]
[ 55.282071][ T477] The buggy address belongs to the object at ffff88811f8283c0
[ 55.282071][ T477] which belongs to the cache skbuff_head_cache of size 248
[ 55.296563][ T477] The buggy address is located 236 bytes inside of
[ 55.296563][ T477] 248-byte region [ffff88811f8283c0, ffff88811f8284b8)
[ 55.309666][ T477] The buggy address belongs to the page:
[ 55.315149][ T477] page:ffffea00047e0a00 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x11f828
[ 55.325204][ T477] flags: 0x4000000000000200(slab|zone=1)
[ 55.330683][ T477] raw: 4000000000000200 0000000000000000 dead000000000122 ffff8881081aa480
[ 55.339184][ T477] raw: 0000000000000000 00000000000c000c 00000001ffffffff 0000000000000000
[ 55.347595][ T477] page dumped because: kasan: bad access detected
[ 55.353941][ T477] page_owner tracks the page as allocated
[ 55.359487][ T477] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x112cc0(GFP_USER|__GFP_NOWARN|__GFP_NORETRY), pid 26, ts 54474329266, free_ts 53021846806
[ 55.375197][ T477] post_alloc_hook+0x1a3/0x1b0
[ 55.379800][ T477] prep_new_page+0x1b/0x110
[ 55.384133][ T477] get_page_from_freelist+0x3550/0x35d0
[ 55.389527][ T477] __alloc_pages+0x27e/0x8f0
[ 55.393942][ T477] new_slab+0x9a/0x4e0
[ 55.397847][ T477] ___slab_alloc+0x39e/0x830
[ 55.402271][ T477] __slab_alloc+0x4a/0x90
[ 55.406441][ T477] kmem_cache_alloc+0x139/0x250
[ 55.411127][ T477] __alloc_skb+0xbe/0x550
[ 55.415291][ T477] alloc_skb_with_frags+0xa6/0x680
[ 55.420244][ T477] sock_alloc_send_pskb+0x915/0xa50
[ 55.425276][ T477] sock_alloc_send_skb+0x32/0x40
[ 55.430132][ T477] mld_newpack+0x1b4/0xa20
[ 55.434386][ T477] add_grec+0xdc8/0x13a0
[ 55.438465][ T477] mld_ifc_work+0x72e/0xbb0
[ 55.442805][ T477] process_one_work+0x6bb/0xc10
[ 55.447507][ T477] page last free stack trace:
[ 55.452013][ T477] free_unref_page_prepare+0x7c8/0x7d0
[ 55.457301][ T477] free_unref_page+0xe8/0x750
[ 55.461951][ T477] __free_pages+0x61/0xf0
[ 55.466301][ T477] __vunmap+0x7bc/0x8f0
[ 55.470287][ T477] vfree+0x7f/0xb0
[ 55.473878][ T477] kcov_close+0x2b/0x50
[ 55.477832][ T477] __fput+0x228/0x8c0
[ 55.481651][ T477] ____fput+0x15/0x20
[ 55.485469][ T477] task_work_run+0x129/0x190
[ 55.489899][ T477] do_exit+0xc48/0x2ca0
[ 55.493887][ T477] do_group_exit+0x141/0x310
[ 55.498314][ T477] get_signal+0x7a3/0x1630
[ 55.502567][ T477] arch_do_signal_or_restart+0xbd/0x1680
[ 55.508041][ T477] exit_to_user_mode_loop+0xa0/0xe0
[ 55.513078][ T477] exit_to_user_mode_prepare+0x5a/0xa0
[ 55.518368][ T477] syscall_exit_to_user_mode+0x26/0x160
[ 55.523749][ T477]
[ 55.525925][ T477] Memory state around the buggy address:
[ 55.531395][ T477] ffff88811f828380: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
[ 55.539406][ T477] ffff88811f828400: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 55.547298][ T477] >ffff88811f828480: fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc fc
[ 55.555219][ T477] ^
[ 55.560407][ T477] ffff88811f828500: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 55.568317][ T477] ffff88811f828580: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fc
[ 55.576195][ T477] ==================================================================
[ 55.584218][ T477] Disabling lock debugging due to kernel taint
[ 55.590361][ T477] ==================================================================
[ 55.598204][ T477] BUG: KASAN: double-free or invalid-free in kmem_cache_free+0x115/0x330
[ 55.606449][ T477]
[ 55.608649][ T477] CPU: 0 PID: 477 Comm: syz.0.16 Tainted: G B 5.15.173-syzkaller-1077948-gb4bd207b0380 #0
[ 55.619631][ T477] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[ 55.629701][ T477] Call Trace:
[ 55.632854][ T477]
[ 55.635602][ T477] dump_stack_lvl+0x151/0x1c0
[ 55.640122][ T477] ? io_uring_drop_tctx_refs+0x190/0x190
[ 55.645583][ T477] ? __wake_up_klogd+0xd5/0x110
[ 55.650528][ T477] ? panic+0x760/0x760
[ 55.654549][ T477] ? kmem_cache_free+0x115/0x330
[ 55.659297][ T477] print_address_description+0x87/0x3b0
[ 55.664680][ T477] ? asm_sysvec_apic_timer_interrupt+0x1b/0x20
[ 55.670967][ T477] ? kmem_cache_free+0x115/0x330
[ 55.675743][ T477] ? kmem_cache_free+0x115/0x330
[ 55.680512][ T477] kasan_report_invalid_free+0x6b/0xa0
[ 55.685818][ T477] ____kasan_slab_free+0x13e/0x160
[ 55.690756][ T477] __kasan_slab_free+0x11/0x20
[ 55.695352][ T477] slab_free_freelist_hook+0xbd/0x190
[ 55.700562][ T477] kmem_cache_free+0x115/0x330
[ 55.705166][ T477] ? kfree_skbmem+0x104/0x170
[ 55.709759][ T477] kfree_skbmem+0x104/0x170
[ 55.714104][ T477] consume_skb+0xb4/0x250
[ 55.718264][ T477] __sk_msg_free+0x2dd/0x370
[ 55.722696][ T477] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 55.728342][ T477] sk_psock_stop+0x44c/0x4d0
[ 55.732854][ T477] sk_psock_drop+0x219/0x310
[ 55.737278][ T477] sock_map_unref+0x48f/0x4d0
[ 55.741795][ T477] ? __local_bh_enable_ip+0x58/0x80
[ 55.746908][ T477] ? _raw_spin_unlock_bh+0x51/0x60
[ 55.751855][ T477] sock_map_remove_links+0x41c/0x650
[ 55.756988][ T477] ? sock_map_unhash+0x120/0x120
[ 55.761883][ T477] ? locks_remove_posix+0x610/0x610
[ 55.767007][ T477] sock_map_close+0x114/0x530
[ 55.771686][ T477] ? unix_peer_get+0xe0/0xe0
[ 55.776200][ T477] ? sock_map_remove_links+0x650/0x650
[ 55.781499][ T477] ? rwsem_mark_wake+0x770/0x770
[ 55.786355][ T477] unix_release+0x82/0xc0
[ 55.790524][ T477] sock_close+0xdf/0x270
[ 55.794600][ T477] ? sock_mmap+0xa0/0xa0
[ 55.798675][ T477] __fput+0x228/0x8c0
[ 55.802550][ T477] ____fput+0x15/0x20
[ 55.806315][ T477] task_work_run+0x129/0x190
[ 55.810744][ T477] exit_to_user_mode_loop+0xc4/0xe0
[ 55.815800][ T477] exit_to_user_mode_prepare+0x5a/0xa0
[ 55.821078][ T477] syscall_exit_to_user_mode+0x26/0x160
[ 55.826455][ T477] do_syscall_64+0x47/0xb0
[ 55.830800][ T477] ? clear_bhb_loop+0x35/0x90
[ 55.835305][ T477] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 55.841028][ T477] RIP: 0033:0x7f70dd4b69f9
[ 55.845314][ T477] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 55.864913][ T477] RSP: 002b:00007ffc8b920698 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4
[ 55.873110][ T477] RAX: 0000000000000000 RBX: 00007f70dd646a80 RCX: 00007f70dd4b69f9
[ 55.881130][ T477] RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003
[ 55.888909][ T477] RBP: 00007f70dd646a80 R08: 0000000000000000 R09: 00007ffc8b92097f
[ 55.896725][ T477] R10: 000000000003fda8 R11: 0000000000000246 R12: 000000000000d80d
[ 55.904725][ T477] R13: 00007ffc8b920790 R14: 00007ffc8b9207b0 R15: ffffffffffffffff
[ 55.912544][ T477]
[ 55.915399][ T477]
[ 55.917616][ T477] Allocated by task 478:
[ 55.921649][ T477] __kasan_slab_alloc+0xb1/0xe0
[ 55.926556][ T477] slab_post_alloc_hook+0x53/0x2c0
[ 55.931499][ T477] kmem_cache_alloc+0xf5/0x250
[ 55.936099][ T477] skb_clone+0x1d1/0x360
[ 55.940266][ T477] sk_psock_verdict_recv+0x53/0x840
[ 55.945391][ T477] unix_read_sock+0x132/0x370
[ 55.949991][ T477] sk_psock_verdict_data_ready+0x147/0x1a0
[ 55.955630][ T477] unix_dgram_sendmsg+0x15fa/0x2090
[ 55.960659][ T477] ____sys_sendmsg+0x59e/0x8f0
[ 55.965258][ T477] ___sys_sendmsg+0x252/0x2e0
[ 55.969858][ T477] __se_sys_sendmsg+0x19a/0x260
[ 55.974546][ T477] __x64_sys_sendmsg+0x7b/0x90
[ 55.979145][ T477] x64_sys_call+0x16a/0x9a0
[ 55.983483][ T477] do_syscall_64+0x3b/0xb0
[ 55.987739][ T477] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 55.993471][ T477]
[ 55.995803][ T477] Freed by task 322:
[ 55.999533][ T477] kasan_set_track+0x4b/0x70
[ 56.003959][ T477] kasan_set_free_info+0x23/0x40
[ 56.008766][ T477] ____kasan_slab_free+0x126/0x160
[ 56.013681][ T477] __kasan_slab_free+0x11/0x20
[ 56.018283][ T477] slab_free_freelist_hook+0xbd/0x190
[ 56.023487][ T477] kmem_cache_free+0x115/0x330
[ 56.028266][ T477] kfree_skbmem+0x104/0x170
[ 56.032612][ T477] kfree_skb+0xc2/0x360
[ 56.036607][ T477] sk_psock_backlog+0xc21/0xd90
[ 56.041287][ T477] process_one_work+0x6bb/0xc10
[ 56.045994][ T477] worker_thread+0xad5/0x12a0
[ 56.050487][ T477] kthread+0x421/0x510
[ 56.054392][ T477] ret_from_fork+0x1f/0x30
[ 56.058652][ T477]
[ 56.060817][ T477] The buggy address belongs to the object at ffff88811f8283c0
[ 56.060817][ T477] which belongs to the cache skbuff_head_cache of size 248
[ 56.075452][ T477] The buggy address is located 0 bytes inside of
[ 56.075452][ T477] 248-byte region [ffff88811f8283c0, ffff88811f8284b8)
[ 56.088429][ T477] The buggy address belongs to the page:
[ 56.093887][ T477] page:ffffea00047e0a00 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x11f828
[ 56.103952][ T477] flags: 0x4000000000000200(slab|zone=1)
[ 56.109426][ T477] raw: 4000000000000200 0000000000000000 dead000000000122 ffff8881081aa480
[ 56.117954][ T477] raw: 0000000000000000 00000000000c000c 00000001ffffffff 0000000000000000
[ 56.126365][ T477] page dumped because: kasan: bad access detected
[ 56.132619][ T477] page_owner tracks the page as allocated
[ 56.138176][ T477] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x112cc0(GFP_USER|__GFP_NOWARN|__GFP_NORETRY), pid 26, ts 54474329266, free_ts 53021846806
[ 56.153796][ T477] post_alloc_hook+0x1a3/0x1b0
[ 56.158417][ T477] prep_new_page+0x1b/0x110
[ 56.162820][ T477] get_page_from_freelist+0x3550/0x35d0
[ 56.168203][ T477] __alloc_pages+0x27e/0x8f0
[ 56.172653][ T477] new_slab+0x9a/0x4e0
[ 56.176529][ T477] ___slab_alloc+0x39e/0x830
[ 56.180984][ T477] __slab_alloc+0x4a/0x90
[ 56.185211][ T477] kmem_cache_alloc+0x139/0x250
[ 56.189898][ T477] __alloc_skb+0xbe/0x550
[ 56.194063][ T477] alloc_skb_with_frags+0xa6/0x680
[ 56.199106][ T477] sock_alloc_send_pskb+0x915/0xa50
[ 56.204354][ T477] sock_alloc_send_skb+0x32/0x40
[ 56.209161][ T477] mld_newpack+0x1b4/0xa20
[ 56.213367][ T477] add_grec+0xdc8/0x13a0
[ 56.217455][ T477] mld_ifc_work+0x72e/0xbb0
[ 56.221787][ T477] process_one_work+0x6bb/0xc10
[ 56.226476][ T477] page last free stack trace:
[ 56.230990][ T477] free_unref_page_prepare+0x7c8/0x7d0
[ 56.236281][ T477] free_unref_page+0xe8/0x750
[ 56.240793][ T477] __free_pages+0x61/0xf0
[ 56.244966][ T477] __vunmap+0x7bc/0x8f0
[ 56.249057][ T477] vfree+0x7f/0xb0
[ 56.252618][ T477] kcov_close+0x2b/0x50
[ 56.256592][ T477] __fput+0x228/0x8c0
[ 56.260414][ T477] ____fput+0x15/0x20
[ 56.264228][ T477] task_work_run+0x129/0x190
[ 56.268666][ T477] do_exit+0xc48/0x2ca0
[ 56.272661][ T477] do_group_exit+0x141/0x310
[ 56.277077][ T477] get_signal+0x7a3/0x1630
[ 56.281334][ T477] arch_do_signal_or_restart+0xbd/0x1680
[ 56.286880][ T477] exit_to_user_mode_loop+0xa0/0xe0
[ 56.291915][ T477] exit_to_user_mode_prepare+0x5a/0xa0
[ 56.297211][ T477] syscall_exit_to_user_mode+0x26/0x160
[ 56.302593][ T477]
[ 56.304759][ T477] Memory state around the buggy address:
[ 56.310321][ T477] ffff88811f828280: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 56.318226][ T477] ffff88811f828300: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fc
[ 56.326116][ T477] >ffff88811f828380: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
[ 56.334234][ T477] ^
[ 56.340310][ T477] ffff88811f828400: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 56.348204][ T477] ffff88811f828480: fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc fc
[ 56.356181][ T477] ==================================================================
[ 56.378985][ T482] FAULT_INJECTION: forcing a failure.
[ 56.378985][ T482] name failslab, interval 1, probability 0, space 0, times 0
[ 56.392036][ T482] CPU: 0 PID: 482 Comm: syz.0.17 Tainted: G B 5.15.173-syzkaller-1077948-gb4bd207b0380 #0
[ 56.403423][ T482] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[ 56.413412][ T482] Call Trace:
[ 56.416630][ T482]
[ 56.419504][ T482] dump_stack_lvl+0x151/0x1c0
[ 56.424291][ T482] ? io_uring_drop_tctx_refs+0x190/0x190
[ 56.429757][ T482] dump_stack+0x15/0x20
[ 56.433742][ T482] should_fail+0x3c6/0x510
[ 56.437998][ T482] __should_failslab+0xa4/0xe0
[ 56.442723][ T482] should_failslab+0x9/0x20
[ 56.447047][ T482] slab_pre_alloc_hook+0x37/0xd0
[ 56.451822][ T482] kmem_cache_alloc_trace+0x48/0x270
[ 56.456942][ T482] ? sk_psock_skb_ingress_self+0x60/0x330
[ 56.462502][ T482] ? migrate_disable+0x190/0x190
[ 56.467274][ T482] sk_psock_skb_ingress_self+0x60/0x330
[ 56.472742][ T482] sk_psock_verdict_recv+0x66d/0x840
[ 56.477947][ T482] unix_read_sock+0x132/0x370
[ 56.482460][ T482] ? sk_psock_skb_redirect+0x440/0x440
[ 56.487842][ T482] ? unix_stream_splice_actor+0x120/0x120
[ 56.493484][ T482] ? _raw_spin_lock_irqsave+0xf9/0x210
[ 56.498889][ T482] ? unix_stream_splice_actor+0x120/0x120
[ 56.504443][ T482] sk_psock_verdict_data_ready+0x147/0x1a0
[ 56.510058][ T482] ? sk_psock_start_verdict+0xc0/0xc0
[ 56.515263][ T482] ? _raw_spin_lock+0xa4/0x1b0
[ 56.519862][ T482] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 56.525618][ T482] ? skb_queue_tail+0xfb/0x120
[ 56.530300][ T482] unix_dgram_sendmsg+0x15fa/0x2090
[ 56.535337][ T482] ? unix_dgram_poll+0x690/0x690
[ 56.540208][ T482] ? kasan_set_track+0x5d/0x70
[ 56.544946][ T482] ? kasan_set_track+0x4b/0x70
[ 56.549541][ T482] ? security_socket_sendmsg+0x82/0xb0
[ 56.554833][ T482] ? unix_dgram_poll+0x690/0x690
[ 56.559604][ T482] ____sys_sendmsg+0x59e/0x8f0
[ 56.564211][ T482] ? __sys_sendmsg_sock+0x40/0x40
[ 56.569081][ T482] ? import_iovec+0xe5/0x120
[ 56.573591][ T482] ___sys_sendmsg+0x252/0x2e0
[ 56.578980][ T482] ? __sys_sendmsg+0x260/0x260
[ 56.583575][ T482] ? putname+0xfa/0x150
[ 56.587783][ T482] ? __fdget+0x1bc/0x240
[ 56.591853][ T482] __se_sys_sendmsg+0x19a/0x260
[ 56.596634][ T482] ? __x64_sys_sendmsg+0x90/0x90
[ 56.601655][ T482] ? ksys_write+0x260/0x2c0
[ 56.606024][ T482] ? debug_smp_processor_id+0x17/0x20
[ 56.611224][ T482] ? fpregs_assert_state_consistent+0xb6/0xe0
[ 56.617159][ T482] __x64_sys_sendmsg+0x7b/0x90
[ 56.621707][ T482] x64_sys_call+0x16a/0x9a0
[ 56.626047][ T482] do_syscall_64+0x3b/0xb0
[ 56.630295][ T482] ? clear_bhb_loop+0x35/0x90
[ 56.634833][ T482] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 56.640657][ T482] RIP: 0033:0x7f70dd4b69f9
[ 56.644996][ T482] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 56.664539][ T482] RSP: 002b:00007f70dcf3e038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 56.672771][ T482] RAX: ffffffffffffffda RBX: 00007f70dd644f80 RCX: 00007f70dd4b69f9
[ 56.680599][ T482] RDX: 0000000000000000 RSI: 0000000020000500 RDI: 0000000000000004
[ 56.688484][ T482] RBP: 00007f70dcf3e090 R08: 0000000000000000 R09: 0000000000000000
[ 56.696303][ T482] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 56.704101][ T482] R13: 0000000000000000 R14: 00007f70dd644f80 R15: 00007ffc8b920538
[ 56.711918][ T482]
[ 56.715648][ T322] ==================================================================
[ 56.718832][ T30] audit: type=1400 audit(1735290149.712:114): avc: denied { remove_name } for pid=83 comm="syslogd" name="messages" dev="tmpfs" ino=2 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[ 56.723528][ T322] BUG: KASAN: double-free or invalid-free in kmem_cache_free+0x115/0x330
[ 56.723558][ T322]
[ 56.723563][ T322] CPU: 0 PID: 322 Comm: kworker/0:2 Tainted: G B 5.15.173-syzkaller-1077948-gb4bd207b0380 #0
[ 56.723585][ T322] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[ 56.723598][ T322] Workqueue: events bpf_map_free_deferred
[ 56.723621][ T322] Call Trace:
[ 56.723627][ T322]
[ 56.723633][ T322] dump_stack_lvl+0x151/0x1c0
[ 56.793664][ T322] ? io_uring_drop_tctx_refs+0x190/0x190
[ 56.799128][ T322] ? panic+0x760/0x760
[ 56.803157][ T322] ? kasan_set_free_info+0x23/0x40
[ 56.808105][ T322] ? ____kasan_slab_free+0x126/0x160
[ 56.813312][ T322] ? kmem_cache_free+0x115/0x330
[ 56.818083][ T322] print_address_description+0x87/0x3b0
[ 56.823523][ T322] ? worker_thread+0xad5/0x12a0
[ 56.828253][ T322] ? kthread+0x421/0x510
[ 56.832330][ T322] ? kmem_cache_free+0x115/0x330
[ 56.837188][ T322] ? kmem_cache_free+0x115/0x330
[ 56.842044][ T322] kasan_report_invalid_free+0x6b/0xa0
[ 56.847431][ T322] ____kasan_slab_free+0x13e/0x160
[ 56.852375][ T322] __kasan_slab_free+0x11/0x20
[ 56.857096][ T322] slab_free_freelist_hook+0xbd/0x190
[ 56.862307][ T322] kmem_cache_free+0x115/0x330
[ 56.866996][ T322] ? kfree_skbmem+0x104/0x170
[ 56.871527][ T322] kfree_skbmem+0x104/0x170
[ 56.875848][ T322] consume_skb+0xb4/0x250
[ 56.880012][ T322] __sk_msg_free+0x2dd/0x370
[ 56.884442][ T322] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 56.890290][ T322] sk_psock_stop+0x44c/0x4d0
[ 56.894711][ T322] sk_psock_drop+0x219/0x310
[ 56.899234][ T322] sock_map_unref+0x48f/0x4d0
[ 56.903748][ T322] sock_map_free+0x137/0x2b0
[ 56.908176][ T322] bpf_map_free_deferred+0x10d/0x1e0
[ 56.913295][ T322] process_one_work+0x6bb/0xc10
[ 56.918073][ T322] worker_thread+0xad5/0x12a0
[ 56.922591][ T322] ? _raw_spin_lock+0x1b0/0x1b0
[ 56.927275][ T322] kthread+0x421/0x510
[ 56.931271][ T322] ? worker_clr_flags+0x180/0x180
[ 56.936121][ T322] ? kthread_blkcg+0xd0/0xd0
[ 56.940653][ T322] ret_from_fork+0x1f/0x30
[ 56.944901][ T322]
[ 56.947858][ T322]
[ 56.950028][ T322] Allocated by task 482:
[ 56.954110][ T322] __kasan_slab_alloc+0xb1/0xe0
[ 56.958967][ T322] slab_post_alloc_hook+0x53/0x2c0
[ 56.964028][ T322] kmem_cache_alloc+0xf5/0x250
[ 56.968812][ T322] skb_clone+0x1d1/0x360
[ 56.972994][ T322] sk_psock_verdict_recv+0x53/0x840
[ 56.977998][ T322] unix_read_sock+0x132/0x370
[ 56.982513][ T322] sk_psock_verdict_data_ready+0x147/0x1a0
[ 56.988242][ T322] unix_dgram_sendmsg+0x15fa/0x2090
[ 56.993280][ T322] ____sys_sendmsg+0x59e/0x8f0
[ 56.997878][ T322] ___sys_sendmsg+0x252/0x2e0
[ 57.002391][ T322] __se_sys_sendmsg+0x19a/0x260
[ 57.007074][ T322] __x64_sys_sendmsg+0x7b/0x90
[ 57.011675][ T322] x64_sys_call+0x16a/0x9a0
[ 57.016055][ T322] do_syscall_64+0x3b/0xb0
[ 57.020271][ T322] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 57.026025][ T322]
[ 57.028175][ T322] Freed by task 322:
[ 57.031904][ T322] kasan_set_track+0x4b/0x70
[ 57.036328][ T322] kasan_set_free_info+0x23/0x40
[ 57.041103][ T322] ____kasan_slab_free+0x126/0x160
[ 57.046057][ T322] __kasan_slab_free+0x11/0x20
[ 57.050644][ T322] slab_free_freelist_hook+0xbd/0x190
[ 57.056039][ T322] kmem_cache_free+0x115/0x330
[ 57.060851][ T322] kfree_skbmem+0x104/0x170
[ 57.065275][ T322] kfree_skb+0xc2/0x360
[ 57.069279][ T322] sk_psock_backlog+0xc21/0xd90
[ 57.073975][ T322] process_one_work+0x6bb/0xc10
[ 57.078643][ T322] worker_thread+0xad5/0x12a0
[ 57.083248][ T322] kthread+0x421/0x510
[ 57.087183][ T322] ret_from_fork+0x1f/0x30
[ 57.091402][ T322]
[ 57.093661][ T322] The buggy address belongs to the object at ffff88811ac19a00
[ 57.093661][ T322] which belongs to the cache skbuff_head_cache of size 248
[ 57.108181][ T322] The buggy address is located 0 bytes inside of
[ 57.108181][ T322] 248-byte region [ffff88811ac19a00, ffff88811ac19af8)
[ 57.121202][ T322] The buggy address belongs to the page:
[ 57.126670][ T322] page:ffffea00046b0640 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x11ac19
[ 57.136829][ T322] flags: 0x4000000000000200(slab|zone=1)
[ 57.142303][ T322] raw: 4000000000000200 0000000000000000 dead000000000122 ffff8881081aa480
[ 57.150730][ T322] raw: 0000000000000000 00000000000c000c 00000001ffffffff 0000000000000000
[ 57.159127][ T322] page dumped because: kasan: bad access detected
[ 57.165508][ T322] page_owner tracks the page as allocated
[ 57.171412][ T322] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x112cc0(GFP_USER|__GFP_NOWARN|__GFP_NORETRY), pid 90, ts 56377495312, free_ts 53133997688
[ 57.187271][ T322] post_alloc_hook+0x1a3/0x1b0
[ 57.191862][ T322] prep_new_page+0x1b/0x110
[ 57.196386][ T322] get_page_from_freelist+0x3550/0x35d0
[ 57.201768][ T322] __alloc_pages+0x27e/0x8f0
[ 57.206191][ T322] new_slab+0x9a/0x4e0
[ 57.210091][ T322] ___slab_alloc+0x39e/0x830
[ 57.214562][ T322] __slab_alloc+0x4a/0x90
[ 57.218706][ T322] kmem_cache_alloc+0x139/0x250
[ 57.223367][ T322] __alloc_skb+0xbe/0x550
[ 57.227542][ T322] alloc_skb_with_frags+0xa6/0x680
[ 57.232482][ T322] sock_alloc_send_pskb+0x915/0xa50
[ 57.237517][ T322] unix_dgram_sendmsg+0x6fd/0x2090
[ 57.242464][ T322] __sys_sendto+0x564/0x720
[ 57.246803][ T322] __x64_sys_sendto+0xe5/0x100
[ 57.251405][ T322] x64_sys_call+0x15c/0x9a0
[ 57.255842][ T322] do_syscall_64+0x3b/0xb0
[ 57.260186][ T322] page last free stack trace:
[ 57.264694][ T322] free_unref_page_prepare+0x7c8/0x7d0
[ 57.270064][ T322] free_unref_page+0xe8/0x750
[ 57.274679][ T322] __free_pages+0x61/0xf0
[ 57.278843][ T322] free_pages+0x7c/0x90
[ 57.282833][ T322] kasan_depopulate_vmalloc_pte+0x6a/0x90
[ 57.288388][ T322] __apply_to_page_range+0x8dd/0xbe0
[ 57.293508][ T322] apply_to_existing_page_range+0x38/0x50
[ 57.299073][ T322] kasan_release_vmalloc+0x9a/0xb0
[ 57.304019][ T322] __purge_vmap_area_lazy+0x154a/0x1690
[ 57.309391][ T322] _vm_unmap_aliases+0x339/0x3b0
[ 57.314164][ T322] vm_unmap_aliases+0x19/0x20
[ 57.318691][ T322] change_page_attr_set_clr+0x308/0x1050
[ 57.324145][ T322] set_memory_ro+0xa1/0xe0
[ 57.328403][ T322] bpf_int_jit_compile+0xbf21/0xc6b0
[ 57.333520][ T322] bpf_prog_select_runtime+0x724/0xa10
[ 57.338899][ T322] bpf_prepare_filter+0x10d0/0x13d0
[ 57.343939][ T322]
[ 57.346108][ T322] Memory state around the buggy address:
[ 57.351579][ T322] ffff88811ac19900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 57.359522][ T322] ffff88811ac19980: fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc fc
[ 57.367652][ T322] >ffff88811ac19a00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 57.375542][ T322] ^
[ 57.379535][ T322] ffff88811ac19a80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fc
[ 57.387520][ T322] ffff88811ac19b00: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
[ 57.395418][ T322] ==================================================================
[ 57.413380][ T30] audit: type=1400 audit(1735290149.712:115): avc: denied { rename } for pid=83 comm="syslogd" name="messages" dev="tmpfs" ino=2 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[ 57.437236][ T485] FAULT_INJECTION: forcing a failure.
[ 57.437236][ T485] name failslab, interval 1, probability 0, space 0, times 0
[ 57.449810][ T485] CPU: 1 PID: 485 Comm: syz.0.18 Tainted: G B 5.15.173-syzkaller-1077948-gb4bd207b0380 #0
[ 57.460906][ T485] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[ 57.470809][ T485] Call Trace:
[ 57.473925][ T485]
[ 57.476701][ T485] dump_stack_lvl+0x151/0x1c0
[ 57.481300][ T485] ? io_uring_drop_tctx_refs+0x190/0x190
[ 57.486771][ T485] dump_stack+0x15/0x20
[ 57.490760][ T485] should_fail+0x3c6/0x510
[ 57.495020][ T485] __should_failslab+0xa4/0xe0
[ 57.499614][ T485] should_failslab+0x9/0x20
[ 57.503953][ T485] slab_pre_alloc_hook+0x37/0xd0
[ 57.508728][ T485] kmem_cache_alloc_trace+0x48/0x270
[ 57.513850][ T485] ? sk_psock_skb_ingress_self+0x60/0x330
[ 57.519411][ T485] ? migrate_disable+0x190/0x190
[ 57.524351][ T485] sk_psock_skb_ingress_self+0x60/0x330
[ 57.529736][ T485] sk_psock_verdict_recv+0x66d/0x840
[ 57.534855][ T485] unix_read_sock+0x132/0x370
[ 57.539458][ T485] ? sk_psock_skb_redirect+0x440/0x440
[ 57.544745][ T485] ? unix_stream_splice_actor+0x120/0x120
[ 57.550299][ T485] ? _raw_spin_lock_irqsave+0xf9/0x210
[ 57.555684][ T485] ? unix_stream_splice_actor+0x120/0x120
[ 57.561239][ T485] sk_psock_verdict_data_ready+0x147/0x1a0
[ 57.566877][ T485] ? sk_psock_start_verdict+0xc0/0xc0
[ 57.572091][ T485] ? _raw_spin_lock+0xa4/0x1b0
[ 57.576687][ T485] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 57.582328][ T485] ? skb_queue_tail+0xfb/0x120
[ 57.586931][ T485] unix_dgram_sendmsg+0x15fa/0x2090
[ 57.591966][ T485] ? unix_dgram_poll+0x690/0x690
[ 57.596736][ T485] ? kasan_set_track+0x5d/0x70
[ 57.601339][ T485] ? kasan_set_track+0x4b/0x70
[ 57.605937][ T485] ? security_socket_sendmsg+0x82/0xb0
[ 57.611231][ T485] ? unix_dgram_poll+0x690/0x690
[ 57.616091][ T485] ____sys_sendmsg+0x59e/0x8f0
[ 57.620726][ T485] ? __sys_sendmsg_sock+0x40/0x40
[ 57.625564][ T485] ? import_iovec+0xe5/0x120
[ 57.629976][ T485] ___sys_sendmsg+0x252/0x2e0
[ 57.634491][ T485] ? __sys_sendmsg+0x260/0x260
[ 57.639092][ T485] ? putname+0xfa/0x150
[ 57.643087][ T485] ? __fdget+0x1bc/0x240
[ 57.647169][ T485] __se_sys_sendmsg+0x19a/0x260
[ 57.651848][ T485] ? __x64_sys_sendmsg+0x90/0x90
[ 57.656633][ T485] ? ksys_write+0x260/0x2c0
[ 57.660967][ T485] ? debug_smp_processor_id+0x17/0x20
[ 57.666257][ T485] ? fpregs_assert_state_consistent+0xb6/0xe0
[ 57.672527][ T485] __x64_sys_sendmsg+0x7b/0x90
[ 57.677108][ T485] x64_sys_call+0x16a/0x9a0
[ 57.681448][ T485] do_syscall_64+0x3b/0xb0
[ 57.685897][ T485] ? clear_bhb_loop+0x35/0x90
[ 57.690399][ T485] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 57.696126][ T485] RIP: 0033:0x7f70dd4b69f9
[ 57.700458][ T485] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 57.720214][ T485] RSP: 002b:00007f70dcf3e038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 57.728421][ T485] RAX: ffffffffffffffda RBX: 00007f70dd644f80 RCX: 00007f70dd4b69f9
[ 57.736232][ T485] RDX: 0000000000000000 RSI: 0000000020000500 RDI: 0000000000000004
[ 57.744042][ T485] RBP: 00007f70dcf3e090 R08: 0000000000000000 R09: 0000000000000000
[ 57.751969][ T485] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 57.759778][ T485] R13: 0000000000000000 R14: 00007f70dd644f80 R15: 00007ffc8b920538
[ 57.767600][ T485]
[ 57.773459][ T484] ==================================================================
[ 57.781582][ T484] BUG: KASAN: double-free or invalid-free in kmem_cache_free+0x115/0x330
[ 57.789792][ T484]
[ 57.792046][ T484] CPU: 0 PID: 484 Comm: syz.0.18 Tainted: G B 5.15.173-syzkaller-1077948-gb4bd207b0380 #0
[ 57.803676][ T484] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[ 57.813565][ T484] Call Trace:
[ 57.816777][ T484]
[ 57.819774][ T484] dump_stack_lvl+0x151/0x1c0
[ 57.824224][ T484] ? io_uring_drop_tctx_refs+0x190/0x190
[ 57.829802][ T484] ? __wake_up_klogd+0xd5/0x110
[ 57.834479][ T484] ? panic+0x760/0x760
[ 57.838486][ T484] ? kmem_cache_free+0x115/0x330
[ 57.843353][ T484] print_address_description+0x87/0x3b0
[ 57.848737][ T484] ? kmem_cache_free+0x115/0x330
[ 57.853501][ T484] ? kmem_cache_free+0x115/0x330
[ 57.858278][ T484] kasan_report_invalid_free+0x6b/0xa0
[ 57.863581][ T484] ____kasan_slab_free+0x13e/0x160
[ 57.868528][ T484] __kasan_slab_free+0x11/0x20
[ 57.873117][ T484] slab_free_freelist_hook+0xbd/0x190
[ 57.878418][ T484] kmem_cache_free+0x115/0x330
[ 57.883015][ T484] ? kfree_skbmem+0x104/0x170
[ 57.887527][ T484] kfree_skbmem+0x104/0x170
[ 57.891865][ T484] consume_skb+0xb4/0x250
[ 57.896035][ T484] __sk_msg_free+0x2dd/0x370
[ 57.900455][ T484] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 57.906118][ T484] sk_psock_stop+0x44c/0x4d0
[ 57.910547][ T484] sk_psock_drop+0x219/0x310
[ 57.915049][ T484] sock_map_unref+0x48f/0x4d0
[ 57.919605][ T484] ? __local_bh_enable_ip+0x58/0x80
[ 57.924587][ T484] ? _raw_spin_unlock_bh+0x51/0x60
[ 57.929547][ T484] sock_map_remove_links+0x41c/0x650
[ 57.934791][ T484] ? sock_map_unhash+0x120/0x120
[ 57.939541][ T484] ? locks_remove_posix+0x610/0x610
[ 57.944664][ T484] sock_map_close+0x114/0x530
[ 57.949172][ T484] ? unix_peer_get+0xe0/0xe0
[ 57.953601][ T484] ? sock_map_remove_links+0x650/0x650
[ 57.958980][ T484] ? rwsem_mark_wake+0x770/0x770
[ 57.963754][ T484] unix_release+0x82/0xc0
[ 57.967917][ T484] sock_close+0xdf/0x270
[ 57.971997][ T484] ? sock_mmap+0xa0/0xa0
[ 57.976077][ T484] __fput+0x228/0x8c0
[ 57.979901][ T484] ____fput+0x15/0x20
[ 57.983799][ T484] task_work_run+0x129/0x190
[ 57.988230][ T484] exit_to_user_mode_loop+0xc4/0xe0
[ 57.993265][ T484] exit_to_user_mode_prepare+0x5a/0xa0
[ 57.998559][ T484] syscall_exit_to_user_mode+0x26/0x160
[ 58.003946][ T484] do_syscall_64+0x47/0xb0
[ 58.008192][ T484] ? clear_bhb_loop+0x35/0x90
[ 58.012703][ T484] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 58.018430][ T484] RIP: 0033:0x7f70dd4b69f9
[ 58.022683][ T484] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 58.042293][ T484] RSP: 002b:00007ffc8b920698 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4
[ 58.050796][ T484] RAX: 0000000000000000 RBX: 00007f70dd646a80 RCX: 00007f70dd4b69f9
[ 58.058595][ T484] RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003
[ 58.066601][ T484] RBP: 00007f70dd646a80 R08: 0000000000000000 R09: 00007ffc8b92097f
[ 58.074530][ T484] R10: 000000000003fda8 R11: 0000000000000246 R12: 000000000000e370
[ 58.082298][ T484] R13: 00007ffc8b920790 R14: 00007ffc8b9207b0 R15: ffffffffffffffff
[ 58.090224][ T484]
[ 58.093086][ T484]
[ 58.095251][ T484] Allocated by task 485:
[ 58.099334][ T484] __kasan_slab_alloc+0xb1/0xe0
[ 58.104018][ T484] slab_post_alloc_hook+0x53/0x2c0
[ 58.108967][ T484] kmem_cache_alloc+0xf5/0x250
[ 58.113568][ T484] skb_clone+0x1d1/0x360
[ 58.117729][ T484] sk_psock_verdict_recv+0x53/0x840
[ 58.122865][ T484] unix_read_sock+0x132/0x370
[ 58.127367][ T484] sk_psock_verdict_data_ready+0x147/0x1a0
[ 58.133007][ T484] unix_dgram_sendmsg+0x15fa/0x2090
[ 58.138048][ T484] ____sys_sendmsg+0x59e/0x8f0
[ 58.142640][ T484] ___sys_sendmsg+0x252/0x2e0
[ 58.147156][ T484] __se_sys_sendmsg+0x19a/0x260
[ 58.151842][ T484] __x64_sys_sendmsg+0x7b/0x90
[ 58.156538][ T484] x64_sys_call+0x16a/0x9a0
[ 58.160865][ T484] do_syscall_64+0x3b/0xb0
[ 58.165119][ T484] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 58.170860][ T484]
[ 58.173021][ T484] Freed by task 331:
[ 58.176837][ T484] kasan_set_track+0x4b/0x70
[ 58.181266][ T484] kasan_set_free_info+0x23/0x40
[ 58.186038][ T484] ____kasan_slab_free+0x126/0x160
[ 58.190986][ T484] __kasan_slab_free+0x11/0x20
[ 58.195658][ T484] slab_free_freelist_hook+0xbd/0x190
[ 58.200794][ T484] kmem_cache_free+0x115/0x330
[ 58.205393][ T484] kfree_skbmem+0x104/0x170
[ 58.209730][ T484] kfree_skb+0xc2/0x360
[ 58.213815][ T484] sk_psock_backlog+0xc21/0xd90
[ 58.218497][ T484] process_one_work+0x6bb/0xc10
[ 58.223183][ T484] worker_thread+0xad5/0x12a0
[ 58.227791][ T484] kthread+0x421/0x510
[ 58.231692][ T484] ret_from_fork+0x1f/0x30
[ 58.235944][ T484]
[ 58.238121][ T484] The buggy address belongs to the object at ffff88811f7fd8c0
[ 58.238121][ T484] which belongs to the cache skbuff_head_cache of size 248
[ 58.252542][ T484] The buggy address is located 0 bytes inside of
[ 58.252542][ T484] 248-byte region [ffff88811f7fd8c0, ffff88811f7fd9b8)
[ 58.265466][ T484] The buggy address belongs to the page:
[ 58.271035][ T484] page:ffffea00047dff40 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x11f7fd
[ 58.281090][ T484] flags: 0x4000000000000200(slab|zone=1)
[ 58.286573][ T484] raw: 4000000000000200 0000000000000000 dead000000000122 ffff8881081aa480
[ 58.295075][ T484] raw: 0000000000000000 00000000000c000c 00000001ffffffff 0000000000000000
[ 58.303484][ T484] page dumped because: kasan: bad access detected
[ 58.309732][ T484] page_owner tracks the page as allocated
[ 58.315306][ T484] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x112cc0(GFP_USER|__GFP_NOWARN|__GFP_NORETRY), pid 90, ts 57412652600, free_ts 53021484736
[ 58.330910][ T484] post_alloc_hook+0x1a3/0x1b0
[ 58.335521][ T484] prep_new_page+0x1b/0x110
[ 58.339851][ T484] get_page_from_freelist+0x3550/0x35d0
[ 58.345233][ T484] __alloc_pages+0x27e/0x8f0
[ 58.349659][ T484] new_slab+0x9a/0x4e0
[ 58.353570][ T484] ___slab_alloc+0x39e/0x830
[ 58.358078][ T484] __slab_alloc+0x4a/0x90
[ 58.362240][ T484] kmem_cache_alloc+0x139/0x250
[ 58.366927][ T484] __alloc_skb+0xbe/0x550
[ 58.371180][ T484] alloc_skb_with_frags+0xa6/0x680
[ 58.376127][ T484] sock_alloc_send_pskb+0x915/0xa50
[ 58.381161][ T484] unix_dgram_sendmsg+0x6fd/0x2090
[ 58.386113][ T484] __sys_sendto+0x564/0x720
[ 58.390450][ T484] __x64_sys_sendto+0xe5/0x100
[ 58.395050][ T484] x64_sys_call+0x15c/0x9a0
[ 58.399397][ T484] do_syscall_64+0x3b/0xb0
[ 58.403731][ T484] page last free stack trace:
[ 58.408242][ T484] free_unref_page_prepare+0x7c8/0x7d0
[ 58.413538][ T484] free_unref_page+0xe8/0x750
[ 58.418078][ T484] __free_pages+0x61/0xf0
[ 58.422216][ T484] __vunmap+0x7bc/0x8f0
[ 58.426209][ T484] vfree+0x7f/0xb0
[ 58.429765][ T484] kcov_close+0x2b/0x50
[ 58.433759][ T484] __fput+0x228/0x8c0
[ 58.437585][ T484] ____fput+0x15/0x20
[ 58.441398][ T484] task_work_run+0x129/0x190
[ 58.445825][ T484] do_exit+0xc48/0x2ca0
[ 58.449816][ T484] do_group_exit+0x141/0x310
[ 58.454308][ T484] get_signal+0x7a3/0x1630
[ 58.458499][ T484] arch_do_signal_or_restart+0xbd/0x1680
[ 58.464404][ T484] exit_to_user_mode_loop+0xa0/0xe0
[ 58.469433][ T484] exit_to_user_mode_prepare+0x5a/0xa0
[ 58.474734][ T484] syscall_exit_to_user_mode+0x26/0x160
[ 58.480118][ T484]
[ 58.482805][ T484] Memory state around the buggy address:
[ 58.488273][ T484] ffff88811f7fd780: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 58.496282][ T484] ffff88811f7fd800: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fc
[ 58.504306][ T484] >ffff88811f7fd880: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
[ 58.512246][ T484] ^
[ 58.518317][ T484] ffff88811f7fd900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 58.526648][ T484] ffff88811f7fd980: fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc fc
[ 58.534633][ T484] ==================================================================
[ 58.553479][ T489] FAULT_INJECTION: forcing a failure.
[ 58.553479][ T489] name failslab, interval 1, probability 0, space 0, times 0
[ 58.565965][ T489] CPU: 1 PID: 489 Comm: syz.0.19 Tainted: G B 5.15.173-syzkaller-1077948-gb4bd207b0380 #0
[ 58.576917][ T489] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[ 58.587003][ T489] Call Trace:
[ 58.590119][ T489]
[ 58.592894][ T489] dump_stack_lvl+0x151/0x1c0
[ 58.597406][ T489] ? io_uring_drop_tctx_refs+0x190/0x190
[ 58.602878][ T489] dump_stack+0x15/0x20
[ 58.606869][ T489] should_fail+0x3c6/0x510
[ 58.611122][ T489] __should_failslab+0xa4/0xe0
[ 58.615724][ T489] should_failslab+0x9/0x20
[ 58.620059][ T489] slab_pre_alloc_hook+0x37/0xd0
[ 58.625095][ T489] kmem_cache_alloc_trace+0x48/0x270
[ 58.630219][ T489] ? sk_psock_skb_ingress_self+0x60/0x330
[ 58.635770][ T489] ? migrate_disable+0x190/0x190
[ 58.640644][ T489] sk_psock_skb_ingress_self+0x60/0x330
[ 58.646028][ T489] sk_psock_verdict_recv+0x66d/0x840
[ 58.651133][ T489] unix_read_sock+0x132/0x370
[ 58.655661][ T489] ? sk_psock_skb_redirect+0x440/0x440
[ 58.661059][ T489] ? unix_stream_splice_actor+0x120/0x120
[ 58.666612][ T489] ? _raw_spin_lock_irqsave+0xf9/0x210
[ 58.671902][ T489] ? unix_stream_splice_actor+0x120/0x120
[ 58.677461][ T489] sk_psock_verdict_data_ready+0x147/0x1a0
[ 58.683100][ T489] ? sk_psock_start_verdict+0xc0/0xc0
[ 58.688302][ T489] ? _raw_spin_lock+0xa4/0x1b0
[ 58.692918][ T489] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 58.698594][ T489] ? skb_queue_tail+0xfb/0x120
[ 58.703242][ T489] unix_dgram_sendmsg+0x15fa/0x2090
[ 58.708286][ T489] ? unix_dgram_poll+0x690/0x690
[ 58.713155][ T489] ? kasan_set_track+0x5d/0x70
[ 58.717947][ T489] ? kasan_set_track+0x4b/0x70
[ 58.722642][ T489] ? security_socket_sendmsg+0x82/0xb0
[ 58.727927][ T489] ? unix_dgram_poll+0x690/0x690
[ 58.732699][ T489] ____sys_sendmsg+0x59e/0x8f0
[ 58.737297][ T489] ? __sys_sendmsg_sock+0x40/0x40
[ 58.742155][ T489] ? import_iovec+0xe5/0x120
[ 58.746591][ T489] ___sys_sendmsg+0x252/0x2e0
[ 58.751094][ T489] ? __sys_sendmsg+0x260/0x260
[ 58.755786][ T489] ? putname+0xfa/0x150
[ 58.759775][ T489] ? __fdget+0x1bc/0x240
[ 58.763936][ T489] __se_sys_sendmsg+0x19a/0x260
[ 58.768634][ T489] ? __x64_sys_sendmsg+0x90/0x90
[ 58.773398][ T489] ? ksys_write+0x260/0x2c0
[ 58.777828][ T489] ? debug_smp_processor_id+0x17/0x20
[ 58.783033][ T489] ? fpregs_assert_state_consistent+0xb6/0xe0
[ 58.788934][ T489] __x64_sys_sendmsg+0x7b/0x90
[ 58.793537][ T489] x64_sys_call+0x16a/0x9a0
[ 58.797873][ T489] do_syscall_64+0x3b/0xb0
[ 58.802162][ T489] ? clear_bhb_loop+0x35/0x90
[ 58.806640][ T489] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 58.812428][ T489] RIP: 0033:0x7f70dd4b69f9
[ 58.816726][ T489] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 58.836542][ T489] RSP: 002b:00007f70dcf3e038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 58.844781][ T489] RAX: ffffffffffffffda RBX: 00007f70dd644f80 RCX: 00007f70dd4b69f9
2024/12/27 09:02:31 executed programs: 6
[ 58.852593][ T489] RDX: 0000000000000000 RSI: 0000000020000500 RDI: 0000000000000004
[ 58.860405][ T489] RBP: 00007f70dcf3e090 R08: 0000000000000000 R09: 0000000000000000
[ 58.868218][ T489] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 58.876143][ T489] R13: 0000000000000000 R14: 00007f70dd644f80 R15: 00007ffc8b920538
[ 58.884046][ T489]
[ 58.887842][ T488] ==================================================================
[ 58.896732][ T488] BUG: KASAN: double-free or invalid-free in kmem_cache_free+0x115/0x330
[ 58.905077][ T488]
[ 58.907239][ T488] CPU: 0 PID: 488 Comm: syz.0.19 Tainted: G B 5.15.173-syzkaller-1077948-gb4bd207b0380 #0
[ 58.918293][ T488] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[ 58.928306][ T488] Call Trace:
[ 58.931459][ T488]
[ 58.934171][ T488] dump_stack_lvl+0x151/0x1c0
[ 58.938688][ T488] ? io_uring_drop_tctx_refs+0x190/0x190
[ 58.944361][ T488] ? __wake_up_klogd+0xd5/0x110
[ 58.949029][ T488] ? panic+0x760/0x760
[ 58.953002][ T488] ? kmem_cache_free+0x115/0x330
[ 58.957768][ T488] print_address_description+0x87/0x3b0
[ 58.963153][ T488] ? kmem_cache_free+0x115/0x330
[ 58.967921][ T488] ? kmem_cache_free+0x115/0x330
[ 58.972695][ T488] kasan_report_invalid_free+0x6b/0xa0
[ 58.977991][ T488] ____kasan_slab_free+0x13e/0x160
[ 58.982940][ T488] __kasan_slab_free+0x11/0x20
[ 58.987578][ T488] slab_free_freelist_hook+0xbd/0x190
[ 58.992947][ T488] kmem_cache_free+0x115/0x330
[ 58.997591][ T488] ? kfree_skbmem+0x104/0x170
[ 59.002146][ T488] kfree_skbmem+0x104/0x170
[ 59.006519][ T488] consume_skb+0xb4/0x250
[ 59.010652][ T488] __sk_msg_free+0x2dd/0x370
[ 59.015201][ T488] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 59.021046][ T488] sk_psock_stop+0x44c/0x4d0
[ 59.025469][ T488] sk_psock_drop+0x219/0x310
[ 59.029888][ T488] sock_map_unref+0x48f/0x4d0
[ 59.034405][ T488] ? __local_bh_enable_ip+0x58/0x80
[ 59.039438][ T488] ? _raw_spin_unlock_bh+0x51/0x60
[ 59.044387][ T488] sock_map_remove_links+0x41c/0x650
[ 59.049510][ T488] ? sock_map_unhash+0x120/0x120
[ 59.054281][ T488] ? locks_remove_posix+0x610/0x610
[ 59.059316][ T488] sock_map_close+0x114/0x530
[ 59.063840][ T488] ? unix_peer_get+0xe0/0xe0
[ 59.068258][ T488] ? sock_map_remove_links+0x650/0x650
[ 59.073933][ T488] ? rwsem_mark_wake+0x770/0x770
[ 59.078704][ T488] unix_release+0x82/0xc0
[ 59.082869][ T488] sock_close+0xdf/0x270
[ 59.086950][ T488] ? sock_mmap+0xa0/0xa0
[ 59.091022][ T488] __fput+0x228/0x8c0
[ 59.094847][ T488] ____fput+0x15/0x20
[ 59.099096][ T488] task_work_run+0x129/0x190
[ 59.103652][ T488] exit_to_user_mode_loop+0xc4/0xe0
[ 59.108770][ T488] exit_to_user_mode_prepare+0x5a/0xa0
[ 59.114062][ T488] syscall_exit_to_user_mode+0x26/0x160
[ 59.119444][ T488] do_syscall_64+0x47/0xb0
[ 59.123712][ T488] ? clear_bhb_loop+0x35/0x90
[ 59.128258][ T488] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 59.133935][ T488] RIP: 0033:0x7f70dd4b69f9
[ 59.138192][ T488] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 59.157801][ T488] RSP: 002b:00007ffc8b920698 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4
[ 59.166146][ T488] RAX: 0000000000000000 RBX: 000000000000e49e RCX: 00007f70dd4b69f9
[ 59.174053][ T488] RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003
[ 59.181868][ T488] RBP: 00007ffc8b920770 R08: 0000000000000001 R09: 00007ffc8b92097f
[ 59.189787][ T488] R10: 00007f70dd33f000 R11: 0000000000000246 R12: 0000000000000032
[ 59.197592][ T488] R13: 00007ffc8b920790 R14: 00007ffc8b9207b0 R15: ffffffffffffffff
[ 59.205407][ T488]
[ 59.208451][ T488]
[ 59.210624][ T488] Allocated by task 489:
[ 59.214787][ T488] __kasan_slab_alloc+0xb1/0xe0
[ 59.219479][ T488] slab_post_alloc_hook+0x53/0x2c0
[ 59.224420][ T488] kmem_cache_alloc+0xf5/0x250
[ 59.229018][ T488] skb_clone+0x1d1/0x360
[ 59.233272][ T488] sk_psock_verdict_recv+0x53/0x840
[ 59.238304][ T488] unix_read_sock+0x132/0x370
[ 59.242825][ T488] sk_psock_verdict_data_ready+0x147/0x1a0
[ 59.248474][ T488] unix_dgram_sendmsg+0x15fa/0x2090
[ 59.253502][ T488] ____sys_sendmsg+0x59e/0x8f0
[ 59.258103][ T488] ___sys_sendmsg+0x252/0x2e0
[ 59.262747][ T488] __se_sys_sendmsg+0x19a/0x260
[ 59.267478][ T488] __x64_sys_sendmsg+0x7b/0x90
[ 59.272168][ T488] x64_sys_call+0x16a/0x9a0
[ 59.276815][ T488] do_syscall_64+0x3b/0xb0
[ 59.281046][ T488] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 59.286860][ T488]
[ 59.289033][ T488] Freed by task 487:
[ 59.292938][ T488] kasan_set_track+0x4b/0x70
[ 59.297375][ T488] kasan_set_free_info+0x23/0x40
[ 59.302225][ T488] ____kasan_slab_free+0x126/0x160
[ 59.307169][ T488] __kasan_slab_free+0x11/0x20
[ 59.311772][ T488] slab_free_freelist_hook+0xbd/0x190
[ 59.316979][ T488] kmem_cache_free+0x115/0x330
[ 59.321580][ T488] kfree_skbmem+0x104/0x170
[ 59.325918][ T488] kfree_skb+0xc2/0x360
[ 59.329911][ T488] sk_psock_backlog+0xc21/0xd90
[ 59.334607][ T488] process_one_work+0x6bb/0xc10
[ 59.339285][ T488] worker_thread+0xad5/0x12a0
[ 59.343800][ T488] kthread+0x421/0x510
[ 59.347704][ T488] ret_from_fork+0x1f/0x30
[ 59.351955][ T488]
[ 59.354124][ T488] The buggy address belongs to the object at ffff88811f7e9280
[ 59.354124][ T488] which belongs to the cache skbuff_head_cache of size 248
[ 59.368533][ T488] The buggy address is located 0 bytes inside of
[ 59.368533][ T488] 248-byte region [ffff88811f7e9280, ffff88811f7e9378)
[ 59.381470][ T488] The buggy address belongs to the page:
[ 59.386935][ T488] page:ffffea00047dfa40 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x11f7e9
[ 59.397000][ T488] flags: 0x4000000000000200(slab|zone=1)
[ 59.402476][ T488] raw: 4000000000000200 0000000000000000 dead000000000122 ffff8881081aa480
[ 59.411067][ T488] raw: 0000000000000000 00000000000c000c 00000001ffffffff 0000000000000000
[ 59.419496][ T488] page dumped because: kasan: bad access detected
[ 59.425732][ T488] page_owner tracks the page as allocated
[ 59.431283][ T488] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x112cc0(GFP_USER|__GFP_NOWARN|__GFP_NORETRY), pid 90, ts 58544041057, free_ts 58543101035
[ 59.446930][ T488] post_alloc_hook+0x1a3/0x1b0
[ 59.451506][ T488] prep_new_page+0x1b/0x110
[ 59.455851][ T488] get_page_from_freelist+0x3550/0x35d0
[ 59.461231][ T488] __alloc_pages+0x27e/0x8f0
[ 59.465662][ T488] new_slab+0x9a/0x4e0
[ 59.469562][ T488] ___slab_alloc+0x39e/0x830
[ 59.474001][ T488] __slab_alloc+0x4a/0x90
[ 59.478150][ T488] kmem_cache_alloc+0x139/0x250
[ 59.482839][ T488] __alloc_skb+0xbe/0x550
[ 59.487006][ T488] alloc_skb_with_frags+0xa6/0x680
[ 59.491961][ T488] sock_alloc_send_pskb+0x915/0xa50
[ 59.497074][ T488] unix_dgram_sendmsg+0x6fd/0x2090
[ 59.502020][ T488] __sys_sendto+0x564/0x720
[ 59.506362][ T488] __x64_sys_sendto+0xe5/0x100
[ 59.510972][ T488] x64_sys_call+0x15c/0x9a0
[ 59.515442][ T488] do_syscall_64+0x3b/0xb0
[ 59.519694][ T488] page last free stack trace:
[ 59.524354][ T488] free_unref_page_prepare+0x7c8/0x7d0
[ 59.529716][ T488] free_unref_page+0xe8/0x750
[ 59.534220][ T488] __free_pages+0x61/0xf0
[ 59.538387][ T488] __vunmap+0x7bc/0x8f0
[ 59.542382][ T488] vfree+0x7f/0xb0
[ 59.545939][ T488] module_memfree+0x17/0x30
[ 59.550276][ T488] bpf_jit_free_exec+0x15/0x20
[ 59.554877][ T488] bpf_jit_free+0x98/0x240
[ 59.559132][ T488] bpf_prog_free_deferred+0x61e/0x730
[ 59.564337][ T488] process_one_work+0x6bb/0xc10
[ 59.569022][ T488] worker_thread+0xad5/0x12a0
[ 59.573544][ T488] kthread+0x421/0x510
[ 59.577444][ T488] ret_from_fork+0x1f/0x30
[ 59.581702][ T488]
[ 59.583866][ T488] Memory state around the buggy address:
[ 59.589431][ T488] ffff88811f7e9180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 59.597413][ T488] ffff88811f7e9200: fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc fc
[ 59.605310][ T488] >ffff88811f7e9280: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 59.613202][ T488] ^
[ 59.617112][ T488] ffff88811f7e9300: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fc
[ 59.625011][ T488] ffff88811f7e9380: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
[ 59.633001][ T488] ==================================================================
[ 59.654161][ T492] FAULT_INJECTION: forcing a failure.
[ 59.654161][ T492] name failslab, interval 1, probability 0, space 0, times 0
[ 59.666955][ T492] CPU: 0 PID: 492 Comm: syz.0.20 Tainted: G B 5.15.173-syzkaller-1077948-gb4bd207b0380 #0
[ 59.678209][ T492] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[ 59.688058][ T492] Call Trace:
[ 59.691181][ T492]
[ 59.693962][ T492] dump_stack_lvl+0x151/0x1c0
[ 59.698472][ T492] ? io_uring_drop_tctx_refs+0x190/0x190
[ 59.703935][ T492] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 59.709578][ T492] ? __skb_try_recv_datagram+0x495/0x6a0
[ 59.715058][ T492] dump_stack+0x15/0x20
[ 59.719048][ T492] should_fail+0x3c6/0x510
[ 59.723293][ T492] __should_failslab+0xa4/0xe0
[ 59.727892][ T492] ? skb_clone+0x1d1/0x360
[ 59.732207][ T492] should_failslab+0x9/0x20
[ 59.736485][ T492] slab_pre_alloc_hook+0x37/0xd0
[ 59.741516][ T492] ? skb_clone+0x1d1/0x360
[ 59.745768][ T492] kmem_cache_alloc+0x44/0x250
[ 59.750369][ T492] skb_clone+0x1d1/0x360
[ 59.754554][ T492] sk_psock_verdict_recv+0x53/0x840
[ 59.759709][ T492] ? avc_has_perm_noaudit+0x430/0x430
[ 59.764887][ T492] unix_read_sock+0x132/0x370
[ 59.769481][ T492] ? sk_psock_skb_redirect+0x440/0x440
[ 59.774975][ T492] ? unix_stream_splice_actor+0x120/0x120
[ 59.780513][ T492] ? _raw_spin_lock_irqsave+0xf9/0x210
[ 59.786022][ T492] ? unix_stream_splice_actor+0x120/0x120
[ 59.791575][ T492] sk_psock_verdict_data_ready+0x147/0x1a0
[ 59.797301][ T492] ? sk_psock_start_verdict+0xc0/0xc0
[ 59.802519][ T492] ? _raw_spin_lock+0xa4/0x1b0
[ 59.807111][ T492] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 59.812753][ T492] ? skb_queue_tail+0xfb/0x120
[ 59.817350][ T492] unix_dgram_sendmsg+0x15fa/0x2090
[ 59.822396][ T492] ? unix_dgram_poll+0x690/0x690
[ 59.827163][ T492] ? kasan_set_track+0x5d/0x70
[ 59.831768][ T492] ? kasan_set_track+0x4b/0x70
[ 59.836364][ T492] ? security_socket_sendmsg+0x82/0xb0
[ 59.841661][ T492] ? unix_dgram_poll+0x690/0x690
[ 59.846427][ T492] ____sys_sendmsg+0x59e/0x8f0
[ 59.851033][ T492] ? __sys_sendmsg_sock+0x40/0x40
[ 59.855895][ T492] ? import_iovec+0xe5/0x120
[ 59.860315][ T492] ___sys_sendmsg+0x252/0x2e0
[ 59.864825][ T492] ? __sys_sendmsg+0x260/0x260
[ 59.869460][ T492] ? putname+0xfa/0x150
[ 59.873420][ T492] ? __fdget+0x1bc/0x240
[ 59.877508][ T492] __se_sys_sendmsg+0x19a/0x260
[ 59.882188][ T492] ? __x64_sys_sendmsg+0x90/0x90
[ 59.886967][ T492] ? ksys_write+0x260/0x2c0
[ 59.891300][ T492] ? debug_smp_processor_id+0x17/0x20
[ 59.896595][ T492] ? fpregs_assert_state_consistent+0xb6/0xe0
[ 59.902495][ T492] __x64_sys_sendmsg+0x7b/0x90
[ 59.907182][ T492] x64_sys_call+0x16a/0x9a0
[ 59.911604][ T492] do_syscall_64+0x3b/0xb0
[ 59.915856][ T492] ? clear_bhb_loop+0x35/0x90
[ 59.920371][ T492] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 59.926100][ T492] RIP: 0033:0x7f70dd4b69f9
[ 59.930360][ T492] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 59.950018][ T492] RSP: 002b:00007f70dcf3e038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 59.958283][ T492] RAX: ffffffffffffffda RBX: 00007f70dd644f80 RCX: 00007f70dd4b69f9
[ 59.966069][ T492] RDX: 0000000000000000 RSI: 0000000020000500 RDI: 0000000000000004
[ 59.973979][ T492] RBP: 00007f70dcf3e090 R08: 0000000000000000 R09: 0000000000000000
[ 59.981791][ T492] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 59.989908][ T492] R13: 0000000000000000 R14: 00007f70dd644f80 R15: 00007ffc8b920538
[ 59.997856][ T492]
[ 60.014868][ T494] FAULT_INJECTION: forcing a failure.
[ 60.014868][ T494] name failslab, interval 1, probability 0, space 0, times 0
[ 60.028214][ T494] CPU: 1 PID: 494 Comm: syz.0.21 Tainted: G B 5.15.173-syzkaller-1077948-gb4bd207b0380 #0
[ 60.039434][ T494] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[ 60.049439][ T494] Call Trace:
[ 60.052564][ T494]
[ 60.055346][ T494] dump_stack_lvl+0x151/0x1c0
[ 60.059857][ T494] ? io_uring_drop_tctx_refs+0x190/0x190
[ 60.065417][ T494] dump_stack+0x15/0x20
[ 60.069402][ T494] should_fail+0x3c6/0x510
[ 60.073892][ T494] __should_failslab+0xa4/0xe0
[ 60.078482][ T494] should_failslab+0x9/0x20
[ 60.083358][ T494] slab_pre_alloc_hook+0x37/0xd0
[ 60.088248][ T494] kmem_cache_alloc_trace+0x48/0x270
[ 60.093496][ T494] ? sk_psock_skb_ingress_self+0x60/0x330
[ 60.099051][ T494] ? migrate_disable+0x190/0x190
[ 60.103930][ T494] sk_psock_skb_ingress_self+0x60/0x330
[ 60.109403][ T494] sk_psock_verdict_recv+0x66d/0x840
[ 60.114515][ T494] unix_read_sock+0x132/0x370
[ 60.119046][ T494] ? sk_psock_skb_redirect+0x440/0x440
[ 60.124319][ T494] ? unix_stream_splice_actor+0x120/0x120
[ 60.129962][ T494] ? _raw_spin_lock_irqsave+0xf9/0x210
[ 60.135259][ T494] ? unix_stream_splice_actor+0x120/0x120
[ 60.140988][ T494] sk_psock_verdict_data_ready+0x147/0x1a0
[ 60.146874][ T494] ? sk_psock_start_verdict+0xc0/0xc0
[ 60.152146][ T494] ? _raw_spin_lock+0xa4/0x1b0
[ 60.156834][ T494] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 60.162468][ T494] ? skb_queue_tail+0xfb/0x120
[ 60.167068][ T494] unix_dgram_sendmsg+0x15fa/0x2090
[ 60.172124][ T494] ? unix_dgram_poll+0x690/0x690
[ 60.176973][ T494] ? kasan_set_track+0x5d/0x70
[ 60.181570][ T494] ? kasan_set_track+0x4b/0x70
[ 60.186172][ T494] ? security_socket_sendmsg+0x82/0xb0
[ 60.191466][ T494] ? unix_dgram_poll+0x690/0x690
[ 60.196249][ T494] ____sys_sendmsg+0x59e/0x8f0
[ 60.200850][ T494] ? __sys_sendmsg_sock+0x40/0x40
[ 60.205700][ T494] ? import_iovec+0xe5/0x120
[ 60.210168][ T494] ___sys_sendmsg+0x252/0x2e0
[ 60.214818][ T494] ? __sys_sendmsg+0x260/0x260
[ 60.219419][ T494] ? putname+0xfa/0x150
[ 60.223496][ T494] ? __fdget+0x1bc/0x240
[ 60.227657][ T494] __se_sys_sendmsg+0x19a/0x260
[ 60.232351][ T494] ? __x64_sys_sendmsg+0x90/0x90
[ 60.237214][ T494] ? ksys_write+0x260/0x2c0
[ 60.241541][ T494] ? debug_smp_processor_id+0x17/0x20
[ 60.246753][ T494] ? fpregs_assert_state_consistent+0xb6/0xe0
[ 60.252664][ T494] __x64_sys_sendmsg+0x7b/0x90
[ 60.257250][ T494] x64_sys_call+0x16a/0x9a0
[ 60.261677][ T494] do_syscall_64+0x3b/0xb0
[ 60.266193][ T494] ? clear_bhb_loop+0x35/0x90
[ 60.270705][ T494] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 60.276518][ T494] RIP: 0033:0x7f70dd4b69f9
[ 60.280782][ T494] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 60.300590][ T494] RSP: 002b:00007f70dcf3e038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 60.308832][ T494] RAX: ffffffffffffffda RBX: 00007f70dd644f80 RCX: 00007f70dd4b69f9
[ 60.316834][ T494] RDX: 0000000000000000 RSI: 0000000020000500 RDI: 0000000000000004
[ 60.324633][ T494] RBP: 00007f70dcf3e090 R08: 0000000000000000 R09: 0000000000000000
[ 60.332442][ T494] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 60.340262][ T494] R13: 0000000000000000 R14: 00007f70dd644f80 R15: 00007ffc8b920538
[ 60.348175][ T494]
[ 60.352399][ T493] ==================================================================
[ 60.360295][ T493] BUG: KASAN: double-free or invalid-free in kmem_cache_free+0x115/0x330
[ 60.368702][ T493]
[ 60.370873][ T493] CPU: 0 PID: 493 Comm: syz.0.21 Tainted: G B 5.15.173-syzkaller-1077948-gb4bd207b0380 #0
[ 60.382136][ T493] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[ 60.392524][ T493] Call Trace:
[ 60.395659][ T493]
[ 60.398440][ T493] dump_stack_lvl+0x151/0x1c0
[ 60.403044][ T493] ? io_uring_drop_tctx_refs+0x190/0x190
[ 60.408594][ T493] ? __wake_up_klogd+0xd5/0x110
[ 60.413286][ T493] ? panic+0x760/0x760
[ 60.417188][ T493] ? kmem_cache_free+0x115/0x330
[ 60.421957][ T493] print_address_description+0x87/0x3b0
[ 60.427463][ T493] ? kmem_cache_free+0x115/0x330
[ 60.432228][ T493] ? kmem_cache_free+0x115/0x330
[ 60.436998][ T493] kasan_report_invalid_free+0x6b/0xa0
[ 60.442299][ T493] ____kasan_slab_free+0x13e/0x160
[ 60.447256][ T493] __kasan_slab_free+0x11/0x20
[ 60.451859][ T493] slab_free_freelist_hook+0xbd/0x190
[ 60.457049][ T493] kmem_cache_free+0x115/0x330
[ 60.461648][ T493] ? kfree_skbmem+0x104/0x170
[ 60.466274][ T493] kfree_skbmem+0x104/0x170
[ 60.470718][ T493] consume_skb+0xb4/0x250
[ 60.474840][ T493] __sk_msg_free+0x2dd/0x370
[ 60.479356][ T493] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 60.485169][ T493] sk_psock_stop+0x44c/0x4d0
[ 60.489597][ T493] sk_psock_drop+0x219/0x310
[ 60.494020][ T493] sock_map_unref+0x48f/0x4d0
[ 60.498534][ T493] ? __local_bh_enable_ip+0x58/0x80
[ 60.503570][ T493] ? _raw_spin_unlock_bh+0x51/0x60
[ 60.508514][ T493] sock_map_remove_links+0x41c/0x650
[ 60.513643][ T493] ? sock_map_unhash+0x120/0x120
[ 60.518513][ T493] ? locks_remove_posix+0x610/0x610
[ 60.523649][ T493] sock_map_close+0x114/0x530
[ 60.528162][ T493] ? unix_peer_get+0xe0/0xe0
[ 60.532579][ T493] ? sock_map_remove_links+0x650/0x650
[ 60.537895][ T493] ? rwsem_mark_wake+0x770/0x770
[ 60.542656][ T493] unix_release+0x82/0xc0
[ 60.546820][ T493] sock_close+0xdf/0x270
[ 60.550900][ T493] ? sock_mmap+0xa0/0xa0
[ 60.555058][ T493] __fput+0x228/0x8c0
[ 60.558878][ T493] ____fput+0x15/0x20
[ 60.562697][ T493] task_work_run+0x129/0x190
[ 60.567212][ T493] exit_to_user_mode_loop+0xc4/0xe0
[ 60.572332][ T493] exit_to_user_mode_prepare+0x5a/0xa0
[ 60.577625][ T493] syscall_exit_to_user_mode+0x26/0x160
[ 60.583104][ T493] do_syscall_64+0x47/0xb0
[ 60.587439][ T493] ? clear_bhb_loop+0x35/0x90
[ 60.591954][ T493] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 60.597701][ T493] RIP: 0033:0x7f70dd4b69f9
[ 60.602029][ T493] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 60.621474][ T493] RSP: 002b:00007ffc8b920698 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4
[ 60.629718][ T493] RAX: 0000000000000000 RBX: 00007f70dd646a80 RCX: 00007f70dd4b69f9
[ 60.637626][ T493] RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003
[ 60.645434][ T493] RBP: 00007f70dd646a80 R08: 0000000000000000 R09: 00007ffc8b92097f
[ 60.653252][ T493] R10: 000000000003fda8 R11: 0000000000000246 R12: 000000000000ed96
[ 60.661067][ T493] R13: 00007ffc8b920790 R14: 00007ffc8b9207b0 R15: ffffffffffffffff
[ 60.668877][ T493]
[ 60.671733][ T493]
[ 60.673902][ T493] Allocated by task 494:
[ 60.677982][ T493] __kasan_slab_alloc+0xb1/0xe0
[ 60.682666][ T493] slab_post_alloc_hook+0x53/0x2c0
[ 60.687614][ T493] kmem_cache_alloc+0xf5/0x250
[ 60.692267][ T493] skb_clone+0x1d1/0x360
[ 60.696388][ T493] sk_psock_verdict_recv+0x53/0x840
[ 60.701417][ T493] unix_read_sock+0x132/0x370
[ 60.705940][ T493] sk_psock_verdict_data_ready+0x147/0x1a0
[ 60.711576][ T493] unix_dgram_sendmsg+0x15fa/0x2090
[ 60.716604][ T493] ____sys_sendmsg+0x59e/0x8f0
[ 60.721208][ T493] ___sys_sendmsg+0x252/0x2e0
[ 60.725719][ T493] __se_sys_sendmsg+0x19a/0x260
[ 60.730553][ T493] __x64_sys_sendmsg+0x7b/0x90
[ 60.735384][ T493] x64_sys_call+0x16a/0x9a0
[ 60.739714][ T493] do_syscall_64+0x3b/0xb0
[ 60.743962][ T493] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 60.749692][ T493]
[ 60.751866][ T493] Freed by task 487:
[ 60.755603][ T493] kasan_set_track+0x4b/0x70
[ 60.760278][ T493] kasan_set_free_info+0x23/0x40
[ 60.765050][ T493] ____kasan_slab_free+0x126/0x160
[ 60.769997][ T493] __kasan_slab_free+0x11/0x20
[ 60.774597][ T493] slab_free_freelist_hook+0xbd/0x190
[ 60.779922][ T493] kmem_cache_free+0x115/0x330
[ 60.784517][ T493] kfree_skbmem+0x104/0x170
[ 60.788882][ T493] kfree_skb+0xc2/0x360
[ 60.792856][ T493] sk_psock_backlog+0xc21/0xd90
[ 60.797545][ T493] process_one_work+0x6bb/0xc10
[ 60.802226][ T493] worker_thread+0xad5/0x12a0
[ 60.806869][ T493] kthread+0x421/0x510
[ 60.810764][ T493] ret_from_fork+0x1f/0x30
[ 60.815016][ T493]
[ 60.817309][ T493] The buggy address belongs to the object at ffff888113548640
[ 60.817309][ T493] which belongs to the cache skbuff_head_cache of size 248
[ 60.831719][ T493] The buggy address is located 0 bytes inside of
[ 60.831719][ T493] 248-byte region [ffff888113548640, ffff888113548738)
[ 60.844647][ T493] The buggy address belongs to the page:
[ 60.850237][ T493] page:ffffea00044d5200 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x113548
[ 60.860387][ T493] flags: 0x4000000000000200(slab|zone=1)
[ 60.865861][ T493] raw: 4000000000000200 0000000000000000 dead000000000122 ffff8881081aa480
[ 60.874280][ T493] raw: 0000000000000000 00000000000c000c 00000001ffffffff 0000000000000000
[ 60.882692][ T493] page dumped because: kasan: bad access detected
[ 60.888952][ T493] page_owner tracks the page as allocated
[ 60.894614][ T493] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x112cc0(GFP_USER|__GFP_NOWARN|__GFP_NORETRY), pid 90, ts 60010187844, free_ts 53021311015
[ 60.910231][ T493] post_alloc_hook+0x1a3/0x1b0
[ 60.914827][ T493] prep_new_page+0x1b/0x110
[ 60.919351][ T493] get_page_from_freelist+0x3550/0x35d0
[ 60.924737][ T493] __alloc_pages+0x27e/0x8f0
[ 60.929308][ T493] new_slab+0x9a/0x4e0
[ 60.933205][ T493] ___slab_alloc+0x39e/0x830
[ 60.937623][ T493] __slab_alloc+0x4a/0x90
[ 60.941803][ T493] kmem_cache_alloc+0x139/0x250
[ 60.946566][ T493] __alloc_skb+0xbe/0x550
[ 60.950736][ T493] alloc_skb_with_frags+0xa6/0x680
[ 60.955677][ T493] sock_alloc_send_pskb+0x915/0xa50
[ 60.960727][ T493] unix_dgram_sendmsg+0x6fd/0x2090
[ 60.965669][ T493] __sys_sendto+0x564/0x720
[ 60.970000][ T493] __x64_sys_sendto+0xe5/0x100
[ 60.974782][ T493] x64_sys_call+0x15c/0x9a0
[ 60.979534][ T493] do_syscall_64+0x3b/0xb0
[ 60.983975][ T493] page last free stack trace:
[ 60.988433][ T493] free_unref_page_prepare+0x7c8/0x7d0
[ 60.993736][ T493] free_unref_page+0xe8/0x750
[ 60.998238][ T493] __free_pages+0x61/0xf0
[ 61.002402][ T493] __vunmap+0x7bc/0x8f0
[ 61.006413][ T493] vfree+0x7f/0xb0
[ 61.009982][ T493] kcov_close+0x2b/0x50
[ 61.013955][ T493] __fput+0x228/0x8c0
[ 61.017764][ T493] ____fput+0x15/0x20
[ 61.021587][ T493] task_work_run+0x129/0x190
[ 61.026012][ T493] do_exit+0xc48/0x2ca0
[ 61.030003][ T493] do_group_exit+0x141/0x310
[ 61.034434][ T493] get_signal+0x7a3/0x1630
[ 61.038713][ T493] arch_do_signal_or_restart+0xbd/0x1680
[ 61.044160][ T493] exit_to_user_mode_loop+0xa0/0xe0
[ 61.049190][ T493] exit_to_user_mode_prepare+0x5a/0xa0
[ 61.054478][ T493] syscall_exit_to_user_mode+0x26/0x160
[ 61.059870][ T493]
[ 61.062034][ T493] Memory state around the buggy address:
[ 61.067507][ T493] ffff888113548500: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 61.075427][ T493] ffff888113548580: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fc
[ 61.083306][ T493] >ffff888113548600: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
[ 61.091193][ T493] ^
[ 61.097188][ T493] ffff888113548680: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 61.105085][ T493] ffff888113548700: fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc fc
[ 61.113065][ T493] ==================================================================
[ 61.130303][ T497] FAULT_INJECTION: forcing a failure.
[ 61.130303][ T497] name failslab, interval 1, probability 0, space 0, times 0
[ 61.142986][ T497] CPU: 1 PID: 497 Comm: syz.0.22 Tainted: G B 5.15.173-syzkaller-1077948-gb4bd207b0380 #0
[ 61.153931][ T497] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[ 61.163824][ T497] Call Trace:
[ 61.166947][ T497]
[ 61.169725][ T497] dump_stack_lvl+0x151/0x1c0
[ 61.174239][ T497] ? io_uring_drop_tctx_refs+0x190/0x190
[ 61.179708][ T497] dump_stack+0x15/0x20
[ 61.183701][ T497] should_fail+0x3c6/0x510
[ 61.187953][ T497] __should_failslab+0xa4/0xe0
[ 61.192567][ T497] should_failslab+0x9/0x20
[ 61.196891][ T497] slab_pre_alloc_hook+0x37/0xd0
[ 61.201674][ T497] kmem_cache_alloc_trace+0x48/0x270
[ 61.206790][ T497] ? sk_psock_skb_ingress_self+0x60/0x330
[ 61.212350][ T497] ? migrate_disable+0x190/0x190
[ 61.217122][ T497] sk_psock_skb_ingress_self+0x60/0x330
[ 61.222507][ T497] sk_psock_verdict_recv+0x66d/0x840
[ 61.227724][ T497] unix_read_sock+0x132/0x370
[ 61.232753][ T497] ? sk_psock_skb_redirect+0x440/0x440
[ 61.238043][ T497] ? unix_stream_splice_actor+0x120/0x120
[ 61.243715][ T497] ? _raw_spin_lock_irqsave+0xf9/0x210
[ 61.249006][ T497] ? unix_stream_splice_actor+0x120/0x120
[ 61.254557][ T497] sk_psock_verdict_data_ready+0x147/0x1a0
[ 61.260331][ T497] ? sk_psock_start_verdict+0xc0/0xc0
[ 61.265726][ T497] ? _raw_spin_lock+0xa4/0x1b0
[ 61.270438][ T497] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 61.276157][ T497] ? skb_queue_tail+0xfb/0x120
[ 61.280933][ T497] unix_dgram_sendmsg+0x15fa/0x2090
[ 61.286238][ T497] ? unix_dgram_poll+0x690/0x690
[ 61.291006][ T497] ? kasan_set_track+0x5d/0x70
[ 61.295604][ T497] ? kasan_set_track+0x4b/0x70
[ 61.300321][ T497] ? security_socket_sendmsg+0x82/0xb0
[ 61.305585][ T497] ? unix_dgram_poll+0x690/0x690
[ 61.310361][ T497] ____sys_sendmsg+0x59e/0x8f0
[ 61.314962][ T497] ? __sys_sendmsg_sock+0x40/0x40
[ 61.319912][ T497] ? import_iovec+0xe5/0x120
[ 61.324426][ T497] ___sys_sendmsg+0x252/0x2e0
[ 61.328934][ T497] ? __sys_sendmsg+0x260/0x260
[ 61.333539][ T497] ? putname+0xfa/0x150
[ 61.337528][ T497] ? __fdget+0x1bc/0x240
[ 61.341605][ T497] __se_sys_sendmsg+0x19a/0x260
[ 61.346292][ T497] ? __x64_sys_sendmsg+0x90/0x90
[ 61.351237][ T497] ? ksys_write+0x260/0x2c0
[ 61.355587][ T497] ? debug_smp_processor_id+0x17/0x20
[ 61.360787][ T497] ? fpregs_assert_state_consistent+0xb6/0xe0
[ 61.366693][ T497] __x64_sys_sendmsg+0x7b/0x90
[ 61.371297][ T497] x64_sys_call+0x16a/0x9a0
[ 61.375717][ T497] do_syscall_64+0x3b/0xb0
[ 61.380191][ T497] ? clear_bhb_loop+0x35/0x90
[ 61.384656][ T497] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 61.390520][ T497] RIP: 0033:0x7f70dd4b69f9
[ 61.394770][ T497] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 61.414337][ T497] RSP: 002b:00007f70dcf3e038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 61.422568][ T497] RAX: ffffffffffffffda RBX: 00007f70dd644f80 RCX: 00007f70dd4b69f9
[ 61.430465][ T497] RDX: 0000000000000000 RSI: 0000000020000500 RDI: 0000000000000004
[ 61.438277][ T497] RBP: 00007f70dcf3e090 R08: 0000000000000000 R09: 0000000000000000
[ 61.446094][ T497] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 61.453982][ T497] R13: 0000000000000000 R14: 00007f70dd644f80 R15: 00007ffc8b920538
[ 61.461813][ T497]
[ 61.473973][ T499] FAULT_INJECTION: forcing a failure.
[ 61.473973][ T499] name failslab, interval 1, probability 0, space 0, times 0
[ 61.486503][ T499] CPU: 1 PID: 499 Comm: syz.0.23 Tainted: G B 5.15.173-syzkaller-1077948-gb4bd207b0380 #0
[ 61.497612][ T499] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[ 61.507618][ T499] Call Trace:
[ 61.510732][ T499]
[ 61.513516][ T499] dump_stack_lvl+0x151/0x1c0
[ 61.518141][ T499] ? io_uring_drop_tctx_refs+0x190/0x190
[ 61.523607][ T499] dump_stack+0x15/0x20
[ 61.527603][ T499] should_fail+0x3c6/0x510
[ 61.532223][ T499] __should_failslab+0xa4/0xe0
[ 61.536841][ T499] should_failslab+0x9/0x20
[ 61.541155][ T499] slab_pre_alloc_hook+0x37/0xd0
[ 61.545927][ T499] kmem_cache_alloc_trace+0x48/0x270
[ 61.551056][ T499] ? sk_psock_skb_ingress_self+0x60/0x330
[ 61.556792][ T499] ? migrate_disable+0x190/0x190
[ 61.561555][ T499] sk_psock_skb_ingress_self+0x60/0x330
[ 61.567023][ T499] sk_psock_verdict_recv+0x66d/0x840
[ 61.572142][ T499] unix_read_sock+0x132/0x370
[ 61.576658][ T499] ? sk_psock_skb_redirect+0x440/0x440
[ 61.582249][ T499] ? unix_stream_splice_actor+0x120/0x120
[ 61.587780][ T499] ? _raw_spin_lock_irqsave+0xf9/0x210
[ 61.593110][ T499] ? unix_stream_splice_actor+0x120/0x120
[ 61.598802][ T499] sk_psock_verdict_data_ready+0x147/0x1a0
[ 61.604449][ T499] ? sk_psock_start_verdict+0xc0/0xc0
[ 61.609659][ T499] ? _raw_spin_lock+0xa4/0x1b0
[ 61.614354][ T499] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 61.620070][ T499] ? skb_queue_tail+0xfb/0x120
[ 61.624595][ T499] unix_dgram_sendmsg+0x15fa/0x2090
[ 61.629808][ T499] ? unix_dgram_poll+0x690/0x690
[ 61.634670][ T499] ? kasan_set_track+0x5d/0x70
[ 61.639262][ T499] ? kasan_set_track+0x4b/0x70
[ 61.643867][ T499] ? security_socket_sendmsg+0x82/0xb0
[ 61.649159][ T499] ? unix_dgram_poll+0x690/0x690
[ 61.653934][ T499] ____sys_sendmsg+0x59e/0x8f0
[ 61.658538][ T499] ? __sys_sendmsg_sock+0x40/0x40
[ 61.663493][ T499] ? import_iovec+0xe5/0x120
[ 61.668014][ T499] ___sys_sendmsg+0x252/0x2e0
[ 61.672521][ T499] ? __sys_sendmsg+0x260/0x260
[ 61.677131][ T499] ? putname+0xfa/0x150
[ 61.681121][ T499] ? __fdget+0x1bc/0x240
[ 61.685192][ T499] __se_sys_sendmsg+0x19a/0x260
[ 61.689881][ T499] ? __x64_sys_sendmsg+0x90/0x90
[ 61.694649][ T499] ? ksys_write+0x260/0x2c0
[ 61.698998][ T499] ? debug_smp_processor_id+0x17/0x20
[ 61.704198][ T499] ? fpregs_assert_state_consistent+0xb6/0xe0
[ 61.710189][ T499] __x64_sys_sendmsg+0x7b/0x90
[ 61.714788][ T499] x64_sys_call+0x16a/0x9a0
[ 61.719135][ T499] do_syscall_64+0x3b/0xb0
[ 61.723564][ T499] ? clear_bhb_loop+0x35/0x90
[ 61.728079][ T499] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 61.733904][ T499] RIP: 0033:0x7f70dd4b69f9
[ 61.738155][ T499] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 61.757599][ T499] RSP: 002b:00007f70dcf3e038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 61.766099][ T499] RAX: ffffffffffffffda RBX: 00007f70dd644f80 RCX: 00007f70dd4b69f9
[ 61.774001][ T499] RDX: 0000000000000000 RSI: 0000000020000500 RDI: 0000000000000004
[ 61.781902][ T499] RBP: 00007f70dcf3e090 R08: 0000000000000000 R09: 0000000000000000
[ 61.789885][ T499] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 61.798083][ T499] R13: 0000000000000000 R14: 00007f70dd644f80 R15: 00007ffc8b920538
[ 61.805981][ T499]
[ 61.813587][ T498] ==================================================================
[ 61.821473][ T498] BUG: KASAN: double-free or invalid-free in kmem_cache_free+0x115/0x330
[ 61.830078][ T498]
[ 61.832248][ T498] CPU: 0 PID: 498 Comm: syz.0.23 Tainted: G B 5.15.173-syzkaller-1077948-gb4bd207b0380 #0
[ 61.843505][ T498] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[ 61.853596][ T498] Call Trace:
[ 61.856718][ T498]
[ 61.859504][ T498] dump_stack_lvl+0x151/0x1c0
[ 61.864097][ T498] ? io_uring_drop_tctx_refs+0x190/0x190
[ 61.869564][ T498] ? __wake_up_klogd+0xd5/0x110
[ 61.874357][ T498] ? panic+0x760/0x760
[ 61.878244][ T498] ? kmem_cache_free+0x115/0x330
[ 61.883020][ T498] print_address_description+0x87/0x3b0
[ 61.888499][ T498] ? kmem_cache_free+0x115/0x330
[ 61.893257][ T498] ? kmem_cache_free+0x115/0x330
[ 61.898036][ T498] kasan_report_invalid_free+0x6b/0xa0
[ 61.903328][ T498] ____kasan_slab_free+0x13e/0x160
[ 61.908278][ T498] __kasan_slab_free+0x11/0x20
[ 61.912878][ T498] slab_free_freelist_hook+0xbd/0x190
[ 61.918083][ T498] kmem_cache_free+0x115/0x330
[ 61.922684][ T498] ? kfree_skbmem+0x104/0x170
[ 61.927308][ T498] kfree_skbmem+0x104/0x170
[ 61.931824][ T498] consume_skb+0xb4/0x250
[ 61.935983][ T498] __sk_msg_free+0x2dd/0x370
[ 61.940412][ T498] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 61.946102][ T498] sk_psock_stop+0x44c/0x4d0
[ 61.950479][ T498] sk_psock_drop+0x219/0x310
[ 61.954905][ T498] sock_map_unref+0x48f/0x4d0
[ 61.959428][ T498] ? __local_bh_enable_ip+0x58/0x80
[ 61.964453][ T498] ? _raw_spin_unlock_bh+0x51/0x60
[ 61.969406][ T498] sock_map_remove_links+0x41c/0x650
[ 61.974732][ T498] ? sock_map_unhash+0x120/0x120
[ 61.979497][ T498] ? locks_remove_posix+0x610/0x610
[ 61.984531][ T498] sock_map_close+0x114/0x530
[ 61.989044][ T498] ? unix_peer_get+0xe0/0xe0
[ 61.994025][ T498] ? sock_map_remove_links+0x650/0x650
[ 61.999316][ T498] ? rwsem_mark_wake+0x770/0x770
[ 62.004090][ T498] unix_release+0x82/0xc0
[ 62.008432][ T498] sock_close+0xdf/0x270
[ 62.012661][ T498] ? sock_mmap+0xa0/0xa0
[ 62.016761][ T498] __fput+0x228/0x8c0
[ 62.020671][ T498] ____fput+0x15/0x20
[ 62.024483][ T498] task_work_run+0x129/0x190
[ 62.028994][ T498] exit_to_user_mode_loop+0xc4/0xe0
[ 62.034113][ T498] exit_to_user_mode_prepare+0x5a/0xa0
[ 62.039604][ T498] syscall_exit_to_user_mode+0x26/0x160
[ 62.044988][ T498] do_syscall_64+0x47/0xb0
[ 62.049229][ T498] ? clear_bhb_loop+0x35/0x90
[ 62.053750][ T498] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 62.059769][ T498] RIP: 0033:0x7f70dd4b69f9
[ 62.064023][ T498] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 62.083765][ T498] RSP: 002b:00007ffc8b920698 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4
[ 62.092240][ T498] RAX: 0000000000000000 RBX: 00007f70dd646a80 RCX: 00007f70dd4b69f9
[ 62.100166][ T498] RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003
[ 62.108084][ T498] RBP: 00007f70dd646a80 R08: 0000000000000000 R09: 00007ffc8b92097f
[ 62.115902][ T498] R10: 000000000003fda8 R11: 0000000000000246 R12: 000000000000f349
[ 62.123704][ T498] R13: 00007ffc8b920790 R14: 00007ffc8b9207b0 R15: ffffffffffffffff
[ 62.131516][ T498]
[ 62.134378][ T498]
[ 62.136555][ T498] Allocated by task 499:
[ 62.140651][ T498] __kasan_slab_alloc+0xb1/0xe0
[ 62.145318][ T498] slab_post_alloc_hook+0x53/0x2c0
[ 62.150268][ T498] kmem_cache_alloc+0xf5/0x250
[ 62.154867][ T498] skb_clone+0x1d1/0x360
[ 62.158941][ T498] sk_psock_verdict_recv+0x53/0x840
[ 62.164025][ T498] unix_read_sock+0x132/0x370
[ 62.168516][ T498] sk_psock_verdict_data_ready+0x147/0x1a0
[ 62.174132][ T498] unix_dgram_sendmsg+0x15fa/0x2090
[ 62.179164][ T498] ____sys_sendmsg+0x59e/0x8f0
[ 62.183761][ T498] ___sys_sendmsg+0x252/0x2e0
[ 62.188280][ T498] __se_sys_sendmsg+0x19a/0x260
[ 62.192962][ T498] __x64_sys_sendmsg+0x7b/0x90
[ 62.197566][ T498] x64_sys_call+0x16a/0x9a0
[ 62.202031][ T498] do_syscall_64+0x3b/0xb0
[ 62.206272][ T498] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 62.212121][ T498]
[ 62.214318][ T498] Freed by task 63:
[ 62.217937][ T498] kasan_set_track+0x4b/0x70
[ 62.222367][ T498] kasan_set_free_info+0x23/0x40
[ 62.227147][ T498] ____kasan_slab_free+0x126/0x160
[ 62.232086][ T498] __kasan_slab_free+0x11/0x20
[ 62.236682][ T498] slab_free_freelist_hook+0xbd/0x190
[ 62.242025][ T498] kmem_cache_free+0x115/0x330
[ 62.246580][ T498] kfree_skbmem+0x104/0x170
[ 62.250925][ T498] kfree_skb+0xc2/0x360
[ 62.254923][ T498] sk_psock_backlog+0xc21/0xd90
[ 62.259600][ T498] process_one_work+0x6bb/0xc10
[ 62.264299][ T498] worker_thread+0xad5/0x12a0
[ 62.268806][ T498] kthread+0x421/0x510
[ 62.272844][ T498] ret_from_fork+0x1f/0x30
[ 62.277095][ T498]
[ 62.279259][ T498] The buggy address belongs to the object at ffff888118698280
[ 62.279259][ T498] which belongs to the cache skbuff_head_cache of size 248
[ 62.294030][ T498] The buggy address is located 0 bytes inside of
[ 62.294030][ T498] 248-byte region [ffff888118698280, ffff888118698378)
[ 62.306956][ T498] The buggy address belongs to the page:
[ 62.312415][ T498] page:ffffea000461a600 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x118698
[ 62.322663][ T498] flags: 0x4000000000000200(slab|zone=1)
[ 62.328137][ T498] raw: 4000000000000200 0000000000000000 dead000000000122 ffff8881081aa480
[ 62.336551][ T498] raw: 0000000000000000 00000000800c000c 00000001ffffffff 0000000000000000
[ 62.344968][ T498] page dumped because: kasan: bad access detected
[ 62.351224][ T498] page_owner tracks the page as allocated
[ 62.356939][ T498] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x112cc0(GFP_USER|__GFP_NOWARN|__GFP_NORETRY), pid 101, ts 61471555593, free_ts 61470964553
[ 62.372656][ T498] post_alloc_hook+0x1a3/0x1b0
[ 62.377259][ T498] prep_new_page+0x1b/0x110
[ 62.381693][ T498] get_page_from_freelist+0x3550/0x35d0
[ 62.387063][ T498] __alloc_pages+0x27e/0x8f0
[ 62.391571][ T498] new_slab+0x9a/0x4e0
[ 62.395481][ T498] ___slab_alloc+0x39e/0x830
[ 62.400028][ T498] __slab_alloc+0x4a/0x90
[ 62.404191][ T498] kmem_cache_alloc+0x139/0x250
[ 62.409060][ T498] __alloc_skb+0xbe/0x550
[ 62.413218][ T498] netlink_sendmsg+0x797/0xd20
[ 62.417905][ T498] ____sys_sendmsg+0x59e/0x8f0
[ 62.422503][ T498] ___sys_sendmsg+0x252/0x2e0
[ 62.427023][ T498] __se_sys_sendmsg+0x19a/0x260
[ 62.431713][ T498] __x64_sys_sendmsg+0x7b/0x90
[ 62.436308][ T498] x64_sys_call+0x16a/0x9a0
[ 62.440644][ T498] do_syscall_64+0x3b/0xb0
[ 62.444897][ T498] page last free stack trace:
[ 62.449494][ T498] free_unref_page_prepare+0x7c8/0x7d0
[ 62.454879][ T498] free_unref_page+0xe8/0x750
[ 62.459478][ T498] __free_pages+0x61/0xf0
[ 62.463645][ T498] __free_slab+0xec/0x1d0
[ 62.467870][ T498] discard_slab+0x29/0x40
[ 62.471977][ T498] __slab_free+0x205/0x290
[ 62.476231][ T498] ___cache_free+0x109/0x120
[ 62.480823][ T498] qlink_free+0x4d/0x90
[ 62.484810][ T498] qlist_free_all+0x44/0xb0
[ 62.489152][ T498] kasan_quarantine_reduce+0x15a/0x180
[ 62.494538][ T498] __kasan_slab_alloc+0x2f/0xe0
[ 62.499216][ T498] slab_post_alloc_hook+0x53/0x2c0
[ 62.504201][ T498] __kmalloc+0x11e/0x2c0
[ 62.508243][ T498] kernfs_fop_write_iter+0x151/0x410
[ 62.513535][ T498] vfs_write+0xd5d/0x1110
[ 62.517701][ T498] ksys_write+0x199/0x2c0
[ 62.521879][ T498]
[ 62.524038][ T498] Memory state around the buggy address:
[ 62.529612][ T498] ffff888118698180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 62.537585][ T498] ffff888118698200: fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc fc
[ 62.545588][ T498] >ffff888118698280: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 62.553463][ T498] ^
[ 62.557370][ T498] ffff888118698300: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fc
[ 62.565269][ T498] ffff888118698380: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
[ 62.573252][ T498] ==================================================================
[ 62.597356][ T502] FAULT_INJECTION: forcing a failure.
[ 62.597356][ T502] name failslab, interval 1, probability 0, space 0, times 0
[ 62.609937][ T502] CPU: 0 PID: 502 Comm: syz.0.24 Tainted: G B 5.15.173-syzkaller-1077948-gb4bd207b0380 #0
[ 62.620919][ T502] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[ 62.630910][ T502] Call Trace:
[ 62.634033][ T502]
[ 62.636810][ T502] dump_stack_lvl+0x151/0x1c0
[ 62.641326][ T502] ? io_uring_drop_tctx_refs+0x190/0x190
[ 62.646795][ T502] dump_stack+0x15/0x20
[ 62.650783][ T502] should_fail+0x3c6/0x510
[ 62.655042][ T502] __should_failslab+0xa4/0xe0
[ 62.659647][ T502] should_failslab+0x9/0x20
[ 62.663984][ T502] slab_pre_alloc_hook+0x37/0xd0
[ 62.668750][ T502] kmem_cache_alloc_trace+0x48/0x270
[ 62.673872][ T502] ? sk_psock_skb_ingress_self+0x60/0x330
[ 62.679781][ T502] ? migrate_disable+0x190/0x190
[ 62.684572][ T502] sk_psock_skb_ingress_self+0x60/0x330
[ 62.689931][ T502] sk_psock_verdict_recv+0x66d/0x840
[ 62.695083][ T502] unix_read_sock+0x132/0x370
[ 62.699563][ T502] ? sk_psock_skb_redirect+0x440/0x440
[ 62.704864][ T502] ? unix_stream_splice_actor+0x120/0x120
[ 62.710412][ T502] ? _raw_spin_lock_irqsave+0xf9/0x210
[ 62.715797][ T502] ? unix_stream_splice_actor+0x120/0x120
[ 62.721349][ T502] sk_psock_verdict_data_ready+0x147/0x1a0
[ 62.726993][ T502] ? sk_psock_start_verdict+0xc0/0xc0
[ 62.732197][ T502] ? _raw_spin_lock+0xa4/0x1b0
[ 62.736796][ T502] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 62.742535][ T502] ? skb_queue_tail+0xfb/0x120
[ 62.747126][ T502] unix_dgram_sendmsg+0x15fa/0x2090
[ 62.752163][ T502] ? unix_dgram_poll+0x690/0x690
[ 62.756946][ T502] ? kasan_set_track+0x5d/0x70
[ 62.762229][ T502] ? kasan_set_track+0x4b/0x70
[ 62.766992][ T502] ? security_socket_sendmsg+0x82/0xb0
[ 62.772520][ T502] ? unix_dgram_poll+0x690/0x690
[ 62.777508][ T502] ____sys_sendmsg+0x59e/0x8f0
[ 62.782117][ T502] ? __sys_sendmsg_sock+0x40/0x40
[ 62.786971][ T502] ? import_iovec+0xe5/0x120
[ 62.791504][ T502] ___sys_sendmsg+0x252/0x2e0
[ 62.796010][ T502] ? __sys_sendmsg+0x260/0x260
[ 62.800615][ T502] ? putname+0xfa/0x150
[ 62.804709][ T502] ? __fdget+0x1bc/0x240
[ 62.809149][ T502] __se_sys_sendmsg+0x19a/0x260
[ 62.813830][ T502] ? __x64_sys_sendmsg+0x90/0x90
[ 62.818596][ T502] ? ksys_write+0x260/0x2c0
[ 62.823052][ T502] ? debug_smp_processor_id+0x17/0x20
[ 62.828582][ T502] ? fpregs_assert_state_consistent+0xb6/0xe0
[ 62.834483][ T502] __x64_sys_sendmsg+0x7b/0x90
[ 62.839323][ T502] x64_sys_call+0x16a/0x9a0
[ 62.843660][ T502] do_syscall_64+0x3b/0xb0
[ 62.847914][ T502] ? clear_bhb_loop+0x35/0x90
[ 62.852424][ T502] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 62.858155][ T502] RIP: 0033:0x7f70dd4b69f9
[ 62.862405][ T502] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 62.881850][ T502] RSP: 002b:00007f70dcf3e038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 62.890257][ T502] RAX: ffffffffffffffda RBX: 00007f70dd644f80 RCX: 00007f70dd4b69f9
[ 62.898055][ T502] RDX: 0000000000000000 RSI: 0000000020000500 RDI: 0000000000000004
[ 62.905951][ T502] RBP: 00007f70dcf3e090 R08: 0000000000000000 R09: 0000000000000000
[ 62.913763][ T502] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 62.921575][ T502] R13: 0000000000000000 R14: 00007f70dd644f80 R15: 00007ffc8b920538
[ 62.929388][ T502]
[ 62.934747][ T322] ==================================================================
[ 62.942631][ T322] BUG: KASAN: double-free or invalid-free in kmem_cache_free+0x115/0x330
[ 62.950874][ T322]
[ 62.953046][ T322] CPU: 0 PID: 322 Comm: kworker/0:2 Tainted: G B 5.15.173-syzkaller-1077948-gb4bd207b0380 #0
[ 62.964328][ T322] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[ 62.974349][ T322] Workqueue: events bpf_map_free_deferred
[ 62.979901][ T322] Call Trace:
[ 62.983162][ T322]
[ 62.985927][ T322] dump_stack_lvl+0x151/0x1c0
[ 62.990435][ T322] ? io_uring_drop_tctx_refs+0x190/0x190
[ 62.995895][ T322] ? panic+0x760/0x760
[ 62.999798][ T322] ? kasan_set_free_info+0x23/0x40
[ 63.004749][ T322] ? ____kasan_slab_free+0x126/0x160
[ 63.009873][ T322] ? kmem_cache_free+0x115/0x330
[ 63.014643][ T322] print_address_description+0x87/0x3b0
[ 63.020111][ T322] ? worker_thread+0xad5/0x12a0
[ 63.024886][ T322] ? kthread+0x421/0x510
[ 63.028966][ T322] ? kmem_cache_free+0x115/0x330
[ 63.033741][ T322] ? kmem_cache_free+0x115/0x330
[ 63.038877][ T322] kasan_report_invalid_free+0x6b/0xa0
[ 63.044161][ T322] ____kasan_slab_free+0x13e/0x160
[ 63.049118][ T322] __kasan_slab_free+0x11/0x20
[ 63.053707][ T322] slab_free_freelist_hook+0xbd/0x190
[ 63.058920][ T322] kmem_cache_free+0x115/0x330
[ 63.063640][ T322] ? kfree_skbmem+0x104/0x170
[ 63.068152][ T322] kfree_skbmem+0x104/0x170
[ 63.072492][ T322] consume_skb+0xb4/0x250
[ 63.076666][ T322] __sk_msg_free+0x2dd/0x370
[ 63.081344][ T322] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 63.086988][ T322] sk_psock_stop+0x44c/0x4d0
[ 63.091421][ T322] sk_psock_drop+0x219/0x310
[ 63.095841][ T322] sock_map_unref+0x48f/0x4d0
[ 63.100352][ T322] sock_map_free+0x137/0x2b0
[ 63.104786][ T322] bpf_map_free_deferred+0x10d/0x1e0
[ 63.109898][ T322] process_one_work+0x6bb/0xc10
[ 63.114590][ T322] worker_thread+0xad5/0x12a0
[ 63.119102][ T322] ? _raw_spin_lock+0x1b0/0x1b0
[ 63.123946][ T322] kthread+0x421/0x510
[ 63.127812][ T322] ? worker_clr_flags+0x180/0x180
[ 63.132756][ T322] ? kthread_blkcg+0xd0/0xd0
[ 63.137278][ T322] ret_from_fork+0x1f/0x30
[ 63.141534][ T322]
[ 63.144495][ T322]
[ 63.146677][ T322] Allocated by task 502:
[ 63.150828][ T322] __kasan_slab_alloc+0xb1/0xe0
[ 63.155606][ T322] slab_post_alloc_hook+0x53/0x2c0
[ 63.160556][ T322] kmem_cache_alloc+0xf5/0x250
[ 63.165247][ T322] skb_clone+0x1d1/0x360
[ 63.169316][ T322] sk_psock_verdict_recv+0x53/0x840
[ 63.174355][ T322] unix_read_sock+0x132/0x370
[ 63.178871][ T322] sk_psock_verdict_data_ready+0x147/0x1a0
[ 63.184505][ T322] unix_dgram_sendmsg+0x15fa/0x2090
[ 63.189542][ T322] ____sys_sendmsg+0x59e/0x8f0
[ 63.194139][ T322] ___sys_sendmsg+0x252/0x2e0
[ 63.198656][ T322] __se_sys_sendmsg+0x19a/0x260
[ 63.203348][ T322] __x64_sys_sendmsg+0x7b/0x90
[ 63.208112][ T322] x64_sys_call+0x16a/0x9a0
[ 63.212455][ T322] do_syscall_64+0x3b/0xb0
[ 63.216730][ T322] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 63.222433][ T322]
[ 63.224610][ T322] Freed by task 322:
[ 63.228511][ T322] kasan_set_track+0x4b/0x70
[ 63.233056][ T322] kasan_set_free_info+0x23/0x40
[ 63.237794][ T322] ____kasan_slab_free+0x126/0x160
[ 63.242745][ T322] __kasan_slab_free+0x11/0x20
[ 63.247345][ T322] slab_free_freelist_hook+0xbd/0x190
[ 63.252649][ T322] kmem_cache_free+0x115/0x330
[ 63.257235][ T322] kfree_skbmem+0x104/0x170
[ 63.261579][ T322] kfree_skb+0xc2/0x360
[ 63.265568][ T322] sk_psock_backlog+0xc21/0xd90
[ 63.270267][ T322] process_one_work+0x6bb/0xc10
[ 63.275056][ T322] worker_thread+0xad5/0x12a0
[ 63.279543][ T322] kthread+0x421/0x510
[ 63.283706][ T322] ret_from_fork+0x1f/0x30
[ 63.287960][ T322]
[ 63.290136][ T322] The buggy address belongs to the object at ffff88811869e640
[ 63.290136][ T322] which belongs to the cache skbuff_head_cache of size 248
[ 63.304543][ T322] The buggy address is located 0 bytes inside of
[ 63.304543][ T322] 248-byte region [ffff88811869e640, ffff88811869e738)
[ 63.317474][ T322] The buggy address belongs to the page:
[ 63.322940][ T322] page:ffffea000461a780 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x11869e
[ 63.333186][ T322] flags: 0x4000000000000200(slab|zone=1)
[ 63.338659][ T322] raw: 4000000000000200 0000000000000000 dead000000000122 ffff8881081aa480
[ 63.347074][ T322] raw: 0000000000000000 00000000000c000c 00000001ffffffff 0000000000000000
[ 63.355500][ T322] page dumped because: kasan: bad access detected
[ 63.361838][ T322] page_owner tracks the page as allocated
[ 63.367466][ T322] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x112cc0(GFP_USER|__GFP_NOWARN|__GFP_NORETRY), pid 417, ts 62595181922, free_ts 62590359024
[ 63.383176][ T322] post_alloc_hook+0x1a3/0x1b0
[ 63.387774][ T322] prep_new_page+0x1b/0x110
[ 63.392110][ T322] get_page_from_freelist+0x3550/0x35d0
[ 63.397495][ T322] __alloc_pages+0x27e/0x8f0
[ 63.401922][ T322] new_slab+0x9a/0x4e0
[ 63.405998][ T322] ___slab_alloc+0x39e/0x830
[ 63.410686][ T322] __slab_alloc+0x4a/0x90
[ 63.414858][ T322] kmem_cache_alloc+0x139/0x250
[ 63.419547][ T322] __alloc_skb+0xbe/0x550
[ 63.423722][ T322] alloc_skb_with_frags+0xa6/0x680
[ 63.428738][ T322] sock_alloc_send_pskb+0x915/0xa50
[ 63.433777][ T322] unix_dgram_sendmsg+0x6fd/0x2090
[ 63.438720][ T322] sock_write_iter+0x39b/0x530
[ 63.443329][ T322] vfs_write+0xd5d/0x1110
[ 63.447577][ T322] ksys_write+0x199/0x2c0
[ 63.451740][ T322] __x64_sys_write+0x7b/0x90
[ 63.456168][ T322] page last free stack trace:
[ 63.460680][ T322] free_unref_page_prepare+0x7c8/0x7d0
[ 63.465976][ T322] free_unref_page+0xe8/0x750
[ 63.470489][ T322] __free_pages+0x61/0xf0
[ 63.474702][ T322] free_pages+0x7c/0x90
[ 63.478648][ T322] pgd_free+0x17d/0x190
[ 63.482644][ T322] __mmdrop+0xb0/0x410
[ 63.486548][ T322] finish_task_switch+0x2cd/0x7b0
[ 63.491412][ T322] __schedule+0xcd4/0x1590
[ 63.495831][ T322] schedule+0x11f/0x1e0
[ 63.499828][ T322] schedule_hrtimeout_range_clock+0x228/0x3a0
[ 63.505732][ T322] schedule_hrtimeout_range+0x2a/0x40
[ 63.510943][ T322] do_select+0x13e7/0x1680
[ 63.515191][ T322] core_sys_select+0x57e/0x6e0
[ 63.519787][ T322] __se_sys_pselect6+0x322/0x3f0
[ 63.524562][ T322] __x64_sys_pselect6+0xe5/0x100
[ 63.529341][ T322] x64_sys_call+0x71a/0x9a0
[ 63.534137][ T322]
[ 63.536318][ T322] Memory state around the buggy address:
[ 63.541790][ T322] ffff88811869e500: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 63.549686][ T322] ffff88811869e580: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fc
[ 63.557588][ T322] >ffff88811869e600: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
[ 63.565478][ T322] ^
[ 63.571467][ T322] ffff88811869e680: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 63.579366][ T322] ffff88811869e700: fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc fc
[ 63.587270][ T322] ==================================================================
[ 63.607081][ T505] FAULT_INJECTION: forcing a failure.
[ 63.607081][ T505] name failslab, interval 1, probability 0, space 0, times 0
[ 63.620013][ T505] CPU: 1 PID: 505 Comm: syz.0.25 Tainted: G B 5.15.173-syzkaller-1077948-gb4bd207b0380 #0
[ 63.631151][ T505] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[ 63.641048][ T505] Call Trace:
[ 63.644167][ T505]
[ 63.646946][ T505] dump_stack_lvl+0x151/0x1c0
[ 63.651458][ T505] ? io_uring_drop_tctx_refs+0x190/0x190
[ 63.656926][ T505] dump_stack+0x15/0x20
[ 63.660915][ T505] should_fail+0x3c6/0x510
[ 63.665179][ T505] __should_failslab+0xa4/0xe0
[ 63.669776][ T505] should_failslab+0x9/0x20
[ 63.674206][ T505] slab_pre_alloc_hook+0x37/0xd0
[ 63.679006][ T505] kmem_cache_alloc_trace+0x48/0x270
[ 63.684092][ T505] ? sk_psock_skb_ingress_self+0x60/0x330
[ 63.689773][ T505] ? migrate_disable+0x190/0x190
[ 63.694539][ T505] sk_psock_skb_ingress_self+0x60/0x330
[ 63.699926][ T505] sk_psock_verdict_recv+0x66d/0x840
[ 63.705044][ T505] unix_read_sock+0x132/0x370
[ 63.709558][ T505] ? sk_psock_skb_redirect+0x440/0x440
[ 63.714851][ T505] ? unix_stream_splice_actor+0x120/0x120
[ 63.720493][ T505] ? _raw_spin_lock_irqsave+0xf9/0x210
[ 63.725785][ T505] ? unix_stream_splice_actor+0x120/0x120
[ 63.731338][ T505] sk_psock_verdict_data_ready+0x147/0x1a0
[ 63.736984][ T505] ? sk_psock_start_verdict+0xc0/0xc0
[ 63.742226][ T505] ? _raw_spin_lock+0xa4/0x1b0
[ 63.746787][ T505] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 63.752695][ T505] ? skb_queue_tail+0xfb/0x120
[ 63.757304][ T505] unix_dgram_sendmsg+0x15fa/0x2090
[ 63.762419][ T505] ? unix_dgram_poll+0x690/0x690
[ 63.767358][ T505] ? kasan_set_track+0x5d/0x70
[ 63.771959][ T505] ? kasan_set_track+0x4b/0x70
[ 63.776561][ T505] ? security_socket_sendmsg+0x82/0xb0
[ 63.781852][ T505] ? unix_dgram_poll+0x690/0x690
[ 63.786628][ T505] ____sys_sendmsg+0x59e/0x8f0
[ 63.791404][ T505] ? __sys_sendmsg_sock+0x40/0x40
[ 63.796348][ T505] ? import_iovec+0xe5/0x120
[ 63.800787][ T505] ___sys_sendmsg+0x252/0x2e0
[ 63.805296][ T505] ? __sys_sendmsg+0x260/0x260
[ 63.809907][ T505] ? putname+0xfa/0x150
[ 63.813888][ T505] ? __fdget+0x1bc/0x240
[ 63.817962][ T505] __se_sys_sendmsg+0x19a/0x260
[ 63.822648][ T505] ? __x64_sys_sendmsg+0x90/0x90
[ 63.827424][ T505] ? ksys_write+0x260/0x2c0
[ 63.831761][ T505] ? debug_smp_processor_id+0x17/0x20
[ 63.836978][ T505] ? fpregs_assert_state_consistent+0xb6/0xe0
[ 63.842980][ T505] __x64_sys_sendmsg+0x7b/0x90
[ 63.847592][ T505] x64_sys_call+0x16a/0x9a0
[ 63.851917][ T505] do_syscall_64+0x3b/0xb0
[ 63.856168][ T505] ? clear_bhb_loop+0x35/0x90
[ 63.860683][ T505] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 63.866677][ T505] RIP: 0033:0x7f70dd4b69f9
[ 63.871125][ T505] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 63.890569][ T505] RSP: 002b:00007f70dcf3e038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 63.898810][ T505] RAX: ffffffffffffffda RBX: 00007f70dd644f80 RCX: 00007f70dd4b69f9
[ 63.906618][ T505] RDX: 0000000000000000 RSI: 0000000020000500 RDI: 0000000000000004
[ 63.914433][ T505] RBP: 00007f70dcf3e090 R08: 0000000000000000 R09: 0000000000000000
[ 63.922416][ T505] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
2024/12/27 09:02:36 executed programs: 12
[ 63.930228][ T505] R13: 0000000000000000 R14: 00007f70dd644f80 R15: 00007ffc8b920538
[ 63.938043][ T505]
[ 63.944862][ T504] ==================================================================
[ 63.953012][ T504] BUG: KASAN: double-free or invalid-free in kmem_cache_free+0x115/0x330
[ 63.961221][ T504]
[ 63.963371][ T504] CPU: 0 PID: 504 Comm: syz.0.25 Tainted: G B 5.15.173-syzkaller-1077948-gb4bd207b0380 #0
[ 63.974565][ T504] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[ 63.984472][ T504] Call Trace:
[ 63.987688][ T504]
[ 63.990582][ T504] dump_stack_lvl+0x151/0x1c0
[ 63.995179][ T504] ? io_uring_drop_tctx_refs+0x190/0x190
[ 64.000647][ T504] ? __wake_up_klogd+0xd5/0x110
[ 64.005422][ T504] ? panic+0x760/0x760
[ 64.009322][ T504] ? kmem_cache_free+0x115/0x330
[ 64.014137][ T504] print_address_description+0x87/0x3b0
[ 64.019490][ T504] ? kmem_cache_free+0x115/0x330
[ 64.024260][ T504] ? kmem_cache_free+0x115/0x330
[ 64.029031][ T504] kasan_report_invalid_free+0x6b/0xa0
[ 64.034356][ T504] ____kasan_slab_free+0x13e/0x160
[ 64.039275][ T504] __kasan_slab_free+0x11/0x20
[ 64.044063][ T504] slab_free_freelist_hook+0xbd/0x190
[ 64.049272][ T504] kmem_cache_free+0x115/0x330
[ 64.053869][ T504] ? kfree_skbmem+0x104/0x170
[ 64.058400][ T504] kfree_skbmem+0x104/0x170
[ 64.062718][ T504] consume_skb+0xb4/0x250
[ 64.066887][ T504] __sk_msg_free+0x2dd/0x370
[ 64.071658][ T504] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 64.077302][ T504] sk_psock_stop+0x44c/0x4d0
[ 64.081737][ T504] sk_psock_drop+0x219/0x310
[ 64.086604][ T504] sock_map_unref+0x48f/0x4d0
[ 64.091102][ T504] ? __local_bh_enable_ip+0x58/0x80
[ 64.096222][ T504] ? _raw_spin_unlock_bh+0x51/0x60
[ 64.101167][ T504] sock_map_remove_links+0x41c/0x650
[ 64.106294][ T504] ? sock_map_unhash+0x120/0x120
[ 64.111067][ T504] ? locks_remove_posix+0x610/0x610
[ 64.116101][ T504] sock_map_close+0x114/0x530
[ 64.120697][ T504] ? unix_peer_get+0xe0/0xe0
[ 64.125125][ T504] ? sock_map_remove_links+0x650/0x650
[ 64.130418][ T504] ? rwsem_mark_wake+0x770/0x770
[ 64.135202][ T504] unix_release+0x82/0xc0
[ 64.139359][ T504] sock_close+0xdf/0x270
[ 64.143439][ T504] ? sock_mmap+0xa0/0xa0
[ 64.147540][ T504] __fput+0x228/0x8c0
[ 64.151339][ T504] ____fput+0x15/0x20
[ 64.155153][ T504] task_work_run+0x129/0x190
[ 64.159590][ T504] exit_to_user_mode_loop+0xc4/0xe0
[ 64.164617][ T504] exit_to_user_mode_prepare+0x5a/0xa0
[ 64.169911][ T504] syscall_exit_to_user_mode+0x26/0x160
[ 64.175293][ T504] do_syscall_64+0x47/0xb0
[ 64.179554][ T504] ? clear_bhb_loop+0x35/0x90
[ 64.184065][ T504] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 64.189786][ T504] RIP: 0033:0x7f70dd4b69f9
[ 64.194041][ T504] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 64.213671][ T504] RSP: 002b:00007ffc8b920698 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4
[ 64.221911][ T504] RAX: 0000000000000000 RBX: 00007f70dd646a80 RCX: 00007f70dd4b69f9
[ 64.229721][ T504] RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003
[ 64.237535][ T504] RBP: 00007f70dd646a80 R08: 0000000000000000 R09: 00007ffc8b92097f
[ 64.245346][ T504] R10: 000000000003fda8 R11: 0000000000000246 R12: 000000000000fb9e
[ 64.253162][ T504] R13: 00007ffc8b920790 R14: 00007ffc8b9207b0 R15: ffffffffffffffff
[ 64.261004][ T504]
[ 64.263851][ T504]
[ 64.266116][ T504] Allocated by task 505:
[ 64.270182][ T504] __kasan_slab_alloc+0xb1/0xe0
[ 64.274857][ T504] slab_post_alloc_hook+0x53/0x2c0
[ 64.279889][ T504] kmem_cache_alloc+0xf5/0x250
[ 64.284489][ T504] skb_clone+0x1d1/0x360
[ 64.288582][ T504] sk_psock_verdict_recv+0x53/0x840
[ 64.293704][ T504] unix_read_sock+0x132/0x370
[ 64.298300][ T504] sk_psock_verdict_data_ready+0x147/0x1a0
[ 64.303949][ T504] unix_dgram_sendmsg+0x15fa/0x2090
[ 64.308978][ T504] ____sys_sendmsg+0x59e/0x8f0
[ 64.313588][ T504] ___sys_sendmsg+0x252/0x2e0
[ 64.318359][ T504] __se_sys_sendmsg+0x19a/0x260
[ 64.323039][ T504] __x64_sys_sendmsg+0x7b/0x90
[ 64.327637][ T504] x64_sys_call+0x16a/0x9a0
[ 64.331979][ T504] do_syscall_64+0x3b/0xb0
[ 64.336230][ T504] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 64.342066][ T504]
[ 64.344214][ T504] Freed by task 63:
[ 64.347858][ T504] kasan_set_track+0x4b/0x70
[ 64.352289][ T504] kasan_set_free_info+0x23/0x40
[ 64.357170][ T504] ____kasan_slab_free+0x126/0x160
[ 64.362108][ T504] __kasan_slab_free+0x11/0x20
[ 64.366706][ T504] slab_free_freelist_hook+0xbd/0x190
[ 64.371912][ T504] kmem_cache_free+0x115/0x330
[ 64.376611][ T504] kfree_skbmem+0x104/0x170
[ 64.380945][ T504] kfree_skb+0xc2/0x360
[ 64.384944][ T504] sk_psock_backlog+0xc21/0xd90
[ 64.389628][ T504] process_one_work+0x6bb/0xc10
[ 64.394320][ T504] worker_thread+0xad5/0x12a0
[ 64.398830][ T504] kthread+0x421/0x510
[ 64.402734][ T504] ret_from_fork+0x1f/0x30
[ 64.407072][ T504]
[ 64.409244][ T504] The buggy address belongs to the object at ffff8881186afa00
[ 64.409244][ T504] which belongs to the cache skbuff_head_cache of size 248
[ 64.424004][ T504] The buggy address is located 0 bytes inside of
[ 64.424004][ T504] 248-byte region [ffff8881186afa00, ffff8881186afaf8)
[ 64.437018][ T504] The buggy address belongs to the page:
[ 64.442487][ T504] page:ffffea000461abc0 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1186af
[ 64.452638][ T504] flags: 0x4000000000000200(slab|zone=1)
[ 64.458117][ T504] raw: 4000000000000200 0000000000000000 dead000000000122 ffff8881081aa480
[ 64.466532][ T504] raw: 0000000000000000 00000000000c000c 00000001ffffffff 0000000000000000
[ 64.474944][ T504] page dumped because: kasan: bad access detected
[ 64.481279][ T504] page_owner tracks the page as allocated
[ 64.486847][ T504] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x112cc0(GFP_USER|__GFP_NOWARN|__GFP_NORETRY), pid 90, ts 62934583251, free_ts 62590021428
[ 64.502460][ T504] post_alloc_hook+0x1a3/0x1b0
[ 64.507152][ T504] prep_new_page+0x1b/0x110
[ 64.511495][ T504] get_page_from_freelist+0x3550/0x35d0
[ 64.516977][ T504] __alloc_pages+0x27e/0x8f0
[ 64.521380][ T504] new_slab+0x9a/0x4e0
[ 64.525295][ T504] ___slab_alloc+0x39e/0x830
[ 64.529718][ T504] __slab_alloc+0x4a/0x90
[ 64.533880][ T504] kmem_cache_alloc+0x139/0x250
[ 64.538563][ T504] __alloc_skb+0xbe/0x550
[ 64.542735][ T504] alloc_skb_with_frags+0xa6/0x680
[ 64.547774][ T504] sock_alloc_send_pskb+0x915/0xa50
[ 64.552890][ T504] unix_dgram_sendmsg+0x6fd/0x2090
[ 64.557833][ T504] __sys_sendto+0x564/0x720
[ 64.562172][ T504] __x64_sys_sendto+0xe5/0x100
[ 64.566788][ T504] x64_sys_call+0x15c/0x9a0
[ 64.571111][ T504] do_syscall_64+0x3b/0xb0
[ 64.575368][ T504] page last free stack trace:
[ 64.579975][ T504] free_unref_page_prepare+0x7c8/0x7d0
[ 64.585347][ T504] free_unref_page_list+0x14b/0xa60
[ 64.590400][ T504] release_pages+0x1310/0x1370
[ 64.595105][ T504] free_pages_and_swap_cache+0x8a/0xa0
[ 64.600400][ T504] tlb_finish_mmu+0x177/0x320
[ 64.604907][ T504] exit_mmap+0x40d/0x940
[ 64.608998][ T504] __mmput+0x95/0x310
[ 64.612807][ T504] mmput+0x5b/0x170
[ 64.616449][ T504] do_exit+0xb9c/0x2ca0
[ 64.620451][ T504] do_group_exit+0x141/0x310
[ 64.624870][ T504] __x64_sys_exit_group+0x3f/0x40
[ 64.629733][ T504] x64_sys_call+0x610/0x9a0
[ 64.634072][ T504] do_syscall_64+0x3b/0xb0
[ 64.638323][ T504] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 64.644052][ T504]
[ 64.646219][ T504] Memory state around the buggy address:
[ 64.651695][ T504] ffff8881186af900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 64.659591][ T504] ffff8881186af980: fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc fc
[ 64.667492][ T504] >ffff8881186afa00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 64.675581][ T504] ^
[ 64.679495][ T504] ffff8881186afa80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fc
[ 64.687395][ T504] ffff8881186afb00: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
[ 64.695280][ T504] ==================================================================
[ 64.718083][ T508] FAULT_INJECTION: forcing a failure.
[ 64.718083][ T508] name failslab, interval 1, probability 0, space 0, times 0
[ 64.730631][ T508] CPU: 1 PID: 508 Comm: syz.0.26 Tainted: G B 5.15.173-syzkaller-1077948-gb4bd207b0380 #0
[ 64.741654][ T508] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[ 64.751762][ T508] Call Trace:
[ 64.754864][ T508]
[ 64.757637][ T508] dump_stack_lvl+0x151/0x1c0
[ 64.762247][ T508] ? io_uring_drop_tctx_refs+0x190/0x190
[ 64.768247][ T508] dump_stack+0x15/0x20
[ 64.772218][ T508] should_fail+0x3c6/0x510
[ 64.776471][ T508] __should_failslab+0xa4/0xe0
[ 64.781070][ T508] should_failslab+0x9/0x20
[ 64.785409][ T508] slab_pre_alloc_hook+0x37/0xd0
[ 64.790185][ T508] kmem_cache_alloc_trace+0x48/0x270
[ 64.795302][ T508] ? sk_psock_skb_ingress_self+0x60/0x330
[ 64.800860][ T508] ? migrate_disable+0x190/0x190
[ 64.805642][ T508] sk_psock_skb_ingress_self+0x60/0x330
[ 64.811155][ T508] sk_psock_verdict_recv+0x66d/0x840
[ 64.816248][ T508] unix_read_sock+0x132/0x370
[ 64.820817][ T508] ? sk_psock_skb_redirect+0x440/0x440
[ 64.826055][ T508] ? unix_stream_splice_actor+0x120/0x120
[ 64.831614][ T508] ? _raw_spin_lock_irqsave+0xf9/0x210