Warning: Permanently added '10.128.0.62' (ED25519) to the list of known hosts.
2025/05/15 09:01:07 ignoring optional flag "sandboxArg"="0"
2025/05/15 09:01:07 ignoring optional flag "type"="gce"
2025/05/15 09:01:07 parsed 1 programs
2025/05/15 09:01:07 executed programs: 0
[ 45.317026][ T30] kauditd_printk_skb: 18 callbacks suppressed
[ 45.317040][ T30] audit: type=1400 audit(1747299667.240:92): avc: denied { unlink } for pid=320 comm="syz-executor" name="swap-file" dev="sda1" ino=2027 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[ 45.358093][ T320] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k
[ 45.419712][ T326] bridge0: port 1(bridge_slave_0) entered blocking state
[ 45.427362][ T326] bridge0: port 1(bridge_slave_0) entered disabled state
[ 45.435357][ T326] device bridge_slave_0 entered promiscuous mode
[ 45.442733][ T326] bridge0: port 2(bridge_slave_1) entered blocking state
[ 45.450728][ T326] bridge0: port 2(bridge_slave_1) entered disabled state
[ 45.458287][ T326] device bridge_slave_1 entered promiscuous mode
[ 45.508666][ T326] bridge0: port 2(bridge_slave_1) entered blocking state
[ 45.516125][ T326] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 45.523654][ T326] bridge0: port 1(bridge_slave_0) entered blocking state
[ 45.530986][ T326] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 45.550458][ T45] bridge0: port 1(bridge_slave_0) entered disabled state
[ 45.557913][ T45] bridge0: port 2(bridge_slave_1) entered disabled state
[ 45.565707][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[ 45.574079][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 45.584069][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 45.593057][ T45] bridge0: port 1(bridge_slave_0) entered blocking state
[ 45.600803][ T45] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 45.610951][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 45.619837][ T45] bridge0: port 2(bridge_slave_1) entered blocking state
[ 45.627575][ T45] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 45.641319][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 45.652298][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 45.667979][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 45.680288][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 45.688859][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[ 45.696737][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[ 45.705860][ T326] device veth0_vlan entered promiscuous mode
[ 45.716150][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 45.725640][ T326] device veth1_macvtap entered promiscuous mode
[ 45.735261][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 45.747329][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[ 45.773377][ T30] audit: type=1400 audit(1747299667.690:93): avc: denied { prog_load } for pid=330 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1
[ 45.796237][ T30] audit: type=1400 audit(1747299667.690:94): avc: denied { bpf } for pid=330 comm="syz-executor.0" capability=39 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1
[ 45.823709][ T333] FAULT_INJECTION: forcing a failure.
[ 45.823709][ T333] name fail_usercopy, interval 1, probability 0, space 0, times 1
[ 45.838787][ T30] audit: type=1400 audit(1747299667.740:95): avc: denied { map_create } for pid=330 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1
[ 45.861961][ T30] audit: type=1400 audit(1747299667.740:96): avc: denied { map_read map_write } for pid=330 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1
[ 45.886129][ T333] CPU: 0 PID: 333 Comm: syz-executor.0 Not tainted 5.15.182-syzkaller-1080481-g57725b368731 #0
[ 45.896793][ T333] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025
[ 45.908538][ T333] Call Trace:
[ 45.912131][ T333]
[ 45.915418][ T333] __dump_stack+0x21/0x30
[ 45.920107][ T333] dump_stack_lvl+0xee/0x150
[ 45.924827][ T333] ? show_regs_print_info+0x20/0x20
[ 45.930486][ T333] ? format_decode+0x1bb/0x1520
[ 45.935569][ T333] dump_stack+0x15/0x20
[ 45.939999][ T333] should_fail+0x3c1/0x510
[ 45.944619][ T333] should_fail_usercopy+0x1a/0x20
[ 45.950019][ T333] _copy_from_user+0x20/0xd0
[ 45.954846][ T333] kstrtouint_from_user+0xbe/0x200
[ 45.960232][ T333] ? kstrtol_from_user+0x260/0x260
[ 45.966277][ T333] ? 0xffffffff81000000
[ 45.970539][ T333] ? _copy_to_user+0x78/0x90
[ 45.975423][ T333] ? simple_read_from_buffer+0x10f/0x160
[ 45.981082][ T333] proc_fail_nth_write+0x85/0x1f0
[ 45.986229][ T333] ? proc_fail_nth_read+0x210/0x210
[ 45.992066][ T333] ? security_file_permission+0x79/0xa0
[ 45.997684][ T333] ? security_file_permission+0x83/0xa0
[ 46.003478][ T333] ? proc_fail_nth_read+0x210/0x210
[ 46.009165][ T333] vfs_write+0x3ee/0xf70
[ 46.014103][ T333] ? file_end_write+0x1b0/0x1b0
[ 46.019356][ T333] ? __kasan_check_write+0x14/0x20
[ 46.025018][ T333] ? mutex_lock+0x95/0x1a0
[ 46.029651][ T333] ? wait_for_completion_killable_timeout+0x10/0x10
[ 46.036721][ T333] ? __fget_files+0x2c4/0x320
[ 46.041607][ T333] ? __fdget_pos+0x2d2/0x380
[ 46.046238][ T333] ? ksys_write+0x71/0x240
[ 46.051078][ T333] ksys_write+0x140/0x240
[ 46.055526][ T333] ? __ia32_sys_read+0x90/0x90
[ 46.060667][ T333] ? debug_smp_processor_id+0x17/0x20
[ 46.066697][ T333] __x64_sys_write+0x7b/0x90
[ 46.071755][ T333] x64_sys_call+0x8ef/0x9a0
[ 46.076982][ T333] do_syscall_64+0x4c/0xa0
[ 46.082868][ T333] ? clear_bhb_loop+0x35/0x90
[ 46.088037][ T333] ? clear_bhb_loop+0x35/0x90
[ 46.090814][ T30] audit: type=1400 audit(1747299668.010:97): avc: denied { perfmon } for pid=330 comm="syz-executor.0" capability=38 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1
[ 46.092872][ T333] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 46.092907][ T333] RIP: 0033:0x7f21c570d82f
[ 46.130396][ T333] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 b9 80 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 0c 81 02 00 48
[ 46.151777][ T333] RSP: 002b:00007f21c52700c0 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[ 46.162039][ T333] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f21c570d82f
[ 46.171092][ T333] RDX: 0000000000000001 RSI: 00007f21c5270130 RDI: 0000000000000005
[ 46.181856][ T333] RBP: 00007f21c5270120 R08: 0000000000000000 R09: 0000000000000000
[ 46.190754][ T333] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000001
[ 46.201177][ T333] R13: 000000000000006e R14: 00007f21c582e050 R15: 00007fff781caba8
[ 46.209471][ T333]
[ 46.213375][ T30] audit: type=1400 audit(1747299668.130:98): avc: denied { prog_run } for pid=330 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1
[ 46.243200][ T335] FAULT_INJECTION: forcing a failure.
[ 46.243200][ T335] name failslab, interval 1, probability 0, space 0, times 1
[ 46.256292][ T335] CPU: 1 PID: 335 Comm: syz-executor.0 Not tainted 5.15.182-syzkaller-1080481-g57725b368731 #0
[ 46.267268][ T335] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025
[ 46.278645][ T335] Call Trace:
[ 46.283023][ T335]
[ 46.286979][ T335] __dump_stack+0x21/0x30
[ 46.292987][ T335] dump_stack_lvl+0xee/0x150
[ 46.299515][ T335] ? show_regs_print_info+0x20/0x20
[ 46.306289][ T335] dump_stack+0x15/0x20
[ 46.311085][ T335] should_fail+0x3c1/0x510
[ 46.317382][ T335] __should_failslab+0xa4/0xe0
[ 46.323277][ T335] should_failslab+0x9/0x20
[ 46.328254][ T335] slab_pre_alloc_hook+0x3b/0xe0
[ 46.334155][ T335] kmem_cache_alloc_trace+0x48/0x270
[ 46.341143][ T335] ? sk_psock_skb_ingress_self+0x5f/0x330
[ 46.349787][ T335] ? migrate_disable+0x180/0x180
[ 46.356253][ T335] sk_psock_skb_ingress_self+0x5f/0x330
[ 46.363317][ T335] ? migrate_disable+0xd6/0x180
[ 46.370005][ T335] sk_psock_verdict_recv+0x636/0x800
[ 46.376753][ T335] unix_read_sock+0x10a/0x2c0
[ 46.383275][ T335] ? sk_psock_skb_redirect+0x440/0x440
[ 46.390957][ T335] ? unix_stream_splice_actor+0x120/0x120
[ 46.399936][ T335] ? __kasan_check_write+0x14/0x20
[ 46.406955][ T335] ? unix_stream_splice_actor+0x120/0x120
[ 46.415048][ T335] sk_psock_verdict_data_ready+0x115/0x170
[ 46.423445][ T335] ? sk_psock_start_verdict+0xc0/0xc0
[ 46.431404][ T335] ? _raw_spin_lock+0x8e/0xe0
[ 46.437481][ T335] ? _raw_spin_unlock_irqrestore+0x5b/0x80
[ 46.444643][ T335] ? skb_queue_tail+0xcb/0xf0
[ 46.449789][ T335] unix_dgram_sendmsg+0x11e6/0x1880
[ 46.455445][ T335] ? unix_dgram_poll+0x6b0/0x6b0
[ 46.460389][ T335] ? __mod_memcg_lruvec_state+0x122/0x1b0
[ 46.466385][ T335] ? security_socket_sendmsg+0x82/0xa0
[ 46.472209][ T335] ? unix_dgram_poll+0x6b0/0x6b0
[ 46.477342][ T335] ____sys_sendmsg+0x5a2/0x8c0
[ 46.482240][ T335] ? __sys_sendmsg_sock+0x40/0x40
[ 46.487447][ T335] ? import_iovec+0x7c/0xb0
[ 46.492039][ T335] ___sys_sendmsg+0x1f0/0x260
[ 46.496864][ T335] ? _kstrtoull+0x3c0/0x4d0
[ 46.501812][ T335] ? __sys_sendmsg+0x250/0x250
[ 46.506681][ T335] ? __fdget+0x1a1/0x230
[ 46.510933][ T335] __sys_sendmmsg+0x278/0x480
[ 46.515699][ T335] ? __ia32_sys_sendmsg+0x2a0/0x2a0
[ 46.521212][ T335] ? __ia32_sys_read+0x90/0x90
[ 46.526846][ T335] __x64_sys_sendmmsg+0xa0/0xb0
[ 46.532554][ T335] x64_sys_call+0x6c6/0x9a0
[ 46.537810][ T335] do_syscall_64+0x4c/0xa0
[ 46.542686][ T335] ? clear_bhb_loop+0x35/0x90
[ 46.547658][ T335] ? clear_bhb_loop+0x35/0x90
[ 46.552667][ T335] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 46.558979][ T335] RIP: 0033:0x7f21c570eae9
[ 46.563884][ T335] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[ 46.585815][ T335] RSP: 002b:00007f21c52910c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 46.594915][ T335] RAX: ffffffffffffffda RBX: 00007f21c582df80 RCX: 00007f21c570eae9
[ 46.606435][ T335] RDX: 0000000000000001 RSI: 00000000200063c0 RDI: 0000000000000003
[ 46.615556][ T335] RBP: 00007f21c5291120 R08: 0000000000000000 R09: 0000000000000000
[ 46.624063][ T335] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 46.632334][ T335] R13: 000000000000000b R14: 00007f21c582df80 R15: 00007fff781caba8
[ 46.640760][ T335]
[ 46.648122][ T334] ==================================================================
[ 46.656687][ T334] BUG: KASAN: use-after-free in consume_skb+0x3a/0x1f0
[ 46.664157][ T334] Read of size 4 at addr ffff8881256195ec by task syz-executor.0/334
[ 46.672395][ T334]
[ 46.674903][ T334] CPU: 1 PID: 334 Comm: syz-executor.0 Not tainted 5.15.182-syzkaller-1080481-g57725b368731 #0
[ 46.685731][ T334] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025
[ 46.696333][ T334] Call Trace:
[ 46.699615][ T334]
[ 46.702566][ T334] __dump_stack+0x21/0x30
[ 46.707155][ T334] dump_stack_lvl+0xee/0x150
[ 46.711913][ T334] ? show_regs_print_info+0x20/0x20
[ 46.717202][ T334] ? load_image+0x3a0/0x3a0
[ 46.721710][ T334] print_address_description+0x7f/0x2c0
[ 46.727356][ T334] ? consume_skb+0x3a/0x1f0
[ 46.731849][ T334] kasan_report+0xf1/0x140
[ 46.736254][ T334] ? consume_skb+0x3a/0x1f0
[ 46.740946][ T334] kasan_check_range+0x280/0x290
[ 46.746166][ T334] __kasan_check_read+0x11/0x20
[ 46.751135][ T334] consume_skb+0x3a/0x1f0
[ 46.755671][ T334] __sk_msg_free+0x4f4/0x560
[ 46.760898][ T334] ? _raw_spin_lock_bh+0x8e/0xe0
[ 46.767743][ T334] ? _raw_spin_lock_irq+0xe0/0xe0
[ 46.773326][ T334] ? skb_dequeue+0x125/0x160
[ 46.778910][ T334] sk_psock_stop+0x4c9/0x570
[ 46.784978][ T334] ? sock_no_sendpage_locked+0x130/0x130
[ 46.791905][ T334] sk_psock_drop+0x226/0x300
[ 46.799481][ T334] sock_map_unref+0x3c2/0x420
[ 46.806001][ T334] ? sk_psock_link_pop+0x154/0x170
[ 46.813982][ T334] sock_map_remove_links+0x3cd/0x600
[ 46.821725][ T334] ? sock_init_data+0xc0/0xc0
[ 46.828726][ T334] ? fput+0x1a/0x20
[ 46.833176][ T334] ? filp_close+0x105/0x150
[ 46.838155][ T334] ? close_fd+0x70/0x80
[ 46.842939][ T334] ? sock_map_unhash+0x130/0x130
[ 46.848893][ T334] sock_map_close+0x111/0x440
[ 46.854996][ T334] ? unix_peer_get+0xe0/0xe0
[ 46.860408][ T334] ? sock_map_remove_links+0x600/0x600
[ 46.867305][ T334] ? clear_nonspinnable+0x60/0x60
[ 46.873430][ T334] unix_release+0x82/0xc0
[ 46.878134][ T334] sock_close+0xe0/0x270
[ 46.883124][ T334] ? sock_mmap+0xa0/0xa0
[ 46.887619][ T334] __fput+0x20b/0x8b0
[ 46.892632][ T334] ____fput+0x15/0x20
[ 46.897388][ T334] task_work_run+0x127/0x190
[ 46.903707][ T334] exit_to_user_mode_loop+0xd0/0xe0
[ 46.910231][ T334] exit_to_user_mode_prepare+0x5a/0xa0
[ 46.916243][ T334] syscall_exit_to_user_mode+0x1a/0x30
[ 46.922133][ T334] do_syscall_64+0x58/0xa0
[ 46.926747][ T334] ? clear_bhb_loop+0x35/0x90
[ 46.931726][ T334] ? clear_bhb_loop+0x35/0x90
[ 46.936795][ T334] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 46.943036][ T334] RIP: 0033:0x7f21c570d9da
[ 46.948512][ T334] Code: 48 3d 00 f0 ff ff 77 48 c3 0f 1f 80 00 00 00 00 48 83 ec 18 89 7c 24 0c e8 03 7f 02 00 8b 7c 24 0c 89 c2 b8 03 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 36 89 d7 89 44 24 0c e8 63 7f 02 00 8b 44 24
[ 46.969860][ T334] RSP: 002b:00007fff781cac70 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[ 46.981351][ T334] RAX: 0000000000000000 RBX: 0000000000000004 RCX: 00007f21c570d9da
[ 46.990720][ T334] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003
[ 46.999548][ T334] RBP: 00007f21c582f980 R08: 0000001b30160000 R09: 00244b39e9e1a2ac
[ 47.008186][ T334] R10: 0000000000000000 R11: 0000000000000293 R12: 000000000000b7bd
[ 47.017415][ T334] R13: ffffffffffffffff R14: 00007f21c5292000 R15: 000000000000b47c
[ 47.025875][ T334]
[ 47.029072][ T334]
[ 47.031544][ T334] Allocated by task 335:
[ 47.035869][ T334] __kasan_slab_alloc+0xbd/0xf0
[ 47.040905][ T334] slab_post_alloc_hook+0x4f/0x2b0
[ 47.046442][ T334] kmem_cache_alloc+0xf7/0x260
[ 47.051288][ T334] skb_clone+0x1cf/0x360
[ 47.055795][ T334] sk_psock_verdict_recv+0x53/0x800
[ 47.061813][ T334] unix_read_sock+0x10a/0x2c0
[ 47.066671][ T334] sk_psock_verdict_data_ready+0x115/0x170
[ 47.072870][ T334] unix_dgram_sendmsg+0x11e6/0x1880
[ 47.078891][ T334] ____sys_sendmsg+0x5a2/0x8c0
[ 47.084320][ T334] ___sys_sendmsg+0x1f0/0x260
[ 47.089267][ T334] __sys_sendmmsg+0x278/0x480
[ 47.094291][ T334] __x64_sys_sendmmsg+0xa0/0xb0
[ 47.099419][ T334] x64_sys_call+0x6c6/0x9a0
[ 47.104225][ T334] do_syscall_64+0x4c/0xa0
[ 47.108730][ T334] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 47.114909][ T334]
[ 47.117587][ T334] Freed by task 39:
[ 47.121721][ T334] kasan_set_track+0x4a/0x70
[ 47.127054][ T334] kasan_set_free_info+0x23/0x40
[ 47.132236][ T334] ____kasan_slab_free+0x125/0x160
[ 47.138076][ T334] __kasan_slab_free+0x11/0x20
[ 47.143280][ T334] slab_free_freelist_hook+0xc2/0x190
[ 47.149203][ T334] kmem_cache_free+0x100/0x320
[ 47.155198][ T334] kfree_skbmem+0x10c/0x180
[ 47.160264][ T334] kfree_skb+0xc1/0x2f0
[ 47.164703][ T334] sk_psock_backlog+0xa85/0xd80
[ 47.169767][ T334] process_one_work+0x6be/0xba0
[ 47.175500][ T334] worker_thread+0xa59/0x1200
[ 47.180317][ T334] kthread+0x411/0x500
[ 47.184562][ T334] ret_from_fork+0x1f/0x30
[ 47.189187][ T334]
[ 47.191614][ T334] The buggy address belongs to the object at ffff888125619500
[ 47.191614][ T334] which belongs to the cache skbuff_head_cache of size 248
[ 47.206688][ T334] The buggy address is located 236 bytes inside of
[ 47.206688][ T334] 248-byte region [ffff888125619500, ffff8881256195f8)
[ 47.220616][ T334] The buggy address belongs to the page:
[ 47.226433][ T334] page:ffffea0004958640 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x125619
[ 47.236962][ T334] flags: 0x4000000000000200(slab|zone=1)
[ 47.242899][ T334] raw: 4000000000000200 0000000000000000 dead000000000122 ffff8881081aa000
[ 47.251487][ T334] raw: 0000000000000000 00000000000c000c 00000001ffffffff 0000000000000000
[ 47.260351][ T334] page dumped because: kasan: bad access detected
[ 47.266930][ T334] page_owner tracks the page as allocated
[ 47.272910][ T334] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x112a20(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_HARDWALL), pid 332, ts 46090709904, free_ts 38664654332
[ 47.290799][ T334] post_alloc_hook+0x192/0x1b0
[ 47.296337][ T334] prep_new_page+0x1c/0x110
[ 47.301315][ T334] get_page_from_freelist+0x2cc5/0x2d50
[ 47.307049][ T334] __alloc_pages+0x18f/0x440
[ 47.311824][ T334] new_slab+0xa1/0x4d0
[ 47.316271][ T334] ___slab_alloc+0x381/0x810
[ 47.321071][ T334] __slab_alloc+0x49/0x90
[ 47.325619][ T334] kmem_cache_alloc+0x138/0x260
[ 47.331431][ T334] __alloc_skb+0xe0/0x740
[ 47.335999][ T334] audit_log_start+0x3c7/0x8b0
[ 47.343657][ T334] common_lsm_audit+0xd1/0x1600
[ 47.349786][ T334] slow_avc_audit+0x1ac/0x220
[ 47.354959][ T334] selinux_capable+0x21d/0x380
[ 47.360462][ T334] security_capable+0x77/0xb0
[ 47.366259][ T334] capable+0x6d/0xe0
[ 47.370660][ T334] bpf_check+0x15bf/0xf330
[ 47.375541][ T334] page last free stack trace:
[ 47.381164][ T334] free_unref_page_prepare+0x542/0x550
[ 47.387286][ T334] free_unref_page+0xa2/0x550
[ 47.392439][ T334] __put_page+0xad/0xe0
[ 47.397537][ T334] anon_pipe_buf_release+0x183/0x200
[ 47.403845][ T334] pipe_read+0x53d/0xfe0
[ 47.408692][ T334] vfs_read+0x68b/0xbe0
[ 47.412846][ T334] ksys_read+0x140/0x240
[ 47.417351][ T334] __x64_sys_read+0x7b/0x90
[ 47.421852][ T334] x64_sys_call+0x96d/0x9a0
[ 47.426662][ T334] do_syscall_64+0x4c/0xa0
[ 47.431274][ T334] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 47.437650][ T334]
[ 47.439971][ T334] Memory state around the buggy address:
[ 47.445881][ T334] ffff888125619480: fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc fc
[ 47.454735][ T334] ffff888125619500: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 47.464108][ T334] >ffff888125619580: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fc
[ 47.472446][ T334] ^
[ 47.480345][ T334] ffff888125619600: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
[ 47.488692][ T334] ffff888125619680: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 47.497109][ T334] ==================================================================
[ 47.505523][ T334] Disabling lock debugging due to kernel taint
[ 47.511727][ T334] ==================================================================
[ 47.520251][ T334] BUG: KASAN: double-free or invalid-free in kmem_cache_free+0x100/0x320
[ 47.529145][ T334]
[ 47.531583][ T334] CPU: 1 PID: 334 Comm: syz-executor.0 Tainted: G B 5.15.182-syzkaller-1080481-g57725b368731 #0
[ 47.543573][ T334] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025
[ 47.554188][ T334] Call Trace:
[ 47.557487][ T334]
[ 47.560687][ T334] __dump_stack+0x21/0x30
[ 47.565221][ T334] dump_stack_lvl+0xee/0x150
[ 47.569911][ T334] ? show_regs_print_info+0x20/0x20
[ 47.575286][ T334] ? load_image+0x3a0/0x3a0
[ 47.580156][ T334] print_address_description+0x7f/0x2c0
[ 47.586005][ T334] ? kmem_cache_free+0x100/0x320
[ 47.591075][ T334] kasan_report_invalid_free+0x58/0x90
[ 47.596796][ T334] ? kmem_cache_free+0x100/0x320
[ 47.602262][ T334] ____kasan_slab_free+0x13d/0x160
[ 47.609019][ T334] __kasan_slab_free+0x11/0x20
[ 47.614069][ T334] slab_free_freelist_hook+0xc2/0x190
[ 47.619643][ T334] ? kfree_skbmem+0x10c/0x180
[ 47.624465][ T334] kmem_cache_free+0x100/0x320
[ 47.629962][ T334] ? skb_release_data+0x94f/0xa10
[ 47.635190][ T334] kfree_skbmem+0x10c/0x180
[ 47.639992][ T334] consume_skb+0xb3/0x1f0
[ 47.644438][ T334] __sk_msg_free+0x4f4/0x560
[ 47.649305][ T334] ? _raw_spin_lock_bh+0x8e/0xe0
[ 47.655093][ T334] ? _raw_spin_lock_irq+0xe0/0xe0
[ 47.660224][ T334] ? skb_dequeue+0x125/0x160
[ 47.665000][ T334] sk_psock_stop+0x4c9/0x570
[ 47.669696][ T334] ? sock_no_sendpage_locked+0x130/0x130
[ 47.675425][ T334] sk_psock_drop+0x226/0x300
[ 47.680813][ T334] sock_map_unref+0x3c2/0x420
[ 47.685593][ T334] ? sk_psock_link_pop+0x154/0x170
[ 47.690944][ T334] sock_map_remove_links+0x3cd/0x600
[ 47.696325][ T334] ? sock_init_data+0xc0/0xc0
[ 47.701001][ T334] ? fput+0x1a/0x20
[ 47.704805][ T334] ? filp_close+0x105/0x150
[ 47.710015][ T334] ? close_fd+0x70/0x80
[ 47.714268][ T334] ? sock_map_unhash+0x130/0x130
[ 47.719475][ T334] sock_map_close+0x111/0x440
[ 47.724262][ T334] ? unix_peer_get+0xe0/0xe0
[ 47.729042][ T334] ? sock_map_remove_links+0x600/0x600
[ 47.734598][ T334] ? clear_nonspinnable+0x60/0x60
[ 47.739912][ T334] unix_release+0x82/0xc0
[ 47.744462][ T334] sock_close+0xe0/0x270
[ 47.748806][ T334] ? sock_mmap+0xa0/0xa0
[ 47.753203][ T334] __fput+0x20b/0x8b0
[ 47.757198][ T334] ____fput+0x15/0x20
[ 47.761181][ T334] task_work_run+0x127/0x190
[ 47.766070][ T334] exit_to_user_mode_loop+0xd0/0xe0
[ 47.771502][ T334] exit_to_user_mode_prepare+0x5a/0xa0
[ 47.777177][ T334] syscall_exit_to_user_mode+0x1a/0x30
[ 47.783802][ T334] do_syscall_64+0x58/0xa0
[ 47.788331][ T334] ? clear_bhb_loop+0x35/0x90
[ 47.793228][ T334] ? clear_bhb_loop+0x35/0x90
[ 47.799995][ T334] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 47.806964][ T334] RIP: 0033:0x7f21c570d9da
[ 47.811437][ T334] Code: 48 3d 00 f0 ff ff 77 48 c3 0f 1f 80 00 00 00 00 48 83 ec 18 89 7c 24 0c e8 03 7f 02 00 8b 7c 24 0c 89 c2 b8 03 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 36 89 d7 89 44 24 0c e8 63 7f 02 00 8b 44 24
[ 47.831341][ T334] RSP: 002b:00007fff781cac70 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[ 47.839975][ T334] RAX: 0000000000000000 RBX: 0000000000000004 RCX: 00007f21c570d9da
[ 47.848306][ T334] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003
[ 47.857582][ T334] RBP: 00007f21c582f980 R08: 0000001b30160000 R09: 00244b39e9e1a2ac
[ 47.866178][ T334] R10: 0000000000000000 R11: 0000000000000293 R12: 000000000000b7bd
[ 47.874255][ T334] R13: ffffffffffffffff R14: 00007f21c5292000 R15: 000000000000b47c
[ 47.883645][ T334]
[ 47.886764][ T334]
[ 47.889261][ T334] Allocated by task 335:
[ 47.894248][ T334] __kasan_slab_alloc+0xbd/0xf0
[ 47.899777][ T334] slab_post_alloc_hook+0x4f/0x2b0
[ 47.905442][ T334] kmem_cache_alloc+0xf7/0x260
[ 47.911044][ T334] skb_clone+0x1cf/0x360
[ 47.916274][ T334] sk_psock_verdict_recv+0x53/0x800
[ 47.922186][ T334] unix_read_sock+0x10a/0x2c0
[ 47.928359][ T334] sk_psock_verdict_data_ready+0x115/0x170
[ 47.934916][ T334] unix_dgram_sendmsg+0x11e6/0x1880
[ 47.940675][ T334] ____sys_sendmsg+0x5a2/0x8c0
[ 47.946745][ T334] ___sys_sendmsg+0x1f0/0x260
[ 47.955299][ T334] __sys_sendmmsg+0x278/0x480
[ 47.960946][ T334] __x64_sys_sendmmsg+0xa0/0xb0
[ 47.966551][ T334] x64_sys_call+0x6c6/0x9a0
[ 47.971418][ T334] do_syscall_64+0x4c/0xa0
[ 47.976131][ T334] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 47.982679][ T334]
[ 47.986202][ T334] Freed by task 39:
[ 47.990324][ T334] kasan_set_track+0x4a/0x70
[ 47.996307][ T334] kasan_set_free_info+0x23/0x40
[ 48.001799][ T334] ____kasan_slab_free+0x125/0x160
[ 48.007798][ T334] __kasan_slab_free+0x11/0x20
[ 48.012943][ T334] slab_free_freelist_hook+0xc2/0x190
[ 48.018602][ T334] kmem_cache_free+0x100/0x320
[ 48.023458][ T334] kfree_skbmem+0x10c/0x180
[ 48.028092][ T334] kfree_skb+0xc1/0x2f0
[ 48.032473][ T334] sk_psock_backlog+0xa85/0xd80
[ 48.037445][ T334] process_one_work+0x6be/0xba0
[ 48.042759][ T334] worker_thread+0xa59/0x1200
[ 48.050729][ T334] kthread+0x411/0x500
[ 48.055123][ T334] ret_from_fork+0x1f/0x30
[ 48.060652][ T334]
[ 48.063686][ T334] The buggy address belongs to the object at ffff888125619500
[ 48.063686][ T334] which belongs to the cache skbuff_head_cache of size 248
[ 48.081934][ T334] The buggy address is located 0 bytes inside of
[ 48.081934][ T334] 248-byte region [ffff888125619500, ffff8881256195f8)
[ 48.096547][ T334] The buggy address belongs to the page:
[ 48.103189][ T334] page:ffffea0004958640 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x125619
[ 48.114489][ T334] flags: 0x4000000000000200(slab|zone=1)
[ 48.121253][ T334] raw: 4000000000000200 0000000000000000 dead000000000122 ffff8881081aa000
[ 48.134418][ T334] raw: 0000000000000000 00000000000c000c 00000001ffffffff 0000000000000000
[ 48.145468][ T334] page dumped because: kasan: bad access detected
[ 48.153451][ T334] page_owner tracks the page as allocated
[ 48.160614][ T334] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x112a20(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_HARDWALL), pid 332, ts 46090709904, free_ts 38664654332
[ 48.182669][ T334] post_alloc_hook+0x192/0x1b0
[ 48.188030][ T334] prep_new_page+0x1c/0x110
[ 48.192897][ T334] get_page_from_freelist+0x2cc5/0x2d50
[ 48.199609][ T334] __alloc_pages+0x18f/0x440
[ 48.205346][ T334] new_slab+0xa1/0x4d0
[ 48.209863][ T334] ___slab_alloc+0x381/0x810
[ 48.214748][ T334] __slab_alloc+0x49/0x90
[ 48.220167][ T334] kmem_cache_alloc+0x138/0x260
[ 48.225220][ T334] __alloc_skb+0xe0/0x740
[ 48.230107][ T334] audit_log_start+0x3c7/0x8b0
[ 48.235131][ T334] common_lsm_audit+0xd1/0x1600
[ 48.240091][ T334] slow_avc_audit+0x1ac/0x220
[ 48.244987][ T334] selinux_capable+0x21d/0x380
[ 48.249908][ T334] security_capable+0x77/0xb0
[ 48.254923][ T334] capable+0x6d/0xe0
[ 48.259206][ T334] bpf_check+0x15bf/0xf330
[ 48.263810][ T334] page last free stack trace:
[ 48.268734][ T334] free_unref_page_prepare+0x542/0x550
[ 48.274408][ T334] free_unref_page+0xa2/0x550
[ 48.279291][ T334] __put_page+0xad/0xe0
[ 48.284352][ T334] anon_pipe_buf_release+0x183/0x200
[ 48.290254][ T334] pipe_read+0x53d/0xfe0
[ 48.294740][ T334] vfs_read+0x68b/0xbe0
[ 48.299725][ T334] ksys_read+0x140/0x240
[ 48.304639][ T334] __x64_sys_read+0x7b/0x90
[ 48.309462][ T334] x64_sys_call+0x96d/0x9a0
[ 48.314745][ T334] do_syscall_64+0x4c/0xa0
[ 48.319761][ T334] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 48.326800][ T334]
[ 48.329998][ T334] Memory state around the buggy address:
[ 48.336883][ T334] ffff888125619400: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 48.348490][ T334] ffff888125619480: fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc fc
[ 48.358340][ T334] >ffff888125619500: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 48.369109][ T334] ^
[ 48.374124][ T334] ffff888125619580: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fc
[ 48.383225][ T334] ffff888125619600: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
[ 48.392094][ T334] ==================================================================
[ 48.413129][ T30] audit: type=1400 audit(1747299670.330:99): avc: denied { read } for pid=83 comm="syslogd" name="log" dev="sda1" ino=2010 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:var_t tclass=lnk_file permissive=1
[ 48.437055][ T30] audit: type=1400 audit(1747299670.350:100): avc: denied { search } for pid=83 comm="syslogd" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[ 48.479900][ T30] audit: type=1400 audit(1747299670.350:101): avc: denied { write } for pid=83 comm="syslogd" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[ 48.503557][ T337] FAULT_INJECTION: forcing a failure.
[ 48.503557][ T337] name failslab, interval 1, probability 0, space 0, times 0
[ 48.516596][ T337] CPU: 0 PID: 337 Comm: syz-executor.0 Tainted: G B 5.15.182-syzkaller-1080481-g57725b368731 #0
[ 48.529194][ T337] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025
[ 48.540417][ T337] Call Trace:
[ 48.543697][ T337]
[ 48.546905][ T337] __dump_stack+0x21/0x30
[ 48.551531][ T337] dump_stack_lvl+0xee/0x150
[ 48.556146][ T337] ? show_regs_print_info+0x20/0x20
[ 48.565678][ T337] ? entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 48.572887][ T337] ? __kasan_check_write+0x14/0x20
[ 48.578997][ T337] ? _raw_spin_lock_irqsave+0xb0/0x110
[ 48.586341][ T337] dump_stack+0x15/0x20
[ 48.591394][ T337] should_fail+0x3c1/0x510
[ 48.596497][ T337] __should_failslab+0xa4/0xe0
[ 48.604805][ T337] should_failslab+0x9/0x20
[ 48.612003][ T337] slab_pre_alloc_hook+0x3b/0xe0
[ 48.618973][ T337] ? skb_clone+0x1cf/0x360
[ 48.623396][ T337] kmem_cache_alloc+0x44/0x260
[ 48.628818][ T337] skb_clone+0x1cf/0x360
[ 48.633965][ T337] ? __kasan_check_write+0x14/0x20
[ 48.639194][ T337] sk_psock_verdict_recv+0x53/0x800
[ 48.644537][ T337] unix_read_sock+0x10a/0x2c0
[ 48.650200][ T337] ? sk_psock_skb_redirect+0x440/0x440
[ 48.658361][ T337] ? unix_stream_splice_actor+0x120/0x120
[ 48.666610][ T337] ? __kasan_check_write+0x14/0x20
[ 48.674405][ T337] ? unix_stream_splice_actor+0x120/0x120
[ 48.681059][ T337] sk_psock_verdict_data_ready+0x115/0x170
[ 48.687402][ T337] ? sk_psock_start_verdict+0xc0/0xc0
[ 48.693099][ T337] ? _raw_spin_lock+0x8e/0xe0
[ 48.698015][ T337] ? _raw_spin_unlock_irqrestore+0x5b/0x80
[ 48.705618][ T337] ? skb_queue_tail+0xcb/0xf0
[ 48.710847][ T337] unix_dgram_sendmsg+0x11e6/0x1880
[ 48.716104][ T337] ? unix_dgram_poll+0x6b0/0x6b0
[ 48.721179][ T337] ? __mod_memcg_lruvec_state+0x122/0x1b0
[ 48.727285][ T337] ? security_socket_sendmsg+0x82/0xa0
[ 48.733117][ T337] ? unix_dgram_poll+0x6b0/0x6b0
[ 48.738486][ T337] ____sys_sendmsg+0x5a2/0x8c0
[ 48.743280][ T337] ? __sys_sendmsg_sock+0x40/0x40
[ 48.748958][ T337] ? import_iovec+0x7c/0xb0
[ 48.754247][ T337] ___sys_sendmsg+0x1f0/0x260
[ 48.759212][ T337] ? _kstrtoull+0x3c0/0x4d0
[ 48.764165][ T337] ? __sys_sendmsg+0x250/0x250
[ 48.769201][ T337] ? __fdget+0x1a1/0x230
[ 48.774570][ T337] __sys_sendmmsg+0x278/0x480
[ 48.779653][ T337] ? __ia32_sys_sendmsg+0x2a0/0x2a0
[ 48.785289][ T337] ? __ia32_sys_read+0x90/0x90
[ 48.790145][ T337] __x64_sys_sendmmsg+0xa0/0xb0
[ 48.795118][ T337] x64_sys_call+0x6c6/0x9a0
[ 48.800425][ T337] do_syscall_64+0x4c/0xa0
[ 48.805168][ T337] ? clear_bhb_loop+0x35/0x90
[ 48.810124][ T337] ? clear_bhb_loop+0x35/0x90
[ 48.815093][ T337] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 48.821021][ T337] RIP: 0033:0x7f21c570eae9
[ 48.825520][ T337] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[ 48.846844][ T337] RSP: 002b:00007f21c52910c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 48.856065][ T337] RAX: ffffffffffffffda RBX: 00007f21c582df80 RCX: 00007f21c570eae9
[ 48.866065][ T337] RDX: 0000000000000001 RSI: 00000000200063c0 RDI: 0000000000000003
[ 48.875884][ T337] RBP: 00007f21c5291120 R08: 0000000000000000 R09: 0000000000000000
[ 48.886265][ T337] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 48.895361][ T337] R13: 000000000000000b R14: 00007f21c582df80 R15: 00007fff781caba8
[ 48.906007][ T337]
[ 48.919495][ T340] FAULT_INJECTION: forcing a failure.
[ 48.919495][ T340] name failslab, interval 1, probability 0, space 0, times 0
[ 48.932573][ T340] CPU: 1 PID: 340 Comm: syz-executor.0 Tainted: G B 5.15.182-syzkaller-1080481-g57725b368731 #0
[ 48.945765][ T340] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025
[ 48.956326][ T340] Call Trace:
[ 48.959928][ T340]
[ 48.962874][ T340] __dump_stack+0x21/0x30
[ 48.967297][ T340] dump_stack_lvl+0xee/0x150
[ 48.972068][ T340] ? show_regs_print_info+0x20/0x20
[ 48.977745][ T340] dump_stack+0x15/0x20
[ 48.982260][ T340] should_fail+0x3c1/0x510
[ 48.987177][ T340] __should_failslab+0xa4/0xe0
[ 48.991993][ T340] should_failslab+0x9/0x20
[ 48.996615][ T340] slab_pre_alloc_hook+0x3b/0xe0
[ 49.002302][ T340] kmem_cache_alloc_trace+0x48/0x270
[ 49.007692][ T340] ? sk_psock_skb_ingress_self+0x5f/0x330
[ 49.013995][ T340] ? migrate_disable+0x180/0x180
[ 49.019090][ T340] sk_psock_skb_ingress_self+0x5f/0x330
[ 49.025073][ T340] ? migrate_disable+0xd6/0x180
[ 49.030121][ T340] sk_psock_verdict_recv+0x636/0x800
[ 49.036505][ T340] unix_read_sock+0x10a/0x2c0
[ 49.041717][ T340] ? sk_psock_skb_redirect+0x440/0x440
[ 49.047505][ T340] ? unix_stream_splice_actor+0x120/0x120
[ 49.053999][ T340] ? __kasan_check_write+0x14/0x20
[ 49.060340][ T340] ? unix_stream_splice_actor+0x120/0x120
[ 49.067704][ T340] sk_psock_verdict_data_ready+0x115/0x170
[ 49.074668][ T340] ? sk_psock_start_verdict+0xc0/0xc0
[ 49.081184][ T340] ? _raw_spin_lock+0x8e/0xe0
[ 49.086421][ T340] ? _raw_spin_unlock_irqrestore+0x5b/0x80
[ 49.092990][ T340] ? skb_queue_tail+0xcb/0xf0
[ 49.097804][ T340] unix_dgram_sendmsg+0x11e6/0x1880
[ 49.103701][ T340] ? unix_dgram_poll+0x6b0/0x6b0
[ 49.109388][ T340] ? __mod_memcg_lruvec_state+0x122/0x1b0
[ 49.115415][ T340] ? security_socket_sendmsg+0x82/0xa0
[ 49.123223][ T340] ? unix_dgram_poll+0x6b0/0x6b0
[ 49.131378][ T340] ____sys_sendmsg+0x5a2/0x8c0
[ 49.137232][ T340] ? __sys_sendmsg_sock+0x40/0x40
[ 49.143659][ T340] ? import_iovec+0x7c/0xb0
[ 49.149157][ T340] ___sys_sendmsg+0x1f0/0x260
[ 49.154014][ T340] ? _kstrtoull+0x3c0/0x4d0
[ 49.159329][ T340] ? __sys_sendmsg+0x250/0x250
[ 49.164295][ T340] ? __fdget+0x1a1/0x230
[ 49.168823][ T340] __sys_sendmmsg+0x278/0x480
[ 49.173849][ T340] ? __ia32_sys_sendmsg+0x2a0/0x2a0
[ 49.179322][ T340] ? __ia32_sys_read+0x90/0x90
[ 49.184593][ T340] __x64_sys_sendmmsg+0xa0/0xb0
[ 49.189612][ T340] x64_sys_call+0x6c6/0x9a0
[ 49.194450][ T340] do_syscall_64+0x4c/0xa0
[ 49.199226][ T340] ? clear_bhb_loop+0x35/0x90
[ 49.204122][ T340] ? clear_bhb_loop+0x35/0x90
[ 49.209175][ T340] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 49.215275][ T340] RIP: 0033:0x7f21c570eae9
[ 49.219962][ T340] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[ 49.240568][ T340] RSP: 002b:00007f21c52910c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 49.249854][ T340] RAX: ffffffffffffffda RBX: 00007f21c582df80 RCX: 00007f21c570eae9
[ 49.258484][ T340] RDX: 0000000000000001 RSI: 00000000200063c0 RDI: 0000000000000003
[ 49.268829][ T340] RBP: 00007f21c5291120 R08: 0000000000000000 R09: 0000000000000000
[ 49.277506][ T340] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 49.286569][ T340] R13: 000000000000000b R14: 00007f21c582df80 R15: 00007fff781caba8
[ 49.295324][ T340]
[ 49.300292][ T339] ==================================================================
[ 49.310499][ T339] BUG: KASAN: double-free or invalid-free in kmem_cache_free+0x100/0x320
[ 49.319092][ T339]
[ 49.321434][ T339] CPU: 0 PID: 339 Comm: syz-executor.0 Tainted: G B 5.15.182-syzkaller-1080481-g57725b368731 #0
[ 49.334435][ T339] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025
[ 49.345686][ T339] Call Trace:
[ 49.349542][ T339]
[ 49.353128][ T339] __dump_stack+0x21/0x30
[ 49.357764][ T339] dump_stack_lvl+0xee/0x150
[ 49.363108][ T339] ? show_regs_print_info+0x20/0x20
[ 49.368967][ T339] ? load_image+0x3a0/0x3a0
[ 49.373493][ T339] ? reweight_entity+0x84/0x510
[ 49.378710][ T339] print_address_description+0x7f/0x2c0
[ 49.384705][ T339] ? kmem_cache_free+0x100/0x320
[ 49.389654][ T339] kasan_report_invalid_free+0x58/0x90
[ 49.395417][ T339] ? kmem_cache_free+0x100/0x320
[ 49.401051][ T339] ____kasan_slab_free+0x13d/0x160
[ 49.408330][ T339] __kasan_slab_free+0x11/0x20
[ 49.413216][ T339] slab_free_freelist_hook+0xc2/0x190
[ 49.419404][ T339] ? kfree_skbmem+0x10c/0x180
[ 49.424577][ T339] kmem_cache_free+0x100/0x320
[ 49.430225][ T339] ? skb_release_data+0x94f/0xa10
[ 49.436498][ T339] kfree_skbmem+0x10c/0x180
[ 49.443246][ T339] consume_skb+0xb3/0x1f0
[ 49.448219][ T339] __sk_msg_free+0x4f4/0x560
[ 49.453359][ T339] ? _raw_spin_lock_bh+0x8e/0xe0
[ 49.459699][ T339] ? _raw_spin_lock_irq+0xe0/0xe0
[ 49.465390][ T339] ? skb_dequeue+0x125/0x160
[ 49.470107][ T339] sk_psock_stop+0x4c9/0x570
[ 49.475061][ T339] ? sock_no_sendpage_locked+0x130/0x130
[ 49.480709][ T339] sk_psock_drop+0x226/0x300
[ 49.485525][ T339] sock_map_unref+0x3c2/0x420
[ 49.490876][ T339] ? sk_psock_link_pop+0x154/0x170
[ 49.496435][ T339] sock_map_remove_links+0x3cd/0x600
[ 49.501914][ T339] ? sock_init_data+0xc0/0xc0
[ 49.506918][ T339] ? fput+0x1a/0x20
[ 49.510735][ T339] ? filp_close+0x105/0x150
[ 49.515602][ T339] ? close_fd+0x70/0x80
[ 49.520043][ T339] ? sock_map_unhash+0x130/0x130
[ 49.525157][ T339] sock_map_close+0x111/0x440
[ 49.529924][ T339] ? unix_peer_get+0xe0/0xe0
[ 49.534806][ T339] ? sock_map_remove_links+0x600/0x600
[ 49.540616][ T339] ? clear_nonspinnable+0x60/0x60
[ 49.546289][ T339] unix_release+0x82/0xc0
[ 49.550647][ T339] sock_close+0xe0/0x270
[ 49.555079][ T339] ? sock_mmap+0xa0/0xa0
[ 49.559584][ T339] __fput+0x20b/0x8b0
[ 49.565106][ T339] ____fput+0x15/0x20
[ 49.569947][ T339] task_work_run+0x127/0x190
[ 49.575635][ T339] exit_to_user_mode_loop+0xd0/0xe0
[ 49.582275][ T339] exit_to_user_mode_prepare+0x5a/0xa0
[ 49.588270][ T339] syscall_exit_to_user_mode+0x1a/0x30
[ 49.594197][ T339] do_syscall_64+0x58/0xa0
[ 49.598998][ T339] ? clear_bhb_loop+0x35/0x90
[ 49.605050][ T339] ? clear_bhb_loop+0x35/0x90
[ 49.611076][ T339] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 49.622507][ T339] RIP: 0033:0x7f21c570d9da
[ 49.628462][ T339] Code: 48 3d 00 f0 ff ff 77 48 c3 0f 1f 80 00 00 00 00 48 83 ec 18 89 7c 24 0c e8 03 7f 02 00 8b 7c 24 0c 89 c2 b8 03 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 36 89 d7 89 44 24 0c e8 63 7f 02 00 8b 44 24
[ 49.651833][ T339] RSP: 002b:00007fff781cac70 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[ 49.661363][ T339] RAX: 0000000000000000 RBX: 0000000000000004 RCX: 00007f21c570d9da
[ 49.670569][ T339] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003
[ 49.679955][ T339] RBP: 00007f21c582f980 R08: 0000001b30160000 R09: 000f6ea69aefeaa2
[ 49.688128][ T339] R10: 0000000000000000 R11: 0000000000000293 R12: 000000000000c231
[ 49.696259][ T339] R13: ffffffffffffffff R14: 00007f21c5292000 R15: 000000000000bef0
[ 49.704544][ T339]
[ 49.707564][ T339]
[ 49.710186][ T339] Allocated by task 340:
[ 49.714603][ T339] __kasan_slab_alloc+0xbd/0xf0
[ 49.719549][ T339] slab_post_alloc_hook+0x4f/0x2b0
[ 49.724761][ T339] kmem_cache_alloc+0xf7/0x260
[ 49.729892][ T339] skb_clone+0x1cf/0x360
[ 49.734515][ T339] sk_psock_verdict_recv+0x53/0x800
[ 49.741187][ T339] unix_read_sock+0x10a/0x2c0
[ 49.746764][ T339] sk_psock_verdict_data_ready+0x115/0x170
[ 49.753864][ T339] unix_dgram_sendmsg+0x11e6/0x1880
[ 49.759974][ T339] ____sys_sendmsg+0x5a2/0x8c0
[ 49.766792][ T339] ___sys_sendmsg+0x1f0/0x260
[ 49.773716][ T339] __sys_sendmmsg+0x278/0x480
[ 49.779073][ T339] __x64_sys_sendmmsg+0xa0/0xb0
[ 49.784916][ T339] x64_sys_call+0x6c6/0x9a0
[ 49.789597][ T339] do_syscall_64+0x4c/0xa0
[ 49.794545][ T339] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 49.800642][ T339]
[ 49.803305][ T339] Freed by task 39:
[ 49.807392][ T339] kasan_set_track+0x4a/0x70
[ 49.812505][ T339] kasan_set_free_info+0x23/0x40
[ 49.817974][ T339] ____kasan_slab_free+0x125/0x160
[ 49.823976][ T339] __kasan_slab_free+0x11/0x20
[ 49.829322][ T339] slab_free_freelist_hook+0xc2/0x190
[ 49.835483][ T339] kmem_cache_free+0x100/0x320
[ 49.840533][ T339] kfree_skbmem+0x10c/0x180
[ 49.845239][ T339] kfree_skb+0xc1/0x2f0
[ 49.849479][ T339] sk_psock_backlog+0xa85/0xd80
[ 49.854945][ T339] process_one_work+0x6be/0xba0
[ 49.860092][ T339] worker_thread+0xa59/0x1200
[ 49.865057][ T339] kthread+0x411/0x500
[ 49.869228][ T339] ret_from_fork+0x1f/0x30
[ 49.873750][ T339]
[ 49.876170][ T339] The buggy address belongs to the object at ffff88812583f280
[ 49.876170][ T339] which belongs to the cache skbuff_head_cache of size 248
[ 49.891611][ T339] The buggy address is located 0 bytes inside of
[ 49.891611][ T339] 248-byte region [ffff88812583f280, ffff88812583f378)
[ 49.905487][ T339] The buggy address belongs to the page:
[ 49.911491][ T339] page:ffffea0004960fc0 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x12583f
[ 49.922020][ T339] flags: 0x4000000000000200(slab|zone=1)
[ 49.928441][ T339] raw: 4000000000000200 0000000000000000 dead000000000122 ffff8881081aa000
[ 49.937392][ T339] raw: 0000000000000000 00000000000c000c 00000001ffffffff 0000000000000000
[ 49.946585][ T339] page dumped because: kasan: bad access detected
[ 49.953666][ T339] page_owner tracks the page as allocated
[ 49.959899][ T339] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x112cc0(GFP_USER|__GFP_NOWARN|__GFP_NORETRY), pid 90, ts 48912065433, free_ts 46212915571
[ 49.976226][ T339] post_alloc_hook+0x192/0x1b0
[ 49.981187][ T339] prep_new_page+0x1c/0x110
[ 49.986272][ T339] get_page_from_freelist+0x2cc5/0x2d50
[ 49.992294][ T339] __alloc_pages+0x18f/0x440
[ 49.997264][ T339] new_slab+0xa1/0x4d0
[ 50.001721][ T339] ___slab_alloc+0x381/0x810
[ 50.007009][ T339] __slab_alloc+0x49/0x90
[ 50.011704][ T339] kmem_cache_alloc+0x138/0x260
[ 50.016695][ T339] __alloc_skb+0xe0/0x740
[ 50.021128][ T339] alloc_skb_with_frags+0xa8/0x620
[ 50.026562][ T339] sock_alloc_send_pskb+0x853/0x980
[ 50.032301][ T339] unix_dgram_sendmsg+0x5ea/0x1880
[ 50.037856][ T339] __sys_sendto+0x423/0x580
[ 50.042677][ T339] __x64_sys_sendto+0xe5/0x100
[ 50.049125][ T339] x64_sys_call+0x178/0x9a0
[ 50.054736][ T339] do_syscall_64+0x4c/0xa0
[ 50.059553][ T339] page last free stack trace:
[ 50.065183][ T339] free_unref_page_prepare+0x542/0x550
[ 50.071082][ T339] free_unref_page+0xa2/0x550
[ 50.076311][ T339] __free_pages+0x6c/0x100
[ 50.082059][ T339] free_pages+0x82/0x90
[ 50.086802][ T339] kasan_depopulate_vmalloc_pte+0x6b/0x90
[ 50.093019][ T339] __apply_to_page_range+0x8b0/0xbf0
[ 50.099973][ T339] apply_to_existing_page_range+0x38/0x50
[ 50.108803][ T339] kasan_release_vmalloc+0x97/0xb0
[ 50.116095][ T339] __purge_vmap_area_lazy+0xc05/0x1840
[ 50.123192][ T339] _vm_unmap_aliases+0x2fd/0x380
[ 50.129123][ T339] vm_unmap_aliases+0x19/0x20
[ 50.134349][ T339] change_page_attr_set_clr+0x311/0xc10
[ 50.140126][ T339] set_memory_ro+0x89/0xd0
[ 50.144948][ T339] bpf_int_jit_compile+0xc154/0xc910
[ 50.150851][ T339] bpf_prog_select_runtime+0x6f1/0x9f0
[ 50.156662][ T339] bpf_prog_load+0x106d/0x1550
[ 50.161834][ T339]
[ 50.165227][ T339] Memory state around the buggy address:
[ 50.173226][ T339] ffff88812583f180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 50.183027][ T339] ffff88812583f200: fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc fc
[ 50.192857][ T339] >ffff88812583f280: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 50.201292][ T339] ^
[ 50.205677][ T339] ffff88812583f300: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fc
[ 50.214903][ T339] ffff88812583f380: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
[ 50.224384][ T339] ==================================================================
[ 50.245972][ T342] FAULT_INJECTION: forcing a failure.
[ 50.245972][ T342] name failslab, interval 1, probability 0, space 0, times 0
[ 50.259826][ T342] CPU: 0 PID: 342 Comm: syz-executor.0 Tainted: G B 5.15.182-syzkaller-1080481-g57725b368731 #0
[ 50.272458][ T342] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025
[ 50.285492][ T342] Call Trace:
[ 50.289418][ T342]
[ 50.293303][ T342] __dump_stack+0x21/0x30
[ 50.300540][ T342] dump_stack_lvl+0xee/0x150
[ 50.307491][ T342] ? show_regs_print_info+0x20/0x20
[ 50.314591][ T342] dump_stack+0x15/0x20
[ 50.319405][ T342] should_fail+0x3c1/0x510
[ 50.324944][ T342] __should_failslab+0xa4/0xe0
[ 50.330623][ T342] should_failslab+0x9/0x20
[ 50.335987][ T342] slab_pre_alloc_hook+0x3b/0xe0
[ 50.342353][ T342] kmem_cache_alloc_trace+0x48/0x270
[ 50.349380][ T342] ? sk_psock_skb_ingress_self+0x5f/0x330
[ 50.356605][ T342] ? migrate_disable+0x180/0x180
[ 50.362609][ T342] sk_psock_skb_ingress_self+0x5f/0x330
[ 50.369567][ T342] ? migrate_disable+0xd6/0x180
[ 50.375486][ T342] sk_psock_verdict_recv+0x636/0x800
[ 50.381295][ T342] unix_read_sock+0x10a/0x2c0
[ 50.386741][ T342] ? sk_psock_skb_redirect+0x440/0x440
[ 50.392535][ T342] ? unix_stream_splice_actor+0x120/0x120
[ 50.398974][ T342] ? __kasan_check_write+0x14/0x20
[ 50.404691][ T342] ? unix_stream_splice_actor+0x120/0x120
[ 50.411805][ T342] sk_psock_verdict_data_ready+0x115/0x170
[ 50.418036][ T342] ? sk_psock_start_verdict+0xc0/0xc0
[ 50.424431][ T342] ? _raw_spin_lock+0x8e/0xe0
[ 50.430067][ T342] ? _raw_spin_unlock_irqrestore+0x5b/0x80
[ 50.438635][ T342] ? skb_queue_tail+0xcb/0xf0
[ 50.444022][ T342] unix_dgram_sendmsg+0x11e6/0x1880
[ 50.450167][ T342] ? unix_dgram_poll+0x6b0/0x6b0
[ 50.455584][ T342] ? __mod_memcg_lruvec_state+0x122/0x1b0
[ 50.461636][ T342] ? security_socket_sendmsg+0x82/0xa0
[ 50.467553][ T342] ? unix_dgram_poll+0x6b0/0x6b0
[ 50.472649][ T342] ____sys_sendmsg+0x5a2/0x8c0
[ 50.477511][ T342] ? __sys_sendmsg_sock+0x40/0x40
[ 50.482929][ T342] ? import_iovec+0x7c/0xb0
[ 50.487635][ T342] ___sys_sendmsg+0x1f0/0x260
[ 50.492408][ T342] ? _kstrtoull+0x3c0/0x4d0
[ 50.496932][ T342] ? __sys_sendmsg+0x250/0x250
[ 50.501823][ T342] ? __fdget+0x1a1/0x230
[ 50.506063][ T342] __sys_sendmmsg+0x278/0x480
[ 50.511000][ T342] ? __ia32_sys_sendmsg+0x2a0/0x2a0
[ 50.516210][ T342] ? __ia32_sys_read+0x90/0x90
[ 50.520970][ T342] __x64_sys_sendmmsg+0xa0/0xb0
[ 50.526154][ T342] x64_sys_call+0x6c6/0x9a0
[ 50.530828][ T342] do_syscall_64+0x4c/0xa0
[ 50.535257][ T342] ? clear_bhb_loop+0x35/0x90
[ 50.540075][ T342] ? clear_bhb_loop+0x35/0x90
[ 50.544749][ T342] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 50.550803][ T342] RIP: 0033:0x7f21c570eae9
[ 50.555311][ T342] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[ 50.575436][ T342] RSP: 002b:00007f21c52910c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 50.584393][ T342] RAX: ffffffffffffffda RBX: 00007f21c582df80 RCX: 00007f21c570eae9
[ 50.594451][ T342] RDX: 0000000000000001 RSI: 00000000200063c0 RDI: 0000000000000003
[ 50.604564][ T342] RBP: 00007f21c5291120 R08: 0000000000000000 R09: 0000000000000000
[ 50.613982][ T342] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 50.622903][ T342] R13: 000000000000000b R14: 00007f21c582df80 R15: 00007fff781caba8
[ 50.631887][ T342]
[ 50.636144][ T341] ==================================================================
[ 50.645183][ T341] BUG: KASAN: double-free or invalid-free in kmem_cache_free+0x100/0x320
[ 50.654392][ T341]
[ 50.657684][ T341] CPU: 1 PID: 341 Comm: syz-executor.0 Tainted: G B 5.15.182-syzkaller-1080481-g57725b368731 #0
[ 50.673608][ T341] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025
[ 50.685232][ T341] Call Trace:
[ 50.688699][ T341]
[ 50.691738][ T341] __dump_stack+0x21/0x30
[ 50.696384][ T341] dump_stack_lvl+0xee/0x150
[ 50.701806][ T341] ? show_regs_print_info+0x20/0x20
[ 50.707806][ T341] ? load_image+0x3a0/0x3a0
[ 50.714495][ T341] ? reweight_entity+0x84/0x510
[ 50.719910][ T341] print_address_description+0x7f/0x2c0
[ 50.725866][ T341] ? kmem_cache_free+0x100/0x320
[ 50.731181][ T341] kasan_report_invalid_free+0x58/0x90
[ 50.736860][ T341] ? kmem_cache_free+0x100/0x320
[ 50.741990][ T341] ____kasan_slab_free+0x13d/0x160
[ 50.747553][ T341] __kasan_slab_free+0x11/0x20
[ 50.752501][ T341] slab_free_freelist_hook+0xc2/0x190
[ 50.758360][ T341] ? kfree_skbmem+0x10c/0x180
[ 50.763401][ T341] kmem_cache_free+0x100/0x320
[ 50.768353][ T341] ? skb_release_data+0x94f/0xa10
[ 50.774258][ T341] kfree_skbmem+0x10c/0x180
[ 50.779081][ T341] consume_skb+0xb3/0x1f0
[ 50.783516][ T341] __sk_msg_free+0x4f4/0x560
[ 50.788294][ T341] ? _raw_spin_lock_bh+0x8e/0xe0
[ 50.794850][ T341] ? _raw_spin_lock_irq+0xe0/0xe0
[ 50.800087][ T341] ? skb_dequeue+0x125/0x160
[ 50.805225][ T341] sk_psock_stop+0x4c9/0x570
[ 50.810898][ T341] ? sock_no_sendpage_locked+0x130/0x130
[ 50.817145][ T341] sk_psock_drop+0x226/0x300
[ 50.822116][ T341] sock_map_unref+0x3c2/0x420
[ 50.828672][ T341] ? sk_psock_link_pop+0x154/0x170
[ 50.834587][ T341] sock_map_remove_links+0x3cd/0x600
[ 50.841086][ T341] ? sock_init_data+0xc0/0xc0
[ 50.846062][ T341] ? fput+0x1a/0x20
[ 50.850869][ T341] ? filp_close+0x105/0x150
[ 50.856301][ T341] ? close_fd+0x70/0x80
[ 50.861474][ T341] ? sock_map_unhash+0x130/0x130
[ 50.866637][ T341] sock_map_close+0x111/0x440
[ 50.872428][ T341] ? unix_peer_get+0xe0/0xe0
[ 50.877708][ T341] ? sock_map_remove_links+0x600/0x600
[ 50.883914][ T341] ? clear_nonspinnable+0x60/0x60
[ 50.889421][ T341] unix_release+0x82/0xc0
[ 50.894022][ T341] sock_close+0xe0/0x270
[ 50.898627][ T341] ? sock_mmap+0xa0/0xa0
[ 50.903081][ T341] __fput+0x20b/0x8b0
[ 50.907067][ T341] ____fput+0x15/0x20
[ 50.911641][ T341] task_work_run+0x127/0x190
[ 50.917303][ T341] exit_to_user_mode_loop+0xd0/0xe0
[ 50.922545][ T341] exit_to_user_mode_prepare+0x5a/0xa0
[ 50.928584][ T341] syscall_exit_to_user_mode+0x1a/0x30
[ 50.934380][ T341] do_syscall_64+0x58/0xa0
[ 50.939960][ T341] ? clear_bhb_loop+0x35/0x90
[ 50.945786][ T341] ? clear_bhb_loop+0x35/0x90
[ 50.951722][ T341] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 50.958018][ T341] RIP: 0033:0x7f21c570d9da
[ 50.962881][ T341] Code: 48 3d 00 f0 ff ff 77 48 c3 0f 1f 80 00 00 00 00 48 83 ec 18 89 7c 24 0c e8 03 7f 02 00 8b 7c 24 0c 89 c2 b8 03 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 36 89 d7 89 44 24 0c e8 63 7f 02 00 8b 44 24
[ 50.984642][ T341] RSP: 002b:00007fff781cac70 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[ 50.993337][ T341] RAX: 0000000000000000 RBX: 0000000000000004 RCX: 00007f21c570d9da
[ 51.001743][ T341] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003
[ 51.010082][ T341] RBP: 00007f21c582f980 R08: 0000001b30160000 R09: 00228176b35f5cba
[ 51.018965][ T341] R10: 0000000000000000 R11: 0000000000000293 R12: 000000000000c75f
[ 51.027953][ T341] R13: ffffffffffffffff R14: 00007f21c5292000 R15: 000000000000c41e
[ 51.038309][ T341]
[ 51.041630][ T341]
[ 51.044059][ T341] Allocated by task 342:
[ 51.048766][ T341] __kasan_slab_alloc+0xbd/0xf0
[ 51.054050][ T341] slab_post_alloc_hook+0x4f/0x2b0
[ 51.061436][ T341] kmem_cache_alloc+0xf7/0x260
[ 51.067473][ T341] skb_clone+0x1cf/0x360
[ 51.072834][ T341] sk_psock_verdict_recv+0x53/0x800
[ 51.079128][ T341] unix_read_sock+0x10a/0x2c0
[ 51.084318][ T341] sk_psock_verdict_data_ready+0x115/0x170
[ 51.090822][ T341] unix_dgram_sendmsg+0x11e6/0x1880
[ 51.098988][ T341] ____sys_sendmsg+0x5a2/0x8c0
[ 51.105473][ T341] ___sys_sendmsg+0x1f0/0x260
[ 51.112295][ T341] __sys_sendmmsg+0x278/0x480
[ 51.119085][ T341] __x64_sys_sendmmsg+0xa0/0xb0
[ 51.124772][ T341] x64_sys_call+0x6c6/0x9a0
[ 51.130297][ T341] do_syscall_64+0x4c/0xa0
[ 51.136220][ T341] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 51.142961][ T341]
[ 51.146616][ T341] Freed by task 20:
[ 51.151085][ T341] kasan_set_track+0x4a/0x70
[ 51.156252][ T341] kasan_set_free_info+0x23/0x40
[ 51.162851][ T341] ____kasan_slab_free+0x125/0x160
[ 51.169020][ T341] __kasan_slab_free+0x11/0x20
[ 51.175344][ T341] slab_free_freelist_hook+0xc2/0x190
[ 51.181331][ T341] kmem_cache_free+0x100/0x320
[ 51.186364][ T341] kfree_skbmem+0x10c/0x180
[ 51.191180][ T341] kfree_skb+0xc1/0x2f0
[ 51.195637][ T341] sk_psock_backlog+0xa85/0xd80
[ 51.201317][ T341] process_one_work+0x6be/0xba0
[ 51.207082][ T341] worker_thread+0xa59/0x1200
[ 51.211903][ T341] kthread+0x411/0x500
[ 51.217317][ T341] ret_from_fork+0x1f/0x30
[ 51.223561][ T341]
[ 51.226597][ T341] The buggy address belongs to the object at ffff88811d0caa00
[ 51.226597][ T341] which belongs to the cache skbuff_head_cache of size 248
[ 51.243366][ T341] The buggy address is located 0 bytes inside of
[ 51.243366][ T341] 248-byte region [ffff88811d0caa00, ffff88811d0caaf8)
[ 51.258226][ T341] The buggy address belongs to the page:
[ 51.265352][ T341] page:ffffea0004743280 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x11d0ca
[ 51.277851][ T341] flags: 0x4000000000000200(slab|zone=1)
[ 51.285722][ T341] raw: 4000000000000200 0000000000000000 dead000000000122 ffff8881081aa000
[ 51.296449][ T341] raw: 0000000000000000 00000000000c000c 00000001ffffffff 0000000000000000
[ 51.308700][ T341] page dumped because: kasan: bad access detected
[ 51.317801][ T341] page_owner tracks the page as allocated
[ 51.326624][ T341] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x112a20(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_HARDWALL), pid 339, ts 50233291524, free_ts 48912132974
[ 51.351783][ T341] post_alloc_hook+0x192/0x1b0
[ 51.358408][ T341] prep_new_page+0x1c/0x110
[ 51.364658][ T341] get_page_from_freelist+0x2cc5/0x2d50
[ 51.372097][ T341] __alloc_pages+0x18f/0x440
[ 51.377711][ T341] new_slab+0xa1/0x4d0
[ 51.382727][ T341] ___slab_alloc+0x381/0x810
[ 51.387677][ T341] __slab_alloc+0x49/0x90
[ 51.393930][ T341] kmem_cache_alloc+0x138/0x260
[ 51.400736][ T341] __alloc_skb+0xe0/0x740
[ 51.406508][ T341] ndisc_send_rs+0x2ce/0x960
[ 51.412653][ T341] addrconf_rs_timer+0x2c7/0x600
[ 51.419606][ T341] call_timer_fn+0x38/0x290
[ 51.425280][ T341] __run_timers+0x639/0x9a0
[ 51.430938][ T341] run_timer_softirq+0x6a/0xf0
[ 51.438210][ T341] handle_softirqs+0x250/0x560
[ 51.444199][ T341] __do_softirq+0xb/0xd
[ 51.450026][ T341] page last free stack trace:
[ 51.456226][ T341] free_unref_page_prepare+0x542/0x550
[ 51.462736][ T341] free_unref_page+0xa2/0x550
[ 51.468668][ T341] __free_pages+0x6c/0x100
[ 51.474495][ T341] __vunmap+0x84d/0x9e0
[ 51.479243][ T341] free_work+0x5a/0x80
[ 51.484233][ T341] process_one_work+0x6be/0xba0
[ 51.489397][ T341] worker_thread+0xa59/0x1200
[ 51.494439][ T341] kthread+0x411/0x500
[ 51.499167][ T341] ret_from_fork+0x1f/0x30
[ 51.503859][ T341]
[ 51.506193][ T341] Memory state around the buggy address:
[ 51.512090][ T341] ffff88811d0ca900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 51.520748][ T341] ffff88811d0ca980: fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc fc
[ 51.530048][ T341] >ffff88811d0caa00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 51.539248][ T341] ^
[ 51.543315][ T341] ffff88811d0caa80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fc
2025/05/15 09:01:13 executed programs: 5
[ 51.551481][ T341] ffff88811d0cab00: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
[ 51.561071][ T341] ==================================================================
[ 51.585426][ T344] FAULT_INJECTION: forcing a failure.
[ 51.585426][ T344] name failslab, interval 1, probability 0, space 0, times 0
[ 51.601011][ T344] CPU: 0 PID: 344 Comm: syz-executor.0 Tainted: G B 5.15.182-syzkaller-1080481-g57725b368731 #0
[ 51.614684][ T344] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025
[ 51.628613][ T344] Call Trace:
[ 51.632815][ T344]
[ 51.635846][ T344] __dump_stack+0x21/0x30
[ 51.640445][ T344] dump_stack_lvl+0xee/0x150
[ 51.645490][ T344] ? show_regs_print_info+0x20/0x20
[ 51.650899][ T344] dump_stack+0x15/0x20
[ 51.656338][ T344] should_fail+0x3c1/0x510
[ 51.661303][ T344] __should_failslab+0xa4/0xe0
[ 51.681089][ T344] should_failslab+0x9/0x20
[ 51.685960][ T344] slab_pre_alloc_hook+0x3b/0xe0
[ 51.691196][ T344] kmem_cache_alloc_trace+0x48/0x270
[ 51.696600][ T344] ? sk_psock_skb_ingress_self+0x5f/0x330
[ 51.703103][ T344] ? migrate_disable+0x180/0x180
[ 51.708129][ T344] sk_psock_skb_ingress_self+0x5f/0x330
[ 51.714374][ T344] ? migrate_disable+0xd6/0x180
[ 51.720330][ T344] sk_psock_verdict_recv+0x636/0x800
[ 51.725844][ T344] unix_read_sock+0x10a/0x2c0
[ 51.730537][ T344] ? sk_psock_skb_redirect+0x440/0x440
[ 51.736672][ T344] ? unix_stream_splice_actor+0x120/0x120
[ 51.742967][ T344] ? __kasan_check_write+0x14/0x20
[ 51.748363][ T344] ? unix_stream_splice_actor+0x120/0x120
[ 51.754535][ T344] sk_psock_verdict_data_ready+0x115/0x170
[ 51.760986][ T344] ? sk_psock_start_verdict+0xc0/0xc0
[ 51.766978][ T344] ? _raw_spin_lock+0x8e/0xe0
[ 51.772010][ T344] ? _raw_spin_unlock_irqrestore+0x5b/0x80
[ 51.778001][ T344] ? skb_queue_tail+0xcb/0xf0
[ 51.782940][ T344] unix_dgram_sendmsg+0x11e6/0x1880
[ 51.788613][ T344] ? unix_dgram_poll+0x6b0/0x6b0
[ 51.794489][ T344] ? __mod_memcg_lruvec_state+0x122/0x1b0
[ 51.802439][ T344] ? security_socket_sendmsg+0x82/0xa0
[ 51.808385][ T344] ? unix_dgram_poll+0x6b0/0x6b0
[ 51.813964][ T344] ____sys_sendmsg+0x5a2/0x8c0
[ 51.818995][ T344] ? __sys_sendmsg_sock+0x40/0x40
[ 51.824297][ T344] ? import_iovec+0x7c/0xb0
[ 51.828881][ T344] ___sys_sendmsg+0x1f0/0x260
[ 51.833833][ T344] ? _kstrtoull+0x3c0/0x4d0
[ 51.838545][ T344] ? __sys_sendmsg+0x250/0x250
[ 51.843765][ T344] ? __fdget+0x1a1/0x230
[ 51.848275][ T344] __sys_sendmmsg+0x278/0x480
[ 51.853058][ T344] ? __ia32_sys_sendmsg+0x2a0/0x2a0
[ 51.858603][ T344] ? __ia32_sys_read+0x90/0x90
[ 51.864182][ T344] __x64_sys_sendmmsg+0xa0/0xb0
[ 51.869503][ T344] x64_sys_call+0x6c6/0x9a0
[ 51.874465][ T344] do_syscall_64+0x4c/0xa0
[ 51.879244][ T344] ? clear_bhb_loop+0x35/0x90
[ 51.884282][ T344] ? clear_bhb_loop+0x35/0x90
[ 51.889506][ T344] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 51.895510][ T344] RIP: 0033:0x7f21c570eae9
[ 51.900403][ T344] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[ 51.921794][ T344] RSP: 002b:00007f21c52910c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 51.930476][ T344] RAX: ffffffffffffffda RBX: 00007f21c582df80 RCX: 00007f21c570eae9
[ 51.938719][ T344] RDX: 0000000000000001 RSI: 00000000200063c0 RDI: 0000000000000003
[ 51.947388][ T344] RBP: 00007f21c5291120 R08: 0000000000000000 R09: 0000000000000000
[ 51.955475][ T344] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 51.963765][ T344] R13: 000000000000000b R14: 00007f21c582df80 R15: 00007fff781caba8
[ 51.973331][ T344]
[ 51.977937][ T343] ==================================================================
[ 51.986752][ T343] BUG: KASAN: double-free or invalid-free in kmem_cache_free+0x100/0x320
[ 51.995762][ T343]
[ 51.998286][ T343] CPU: 0 PID: 343 Comm: syz-executor.0 Tainted: G B 5.15.182-syzkaller-1080481-g57725b368731 #0
[ 52.010399][ T343] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025
[ 52.020454][ T343] Call Trace:
[ 52.023840][ T343]
[ 52.026889][ T343] __dump_stack+0x21/0x30
[ 52.032793][ T343] dump_stack_lvl+0xee/0x150
[ 52.037743][ T343] ? show_regs_print_info+0x20/0x20
[ 52.043023][ T343] ? load_image+0x3a0/0x3a0
[ 52.047863][ T343] ? hrtimer_cancel+0x2d/0x60
[ 52.052548][ T343] print_address_description+0x7f/0x2c0
[ 52.058326][ T343] ? kmem_cache_free+0x100/0x320
[ 52.063980][ T343] kasan_report_invalid_free+0x58/0x90
[ 52.069549][ T343] ? kmem_cache_free+0x100/0x320
[ 52.075822][ T343] ____kasan_slab_free+0x13d/0x160
[ 52.082184][ T343] __kasan_slab_free+0x11/0x20
[ 52.087562][ T343] slab_free_freelist_hook+0xc2/0x190
[ 52.094310][ T343] ? kfree_skbmem+0x10c/0x180
[ 52.099367][ T343] kmem_cache_free+0x100/0x320
[ 52.105922][ T343] ? skb_release_data+0x94f/0xa10
[ 52.112744][ T343] kfree_skbmem+0x10c/0x180
[ 52.118681][ T343] consume_skb+0xb3/0x1f0
[ 52.125063][ T343] __sk_msg_free+0x4f4/0x560
[ 52.130595][ T343] ? _raw_spin_lock_bh+0x8e/0xe0
[ 52.136799][ T343] ? _raw_spin_lock_irq+0xe0/0xe0
[ 52.142037][ T343] ? skb_dequeue+0x125/0x160
[ 52.146742][ T343] sk_psock_stop+0x4c9/0x570
[ 52.151906][ T343] ? sock_no_sendpage_locked+0x130/0x130
[ 52.157573][ T343] sk_psock_drop+0x226/0x300
[ 52.162176][ T343] sock_map_unref+0x3c2/0x420
[ 52.166852][ T343] ? sk_psock_link_pop+0x154/0x170
[ 52.172616][ T343] sock_map_remove_links+0x3cd/0x600
[ 52.178586][ T343] ? sock_init_data+0xc0/0xc0
[ 52.184068][ T343] ? fput+0x1a/0x20
[ 52.188239][ T343] ? filp_close+0x105/0x150
[ 52.192746][ T343] ? close_fd+0x70/0x80
[ 52.197849][ T343] ? sock_map_unhash+0x130/0x130
[ 52.202888][ T343] sock_map_close+0x111/0x440
[ 52.207858][ T343] ? unix_peer_get+0xe0/0xe0
[ 52.212814][ T343] ? sock_map_remove_links+0x600/0x600
[ 52.218524][ T343] ? clear_nonspinnable+0x60/0x60
[ 52.224070][ T343] unix_release+0x82/0xc0
[ 52.228838][ T343] sock_close+0xe0/0x270
[ 52.233358][ T343] ? sock_mmap+0xa0/0xa0
[ 52.237678][ T343] __fput+0x20b/0x8b0
[ 52.241745][ T343] ____fput+0x15/0x20
[ 52.246118][ T343] task_work_run+0x127/0x190
[ 52.250708][ T343] exit_to_user_mode_loop+0xd0/0xe0
[ 52.255904][ T343] exit_to_user_mode_prepare+0x5a/0xa0
[ 52.261679][ T343] syscall_exit_to_user_mode+0x1a/0x30
[ 52.267708][ T343] do_syscall_64+0x58/0xa0
[ 52.272269][ T343] ? clear_bhb_loop+0x35/0x90
[ 52.276955][ T343] ? clear_bhb_loop+0x35/0x90
[ 52.282187][ T343] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 52.288366][ T343] RIP: 0033:0x7f21c570d9da
[ 52.293090][ T343] Code: 48 3d 00 f0 ff ff 77 48 c3 0f 1f 80 00 00 00 00 48 83 ec 18 89 7c 24 0c e8 03 7f 02 00 8b 7c 24 0c 89 c2 b8 03 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 36 89 d7 89 44 24 0c e8 63 7f 02 00 8b 44 24
[ 52.315335][ T343] RSP: 002b:00007fff781cac70 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[ 52.327774][ T343] RAX: 0000000000000000 RBX: 0000000000000004 RCX: 00007f21c570d9da
[ 52.339549][ T343] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003
[ 52.352800][ T343] RBP: 0000000000000032 R08: 0000001b30160000 R09: 00007f21c582df8c
[ 52.364554][ T343] R10: 00007fff781cadc0 R11: 0000000000000293 R12: 00007f21c52930d0
[ 52.374605][ T343] R13: ffffffffffffffff R14: 00007f21c5292000 R15: 000000000000c958
[ 52.384327][ T343]
[ 52.387793][ T343]
[ 52.390907][ T343] Allocated by task 344:
[ 52.395538][ T343] __kasan_slab_alloc+0xbd/0xf0
[ 52.401429][ T343] slab_post_alloc_hook+0x4f/0x2b0
[ 52.407345][ T343] kmem_cache_alloc+0xf7/0x260
[ 52.413389][ T343] skb_clone+0x1cf/0x360
[ 52.418166][ T343] sk_psock_verdict_recv+0x53/0x800
[ 52.425244][ T343] unix_read_sock+0x10a/0x2c0
[ 52.431652][ T343] sk_psock_verdict_data_ready+0x115/0x170
[ 52.438148][ T343] unix_dgram_sendmsg+0x11e6/0x1880
[ 52.444428][ T343] ____sys_sendmsg+0x5a2/0x8c0
[ 52.450732][ T343] ___sys_sendmsg+0x1f0/0x260
[ 52.456440][ T343] __sys_sendmmsg+0x278/0x480
[ 52.462013][ T343] __x64_sys_sendmmsg+0xa0/0xb0
[ 52.467729][ T343] x64_sys_call+0x6c6/0x9a0
[ 52.472751][ T343] do_syscall_64+0x4c/0xa0
[ 52.478330][ T343] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 52.486220][ T343]
[ 52.488945][ T343] Freed by task 20:
[ 52.493566][ T343] kasan_set_track+0x4a/0x70
[ 52.498519][ T343] kasan_set_free_info+0x23/0x40
[ 52.503486][ T343] ____kasan_slab_free+0x125/0x160
[ 52.508979][ T343] __kasan_slab_free+0x11/0x20
[ 52.514277][ T343] slab_free_freelist_hook+0xc2/0x190
[ 52.519812][ T343] kmem_cache_free+0x100/0x320
[ 52.524961][ T343] kfree_skbmem+0x10c/0x180
[ 52.530052][ T343] kfree_skb+0xc1/0x2f0
[ 52.534457][ T343] sk_psock_backlog+0xa85/0xd80
[ 52.540281][ T343] process_one_work+0x6be/0xba0
[ 52.545724][ T343] worker_thread+0xa59/0x1200
[ 52.550946][ T343] kthread+0x411/0x500
[ 52.555553][ T343] ret_from_fork+0x1f/0x30
[ 52.559997][ T343]
[ 52.562492][ T343] The buggy address belongs to the object at ffff888125555140
[ 52.562492][ T343] which belongs to the cache skbuff_head_cache of size 248
[ 52.577650][ T343] The buggy address is located 0 bytes inside of
[ 52.577650][ T343] 248-byte region [ffff888125555140, ffff888125555238)
[ 52.591386][ T343] The buggy address belongs to the page:
[ 52.597387][ T343] page:ffffea0004955540 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x125555
[ 52.608239][ T343] flags: 0x4000000000000200(slab|zone=1)
[ 52.614756][ T343] raw: 4000000000000200 0000000000000000 dead000000000122 ffff8881081aa000
[ 52.623342][ T343] raw: 0000000000000000 00000000000c000c 00000001ffffffff 0000000000000000
[ 52.632921][ T343] page dumped because: kasan: bad access detected
[ 52.639482][ T343] page_owner tracks the page as allocated
[ 52.645289][ T343] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x112cc0(GFP_USER|__GFP_NOWARN|__GFP_NORETRY), pid 90, ts 51583601387, free_ts 38661222296
[ 52.662318][ T343] post_alloc_hook+0x192/0x1b0
[ 52.667848][ T343] prep_new_page+0x1c/0x110
[ 52.672529][ T343] get_page_from_freelist+0x2cc5/0x2d50
[ 52.678456][ T343] __alloc_pages+0x18f/0x440
[ 52.683244][ T343] new_slab+0xa1/0x4d0
[ 52.687321][ T343] ___slab_alloc+0x381/0x810
[ 52.692168][ T343] __slab_alloc+0x49/0x90
[ 52.696854][ T343] kmem_cache_alloc+0x138/0x260
[ 52.701897][ T343] __alloc_skb+0xe0/0x740
[ 52.706330][ T343] alloc_skb_with_frags+0xa8/0x620
[ 52.713012][ T343] sock_alloc_send_pskb+0x853/0x980
[ 52.718593][ T343] unix_dgram_sendmsg+0x5ea/0x1880
[ 52.723797][ T343] __sys_sendto+0x423/0x580
[ 52.728573][ T343] __x64_sys_sendto+0xe5/0x100
[ 52.733760][ T343] x64_sys_call+0x178/0x9a0
[ 52.739179][ T343] do_syscall_64+0x4c/0xa0
[ 52.744447][ T343] page last free stack trace:
[ 52.750066][ T343] free_unref_page_prepare+0x542/0x550
[ 52.756876][ T343] free_unref_page+0xa2/0x550
[ 52.762166][ T343] __put_page+0xad/0xe0
[ 52.766618][ T343] anon_pipe_buf_release+0x183/0x200
[ 52.772525][ T343] pipe_read+0x53d/0xfe0
[ 52.776911][ T343] vfs_read+0x68b/0xbe0
[ 52.781426][ T343] ksys_read+0x140/0x240
[ 52.786755][ T343] __x64_sys_read+0x7b/0x90
[ 52.791684][ T343] x64_sys_call+0x96d/0x9a0
[ 52.796599][ T343] do_syscall_64+0x4c/0xa0
[ 52.802275][ T343] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 52.808457][ T343]
[ 52.811486][ T343] Memory state around the buggy address:
[ 52.817737][ T343] ffff888125555000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 52.826273][ T343] ffff888125555080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fc
[ 52.837156][ T343] >ffff888125555100: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
[ 52.845638][ T343] ^
[ 52.852003][ T343] ffff888125555180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 52.860505][ T343] ffff888125555200: fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc fc
[ 52.870280][ T343] ==================================================================
[ 52.891617][ T346] FAULT_INJECTION: forcing a failure.
[ 52.891617][ T346] name failslab, interval 1, probability 0, space 0, times 0
[ 52.906037][ T346] CPU: 0 PID: 346 Comm: syz-executor.0 Tainted: G B 5.15.182-syzkaller-1080481-g57725b368731 #0
[ 52.918977][ T346] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025
[ 52.930350][ T346] Call Trace:
[ 52.934109][ T346]
[ 52.937234][ T346] __dump_stack+0x21/0x30
[ 52.942186][ T346] dump_stack_lvl+0xee/0x150
[ 52.947198][ T346] ? show_regs_print_info+0x20/0x20
[ 52.953479][ T346] dump_stack+0x15/0x20
[ 52.958585][ T346] should_fail+0x3c1/0x510
[ 52.963236][ T346] __should_failslab+0xa4/0xe0
[ 52.968578][ T346] should_failslab+0x9/0x20
[ 52.974175][ T346] slab_pre_alloc_hook+0x3b/0xe0
[ 52.980494][ T346] kmem_cache_alloc_trace+0x48/0x270
[ 52.986682][ T346] ? sk_psock_skb_ingress_self+0x5f/0x330
[ 52.993215][ T346] ? migrate_disable+0x180/0x180
[ 52.999339][ T346] sk_psock_skb_ingress_self+0x5f/0x330
[ 53.006937][ T346] ? migrate_disable+0xd6/0x180
[ 53.012111][ T346] sk_psock_verdict_recv+0x636/0x800
[ 53.019042][ T346] unix_read_sock+0x10a/0x2c0
[ 53.024224][ T346] ? sk_psock_skb_redirect+0x440/0x440
[ 53.031038][ T346] ? unix_stream_splice_actor+0x120/0x120
[ 53.038370][ T346] ? __kasan_check_write+0x14/0x20
[ 53.044847][ T346] ? unix_stream_splice_actor+0x120/0x120
[ 53.051910][ T346] sk_psock_verdict_data_ready+0x115/0x170
[ 53.059565][ T346] ? sk_psock_start_verdict+0xc0/0xc0
[ 53.066093][ T346] ? _raw_spin_lock+0x8e/0xe0
[ 53.071340][ T346] ? _raw_spin_unlock_irqrestore+0x5b/0x80
[ 53.079629][ T346] ? skb_queue_tail+0xcb/0xf0
[ 53.085272][ T346] unix_dgram_sendmsg+0x11e6/0x1880
[ 53.094285][ T346] ? unix_dgram_poll+0x6b0/0x6b0
[ 53.102604][ T346] ? __mod_memcg_lruvec_state+0x122/0x1b0
[ 53.111123][ T346] ? security_socket_sendmsg+0x82/0xa0
[ 53.117061][ T346] ? unix_dgram_poll+0x6b0/0x6b0
[ 53.122138][ T346] ____sys_sendmsg+0x5a2/0x8c0
[ 53.126998][ T346] ? __sys_sendmsg_sock+0x40/0x40
[ 53.132194][ T346] ? import_iovec+0x7c/0xb0
[ 53.137450][ T346] ___sys_sendmsg+0x1f0/0x260
[ 53.142318][ T346] ? _kstrtoull+0x3c0/0x4d0
[ 53.147123][ T346] ? __sys_sendmsg+0x250/0x250
[ 53.152162][ T346] ? __fdget+0x1a1/0x230
[ 53.156709][ T346] __sys_sendmmsg+0x278/0x480
[ 53.161636][ T346] ? __ia32_sys_sendmsg+0x2a0/0x2a0
[ 53.166858][ T346] ? __ia32_sys_read+0x90/0x90
[ 53.176109][ T346] __x64_sys_sendmmsg+0xa0/0xb0
[ 53.181267][ T346] x64_sys_call+0x6c6/0x9a0
[ 53.186129][ T346] do_syscall_64+0x4c/0xa0
[ 53.190650][ T346] ? clear_bhb_loop+0x35/0x90
[ 53.195716][ T346] ? clear_bhb_loop+0x35/0x90
[ 53.200603][ T346] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 53.207254][ T346] RIP: 0033:0x7f21c570eae9
[ 53.211880][ T346] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[ 53.233552][ T346] RSP: 002b:00007f21c52910c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 53.242319][ T346] RAX: ffffffffffffffda RBX: 00007f21c582df80 RCX: 00007f21c570eae9
[ 53.250855][ T346] RDX: 0000000000000001 RSI: 00000000200063c0 RDI: 0000000000000003
[ 53.259363][ T346] RBP: 00007f21c5291120 R08: 0000000000000000 R09: 0000000000000000
[ 53.267433][ T346] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 53.276328][ T346] R13: 000000000000000b R14: 00007f21c582df80 R15: 00007fff781caba8
[ 53.286082][ T346]
[ 53.290620][ T345] ==================================================================
[ 53.299349][ T345] BUG: KASAN: double-free or invalid-free in kmem_cache_free+0x100/0x320
[ 53.308212][ T345]
[ 53.310534][ T345] CPU: 1 PID: 345 Comm: syz-executor.0 Tainted: G B 5.15.182-syzkaller-1080481-g57725b368731 #0
[ 53.322915][ T345] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025
[ 53.333159][ T345] Call Trace:
[ 53.336630][ T345]
[ 53.339753][ T345] __dump_stack+0x21/0x30
[ 53.344565][ T345] dump_stack_lvl+0xee/0x150
[ 53.349631][ T345] ? show_regs_print_info+0x20/0x20
[ 53.355308][ T345] ? load_image+0x3a0/0x3a0
[ 53.360075][ T345] ? update_load_avg+0x410/0x1110
[ 53.366155][ T345] print_address_description+0x7f/0x2c0
[ 53.372260][ T345] ? kmem_cache_free+0x100/0x320
[ 53.377512][ T345] kasan_report_invalid_free+0x58/0x90
[ 53.383524][ T345] ? kmem_cache_free+0x100/0x320
[ 53.388972][ T345] ____kasan_slab_free+0x13d/0x160
[ 53.394848][ T345] __kasan_slab_free+0x11/0x20
[ 53.400561][ T345] slab_free_freelist_hook+0xc2/0x190
[ 53.406713][ T345] ? kfree_skbmem+0x10c/0x180
[ 53.411901][ T345] kmem_cache_free+0x100/0x320
[ 53.416875][ T345] ? skb_release_data+0x94f/0xa10
[ 53.422433][ T345] kfree_skbmem+0x10c/0x180
[ 53.427585][ T345] consume_skb+0xb3/0x1f0
[ 53.432254][ T345] __sk_msg_free+0x4f4/0x560
[ 53.437525][ T345] ? _raw_spin_lock_bh+0x8e/0xe0
[ 53.442980][ T345] ? _raw_spin_lock_irq+0xe0/0xe0
[ 53.448198][ T345] ? skb_dequeue+0x125/0x160
[ 53.452977][ T345] sk_psock_stop+0x4c9/0x570
[ 53.457563][ T345] ? sock_no_sendpage_locked+0x130/0x130
[ 53.463301][ T345] sk_psock_drop+0x226/0x300
[ 53.467887][ T345] sock_map_unref+0x3c2/0x420
[ 53.472888][ T345] ? sk_psock_link_pop+0x154/0x170
[ 53.478456][ T345] sock_map_remove_links+0x3cd/0x600
[ 53.484042][ T345] ? sock_init_data+0xc0/0xc0
[ 53.488895][ T345] ? fput+0x1a/0x20
[ 53.492798][ T345] ? filp_close+0x105/0x150
[ 53.497480][ T345] ? close_fd+0x70/0x80
[ 53.502048][ T345] ? sock_map_unhash+0x130/0x130
[ 53.507189][ T345] sock_map_close+0x111/0x440
[ 53.512061][ T345] ? unix_peer_get+0xe0/0xe0
[ 53.516865][ T345] ? sock_map_remove_links+0x600/0x600
[ 53.522977][ T345] ? clear_nonspinnable+0x60/0x60
[ 53.528007][ T345] unix_release+0x82/0xc0
[ 53.532699][ T345] sock_close+0xe0/0x270
[ 53.537276][ T345] ? sock_mmap+0xa0/0xa0
[ 53.541693][ T345] __fput+0x20b/0x8b0
[ 53.545693][ T345] ____fput+0x15/0x20
[ 53.549802][ T345] task_work_run+0x127/0x190
[ 53.555318][ T345] exit_to_user_mode_loop+0xd0/0xe0
[ 53.560860][ T345] exit_to_user_mode_prepare+0x5a/0xa0
[ 53.566886][ T345] syscall_exit_to_user_mode+0x1a/0x30
[ 53.573162][ T345] do_syscall_64+0x58/0xa0
[ 53.577859][ T345] ? clear_bhb_loop+0x35/0x90
[ 53.582898][ T345] ? clear_bhb_loop+0x35/0x90
[ 53.587956][ T345] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 53.593990][ T345] RIP: 0033:0x7f21c570d9da
[ 53.599163][ T345] Code: 48 3d 00 f0 ff ff 77 48 c3 0f 1f 80 00 00 00 00 48 83 ec 18 89 7c 24 0c e8 03 7f 02 00 8b 7c 24 0c 89 c2 b8 03 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 36 89 d7 89 44 24 0c e8 63 7f 02 00 8b 44 24
[ 53.621642][ T345] RSP: 002b:00007fff781cac70 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[ 53.630447][ T345] RAX: 0000000000000000 RBX: 0000000000000004 RCX: 00007f21c570d9da
[ 53.638875][ T345] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003
[ 53.647032][ T345] RBP: 00007f21c582f980 R08: 0000001b30160000 R09: 000d0c4ce43e40ea
[ 53.655384][ T345] R10: 0000000000000000 R11: 0000000000000293 R12: 000000000000d1b6
[ 53.663945][ T345] R13: ffffffffffffffff R14: 00007f21c5292000 R15: 000000000000ce75
[ 53.672552][ T345]
[ 53.675579][ T345]
[ 53.677905][ T345] Allocated by task 346:
[ 53.682222][ T345] __kasan_slab_alloc+0xbd/0xf0
[ 53.687186][ T345] slab_post_alloc_hook+0x4f/0x2b0
[ 53.692494][ T345] kmem_cache_alloc+0xf7/0x260
[ 53.697497][ T345] skb_clone+0x1cf/0x360
[ 53.701768][ T345] sk_psock_verdict_recv+0x53/0x800
[ 53.707143][ T345] unix_read_sock+0x10a/0x2c0
[ 53.711918][ T345] sk_psock_verdict_data_ready+0x115/0x170
[ 53.718380][ T345] unix_dgram_sendmsg+0x11e6/0x1880
[ 53.723728][ T345] ____sys_sendmsg+0x5a2/0x8c0
[ 53.728557][ T345] ___sys_sendmsg+0x1f0/0x260
[ 53.733320][ T345] __sys_sendmmsg+0x278/0x480
[ 53.738130][ T345] __x64_sys_sendmmsg+0xa0/0xb0
[ 53.743243][ T345] x64_sys_call+0x6c6/0x9a0
[ 53.747756][ T345] do_syscall_64+0x4c/0xa0
[ 53.752273][ T345] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 53.758300][ T345]
[ 53.760807][ T345] Freed by task 60:
[ 53.764785][ T345] kasan_set_track+0x4a/0x70
[ 53.769646][ T345] kasan_set_free_info+0x23/0x40
[ 53.774871][ T345] ____kasan_slab_free+0x125/0x160
[ 53.780078][ T345] __kasan_slab_free+0x11/0x20
[ 53.784840][ T345] slab_free_freelist_hook+0xc2/0x190
[ 53.790395][ T345] kmem_cache_free+0x100/0x320
[ 53.795166][ T345] kfree_skbmem+0x10c/0x180
[ 53.799898][ T345] kfree_skb+0xc1/0x2f0
[ 53.804162][ T345] sk_psock_backlog+0xa85/0xd80
[ 53.809753][ T345] process_one_work+0x6be/0xba0
[ 53.814804][ T345] worker_thread+0xa59/0x1200
[ 53.819937][ T345] kthread+0x411/0x500
[ 53.824456][ T345] ret_from_fork+0x1f/0x30
[ 53.829176][ T345]
[ 53.831532][ T345] The buggy address belongs to the object at ffff88810dc44000
[ 53.831532][ T345] which belongs to the cache skbuff_head_cache of size 248
[ 53.846202][ T345] The buggy address is located 0 bytes inside of
[ 53.846202][ T345] 248-byte region [ffff88810dc44000, ffff88810dc440f8)
[ 53.859582][ T345] The buggy address belongs to the page:
[ 53.865572][ T345] page:ffffea0004371100 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10dc44
[ 53.876212][ T345] flags: 0x4000000000000200(slab|zone=1)
[ 53.882242][ T345] raw: 4000000000000200 0000000000000000 0000000600000001 ffff8881081aa000
[ 53.891178][ T345] raw: 0000000000000000 00000000000c000c 00000001ffffffff 0000000000000000
[ 53.900372][ T345] page dumped because: kasan: bad access detected
[ 53.907309][ T345] page_owner tracks the page as allocated
[ 53.913189][ T345] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x12cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY), pid 102, ts 6390779369, free_ts 0
[ 53.928640][ T345] post_alloc_hook+0x192/0x1b0
[ 53.933593][ T345] prep_new_page+0x1c/0x110
[ 53.938979][ T345] get_page_from_freelist+0x2cc5/0x2d50
[ 53.945153][ T345] __alloc_pages+0x18f/0x440
[ 53.949948][ T345] new_slab+0xa1/0x4d0
[ 53.954304][ T345] ___slab_alloc+0x381/0x810
[ 53.958897][ T345] __slab_alloc+0x49/0x90
[ 53.963476][ T345] kmem_cache_alloc+0x138/0x260
[ 53.968431][ T345] skb_clone+0x1cf/0x360
[ 53.972677][ T345] netlink_broadcast_filtered+0x668/0x1250
[ 53.978565][ T345] netlink_broadcast+0x3a/0x50
[ 53.983515][ T345] kobject_uevent_net_broadcast+0x3bd/0x5a0
[ 53.989491][ T345] kobject_uevent_env+0x52e/0x700
[ 53.994524][ T345] kobject_synth_uevent+0x520/0xaf0
[ 53.999985][ T345] uevent_store+0x4b/0x70
[ 54.004490][ T345] drv_attr_store+0x79/0xa0
[ 54.009274][ T345] page_owner free stack trace missing
[ 54.014637][ T345]
[ 54.017065][ T345] Memory state around the buggy address:
[ 54.023000][ T345] ffff88810dc43f00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 54.031353][ T345] ffff88810dc43f80: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[ 54.039900][ T345] >ffff88810dc44000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 54.048567][ T345] ^
[ 54.052799][ T345] ffff88810dc44080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fc
[ 54.061234][ T345] ffff88810dc44100: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
[ 54.069286][ T345] ==================================================================
[ 54.089786][ T348] FAULT_INJECTION: forcing a failure.
[ 54.089786][ T348] name failslab, interval 1, probability 0, space 0, times 0
[ 54.103244][ T348] CPU: 1 PID: 348 Comm: syz-executor.0 Tainted: G B 5.15.182-syzkaller-1080481-g57725b368731 #0
[ 54.116914][ T348] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025
[ 54.127354][ T348] Call Trace:
[ 54.130802][ T348]
[ 54.133748][ T348] __dump_stack+0x21/0x30
[ 54.138086][ T348] dump_stack_lvl+0xee/0x150
[ 54.142771][ T348] ? show_regs_print_info+0x20/0x20
[ 54.147977][ T348] dump_stack+0x15/0x20
[ 54.152239][ T348] should_fail+0x3c1/0x510
[ 54.156655][ T348] __should_failslab+0xa4/0xe0
[ 54.161435][ T348] should_failslab+0x9/0x20
[ 54.166217][ T348] slab_pre_alloc_hook+0x3b/0xe0
[ 54.171165][ T348] kmem_cache_alloc_trace+0x48/0x270
[ 54.176740][ T348] ? sk_psock_skb_ingress_self+0x5f/0x330
[ 54.182856][ T348] ? migrate_disable+0x180/0x180
[ 54.187888][ T348] sk_psock_skb_ingress_self+0x5f/0x330
[ 54.193570][ T348] ? migrate_disable+0xd6/0x180
[ 54.198529][ T348] sk_psock_verdict_recv+0x636/0x800
[ 54.203823][ T348] unix_read_sock+0x10a/0x2c0
[ 54.208502][ T348] ? sk_psock_skb_redirect+0x440/0x440
[ 54.214183][ T348] ? unix_stream_splice_actor+0x120/0x120
[ 54.220083][ T348] ? __kasan_check_write+0x14/0x20
[ 54.225368][ T348] ? unix_stream_splice_actor+0x120/0x120
[ 54.231296][ T348] sk_psock_verdict_data_ready+0x115/0x170
[ 54.237190][ T348] ? sk_psock_start_verdict+0xc0/0xc0
[ 54.242767][ T348] ? _raw_spin_lock+0x8e/0xe0
[ 54.247935][ T348] ? _raw_spin_unlock_irqrestore+0x5b/0x80
[ 54.254413][ T348] ? skb_queue_tail+0xcb/0xf0
[ 54.259179][ T348] unix_dgram_sendmsg+0x11e6/0x1880
[ 54.264871][ T348] ? unix_dgram_poll+0x6b0/0x6b0
[ 54.270160][ T348] ? __mod_memcg_lruvec_state+0x122/0x1b0
[ 54.276496][ T348] ? security_socket_sendmsg+0x82/0xa0
[ 54.282067][ T348] ? unix_dgram_poll+0x6b0/0x6b0
[ 54.287324][ T348] ____sys_sendmsg+0x5a2/0x8c0
[ 54.292376][ T348] ? __sys_sendmsg_sock+0x40/0x40
[ 54.297739][ T348] ? import_iovec+0x7c/0xb0
[ 54.302255][ T348] ___sys_sendmsg+0x1f0/0x260
[ 54.307280][ T348] ? _kstrtoull+0x3c0/0x4d0
[ 54.311989][ T348] ? __sys_sendmsg+0x250/0x250
[ 54.317151][ T348] ? __fdget+0x1a1/0x230
[ 54.321781][ T348] __sys_sendmmsg+0x278/0x480
[ 54.328141][ T348] ? __ia32_sys_sendmsg+0x2a0/0x2a0
[ 54.333430][ T348] ? __ia32_sys_read+0x90/0x90
[ 54.338334][ T348] __x64_sys_sendmmsg+0xa0/0xb0
[ 54.343732][ T348] x64_sys_call+0x6c6/0x9a0
[ 54.348335][ T348] do_syscall_64+0x4c/0xa0
[ 54.353302][ T348] ? clear_bhb_loop+0x35/0x90
[ 54.358450][ T348] ? clear_bhb_loop+0x35/0x90
[ 54.363243][ T348] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 54.369547][ T348] RIP: 0033:0x7f21c570eae9
[ 54.374365][ T348] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[ 54.395145][ T348] RSP: 002b:00007f21c52910c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 54.404265][ T348] RAX: ffffffffffffffda RBX: 00007f21c582df80 RCX: 00007f21c570eae9
[ 54.412240][ T348] RDX: 0000000000000001 RSI: 00000000200063c0 RDI: 0000000000000003
[ 54.420479][ T348] RBP: 00007f21c5291120 R08: 0000000000000000 R09: 0000000000000000
[ 54.429448][ T348] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 54.438156][ T348] R13: 000000000000000b R14: 00007f21c582df80 R15: 00007fff781caba8
[ 54.446776][ T348]
[ 54.451677][ T347] ==================================================================
[ 54.462478][ T347] BUG: KASAN: double-free or invalid-free in kmem_cache_free+0x100/0x320
[ 54.471592][ T347]
[ 54.474646][ T347] CPU: 0 PID: 347 Comm: syz-executor.0 Tainted: G B 5.15.182-syzkaller-1080481-g57725b368731 #0
[ 54.488121][ T347] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025
[ 54.499504][ T347] Call Trace:
[ 54.503262][ T347]
[ 54.506589][ T347] __dump_stack+0x21/0x30
[ 54.510924][ T347] dump_stack_lvl+0xee/0x150
[ 54.515628][ T347] ? show_regs_print_info+0x20/0x20
[ 54.520916][ T347] ? load_image+0x3a0/0x3a0
[ 54.525962][ T347] ? update_load_avg+0x410/0x1110
[ 54.531482][ T347] print_address_description+0x7f/0x2c0
[ 54.537247][ T347] ? kmem_cache_free+0x100/0x320
[ 54.542942][ T347] kasan_report_invalid_free+0x58/0x90
[ 54.548863][ T347] ? kmem_cache_free+0x100/0x320
[ 54.554272][ T347] ____kasan_slab_free+0x13d/0x160
[ 54.559603][ T347] __kasan_slab_free+0x11/0x20
[ 54.564831][ T347] slab_free_freelist_hook+0xc2/0x190
[ 54.570724][ T347] ? kfree_skbmem+0x10c/0x180
[ 54.575578][ T347] kmem_cache_free+0x100/0x320
[ 54.580715][ T347] ? skb_release_data+0x94f/0xa10
[ 54.586787][ T347] kfree_skbmem+0x10c/0x180
[ 54.591666][ T347] consume_skb+0xb3/0x1f0
[ 54.596045][ T347] __sk_msg_free+0x4f4/0x560
[ 54.601131][ T347] ? _raw_spin_lock_bh+0x8e/0xe0
[ 54.606427][ T347] ? _raw_spin_lock_irq+0xe0/0xe0
[ 54.611650][ T347] ? skb_dequeue+0x125/0x160
[ 54.616398][ T347] sk_psock_stop+0x4c9/0x570
[ 54.621174][ T347] ? sock_no_sendpage_locked+0x130/0x130
[ 54.627070][ T347] sk_psock_drop+0x226/0x300
[ 54.631975][ T347] sock_map_unref+0x3c2/0x420
[ 54.636742][ T347] ? sk_psock_link_pop+0x154/0x170
[ 54.642041][ T347] sock_map_remove_links+0x3cd/0x600
[ 54.647410][ T347] ? sock_init_data+0xc0/0xc0
[ 54.652265][ T347] ? fput+0x1a/0x20
[ 54.656259][ T347] ? filp_close+0x105/0x150
[ 54.661120][ T347] ? close_fd+0x70/0x80
[ 54.665455][ T347] ? sock_map_unhash+0x130/0x130
[ 54.671489][ T347] sock_map_close+0x111/0x440
[ 54.676186][ T347] ? unix_peer_get+0xe0/0xe0
[ 54.682139][ T347] ? sock_map_remove_links+0x600/0x600
[ 54.688347][ T347] ? clear_nonspinnable+0x60/0x60
[ 54.694133][ T347] unix_release+0x82/0xc0
[ 54.698674][ T347] sock_close+0xe0/0x270
[ 54.703381][ T347] ? sock_mmap+0xa0/0xa0
[ 54.708481][ T347] __fput+0x20b/0x8b0
[ 54.712672][ T347] ____fput+0x15/0x20
[ 54.716858][ T347] task_work_run+0x127/0x190
[ 54.721814][ T347] exit_to_user_mode_loop+0xd0/0xe0
[ 54.727284][ T347] exit_to_user_mode_prepare+0x5a/0xa0
[ 54.733003][ T347] syscall_exit_to_user_mode+0x1a/0x30
[ 54.738631][ T347] do_syscall_64+0x58/0xa0
[ 54.743449][ T347] ? clear_bhb_loop+0x35/0x90
[ 54.748413][ T347] ? clear_bhb_loop+0x35/0x90
[ 54.753638][ T347] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 54.760154][ T347] RIP: 0033:0x7f21c570d9da
[ 54.765022][ T347] Code: 48 3d 00 f0 ff ff 77 48 c3 0f 1f 80 00 00 00 00 48 83 ec 18 89 7c 24 0c e8 03 7f 02 00 8b 7c 24 0c 89 c2 b8 03 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 36 89 d7 89 44 24 0c e8 63 7f 02 00 8b 44 24
[ 54.786404][ T347] RSP: 002b:00007fff781cac70 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[ 54.794993][ T347] RAX: 0000000000000000 RBX: 0000000000000004 RCX: 00007f21c570d9da
[ 54.803995][ T347] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003
[ 54.813120][ T347] RBP: 00007f21c582f980 R08: 0000001b30160000 R09: 00185f787a45a1f4
[ 54.821648][ T347] R10: 0000000000000000 R11: 0000000000000293 R12: 000000000000d662
[ 54.832454][ T347] R13: ffffffffffffffff R14: 00007f21c5292000 R15: 000000000000d321
[ 54.842131][ T347]
[ 54.845904][ T347]
[ 54.848231][ T347] Allocated by task 348:
[ 54.852915][ T347] __kasan_slab_alloc+0xbd/0xf0
[ 54.858130][ T347] slab_post_alloc_hook+0x4f/0x2b0
[ 54.864009][ T347] kmem_cache_alloc+0xf7/0x260
[ 54.869062][ T347] skb_clone+0x1cf/0x360
[ 54.873795][ T347] sk_psock_verdict_recv+0x53/0x800
[ 54.879169][ T347] unix_read_sock+0x10a/0x2c0
[ 54.883930][ T347] sk_psock_verdict_data_ready+0x115/0x170
[ 54.891035][ T347] unix_dgram_sendmsg+0x11e6/0x1880
[ 54.896515][ T347] ____sys_sendmsg+0x5a2/0x8c0
[ 54.901394][ T347] ___sys_sendmsg+0x1f0/0x260
[ 54.907044][ T347] __sys_sendmmsg+0x278/0x480
[ 54.912493][ T347] __x64_sys_sendmmsg+0xa0/0xb0
[ 54.917714][ T347] x64_sys_call+0x6c6/0x9a0
[ 54.922573][ T347] do_syscall_64+0x4c/0xa0
[ 54.927258][ T347] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 54.933427][ T347]
[ 54.935753][ T347] Freed by task 296:
[ 54.940972][ T347] kasan_set_track+0x4a/0x70
[ 54.945936][ T347] kasan_set_free_info+0x23/0x40
[ 54.951903][ T347] ____kasan_slab_free+0x125/0x160
[ 54.957443][ T347] __kasan_slab_free+0x11/0x20
[ 54.963388][ T347] slab_free_freelist_hook+0xc2/0x190
[ 54.969039][ T347] kmem_cache_free+0x100/0x320
[ 54.974001][ T347] kfree_skbmem+0x10c/0x180
[ 54.978691][ T347] kfree_skb+0xc1/0x2f0
[ 54.982944][ T347] sk_psock_backlog+0xa85/0xd80
[ 54.988146][ T347] process_one_work+0x6be/0xba0
[ 54.993338][ T347] worker_thread+0xa59/0x1200
[ 54.998288][ T347] kthread+0x411/0x500
[ 55.002698][ T347] ret_from_fork+0x1f/0x30
[ 55.007680][ T347]
[ 55.010096][ T347] The buggy address belongs to the object at ffff88812553ac80
[ 55.010096][ T347] which belongs to the cache skbuff_head_cache of size 248
[ 55.026175][ T347] The buggy address is located 0 bytes inside of
[ 55.026175][ T347] 248-byte region [ffff88812553ac80, ffff88812553ad78)
[ 55.039767][ T347] The buggy address belongs to the page:
[ 55.046078][ T347] page:ffffea0004954e80 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x12553a
[ 55.056890][ T347] flags: 0x4000000000000200(slab|zone=1)
[ 55.064215][ T347] raw: 4000000000000200 0000000000000000 dead000000000122 ffff8881081aa000
[ 55.073824][ T347] raw: 0000000000000000 00000000800c000c 00000001ffffffff 0000000000000000
[ 55.083939][ T347] page dumped because: kasan: bad access detected
[ 55.090782][ T347] page_owner tracks the page as allocated
[ 55.098724][ T347] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x112cc0(GFP_USER|__GFP_NOWARN|__GFP_NORETRY), pid 101, ts 54085070672, free_ts 54080444871
[ 55.120168][ T347] post_alloc_hook+0x192/0x1b0
[ 55.127766][ T347] prep_new_page+0x1c/0x110
[ 55.133128][ T347] get_page_from_freelist+0x2cc5/0x2d50
[ 55.140028][ T347] __alloc_pages+0x18f/0x440
[ 55.145608][ T347] new_slab+0xa1/0x4d0
[ 55.149888][ T347] ___slab_alloc+0x381/0x810
[ 55.154685][ T347] __slab_alloc+0x49/0x90
[ 55.159610][ T347] kmem_cache_alloc+0x138/0x260
[ 55.165478][ T347] __alloc_skb+0xe0/0x740
[ 55.170256][ T347] alloc_uevent_skb+0x85/0x240
[ 55.175894][ T347] kobject_uevent_net_broadcast+0x335/0x5a0
[ 55.182085][ T347] kobject_uevent_env+0x52e/0x700
[ 55.187140][ T347] kobject_synth_uevent+0x520/0xaf0
[ 55.193020][ T347] uevent_store+0x25/0x60
[ 55.197893][ T347] dev_attr_store+0x5e/0x80
[ 55.202902][ T347] sysfs_kf_write+0x129/0x150
[ 55.207890][ T347] page last free stack trace:
[ 55.213019][ T347] free_unref_page_prepare+0x542/0x550
[ 55.218664][ T347] free_unref_page+0xa2/0x550
[ 55.224222][ T347] __free_pages+0x6c/0x100
[ 55.229199][ T347] free_pages+0x82/0x90
[ 55.233679][ T347] pgd_free+0x187/0x1a0
[ 55.237923][ T347] __mmdrop+0xad/0x410
[ 55.242086][ T347] __mmput+0x313/0x320
[ 55.246175][ T347] mmput+0x50/0x150
[ 55.250067][ T347] do_exit+0x9ca/0x27a0
[ 55.254237][ T347] do_group_exit+0x141/0x310
[ 55.259005][ T347] __x64_sys_exit_group+0x3f/0x40
[ 55.265519][ T347] x64_sys_call+0x832/0x9a0
[ 55.270442][ T347] do_syscall_64+0x4c/0xa0
[ 55.275941][ T347] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 55.282384][ T347]
[ 55.284855][ T347] Memory state around the buggy address:
[ 55.291063][ T347] ffff88812553ab80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 55.299678][ T347] ffff88812553ac00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 55.308396][ T347] >ffff88812553ac80: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 55.316732][ T347] ^
[ 55.321702][ T347] ffff88812553ad00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fc
[ 55.330706][ T347] ffff88812553ad80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 55.339461][ T347] ==================================================================
[ 55.360453][ T350] FAULT_INJECTION: forcing a failure.
[ 55.360453][ T350] name failslab, interval 1, probability 0, space 0, times 0
[ 55.373839][ T350] CPU: 0 PID: 350 Comm: syz-executor.0 Tainted: G B 5.15.182-syzkaller-1080481-g57725b368731 #0
[ 55.386201][ T350] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025
[ 55.396411][ T350] Call Trace:
[ 55.399784][ T350]
[ 55.402918][ T350] __dump_stack+0x21/0x30
[ 55.407701][ T350] dump_stack_lvl+0xee/0x150
[ 55.412395][ T350] ? show_regs_print_info+0x20/0x20
[ 55.417866][ T350] ? entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 55.424581][ T350] ? __kasan_check_write+0x14/0x20
[ 55.430133][ T350] ? _raw_spin_lock_irqsave+0xb0/0x110
[ 55.436484][ T350] dump_stack+0x15/0x20
[ 55.440825][ T350] should_fail+0x3c1/0x510
[ 55.446602][ T350] __should_failslab+0xa4/0xe0
[ 55.451762][ T350] should_failslab+0x9/0x20
[ 55.456565][ T350] slab_pre_alloc_hook+0x3b/0xe0
[ 55.462269][ T350] ? skb_clone+0x1cf/0x360
[ 55.466874][ T350] kmem_cache_alloc+0x44/0x260
[ 55.472136][ T350] skb_clone+0x1cf/0x360
[ 55.476950][ T350] ? __kasan_check_write+0x14/0x20
[ 55.482288][ T350] sk_psock_verdict_recv+0x53/0x800
[ 55.487798][ T350] unix_read_sock+0x10a/0x2c0
[ 55.492740][ T350] ? sk_psock_skb_redirect+0x440/0x440
[ 55.498301][ T350] ? unix_stream_splice_actor+0x120/0x120
[ 55.504027][ T350] ? __kasan_check_write+0x14/0x20
[ 55.509627][ T350] ? unix_stream_splice_actor+0x120/0x120
[ 55.515365][ T350] sk_psock_verdict_data_ready+0x115/0x170
[ 55.521842][ T350] ? sk_psock_start_verdict+0xc0/0xc0
[ 55.527866][ T350] ? _raw_spin_lock+0x8e/0xe0
[ 55.532572][ T350] ? _raw_spin_unlock_irqrestore+0x5b/0x80
[ 55.539266][ T350] ? skb_queue_tail+0xcb/0xf0
[ 55.544677][ T350] unix_dgram_sendmsg+0x11e6/0x1880
[ 55.550115][ T350] ? unix_dgram_poll+0x6b0/0x6b0
[ 55.555192][ T350] ? __mod_memcg_lruvec_state+0x122/0x1b0
[ 55.561299][ T350] ? security_socket_sendmsg+0x82/0xa0
[ 55.567408][ T350] ? unix_dgram_poll+0x6b0/0x6b0
[ 55.573711][ T350] ____sys_sendmsg+0x5a2/0x8c0
[ 55.581024][ T350] ? __sys_sendmsg_sock+0x40/0x40
[ 55.587306][ T350] ? import_iovec+0x7c/0xb0
[ 55.592382][ T350] ___sys_sendmsg+0x1f0/0x260
[ 55.597269][ T350] ? _kstrtoull+0x3c0/0x4d0
[ 55.601875][ T350] ? __sys_sendmsg+0x250/0x250
[ 55.607104][ T350] ? __fdget+0x1a1/0x230
[ 55.611619][ T350] __sys_sendmmsg+0x278/0x480
[ 55.616384][ T350] ? __ia32_sys_sendmsg+0x2a0/0x2a0
[ 55.621673][ T350] ? __ia32_sys_read+0x90/0x90
[ 55.627417][ T350] __x64_sys_sendmmsg+0xa0/0xb0
[ 55.632655][ T350] x64_sys_call+0x6c6/0x9a0
[ 55.637548][ T350] do_syscall_64+0x4c/0xa0
[ 55.642063][ T350] ? clear_bhb_loop+0x35/0x90
[ 55.647012][ T350] ? clear_bhb_loop+0x35/0x90
[ 55.652717][ T350] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 55.660033][ T350] RIP: 0033:0x7f21c570eae9
[ 55.664849][ T350] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[ 55.686014][ T350] RSP: 002b:00007f21c52910c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 55.694931][ T350] RAX: ffffffffffffffda RBX: 00007f21c582df80 RCX: 00007f21c570eae9
[ 55.703167][ T350] RDX: 0000000000000001 RSI: 00000000200063c0 RDI: 0000000000000003
[ 55.711138][ T350] RBP: 00007f21c5291120 R08: 0000000000000000 R09: 0000000000000000
[ 55.720042][ T350] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 55.728198][ T350] R13: 000000000000000b R14: 00007f21c582df80 R15: 00007fff781caba8
[ 55.736946][ T350]
[ 55.748245][ T352] FAULT_INJECTION: forcing a failure.
[ 55.748245][ T352] name failslab, interval 1, probability 0, space 0, times 0
[ 55.761673][ T352] CPU: 0 PID: 352 Comm: syz-executor.0 Tainted: G B 5.15.182-syzkaller-1080481-g57725b368731 #0
[ 55.775727][ T352] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025
[ 55.786405][ T352] Call Trace:
[ 55.789699][ T352]
[ 55.792794][ T352] __dump_stack+0x21/0x30
[ 55.797408][ T352] dump_stack_lvl+0xee/0x150
[ 55.802138][ T352] ? show_regs_print_info+0x20/0x20
[ 55.807647][ T352] dump_stack+0x15/0x20
[ 55.812050][ T352] should_fail+0x3c1/0x510
[ 55.817206][ T352] __should_failslab+0xa4/0xe0
[ 55.822396][ T352] should_failslab+0x9/0x20
[ 55.827102][ T352] slab_pre_alloc_hook+0x3b/0xe0
[ 55.833644][ T352] kmem_cache_alloc_trace+0x48/0x270
[ 55.840114][ T352] ? sk_psock_skb_ingress_self+0x5f/0x330
[ 55.846402][ T352] ? migrate_disable+0x180/0x180
[ 55.851445][ T352] sk_psock_skb_ingress_self+0x5f/0x330
[ 55.858009][ T352] ? migrate_disable+0xd6/0x180
[ 55.863500][ T352] sk_psock_verdict_recv+0x636/0x800
[ 55.868972][ T352] unix_read_sock+0x10a/0x2c0
[ 55.873835][ T352] ? sk_psock_skb_redirect+0x440/0x440
[ 55.879933][ T352] ? unix_stream_splice_actor+0x120/0x120
[ 55.886975][ T352] ? __kasan_check_write+0x14/0x20
[ 55.892338][ T352] ? unix_stream_splice_actor+0x120/0x120
[ 55.898754][ T352] sk_psock_verdict_data_ready+0x115/0x170
[ 55.905026][ T352] ? sk_psock_start_verdict+0xc0/0xc0
[ 55.910937][ T352] ? _raw_spin_lock+0x8e/0xe0
[ 55.915645][ T352] ? _raw_spin_unlock_irqrestore+0x5b/0x80
[ 55.921551][ T352] ? skb_queue_tail+0xcb/0xf0
[ 55.926316][ T352] unix_dgram_sendmsg+0x11e6/0x1880
[ 55.932022][ T352] ? unix_dgram_poll+0x6b0/0x6b0
[ 55.937826][ T352] ? __mod_memcg_lruvec_state+0x122/0x1b0
[ 55.944054][ T352] ? security_socket_sendmsg+0x82/0xa0
[ 55.950327][ T352] ? unix_dgram_poll+0x6b0/0x6b0
[ 55.955401][ T352] ____sys_sendmsg+0x5a2/0x8c0
[ 55.960356][ T352] ? __sys_sendmsg_sock+0x40/0x40
[ 55.965648][ T352] ? import_iovec+0x7c/0xb0
[ 55.970493][ T352] ___sys_sendmsg+0x1f0/0x260
[ 55.975275][ T352] ? _kstrtoull+0x3c0/0x4d0
[ 55.979873][ T352] ? __sys_sendmsg+0x250/0x250
[ 55.984834][ T352] ? __fdget+0x1a1/0x230
[ 55.989437][ T352] __sys_sendmmsg+0x278/0x480
[ 55.994268][ T352] ? __ia32_sys_sendmsg+0x2a0/0x2a0
[ 55.999875][ T352] ? __ia32_sys_read+0x90/0x90
[ 56.004741][ T352] __x64_sys_sendmmsg+0xa0/0xb0
[ 56.010203][ T352] x64_sys_call+0x6c6/0x9a0
[ 56.014915][ T352] do_syscall_64+0x4c/0xa0
[ 56.019525][ T352] ? clear_bhb_loop+0x35/0x90
[ 56.024224][ T352] ? clear_bhb_loop+0x35/0x90
[ 56.029258][ T352] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 56.036009][ T352] RIP: 0033:0x7f21c570eae9
[ 56.040610][ T352] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[ 56.061368][ T352] RSP: 002b:00007f21c52910c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 56.070143][ T352] RAX: ffffffffffffffda RBX: 00007f21c582df80 RCX: 00007f21c570eae9
[ 56.079357][ T352] RDX: 0000000000000001 RSI: 00000000200063c0 RDI: 0000000000000003
[ 56.087703][ T352] RBP: 00007f21c5291120 R08: 0000000000000000 R09: 0000000000000000
[ 56.096117][ T352] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 56.104569][ T352] R13: 000000000000000b R14: 00007f21c582df80 R15: 00007fff781caba8
[ 56.113211][ T352]
[ 56.116903][ T351] ==================================================================
[ 56.127112][ T351] BUG: KASAN: double-free or invalid-free in kmem_cache_free+0x100/0x320
[ 56.138042][ T351]
[ 56.140972][ T351] CPU: 1 PID: 351 Comm: syz-executor.0 Tainted: G B 5.15.182-syzkaller-1080481-g57725b368731 #0
[ 56.155639][ T351] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025
[ 56.166261][ T351] Call Trace:
[ 56.169733][ T351]
[ 56.172876][ T351] __dump_stack+0x21/0x30
[ 56.177312][ T351] dump_stack_lvl+0xee/0x150
[ 56.182180][ T351] ? show_regs_print_info+0x20/0x20
[ 56.187639][ T351] ? load_image+0x3a0/0x3a0
[ 56.192234][ T351] ? hrtimer_cancel+0x2d/0x60
[ 56.197105][ T351] print_address_description+0x7f/0x2c0
[ 56.202918][ T351] ? kmem_cache_free+0x100/0x320
[ 56.207908][ T351] kasan_report_invalid_free+0x58/0x90
[ 56.214179][ T351] ? kmem_cache_free+0x100/0x320
[ 56.219312][ T351] ____kasan_slab_free+0x13d/0x160
[ 56.225193][ T351] __kasan_slab_free+0x11/0x20
[ 56.230528][ T351] slab_free_freelist_hook+0xc2/0x190
[ 56.236169][ T351] ? kfree_skbmem+0x10c/0x180
[ 56.240852][ T351] kmem_cache_free+0x100/0x320
[ 56.246071][ T351] ? skb_release_data+0x94f/0xa10
[ 56.251205][ T351] kfree_skbmem+0x10c/0x180
[ 56.255794][ T351] consume_skb+0xb3/0x1f0
[ 56.260126][ T351] __sk_msg_free+0x4f4/0x560
[ 56.265167][ T351] ? _raw_spin_lock_bh+0x8e/0xe0
[ 56.270397][ T351] ? _raw_spin_lock_irq+0xe0/0xe0
[ 56.275511][ T351] ? skb_dequeue+0x125/0x160
[ 56.280098][ T351] sk_psock_stop+0x4c9/0x570
[ 56.285147][ T351] ? sock_no_sendpage_locked+0x130/0x130
[ 56.290904][ T351] sk_psock_drop+0x226/0x300
[ 56.296031][ T351] sock_map_unref+0x3c2/0x420
[ 56.300957][ T351] ? sk_psock_link_pop+0x154/0x170
[ 56.306520][ T351] sock_map_remove_links+0x3cd/0x600
[ 56.312450][ T351] ? sock_init_data+0xc0/0xc0
[ 56.318164][ T351] ? fput+0x1a/0x20
[ 56.322642][ T351] ? filp_close+0x105/0x150
[ 56.327571][ T351] ? close_fd+0x70/0x80
[ 56.332117][ T351] ? sock_map_unhash+0x130/0x130
[ 56.337420][ T351] sock_map_close+0x111/0x440
[ 56.343243][ T351] ? unix_peer_get+0xe0/0xe0
[ 56.348670][ T351] ? sock_map_remove_links+0x600/0x600
[ 56.355152][ T351] ? clear_nonspinnable+0x60/0x60
[ 56.361604][ T351] unix_release+0x82/0xc0
[ 56.367398][ T351] sock_close+0xe0/0x270
[ 56.372673][ T351] ? sock_mmap+0xa0/0xa0
[ 56.377776][ T351] __fput+0x20b/0x8b0
[ 56.382564][ T351] ____fput+0x15/0x20
[ 56.386836][ T351] task_work_run+0x127/0x190
[ 56.391551][ T351] exit_to_user_mode_loop+0xd0/0xe0
[ 56.397381][ T351] exit_to_user_mode_prepare+0x5a/0xa0
[ 56.403284][ T351] syscall_exit_to_user_mode+0x1a/0x30
[ 56.409196][ T351] do_syscall_64+0x58/0xa0
[ 56.413891][ T351] ? clear_bhb_loop+0x35/0x90
[ 56.418996][ T351] ? clear_bhb_loop+0x35/0x90
[ 56.423955][ T351] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 56.430646][ T351] RIP: 0033:0x7f21c570d9da
[ 56.435689][ T351] Code: 48 3d 00 f0 ff ff 77 48 c3 0f 1f 80 00 00 00 00 48 83 ec 18 89 7c 24 0c e8 03 7f 02 00 8b 7c 24 0c 89 c2 b8 03 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 36 89 d7 89 44 24 0c e8 63 7f 02 00 8b 44 24
[ 56.459363][ T351] RSP: 002b:00007fff781cac70 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[ 56.468162][ T351] RAX: 0000000000000000 RBX: 0000000000000004 RCX: 00007f21c570d9da
[ 56.476603][ T351] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003
[ 56.485531][ T351] RBP: 0000000000000032 R08: 0000001b30160000 R09: 00007f21c582df8c
[ 56.493902][ T351] R10: 00007fff781cadc0 R11: 0000000000000293 R12: 00007f21c52930d0
[ 56.502266][ T351] R13: ffffffffffffffff R14: 00007f21c5292000 R15: 000000000000d99e
[ 56.510502][ T351]
[ 56.513536][ T351]
[ 56.515873][ T351] Allocated by task 352:
[ 56.520390][ T351] __kasan_slab_alloc+0xbd/0xf0
[ 56.526810][ T351] slab_post_alloc_hook+0x4f/0x2b0
[ 56.532043][ T351] kmem_cache_alloc+0xf7/0x260
[ 56.536981][ T351] skb_clone+0x1cf/0x360
[ 56.541518][ T351] sk_psock_verdict_recv+0x53/0x800
[ 56.546876][ T351] unix_read_sock+0x10a/0x2c0
[ 56.551626][ T351] sk_psock_verdict_data_ready+0x115/0x170
[ 56.557756][ T351] unix_dgram_sendmsg+0x11e6/0x1880
[ 56.563264][ T351] ____sys_sendmsg+0x5a2/0x8c0
[ 56.568040][ T351] ___sys_sendmsg+0x1f0/0x260
[ 56.573108][ T351] __sys_sendmmsg+0x278/0x480
[ 56.577888][ T351] __x64_sys_sendmmsg+0xa0/0xb0
[ 56.583195][ T351] x64_sys_call+0x6c6/0x9a0
[ 56.587790][ T351] do_syscall_64+0x4c/0xa0
[ 56.592406][ T351] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 56.598570][ T351]
[ 56.601097][ T351] Freed by task 39:
[ 56.605020][ T351] kasan_set_track+0x4a/0x70
[ 56.609630][ T351] kasan_set_free_info+0x23/0x40
[ 56.614769][ T351] ____kasan_slab_free+0x125/0x160
[ 56.619965][ T351] __kasan_slab_free+0x11/0x20
[ 56.624934][ T351] slab_free_freelist_hook+0xc2/0x190