Warning: Permanently added '10.128.0.118' (ED25519) to the list of known hosts. 2024/04/21 03:59:54 ignoring optional flag "sandboxArg"="0" 2024/04/21 03:59:54 parsed 1 programs 2024/04/21 03:59:54 executed programs: 0 [ 51.139910][ T1410] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k 2024/04/21 03:59:59 executed programs: 186 2024/04/21 04:00:04 executed programs: 860 2024/04/21 04:00:09 executed programs: 1556 2024/04/21 04:00:14 executed programs: 2250 [ 73.607772][ T600] ================================================================== [ 73.615874][ T600] BUG: KASAN: slab-use-after-free in unix_del_edges+0x12b/0x540 [ 73.623494][ T600] Read of size 8 at addr ffff888112144630 by task kworker/u8:7/600 [ 73.631383][ T600] [ 73.633702][ T600] CPU: 1 PID: 600 Comm: kworker/u8:7 Not tainted 6.9.0-rc1-syzkaller #0 [ 73.642094][ T600] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 73.652241][ T600] Workqueue: events_unbound __unix_gc [ 73.657597][ T600] Call Trace: [ 73.660946][ T600] [ 73.663856][ T600] dump_stack_lvl+0x108/0x280 [ 73.668526][ T600] ? __pfx_dump_stack_lvl+0x10/0x10 [ 73.673701][ T600] ? __pfx__printk+0x10/0x10 [ 73.678282][ T600] ? __virt_addr_valid+0x141/0x260 [ 73.683365][ T600] ? __virt_addr_valid+0x219/0x260 [ 73.688449][ T600] print_report+0x169/0x550 [ 73.693367][ T600] ? __virt_addr_valid+0x141/0x260 [ 73.698800][ T600] ? __virt_addr_valid+0x219/0x260 [ 73.704107][ T600] ? unix_del_edges+0x12b/0x540 [ 73.709124][ T600] kasan_report+0x143/0x180 [ 73.713614][ T600] ? unix_del_edges+0x12b/0x540 [ 73.718527][ T600] unix_del_edges+0x12b/0x540 [ 73.723181][ T600] unix_destroy_fpl+0x44/0x1d0 [ 73.727934][ T600] unix_destruct_scm+0x15b/0x310 [ 73.732858][ T600] ? __pfx_unix_destruct_scm+0x10/0x10 [ 73.738309][ T600] ? debug_check_no_obj_freed+0x3f8/0x480 [ 73.744015][ T600] skb_release_head_state+0x90/0x150 [ 73.749279][ T600] ? __unix_gc+0x18e4/0x19f0 [ 73.753853][ T600] kfree_skb_reason+0xd5/0x2d0 [ 73.758618][ T600] __unix_gc+0x18e4/0x19f0 [ 73.763115][ T600] ? __pfx___unix_gc+0x10/0x10 [ 73.768037][ T600] ? __pfx_lock_acquire+0x10/0x10 [ 73.773218][ T600] ? kick_pool+0x70/0x550 [ 73.777540][ T600] ? process_scheduled_works+0x833/0x12f0 [ 73.783328][ T600] process_scheduled_works+0x8b6/0x12f0 [ 73.789377][ T600] ? __pfx_process_scheduled_works+0x10/0x10 [ 73.795529][ T600] ? assign_work+0x23f/0x350 [ 73.800097][ T600] worker_thread+0x869/0xca0 [ 73.804802][ T600] ? __pfx_worker_thread+0x10/0x10 [ 73.809887][ T600] kthread+0x268/0x2c0 [ 73.813935][ T600] ? __pfx_worker_thread+0x10/0x10 [ 73.819198][ T600] ? __pfx_kthread+0x10/0x10 [ 73.823765][ T600] ret_from_fork+0x32/0x60 [ 73.828248][ T600] ? __pfx_kthread+0x10/0x10 [ 73.832898][ T600] ret_from_fork_asm+0x1a/0x30 [ 73.837731][ T600] [ 73.841027][ T600] [ 73.843515][ T600] Allocated by task 7049: [ 73.847908][ T600] kasan_save_track+0x3f/0x80 [ 73.852593][ T600] __kasan_slab_alloc+0x66/0x80 [ 73.857419][ T600] kmem_cache_alloc+0x15f/0x390 [ 73.862277][ T600] sk_prot_alloc+0x52/0x1c0 [ 73.866754][ T600] sk_alloc+0x35/0x560 [ 73.870886][ T600] unix_create1+0x8c/0x730 [ 73.875883][ T600] unix_create+0x114/0x1d0 [ 73.880448][ T600] __sock_create+0x33c/0x6e0 [ 73.885219][ T600] __sys_socketpair+0x245/0x5f0 [ 73.890431][ T600] __x64_sys_socketpair+0x96/0xb0 [ 73.895454][ T600] do_syscall_64+0x95/0x180 [ 73.900662][ T600] entry_SYSCALL_64_after_hwframe+0x6d/0x75 [ 73.906716][ T600] [ 73.909026][ T600] Freed by task 9: [ 73.912793][ T600] kasan_save_track+0x3f/0x80 [ 73.917632][ T600] kasan_save_free_info+0x40/0x50 [ 73.922729][ T600] poison_slab_object+0xee/0x1a0 [ 73.927905][ T600] __kasan_slab_free+0x37/0x60 [ 73.932651][ T600] kmem_cache_free+0x136/0x330 [ 73.937391][ T600] __sk_destruct+0x390/0x550 [ 73.942077][ T600] unix_release_sock+0x98d/0xba0 [ 73.946995][ T600] unix_release+0x87/0xb0 [ 73.951294][ T600] sock_close+0xb4/0x220 [ 73.955598][ T600] __fput+0x301/0x670 [ 73.959643][ T600] delayed_fput+0x3f/0x70 [ 73.964036][ T600] process_scheduled_works+0x8b6/0x12f0 [ 73.970079][ T600] worker_thread+0x869/0xca0 [ 73.974646][ T600] kthread+0x268/0x2c0 [ 73.978705][ T600] ret_from_fork+0x32/0x60 [ 73.983119][ T600] ret_from_fork_asm+0x1a/0x30 [ 73.987896][ T600] [ 73.990226][ T600] The buggy address belongs to the object at ffff888112144000 [ 73.990226][ T600] which belongs to the cache UNIX of size 1920 [ 74.004040][ T600] The buggy address is located 1584 bytes inside of [ 74.004040][ T600] freed 1920-byte region [ffff888112144000, ffff888112144780) [ 74.018115][ T600] [ 74.020685][ T600] The buggy address belongs to the physical page: [ 74.027158][ T600] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x112140 [ 74.036091][ T600] head: order:3 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 74.044059][ T600] memcg:ffff8881077b4701 [ 74.048279][ T600] flags: 0x200000000000840(slab|head|node=0|zone=2) [ 74.054843][ T600] page_type: 0xffffffff() [ 74.059320][ T600] raw: 0200000000000840 ffff888101e8e780 dead000000000100 dead000000000122 [ 74.067981][ T600] raw: 0000000000000000 0000000080100010 00000001ffffffff ffff8881077b4701 [ 74.076740][ T600] head: 0200000000000840 ffff888101e8e780 dead000000000100 dead000000000122 [ 74.085609][ T600] head: 0000000000000000 0000000080100010 00000001ffffffff ffff8881077b4701 [ 74.094435][ T600] head: 0200000000000003 ffffea0004485001 ffffea0004485048 00000000ffffffff [ 74.103097][ T600] head: 0000000800000000 0000000000000000 00000000ffffffff 0000000000000000 [ 74.111744][ T600] page dumped because: kasan: bad access detected [ 74.118164][ T600] page_owner tracks the page as allocated [ 74.124034][ T600] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x1d20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC|__GFP_HARDWALL), pid 2381, tgid 2380 (syz-executor.0), ts 56726001357, free_ts 56721450037 [ 74.147304][ T600] post_alloc_hook+0x10f/0x130 [ 74.152066][ T600] get_page_from_freelist+0x32cd/0x36a0 [ 74.157859][ T600] __alloc_pages+0x256/0x670 [ 74.162671][ T600] alloc_slab_page+0x5f/0x160 [ 74.167606][ T600] new_slab+0x70/0x270 [ 74.171744][ T600] ___slab_alloc+0xb0d/0x1040 [ 74.176397][ T600] kmem_cache_alloc+0x23a/0x390 [ 74.181355][ T600] sk_prot_alloc+0x52/0x1c0 [ 74.185938][ T600] sk_alloc+0x35/0x560 [ 74.190085][ T600] unix_create1+0x8c/0x730 [ 74.194489][ T600] unix_create+0x114/0x1d0 [ 74.198973][ T600] __sock_create+0x33c/0x6e0 [ 74.203652][ T600] __sys_socketpair+0x1d5/0x5f0 [ 74.208716][ T600] __x64_sys_socketpair+0x96/0xb0 [ 74.213715][ T600] do_syscall_64+0x95/0x180 [ 74.218211][ T600] entry_SYSCALL_64_after_hwframe+0x6d/0x75 [ 74.224083][ T600] page last free pid 1415 tgid 1415 stack trace: [ 74.230409][ T600] free_unref_page_prepare+0x7ce/0x8f0 [ 74.235950][ T600] free_unref_page+0x34/0x230 [ 74.240628][ T600] __put_partials+0x18e/0x1d0 [ 74.245387][ T600] put_cpu_partial+0x151/0x1b0 [ 74.250225][ T600] __slab_free+0x2b8/0x3a0 [ 74.254615][ T600] qlist_free_all+0x5e/0xc0 [ 74.259103][ T600] kasan_quarantine_reduce+0x14f/0x170 [ 74.264544][ T600] __kasan_slab_alloc+0x23/0x80 [ 74.269493][ T600] kmem_cache_alloc+0x15f/0x390 [ 74.274496][ T600] getname_flags+0xa1/0x440 [ 74.279018][ T600] vfs_fstatat+0x65/0xa0 [ 74.283249][ T600] __se_sys_newfstatat+0xc5/0x750 [ 74.288630][ T600] do_syscall_64+0x95/0x180 [ 74.293199][ T600] entry_SYSCALL_64_after_hwframe+0x6d/0x75 [ 74.299070][ T600] [ 74.301375][ T600] Memory state around the buggy address: [ 74.307178][ T600] ffff888112144500: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 74.315327][ T600] ffff888112144580: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 74.323661][ T600] >ffff888112144600: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 74.331884][ T600] ^ [ 74.337674][ T600] ffff888112144680: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 74.345727][ T600] ffff888112144700: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 74.354317][ T600] ================================================================== [ 74.362696][ T600] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 74.370662][ T600] Kernel Offset: disabled [ 74.375131][ T600] Rebooting in 86400 seconds..