Warning: Permanently added '10.128.1.96' (ED25519) to the list of known hosts.
2025/03/20 03:06:29 ignoring optional flag "sandboxArg"="0"
2025/03/20 03:06:29 parsed 1 programs
[ 49.990472][ T30] kauditd_printk_skb: 32 callbacks suppressed
[ 49.990488][ T30] audit: type=1400 audit(1742439991.083:108): avc: denied { unlink } for pid=404 comm="syz-executor" name="swap-file" dev="sda1" ino=1929 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[ 50.042724][ T404] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k
[ 50.667939][ T427] bridge0: port 1(bridge_slave_0) entered blocking state
[ 50.674847][ T427] bridge0: port 1(bridge_slave_0) entered disabled state
[ 50.682104][ T427] device bridge_slave_0 entered promiscuous mode
[ 50.688708][ T427] bridge0: port 2(bridge_slave_1) entered blocking state
[ 50.695615][ T427] bridge0: port 2(bridge_slave_1) entered disabled state
[ 50.702888][ T427] device bridge_slave_1 entered promiscuous mode
[ 50.748075][ T427] bridge0: port 2(bridge_slave_1) entered blocking state
[ 50.754951][ T427] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 50.762157][ T427] bridge0: port 1(bridge_slave_0) entered blocking state
[ 50.768915][ T427] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 50.790807][ T338] bridge0: port 1(bridge_slave_0) entered disabled state
[ 50.797918][ T338] bridge0: port 2(bridge_slave_1) entered disabled state
[ 50.805421][ T338] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[ 50.812941][ T338] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 50.822606][ T338] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 50.830642][ T338] bridge0: port 1(bridge_slave_0) entered blocking state
[ 50.837482][ T338] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 50.846104][ T338] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 50.854221][ T338] bridge0: port 2(bridge_slave_1) entered blocking state
[ 50.861181][ T338] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 50.873967][ T338] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 50.882930][ T338] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 50.897376][ T338] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 50.908481][ T338] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 50.916670][ T338] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[ 50.924068][ T338] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[ 50.933042][ T427] device veth0_vlan entered promiscuous mode
[ 50.943113][ T338] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 50.951992][ T427] device veth1_macvtap entered promiscuous mode
[ 50.966240][ T338] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 50.974606][ T338] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
2025/03/20 03:06:32 executed programs: 0
[ 51.328343][ T30] audit: type=1401 audit(1742439992.413:109): op=setxattr invalid_context="u:object_r:app_data_file:s0:c512,c768"
[ 51.395489][ T468] bridge0: port 1(bridge_slave_0) entered blocking state
[ 51.402454][ T468] bridge0: port 1(bridge_slave_0) entered disabled state
[ 51.409659][ T468] device bridge_slave_0 entered promiscuous mode
[ 51.416701][ T468] bridge0: port 2(bridge_slave_1) entered blocking state
[ 51.423989][ T468] bridge0: port 2(bridge_slave_1) entered disabled state
[ 51.431286][ T468] device bridge_slave_1 entered promiscuous mode
[ 51.481750][ T468] bridge0: port 2(bridge_slave_1) entered blocking state
[ 51.488604][ T468] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 51.495967][ T468] bridge0: port 1(bridge_slave_0) entered blocking state
[ 51.502852][ T468] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 51.524926][ T338] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 51.532520][ T338] bridge0: port 1(bridge_slave_0) entered disabled state
[ 51.539610][ T338] bridge0: port 2(bridge_slave_1) entered disabled state
[ 51.549044][ T338] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 51.557108][ T338] bridge0: port 1(bridge_slave_0) entered blocking state
[ 51.563973][ T338] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 51.575016][ T338] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 51.583118][ T338] bridge0: port 2(bridge_slave_1) entered blocking state
[ 51.589964][ T338] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 51.602138][ T338] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 51.610917][ T8] device bridge_slave_1 left promiscuous mode
[ 51.616848][ T8] bridge0: port 2(bridge_slave_1) entered disabled state
[ 51.624283][ T8] device bridge_slave_0 left promiscuous mode
[ 51.630295][ T8] bridge0: port 1(bridge_slave_0) entered disabled state
[ 51.638089][ T8] device veth1_macvtap left promiscuous mode
[ 51.644235][ T8] device veth0_vlan left promiscuous mode
[ 51.705778][ T338] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[ 51.713821][ T338] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 51.727154][ T338] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[ 51.735310][ T338] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 51.746515][ T338] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[ 51.754420][ T338] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 51.762579][ T338] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[ 51.770057][ T338] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[ 51.777833][ T468] device veth0_vlan entered promiscuous mode
[ 51.787628][ T338] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[ 51.795729][ T338] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 51.804807][ T468] device veth1_macvtap entered promiscuous mode
[ 51.814278][ T338] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[ 51.821815][ T338] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[ 51.830429][ T338] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 51.840301][ T338] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[ 51.848481][ T338] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[ 51.877682][ T30] audit: type=1400 audit(1742439992.963:110): avc: denied { prog_load } for pid=473 comm="syz.2.15" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1
[ 51.896711][ T30] audit: type=1400 audit(1742439992.963:111): avc: denied { bpf } for pid=473 comm="syz.2.15" capability=39 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1
[ 51.918216][ T30] audit: type=1400 audit(1742439993.013:112): avc: denied { append } for pid=83 comm="syslogd" name="messages" dev="tmpfs" ino=2 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[ 51.940864][ T30] audit: type=1400 audit(1742439993.013:113): avc: denied { open } for pid=83 comm="syslogd" path="/tmp/messages" dev="tmpfs" ino=2 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[ 51.963461][ T30] audit: type=1400 audit(1742439993.013:114): avc: denied { getattr } for pid=83 comm="syslogd" path="/tmp/messages" dev="tmpfs" ino=2 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[ 52.014215][ T30] audit: type=1400 audit(1742439993.103:115): avc: denied { map_create } for pid=473 comm="syz.2.15" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1
[ 52.014714][ T476] FAULT_INJECTION: forcing a failure.
[ 52.014714][ T476] name fail_usercopy, interval 1, probability 0, space 0, times 1
[ 52.046008][ T30] audit: type=1400 audit(1742439993.103:116): avc: denied { map_read map_write } for pid=473 comm="syz.2.15" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1
[ 52.065334][ T476] CPU: 1 PID: 476 Comm: syz.2.15 Not tainted 5.15.178-syzkaller-1079147-g7d1f9b5c2ff5 #0
[ 52.074907][ T476] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[ 52.084811][ T476] Call Trace:
[ 52.087928][ T476]
[ 52.090704][ T476] dump_stack_lvl+0x151/0x1c0
[ 52.095307][ T476] ? io_uring_drop_tctx_refs+0x190/0x190
[ 52.100771][ T476] ? vsnprintf+0x1dd/0x1c70
[ 52.105114][ T476] dump_stack+0x15/0x20
[ 52.109126][ T476] should_fail+0x3c6/0x510
[ 52.113365][ T476] should_fail_usercopy+0x1a/0x20
[ 52.118216][ T476] _copy_from_user+0x20/0xd0
[ 52.122652][ T476] kstrtouint_from_user+0xca/0x2a0
[ 52.127589][ T476] ? kstrtol_from_user+0x310/0x310
[ 52.132626][ T476] ? snprintf+0xd6/0x120
[ 52.136709][ T476] ? check_stack_object+0x114/0x130
[ 52.141920][ T476] ? __kasan_check_read+0x11/0x20
[ 52.146771][ T476] ? _copy_to_user+0x78/0x90
[ 52.151205][ T476] proc_fail_nth_write+0xa6/0x290
[ 52.156154][ T476] ? selinux_file_permission+0x2c4/0x570
[ 52.161700][ T476] ? proc_fail_nth_read+0x210/0x210
[ 52.166734][ T476] ? fsnotify_perm+0x6a/0x5b0
[ 52.171247][ T476] ? security_file_permission+0x86/0xb0
[ 52.176691][ T476] ? proc_fail_nth_read+0x210/0x210
[ 52.181665][ T476] vfs_write+0x406/0x1110
[ 52.185835][ T476] ? file_end_write+0x1c0/0x1c0
[ 52.190688][ T476] ? __kasan_check_write+0x14/0x20
[ 52.196263][ T476] ? mutex_lock+0xb6/0x1e0
[ 52.200633][ T476] ? wait_for_completion_killable_timeout+0x10/0x10
[ 52.207063][ T476] ? __fdget_pos+0x2e7/0x3a0
[ 52.211482][ T476] ? ksys_write+0x77/0x2c0
[ 52.215732][ T476] ksys_write+0x199/0x2c0
[ 52.219912][ T476] ? __ia32_sys_read+0x90/0x90
[ 52.224501][ T476] ? debug_smp_processor_id+0x17/0x20
[ 52.229704][ T476] ? fpregs_assert_state_consistent+0xb6/0xe0
[ 52.235607][ T476] __x64_sys_write+0x7b/0x90
[ 52.240040][ T476] x64_sys_call+0x2f/0x9a0
[ 52.244291][ T476] do_syscall_64+0x3b/0xb0
[ 52.248538][ T476] ? clear_bhb_loop+0x35/0x90
[ 52.253055][ T476] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 52.258788][ T476] RIP: 0033:0x7f039c55f23f
[ 52.262320][ T30] audit: type=1400 audit(1742439993.353:117): avc: denied { perfmon } for pid=473 comm="syz.2.15" capability=38 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1
[ 52.263035][ T476] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 c9 8d 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 1c 8e 02 00 48
[ 52.302921][ T476] RSP: 002b:00007f039bf9f030 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[ 52.311159][ T476] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f039c55f23f
[ 52.318967][ T476] RDX: 0000000000000001 RSI: 00007f039bf9f0a0 RDI: 0000000000000006
[ 52.326777][ T476] RBP: 00007f039bf9f090 R08: 0000000000000000 R09: 0000000000000000
[ 52.334854][ T476] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000001
[ 52.342666][ T476] R13: 0000000000000000 R14: 00007f039c718130 R15: 00007fff6e90ad88
[ 52.350593][ T476]
[ 52.364513][ T478] FAULT_INJECTION: forcing a failure.
[ 52.364513][ T478] name fail_page_alloc, interval 1, probability 0, space 0, times 1
[ 52.377675][ T478] CPU: 0 PID: 478 Comm: syz.2.16 Not tainted 5.15.178-syzkaller-1079147-g7d1f9b5c2ff5 #0
[ 52.387243][ T478] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[ 52.397222][ T478] Call Trace:
[ 52.400356][ T478]
[ 52.403213][ T478] dump_stack_lvl+0x151/0x1c0
[ 52.407725][ T478] ? io_uring_drop_tctx_refs+0x190/0x190
[ 52.413193][ T478] dump_stack+0x15/0x20
[ 52.417184][ T478] should_fail+0x3c6/0x510
[ 52.421451][ T478] should_fail_alloc_page+0x5a/0x80
[ 52.426481][ T478] prepare_alloc_pages+0x15c/0x700
[ 52.431422][ T478] ? __alloc_pages_bulk+0xd80/0xd80
[ 52.436450][ T478] ? stack_trace_save+0x1c0/0x1c0
[ 52.441424][ T478] __alloc_pages+0x18c/0x8f0
[ 52.445851][ T478] ? prep_new_page+0x110/0x110
[ 52.450476][ T478] ? stack_trace_save+0x113/0x1c0
[ 52.455324][ T478] ? stack_trace_snprint+0xf0/0xf0
[ 52.460260][ T478] __stack_depot_save+0x38d/0x470
[ 52.465122][ T478] __kasan_slab_alloc+0xc3/0xe0
[ 52.469806][ T478] ? __kasan_slab_alloc+0xb1/0xe0
[ 52.474669][ T478] ? slab_post_alloc_hook+0x53/0x2c0
[ 52.479788][ T478] ? kmem_cache_alloc+0xf5/0x250
[ 52.484557][ T478] ? skb_clone+0x1d1/0x360
[ 52.488904][ T478] ? sk_psock_verdict_recv+0x53/0x840
[ 52.494278][ T478] ? unix_read_sock+0x132/0x370
[ 52.499078][ T478] ? sk_psock_verdict_data_ready+0x147/0x1a0
[ 52.504959][ T478] ? unix_dgram_sendmsg+0x15fa/0x2090
[ 52.510260][ T478] ? ____sys_sendmsg+0x59e/0x8f0
[ 52.515022][ T478] ? ___sys_sendmsg+0x252/0x2e0
[ 52.519714][ T478] ? __se_sys_sendmsg+0x19a/0x260
[ 52.524570][ T478] ? __x64_sys_sendmsg+0x7b/0x90
[ 52.529344][ T478] ? x64_sys_call+0x16a/0x9a0
[ 52.533857][ T478] ? do_syscall_64+0x3b/0xb0
[ 52.538282][ T478] ? entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 52.544191][ T478] slab_post_alloc_hook+0x53/0x2c0
[ 52.549215][ T478] ? skb_clone+0x1d1/0x360
[ 52.553470][ T478] ? skb_clone+0x1d1/0x360
[ 52.557721][ T478] kmem_cache_alloc+0xf5/0x250
[ 52.562424][ T478] skb_clone+0x1d1/0x360
[ 52.566504][ T478] sk_psock_verdict_recv+0x53/0x840
[ 52.571534][ T478] ? avc_has_perm_noaudit+0x430/0x430
[ 52.576845][ T478] unix_read_sock+0x132/0x370
[ 52.581362][ T478] ? sk_psock_skb_redirect+0x440/0x440
[ 52.586650][ T478] ? unix_stream_splice_actor+0x120/0x120
[ 52.592206][ T478] ? _raw_spin_lock_irqsave+0xf9/0x210
[ 52.597508][ T478] ? unix_stream_splice_actor+0x120/0x120
[ 52.603092][ T478] sk_psock_verdict_data_ready+0x147/0x1a0
[ 52.608698][ T478] ? sk_psock_start_verdict+0xc0/0xc0
[ 52.613922][ T478] ? _raw_spin_lock+0xa4/0x1b0
[ 52.618505][ T478] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 52.624264][ T478] ? skb_queue_tail+0xfb/0x120
[ 52.628887][ T478] unix_dgram_sendmsg+0x15fa/0x2090
[ 52.633908][ T478] ? unix_dgram_poll+0x690/0x690
[ 52.638671][ T478] ? kasan_set_track+0x5d/0x70
[ 52.643264][ T478] ? kasan_set_track+0x4b/0x70
[ 52.647969][ T478] ? security_socket_sendmsg+0x82/0xb0
[ 52.653249][ T478] ? unix_dgram_poll+0x690/0x690
[ 52.658019][ T478] ____sys_sendmsg+0x59e/0x8f0
[ 52.662624][ T478] ? __sys_sendmsg_sock+0x40/0x40
[ 52.667487][ T478] ? import_iovec+0xe5/0x120
[ 52.671905][ T478] ___sys_sendmsg+0x252/0x2e0
[ 52.676420][ T478] ? __sys_sendmsg+0x260/0x260
[ 52.681024][ T478] ? putname+0xfa/0x150
[ 52.685026][ T478] ? __fdget+0x1bc/0x240
[ 52.689182][ T478] __se_sys_sendmsg+0x19a/0x260
[ 52.693864][ T478] ? __x64_sys_sendmsg+0x90/0x90
[ 52.698637][ T478] ? ksys_write+0x260/0x2c0
[ 52.703071][ T478] ? debug_smp_processor_id+0x17/0x20
[ 52.708362][ T478] ? fpregs_assert_state_consistent+0xb6/0xe0
[ 52.714268][ T478] __x64_sys_sendmsg+0x7b/0x90
[ 52.718863][ T478] x64_sys_call+0x16a/0x9a0
[ 52.723206][ T478] do_syscall_64+0x3b/0xb0
[ 52.727456][ T478] ? clear_bhb_loop+0x35/0x90
[ 52.731965][ T478] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 52.737696][ T478] RIP: 0033:0x7f039c560759
[ 52.741947][ T478] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 52.761480][ T478] RSP: 002b:00007f039bfe1038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 52.769725][ T478] RAX: ffffffffffffffda RBX: 00007f039c717f80 RCX: 00007f039c560759
[ 52.777532][ T478] RDX: 0000000000000000 RSI: 0000000020000500 RDI: 0000000000000004
[ 52.785431][ T478] RBP: 00007f039bfe1090 R08: 0000000000000000 R09: 0000000000000000
[ 52.793240][ T478] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 52.801057][ T478] R13: 0000000000000000 R14: 00007f039c717f80 R15: 00007fff6e90ad88
[ 52.808992][ T478]
[ 52.823655][ T480] FAULT_INJECTION: forcing a failure.
[ 52.823655][ T480] name failslab, interval 1, probability 0, space 0, times 1
[ 52.836522][ T480] CPU: 1 PID: 480 Comm: syz.2.17 Not tainted 5.15.178-syzkaller-1079147-g7d1f9b5c2ff5 #0
[ 52.846147][ T480] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[ 52.856032][ T480] Call Trace:
[ 52.859156][ T480]
[ 52.861934][ T480] dump_stack_lvl+0x151/0x1c0
[ 52.866449][ T480] ? io_uring_drop_tctx_refs+0x190/0x190
[ 52.871914][ T480] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 52.877565][ T480] ? __skb_try_recv_datagram+0x495/0x6a0
[ 52.883024][ T480] dump_stack+0x15/0x20
[ 52.887053][ T480] should_fail+0x3c6/0x510
[ 52.891269][ T480] __should_failslab+0xa4/0xe0
[ 52.895866][ T480] ? skb_clone+0x1d1/0x360
[ 52.900122][ T480] should_failslab+0x9/0x20
[ 52.904460][ T480] slab_pre_alloc_hook+0x37/0xd0
[ 52.909232][ T480] ? skb_clone+0x1d1/0x360
[ 52.913488][ T480] kmem_cache_alloc+0x44/0x250
[ 52.918092][ T480] skb_clone+0x1d1/0x360
[ 52.922165][ T480] sk_psock_verdict_recv+0x53/0x840
[ 52.927202][ T480] ? avc_has_perm_noaudit+0x430/0x430
[ 52.932417][ T480] unix_read_sock+0x132/0x370
[ 52.936923][ T480] ? sk_psock_skb_redirect+0x440/0x440
[ 52.942214][ T480] ? unix_stream_splice_actor+0x120/0x120
[ 52.947771][ T480] ? _raw_spin_lock_irqsave+0xf9/0x210
[ 52.953067][ T480] ? unix_stream_splice_actor+0x120/0x120
[ 52.958618][ T480] sk_psock_verdict_data_ready+0x147/0x1a0
[ 52.964269][ T480] ? sk_psock_start_verdict+0xc0/0xc0
[ 52.969475][ T480] ? _raw_spin_lock+0xa4/0x1b0
[ 52.974071][ T480] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 52.979710][ T480] ? skb_queue_tail+0xfb/0x120
[ 52.984313][ T480] unix_dgram_sendmsg+0x15fa/0x2090
[ 52.989347][ T480] ? unix_dgram_poll+0x690/0x690
[ 52.994175][ T480] ? kasan_set_track+0x5d/0x70
[ 52.998717][ T480] ? kasan_set_track+0x4b/0x70
[ 53.003331][ T480] ? security_socket_sendmsg+0x82/0xb0
[ 53.008612][ T480] ? unix_dgram_poll+0x690/0x690
[ 53.013386][ T480] ____sys_sendmsg+0x59e/0x8f0
[ 53.017996][ T480] ? __sys_sendmsg_sock+0x40/0x40
[ 53.022933][ T480] ? import_iovec+0xe5/0x120
[ 53.027360][ T480] ___sys_sendmsg+0x252/0x2e0
[ 53.031946][ T480] ? __sys_sendmsg+0x260/0x260
[ 53.036493][ T480] ? putname+0xfa/0x150
[ 53.040468][ T480] ? __fdget+0x1bc/0x240
[ 53.044546][ T480] __se_sys_sendmsg+0x19a/0x260
[ 53.049230][ T480] ? __x64_sys_sendmsg+0x90/0x90
[ 53.054091][ T480] ? ksys_write+0x260/0x2c0
[ 53.058444][ T480] ? debug_smp_processor_id+0x17/0x20
[ 53.063642][ T480] ? fpregs_assert_state_consistent+0xb6/0xe0
[ 53.069541][ T480] __x64_sys_sendmsg+0x7b/0x90
[ 53.074137][ T480] x64_sys_call+0x16a/0x9a0
[ 53.078484][ T480] do_syscall_64+0x3b/0xb0
[ 53.082730][ T480] ? clear_bhb_loop+0x35/0x90
[ 53.087417][ T480] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 53.093147][ T480] RIP: 0033:0x7f039c560759
[ 53.097409][ T480] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 53.116948][ T480] RSP: 002b:00007f039bfe1038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 53.125364][ T480] RAX: ffffffffffffffda RBX: 00007f039c717f80 RCX: 00007f039c560759
[ 53.133175][ T480] RDX: 0000000000000000 RSI: 0000000020000500 RDI: 0000000000000004
[ 53.141161][ T480] RBP: 00007f039bfe1090 R08: 0000000000000000 R09: 0000000000000000
[ 53.148978][ T480] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 53.156782][ T480] R13: 0000000000000000 R14: 00007f039c717f80 R15: 00007fff6e90ad88
[ 53.164599][ T480]
[ 53.179769][ T482] FAULT_INJECTION: forcing a failure.
[ 53.179769][ T482] name failslab, interval 1, probability 0, space 0, times 0
[ 53.192499][ T482] CPU: 1 PID: 482 Comm: syz.2.18 Not tainted 5.15.178-syzkaller-1079147-g7d1f9b5c2ff5 #0
[ 53.202333][ T482] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[ 53.212230][ T482] Call Trace:
[ 53.215530][ T482]
[ 53.218299][ T482] dump_stack_lvl+0x151/0x1c0
[ 53.222816][ T482] ? io_uring_drop_tctx_refs+0x190/0x190
[ 53.228291][ T482] dump_stack+0x15/0x20
[ 53.232276][ T482] should_fail+0x3c6/0x510
[ 53.236527][ T482] __should_failslab+0xa4/0xe0
[ 53.241142][ T482] should_failslab+0x9/0x20
[ 53.245466][ T482] slab_pre_alloc_hook+0x37/0xd0
[ 53.250250][ T482] kmem_cache_alloc_trace+0x48/0x270
[ 53.255359][ T482] ? sk_psock_skb_ingress_self+0x60/0x330
[ 53.261013][ T482] ? migrate_disable+0x190/0x190
[ 53.265779][ T482] sk_psock_skb_ingress_self+0x60/0x330
[ 53.271272][ T482] sk_psock_verdict_recv+0x66d/0x840
[ 53.276388][ T482] unix_read_sock+0x132/0x370
[ 53.280904][ T482] ? asm_sysvec_apic_timer_interrupt+0x1b/0x20
[ 53.286890][ T482] ? sk_psock_skb_redirect+0x440/0x440
[ 53.292187][ T482] ? unix_stream_splice_actor+0x120/0x120
[ 53.297829][ T482] ? sk_psock_skb_redirect+0x440/0x440
[ 53.303126][ T482] ? unix_read_sock+0xd/0x370
[ 53.307813][ T482] ? unix_stream_splice_actor+0x120/0x120
[ 53.313537][ T482] sk_psock_verdict_data_ready+0x147/0x1a0
[ 53.319178][ T482] ? sk_psock_start_verdict+0xc0/0xc0
[ 53.324415][ T482] ? _raw_spin_lock+0xa4/0x1b0
[ 53.328993][ T482] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 53.334630][ T482] ? skb_queue_tail+0xfb/0x120
[ 53.339256][ T482] unix_dgram_sendmsg+0x15fa/0x2090
[ 53.344272][ T482] ? unix_dgram_poll+0x690/0x690
[ 53.349041][ T482] ? kasan_set_track+0x5d/0x70
[ 53.353720][ T482] ? kasan_set_track+0x4b/0x70
[ 53.358324][ T482] ? security_socket_sendmsg+0x82/0xb0
[ 53.363618][ T482] ? unix_dgram_poll+0x690/0x690
[ 53.368476][ T482] ____sys_sendmsg+0x59e/0x8f0
[ 53.373090][ T482] ? __sys_sendmsg_sock+0x40/0x40
[ 53.377942][ T482] ? import_iovec+0xe5/0x120
[ 53.382362][ T482] ___sys_sendmsg+0x252/0x2e0
[ 53.386876][ T482] ? __sys_sendmsg+0x260/0x260
[ 53.391478][ T482] ? putname+0xfa/0x150
[ 53.395471][ T482] ? __fdget+0x1bc/0x240
[ 53.399544][ T482] __se_sys_sendmsg+0x19a/0x260
[ 53.404233][ T482] ? __x64_sys_sendmsg+0x90/0x90
[ 53.409034][ T482] ? ksys_write+0x260/0x2c0
[ 53.413350][ T482] ? debug_smp_processor_id+0x17/0x20
[ 53.418557][ T482] ? fpregs_assert_state_consistent+0xb6/0xe0
[ 53.424610][ T482] __x64_sys_sendmsg+0x7b/0x90
[ 53.429176][ T482] x64_sys_call+0x16a/0x9a0
[ 53.433590][ T482] do_syscall_64+0x3b/0xb0
[ 53.437844][ T482] ? clear_bhb_loop+0x35/0x90
[ 53.442358][ T482] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 53.448084][ T482] RIP: 0033:0x7f039c560759
[ 53.452339][ T482] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 53.471886][ T482] RSP: 002b:00007f039bfe1038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 53.480235][ T482] RAX: ffffffffffffffda RBX: 00007f039c717f80 RCX: 00007f039c560759
[ 53.488053][ T482] RDX: 0000000000000000 RSI: 0000000020000500 RDI: 0000000000000004
[ 53.495856][ T482] RBP: 00007f039bfe1090 R08: 0000000000000000 R09: 0000000000000000
[ 53.503929][ T482] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 53.512323][ T482] R13: 0000000000000000 R14: 00007f039c717f80 R15: 00007fff6e90ad88
[ 53.520365][ T482]
[ 53.526293][ T39] ==================================================================
[ 53.534369][ T39] BUG: KASAN: use-after-free in consume_skb+0x3c/0x250
[ 53.541043][ T39] Read of size 4 at addr ffff88812542c72c by task kworker/1:1/39
[ 53.548595][ T39]
[ 53.550766][ T39] CPU: 1 PID: 39 Comm: kworker/1:1 Not tainted 5.15.178-syzkaller-1079147-g7d1f9b5c2ff5 #0
[ 53.560573][ T39] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[ 53.570469][ T39] Workqueue: events bpf_map_free_deferred
[ 53.576027][ T39] Call Trace:
[ 53.579146][ T39]
[ 53.581925][ T39] dump_stack_lvl+0x151/0x1c0
[ 53.586442][ T39] ? io_uring_drop_tctx_refs+0x190/0x190
[ 53.591908][ T39] ? panic+0x760/0x760
[ 53.595810][ T39] print_address_description+0x87/0x3b0
[ 53.601202][ T39] kasan_report+0x179/0x1c0
[ 53.605616][ T39] ? consume_skb+0x3c/0x250
[ 53.609957][ T39] ? consume_skb+0x3c/0x250
[ 53.614469][ T39] kasan_check_range+0x293/0x2a0
[ 53.619245][ T39] __kasan_check_read+0x11/0x20
[ 53.623932][ T39] consume_skb+0x3c/0x250
[ 53.628097][ T39] __sk_msg_free+0x2dd/0x370
[ 53.632521][ T39] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 53.638162][ T39] sk_psock_stop+0x4e3/0x580
[ 53.642592][ T39] sk_psock_drop+0x219/0x310
[ 53.647016][ T39] sock_map_unref+0x3c6/0x430
[ 53.651528][ T39] sock_map_free+0x137/0x2b0
[ 53.655956][ T39] bpf_map_free_deferred+0x10d/0x1e0
[ 53.661080][ T39] process_one_work+0x6bb/0xc10
[ 53.665767][ T39] worker_thread+0xad5/0x12a0
[ 53.670276][ T39] ? _raw_spin_lock+0x1b0/0x1b0
[ 53.674967][ T39] kthread+0x421/0x510
[ 53.678869][ T39] ? worker_clr_flags+0x180/0x180
[ 53.683727][ T39] ? kthread_blkcg+0xd0/0xd0
[ 53.688154][ T39] ret_from_fork+0x1f/0x30
[ 53.692409][ T39]
[ 53.695274][ T39]
[ 53.697440][ T39] Allocated by task 482:
[ 53.701522][ T39] __kasan_slab_alloc+0xb1/0xe0
[ 53.706207][ T39] slab_post_alloc_hook+0x53/0x2c0
[ 53.711153][ T39] kmem_cache_alloc+0xf5/0x250
[ 53.715753][ T39] skb_clone+0x1d1/0x360
[ 53.719832][ T39] sk_psock_verdict_recv+0x53/0x840
[ 53.725040][ T39] unix_read_sock+0x132/0x370
[ 53.729553][ T39] sk_psock_verdict_data_ready+0x147/0x1a0
[ 53.735194][ T39] unix_dgram_sendmsg+0x15fa/0x2090
[ 53.740227][ T39] ____sys_sendmsg+0x59e/0x8f0
[ 53.744835][ T39] ___sys_sendmsg+0x252/0x2e0
[ 53.749346][ T39] __se_sys_sendmsg+0x19a/0x260
[ 53.754032][ T39] __x64_sys_sendmsg+0x7b/0x90
[ 53.758630][ T39] x64_sys_call+0x16a/0x9a0
[ 53.762980][ T39] do_syscall_64+0x3b/0xb0
[ 53.767221][ T39] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 53.772952][ T39]
[ 53.775123][ T39] Freed by task 367:
[ 53.778863][ T39] kasan_set_track+0x4b/0x70
[ 53.783389][ T39] kasan_set_free_info+0x23/0x40
[ 53.788248][ T39] ____kasan_slab_free+0x126/0x160
[ 53.793195][ T39] __kasan_slab_free+0x11/0x20
[ 53.797792][ T39] slab_free_freelist_hook+0xbd/0x190
[ 53.803184][ T39] kmem_cache_free+0x115/0x330
[ 53.807783][ T39] kfree_skbmem+0x104/0x170
[ 53.812121][ T39] kfree_skb+0xc2/0x360
[ 53.816114][ T39] sk_psock_backlog+0xad1/0xdc0
[ 53.820904][ T39] process_one_work+0x6bb/0xc10
[ 53.825574][ T39] worker_thread+0xad5/0x12a0
[ 53.830086][ T39] kthread+0x421/0x510
[ 53.834003][ T39] ret_from_fork+0x1f/0x30
[ 53.838251][ T39]
[ 53.840417][ T39] The buggy address belongs to the object at ffff88812542c640
[ 53.840417][ T39] which belongs to the cache skbuff_head_cache of size 248
[ 53.854828][ T39] The buggy address is located 236 bytes inside of
[ 53.854828][ T39] 248-byte region [ffff88812542c640, ffff88812542c738)
[ 53.867977][ T39] The buggy address belongs to the page:
[ 53.873411][ T39] page:ffffea0004950b00 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x12542c
[ 53.883464][ T39] flags: 0x4000000000000200(slab|zone=1)
[ 53.889026][ T39] raw: 4000000000000200 0000000000000000 dead000000000122 ffff8881081abb00
[ 53.897456][ T39] raw: 0000000000000000 00000000000c000c 00000001ffffffff 0000000000000000
[ 53.905856][ T39] page dumped because: kasan: bad access detected
[ 53.912117][ T39] page_owner tracks the page as allocated
[ 53.917659][ T39] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x112a20(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_HARDWALL), pid 6, ts 53168853417, free_ts 52817249100
[ 53.934845][ T39] post_alloc_hook+0x1a3/0x1b0
[ 53.939462][ T39] prep_new_page+0x1b/0x110
[ 53.943800][ T39] get_page_from_freelist+0x3550/0x35d0
[ 53.949287][ T39] __alloc_pages+0x27e/0x8f0
[ 53.953707][ T39] new_slab+0x9a/0x4e0
[ 53.957793][ T39] ___slab_alloc+0x39e/0x830
[ 53.962226][ T39] __slab_alloc+0x4a/0x90
[ 53.966396][ T39] kmem_cache_alloc+0x139/0x250
[ 53.971073][ T39] __alloc_skb+0xbe/0x550
[ 53.975229][ T39] inet6_rt_notify+0x2db/0x550
[ 53.980012][ T39] fib6_add+0x23ac/0x3df0
[ 53.984183][ T39] ip6_ins_rt+0x102/0x170
[ 53.988353][ T39] __ipv6_ifa_notify+0x5bd/0x11c0
[ 53.993210][ T39] addrconf_dad_completed+0x177/0xd80
[ 53.998413][ T39] addrconf_dad_work+0xdc1/0x1710
[ 54.003272][ T39] process_one_work+0x6bb/0xc10
[ 54.007961][ T39] page last free stack trace:
[ 54.012472][ T39] free_unref_page_prepare+0x7c8/0x7d0
[ 54.017766][ T39] free_unref_page+0xe8/0x750
[ 54.022280][ T39] __free_pages+0x61/0xf0
[ 54.026447][ T39] __vunmap+0x7c1/0x940
[ 54.030527][ T39] free_work+0x5b/0x80
[ 54.034430][ T39] process_one_work+0x6bb/0xc10
[ 54.039119][ T39] worker_thread+0xad5/0x12a0
[ 54.043630][ T39] kthread+0x421/0x510
[ 54.047535][ T39] ret_from_fork+0x1f/0x30
[ 54.051786][ T39]
[ 54.053954][ T39] Memory state around the buggy address:
[ 54.059439][ T39] ffff88812542c600: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
[ 54.067417][ T39] ffff88812542c680: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 54.075311][ T39] >ffff88812542c700: fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc fc
[ 54.083206][ T39] ^
[ 54.088429][ T39] ffff88812542c780: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 54.096314][ T39] ffff88812542c800: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fc
[ 54.104216][ T39] ==================================================================
[ 54.112108][ T39] Disabling lock debugging due to kernel taint
[ 54.118142][ T39] ==================================================================
[ 54.126009][ T39] BUG: KASAN: double-free or invalid-free in kmem_cache_free+0x115/0x330
[ 54.134248][ T39]
[ 54.136412][ T39] CPU: 1 PID: 39 Comm: kworker/1:1 Tainted: G B 5.15.178-syzkaller-1079147-g7d1f9b5c2ff5 #0
[ 54.147608][ T39] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[ 54.157503][ T39] Workqueue: events bpf_map_free_deferred
[ 54.163060][ T39] Call Trace:
[ 54.166188][ T39]
[ 54.168958][ T39] dump_stack_lvl+0x151/0x1c0
[ 54.173471][ T39] ? io_uring_drop_tctx_refs+0x190/0x190
[ 54.178938][ T39] ? panic+0x760/0x760
[ 54.182941][ T39] ? kmem_cache_free+0x115/0x330
[ 54.187795][ T39] print_address_description+0x87/0x3b0
[ 54.193181][ T39] ? asm_sysvec_apic_timer_interrupt+0x1b/0x20
[ 54.199165][ T39] ? kmem_cache_free+0x115/0x330
[ 54.203941][ T39] ? kmem_cache_free+0x115/0x330
[ 54.208714][ T39] kasan_report_invalid_free+0x6b/0xa0
[ 54.214012][ T39] ____kasan_slab_free+0x13e/0x160
[ 54.218954][ T39] __kasan_slab_free+0x11/0x20
[ 54.223560][ T39] slab_free_freelist_hook+0xbd/0x190
[ 54.228765][ T39] kmem_cache_free+0x115/0x330
[ 54.233536][ T39] ? kfree_skbmem+0x104/0x170
[ 54.238060][ T39] kfree_skbmem+0x104/0x170
[ 54.242391][ T39] consume_skb+0xb4/0x250
[ 54.246565][ T39] __sk_msg_free+0x2dd/0x370
[ 54.251083][ T39] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 54.256733][ T39] sk_psock_stop+0x4e3/0x580
[ 54.261242][ T39] sk_psock_drop+0x219/0x310
[ 54.265667][ T39] sock_map_unref+0x3c6/0x430
[ 54.270178][ T39] sock_map_free+0x137/0x2b0
[ 54.274639][ T39] bpf_map_free_deferred+0x10d/0x1e0
[ 54.279724][ T39] process_one_work+0x6bb/0xc10
[ 54.284500][ T39] worker_thread+0xad5/0x12a0
[ 54.289008][ T39] ? _raw_spin_lock+0x1b0/0x1b0
[ 54.293702][ T39] kthread+0x421/0x510
[ 54.297601][ T39] ? worker_clr_flags+0x180/0x180
[ 54.302470][ T39] ? kthread_blkcg+0xd0/0xd0
[ 54.306889][ T39] ret_from_fork+0x1f/0x30
[ 54.311147][ T39]
[ 54.314006][ T39]
[ 54.316182][ T39] Allocated by task 482:
[ 54.320351][ T39] __kasan_slab_alloc+0xb1/0xe0
[ 54.325040][ T39] slab_post_alloc_hook+0x53/0x2c0
[ 54.329985][ T39] kmem_cache_alloc+0xf5/0x250
[ 54.334919][ T39] skb_clone+0x1d1/0x360
[ 54.338992][ T39] sk_psock_verdict_recv+0x53/0x840
[ 54.344026][ T39] unix_read_sock+0x132/0x370
[ 54.348539][ T39] sk_psock_verdict_data_ready+0x147/0x1a0
[ 54.354277][ T39] unix_dgram_sendmsg+0x15fa/0x2090
[ 54.359324][ T39] ____sys_sendmsg+0x59e/0x8f0
[ 54.363911][ T39] ___sys_sendmsg+0x252/0x2e0
[ 54.368425][ T39] __se_sys_sendmsg+0x19a/0x260
[ 54.373115][ T39] __x64_sys_sendmsg+0x7b/0x90
[ 54.377710][ T39] x64_sys_call+0x16a/0x9a0
[ 54.382051][ T39] do_syscall_64+0x3b/0xb0
[ 54.386505][ T39] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 54.392432][ T39]
[ 54.394595][ T39] Freed by task 367:
[ 54.398407][ T39] kasan_set_track+0x4b/0x70
[ 54.402830][ T39] kasan_set_free_info+0x23/0x40
[ 54.407601][ T39] ____kasan_slab_free+0x126/0x160
[ 54.412559][ T39] __kasan_slab_free+0x11/0x20
[ 54.417153][ T39] slab_free_freelist_hook+0xbd/0x190
[ 54.422359][ T39] kmem_cache_free+0x115/0x330
[ 54.426970][ T39] kfree_skbmem+0x104/0x170
[ 54.431295][ T39] kfree_skb+0xc2/0x360
[ 54.435291][ T39] sk_psock_backlog+0xad1/0xdc0
[ 54.439980][ T39] process_one_work+0x6bb/0xc10
[ 54.444676][ T39] worker_thread+0xad5/0x12a0
[ 54.449176][ T39] kthread+0x421/0x510
[ 54.453090][ T39] ret_from_fork+0x1f/0x30
[ 54.457424][ T39]
[ 54.459604][ T39] The buggy address belongs to the object at ffff88812542c640
[ 54.459604][ T39] which belongs to the cache skbuff_head_cache of size 248
[ 54.474001][ T39] The buggy address is located 0 bytes inside of
[ 54.474001][ T39] 248-byte region [ffff88812542c640, ffff88812542c738)
[ 54.486933][ T39] The buggy address belongs to the page:
[ 54.492401][ T39] page:ffffea0004950b00 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x12542c
[ 54.502470][ T39] flags: 0x4000000000000200(slab|zone=1)
[ 54.507941][ T39] raw: 4000000000000200 0000000000000000 dead000000000122 ffff8881081abb00
[ 54.516540][ T39] raw: 0000000000000000 00000000000c000c 00000001ffffffff 0000000000000000
[ 54.524953][ T39] page dumped because: kasan: bad access detected
[ 54.531204][ T39] page_owner tracks the page as allocated
[ 54.536844][ T39] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x112a20(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_HARDWALL), pid 6, ts 53168853417, free_ts 52817249100
[ 54.554056][ T39] post_alloc_hook+0x1a3/0x1b0
[ 54.558653][ T39] prep_new_page+0x1b/0x110
[ 54.563024][ T39] get_page_from_freelist+0x3550/0x35d0
[ 54.568385][ T39] __alloc_pages+0x27e/0x8f0
[ 54.572931][ T39] new_slab+0x9a/0x4e0
[ 54.576829][ T39] ___slab_alloc+0x39e/0x830
[ 54.581364][ T39] __slab_alloc+0x4a/0x90
[ 54.585527][ T39] kmem_cache_alloc+0x139/0x250
[ 54.590298][ T39] __alloc_skb+0xbe/0x550
[ 54.594562][ T39] inet6_rt_notify+0x2db/0x550
[ 54.599163][ T39] fib6_add+0x23ac/0x3df0
[ 54.603319][ T39] ip6_ins_rt+0x102/0x170
[ 54.607495][ T39] __ipv6_ifa_notify+0x5bd/0x11c0
[ 54.612341][ T39] addrconf_dad_completed+0x177/0xd80
[ 54.617551][ T39] addrconf_dad_work+0xdc1/0x1710
[ 54.622438][ T39] process_one_work+0x6bb/0xc10
[ 54.627108][ T39] page last free stack trace:
[ 54.631611][ T39] free_unref_page_prepare+0x7c8/0x7d0
[ 54.637009][ T39] free_unref_page+0xe8/0x750
[ 54.641513][ T39] __free_pages+0x61/0xf0
[ 54.645681][ T39] __vunmap+0x7c1/0x940
[ 54.649775][ T39] free_work+0x5b/0x80
[ 54.653679][ T39] process_one_work+0x6bb/0xc10
[ 54.658374][ T39] worker_thread+0xad5/0x12a0
[ 54.662887][ T39] kthread+0x421/0x510
[ 54.666785][ T39] ret_from_fork+0x1f/0x30
[ 54.671124][ T39]
[ 54.673382][ T39] Memory state around the buggy address:
[ 54.678851][ T39] ffff88812542c500: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 54.686749][ T39] ffff88812542c580: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fc
[ 54.694650][ T39] >ffff88812542c600: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
[ 54.702546][ T39] ^
[ 54.708550][ T39] ffff88812542c680: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 54.716441][ T39] ffff88812542c700: fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc fc
[ 54.724327][ T39] ==================================================================
[ 54.745383][ T486] FAULT_INJECTION: forcing a failure.
[ 54.745383][ T486] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 54.758524][ T486] CPU: 0 PID: 486 Comm: syz.2.19 Tainted: G B 5.15.178-syzkaller-1079147-g7d1f9b5c2ff5 #0
[ 54.769627][ T486] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[ 54.779520][ T486] Call Trace:
[ 54.782654][ T486]
[ 54.785423][ T486] dump_stack_lvl+0x151/0x1c0
[ 54.790022][ T486] ? io_uring_drop_tctx_refs+0x190/0x190
[ 54.795504][ T486] ? __kernel_text_address+0x9b/0x110
[ 54.800883][ T486] ? unwind_get_return_address+0x4d/0x90
[ 54.806343][ T486] dump_stack+0x15/0x20
[ 54.810593][ T486] should_fail+0x3c6/0x510
[ 54.814894][ T486] should_fail_alloc_page+0x5a/0x80
[ 54.819883][ T486] prepare_alloc_pages+0x15c/0x700
[ 54.825062][ T486] ? __alloc_pages_bulk+0xd80/0xd80
[ 54.830093][ T486] ? __stack_depot_save+0x34/0x470
[ 54.835031][ T486] ? __kasan_slab_alloc+0x63/0xe0
[ 54.839900][ T486] __alloc_pages+0x18c/0x8f0
[ 54.844403][ T486] ? prep_new_page+0x110/0x110
[ 54.849119][ T486] ? _raw_spin_lock_irqsave+0xf9/0x210
[ 54.854421][ T486] ? x64_sys_call+0x16a/0x9a0
[ 54.858927][ T486] ? __skb_try_recv_from_queue+0x2b6/0x750
[ 54.864569][ T486] new_slab+0x9a/0x4e0
[ 54.868470][ T486] ___slab_alloc+0x39e/0x830
[ 54.872895][ T486] ? skb_clone+0x1d1/0x360
[ 54.877150][ T486] ? skb_clone+0x1d1/0x360
[ 54.881402][ T486] __slab_alloc+0x4a/0x90
[ 54.885571][ T486] ? skb_clone+0x1d1/0x360
[ 54.889822][ T486] kmem_cache_alloc+0x139/0x250
[ 54.894509][ T486] skb_clone+0x1d1/0x360
[ 54.898699][ T486] sk_psock_verdict_recv+0x53/0x840
[ 54.903725][ T486] ? avc_has_perm_noaudit+0x430/0x430
[ 54.908989][ T486] unix_read_sock+0x132/0x370
[ 54.913451][ T486] ? sk_psock_skb_redirect+0x440/0x440
[ 54.918745][ T486] ? unix_stream_splice_actor+0x120/0x120
[ 54.924297][ T486] ? _raw_spin_lock_irqsave+0xf9/0x210
[ 54.929594][ T486] ? unix_stream_splice_actor+0x120/0x120
[ 54.935237][ T486] sk_psock_verdict_data_ready+0x147/0x1a0
[ 54.940886][ T486] ? sk_psock_start_verdict+0xc0/0xc0
[ 54.946187][ T486] ? _raw_spin_lock+0xa4/0x1b0
[ 54.950786][ T486] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 54.956432][ T486] ? skb_queue_tail+0xfb/0x120
[ 54.961037][ T486] unix_dgram_sendmsg+0x15fa/0x2090
[ 54.966065][ T486] ? unix_dgram_poll+0x690/0x690
[ 54.970857][ T486] ? kasan_set_track+0x5d/0x70
[ 54.975442][ T486] ? kasan_set_track+0x4b/0x70
[ 54.980037][ T486] ? security_socket_sendmsg+0x82/0xb0
[ 54.985331][ T486] ? unix_dgram_poll+0x690/0x690
[ 54.990109][ T486] ____sys_sendmsg+0x59e/0x8f0
[ 54.994935][ T486] ? __sys_sendmsg_sock+0x40/0x40
[ 54.999800][ T486] ? import_iovec+0xe5/0x120
[ 55.004215][ T486] ___sys_sendmsg+0x252/0x2e0
[ 55.008728][ T486] ? __sys_sendmsg+0x260/0x260
[ 55.013330][ T486] ? putname+0xfa/0x150
[ 55.017321][ T486] ? __fdget+0x1bc/0x240
[ 55.021405][ T486] __se_sys_sendmsg+0x19a/0x260
[ 55.026085][ T486] ? __x64_sys_sendmsg+0x90/0x90
[ 55.030878][ T486] ? ksys_write+0x260/0x2c0
[ 55.035203][ T486] ? debug_smp_processor_id+0x17/0x20
[ 55.040526][ T486] ? fpregs_assert_state_consistent+0xb6/0xe0
[ 55.046434][ T486] __x64_sys_sendmsg+0x7b/0x90
[ 55.051021][ T486] x64_sys_call+0x16a/0x9a0
[ 55.055357][ T486] do_syscall_64+0x3b/0xb0
[ 55.059611][ T486] ? clear_bhb_loop+0x35/0x90
[ 55.064220][ T486] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 55.070060][ T486] RIP: 0033:0x7f039c560759
[ 55.074303][ T486] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 55.093749][ T486] RSP: 002b:00007f039bfe1038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 55.102002][ T486] RAX: ffffffffffffffda RBX: 00007f039c717f80 RCX: 00007f039c560759
[ 55.109806][ T486] RDX: 0000000000000000 RSI: 0000000020000500 RDI: 0000000000000004
[ 55.117619][ T486] RBP: 00007f039bfe1090 R08: 0000000000000000 R09: 0000000000000000
[ 55.125673][ T486] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 55.133748][ T486] R13: 0000000000000000 R14: 00007f039c717f80 R15: 00007fff6e90ad88
[ 55.141650][ T486]
[ 55.146814][ T30] kauditd_printk_skb: 1 callbacks suppressed
[ 55.146848][ T30] audit: type=1400 audit(1742439996.233:119): avc: denied { remove_name } for pid=83 comm="syslogd" name="messages" dev="tmpfs" ino=2 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[ 55.175548][ T30] audit: type=1400 audit(1742439996.233:120): avc: denied { rename } for pid=83 comm="syslogd" name="messages" dev="tmpfs" ino=2 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[ 55.197710][ T30] audit: type=1400 audit(1742439996.233:121): avc: denied { create } for pid=83 comm="syslogd" name="messages" scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[ 55.218927][ T488] FAULT_INJECTION: forcing a failure.
[ 55.218927][ T488] name failslab, interval 1, probability 0, space 0, times 0
[ 55.231421][ T488] CPU: 0 PID: 488 Comm: syz.2.20 Tainted: G B 5.15.178-syzkaller-1079147-g7d1f9b5c2ff5 #0
[ 55.242355][ T488] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[ 55.252237][ T488] Call Trace:
[ 55.255367][ T488]
[ 55.258140][ T488] dump_stack_lvl+0x151/0x1c0
[ 55.262660][ T488] ? io_uring_drop_tctx_refs+0x190/0x190
[ 55.268125][ T488] dump_stack+0x15/0x20
[ 55.272122][ T488] should_fail+0x3c6/0x510
[ 55.276364][ T488] __should_failslab+0xa4/0xe0
[ 55.280972][ T488] should_failslab+0x9/0x20
[ 55.285314][ T488] slab_pre_alloc_hook+0x37/0xd0
[ 55.290172][ T488] kmem_cache_alloc_trace+0x48/0x270
[ 55.295286][ T488] ? sk_psock_skb_ingress_self+0x60/0x330
[ 55.300843][ T488] ? migrate_disable+0x190/0x190
[ 55.305616][ T488] sk_psock_skb_ingress_self+0x60/0x330
[ 55.311008][ T488] sk_psock_verdict_recv+0x66d/0x840
[ 55.316637][ T488] unix_read_sock+0x132/0x370
[ 55.321156][ T488] ? sk_psock_skb_redirect+0x440/0x440
[ 55.326532][ T488] ? unix_stream_splice_actor+0x120/0x120
[ 55.332095][ T488] ? _raw_spin_lock_irqsave+0xf9/0x210
[ 55.337381][ T488] ? unix_stream_splice_actor+0x120/0x120
[ 55.342939][ T488] sk_psock_verdict_data_ready+0x147/0x1a0
[ 55.348575][ T488] ? sk_psock_start_verdict+0xc0/0xc0
[ 55.353783][ T488] ? _raw_spin_lock+0xa4/0x1b0
[ 55.358396][ T488] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 55.364028][ T488] ? skb_queue_tail+0xfb/0x120
[ 55.368629][ T488] unix_dgram_sendmsg+0x15fa/0x2090
[ 55.373676][ T488] ? unix_dgram_poll+0x690/0x690
[ 55.378432][ T488] ? kasan_set_track+0x5d/0x70
[ 55.383035][ T488] ? kasan_set_track+0x4b/0x70
[ 55.387646][ T488] ? security_socket_sendmsg+0x82/0xb0
[ 55.392926][ T488] ? unix_dgram_poll+0x690/0x690
[ 55.397704][ T488] ____sys_sendmsg+0x59e/0x8f0
[ 55.402308][ T488] ? __sys_sendmsg_sock+0x40/0x40
[ 55.407162][ T488] ? import_iovec+0xe5/0x120
[ 55.411589][ T488] ___sys_sendmsg+0x252/0x2e0
[ 55.416108][ T488] ? __sys_sendmsg+0x260/0x260
[ 55.420704][ T488] ? putname+0xfa/0x150
[ 55.424754][ T488] ? __fdget+0x1bc/0x240
[ 55.428772][ T488] __se_sys_sendmsg+0x19a/0x260
[ 55.433468][ T488] ? __x64_sys_sendmsg+0x90/0x90
[ 55.438238][ T488] ? ksys_write+0x260/0x2c0
[ 55.442596][ T488] ? debug_smp_processor_id+0x17/0x20
[ 55.447815][ T488] ? fpregs_assert_state_consistent+0xb6/0xe0
[ 55.453682][ T488] __x64_sys_sendmsg+0x7b/0x90
[ 55.458283][ T488] x64_sys_call+0x16a/0x9a0
[ 55.462827][ T488] do_syscall_64+0x3b/0xb0
[ 55.467059][ T488] ? clear_bhb_loop+0x35/0x90
[ 55.471653][ T488] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 55.477374][ T488] RIP: 0033:0x7f039c560759
[ 55.481638][ T488] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 55.501086][ T488] RSP: 002b:00007f039bfe1038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 55.509315][ T488] RAX: ffffffffffffffda RBX: 00007f039c717f80 RCX: 00007f039c560759
[ 55.517133][ T488] RDX: 0000000000000000 RSI: 0000000020000500 RDI: 0000000000000004
[ 55.524943][ T488] RBP: 00007f039bfe1090 R08: 0000000000000000 R09: 0000000000000000
[ 55.532747][ T488] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 55.540561][ T488] R13: 0000000000000000 R14: 00007f039c717f80 R15: 00007fff6e90ad88
[ 55.548381][ T488]
[ 55.551823][ T487] ==================================================================
[ 55.559699][ T487] BUG: KASAN: double-free or invalid-free in kmem_cache_free+0x115/0x330
[ 55.567951][ T487]
[ 55.570123][ T487] CPU: 1 PID: 487 Comm: syz.2.20 Tainted: G B 5.15.178-syzkaller-1079147-g7d1f9b5c2ff5 #0
[ 55.581132][ T487] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[ 55.591042][ T487] Call Trace:
[ 55.594155][ T487]
[ 55.596930][ T487] dump_stack_lvl+0x151/0x1c0
[ 55.601443][ T487] ? io_uring_drop_tctx_refs+0x190/0x190
[ 55.606907][ T487] ? __wake_up_klogd+0xd5/0x110
[ 55.611594][ T487] ? panic+0x760/0x760
[ 55.615507][ T487] ? kmem_cache_free+0x115/0x330
[ 55.620400][ T487] print_address_description+0x87/0x3b0
[ 55.625822][ T487] ? kmem_cache_free+0x115/0x330
[ 55.630778][ T487] ? kmem_cache_free+0x115/0x330
[ 55.635530][ T487] kasan_report_invalid_free+0x6b/0xa0
[ 55.640832][ T487] ____kasan_slab_free+0x13e/0x160
[ 55.645977][ T487] __kasan_slab_free+0x11/0x20
[ 55.650555][ T487] slab_free_freelist_hook+0xbd/0x190
[ 55.655844][ T487] kmem_cache_free+0x115/0x330
[ 55.660447][ T487] ? kfree_skbmem+0x104/0x170
[ 55.664952][ T487] kfree_skbmem+0x104/0x170
[ 55.669300][ T487] consume_skb+0xb4/0x250
[ 55.673462][ T487] __sk_msg_free+0x2dd/0x370
[ 55.677885][ T487] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 55.683527][ T487] sk_psock_stop+0x4e3/0x580
[ 55.688172][ T487] sk_psock_drop+0x219/0x310
[ 55.692597][ T487] sock_map_unref+0x3c6/0x430
[ 55.697103][ T487] ? _raw_spin_unlock_bh+0x51/0x60
[ 55.702056][ T487] sock_map_remove_links+0x41c/0x650
[ 55.707176][ T487] ? sock_map_unhash+0x120/0x120
[ 55.711963][ T487] ? locks_remove_posix+0x610/0x610
[ 55.716980][ T487] sock_map_close+0x114/0x530
[ 55.721493][ T487] ? unix_peer_get+0xe0/0xe0
[ 55.725916][ T487] ? sock_map_remove_links+0x650/0x650
[ 55.731223][ T487] ? rwsem_mark_wake+0x770/0x770
[ 55.736120][ T487] unix_release+0x82/0xc0
[ 55.740299][ T487] sock_close+0xdf/0x270
[ 55.744355][ T487] ? sock_mmap+0xa0/0xa0
[ 55.748458][ T487] __fput+0x228/0x8c0
[ 55.752274][ T487] ____fput+0x15/0x20
[ 55.756072][ T487] task_work_run+0x129/0x190
[ 55.760506][ T487] exit_to_user_mode_loop+0xc4/0xe0
[ 55.765620][ T487] exit_to_user_mode_prepare+0x5a/0xa0
[ 55.770941][ T487] syscall_exit_to_user_mode+0x26/0x160
[ 55.776293][ T487] do_syscall_64+0x47/0xb0
[ 55.780548][ T487] ? clear_bhb_loop+0x35/0x90
[ 55.785252][ T487] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 55.791195][ T487] RIP: 0033:0x7f039c560759
[ 55.795542][ T487] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 55.815441][ T487] RSP: 002b:00007fff6e90aee8 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4
[ 55.823695][ T487] RAX: 0000000000000000 RBX: 000000000000d772 RCX: 00007f039c560759
[ 55.831497][ T487] RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003
[ 55.839311][ T487] RBP: 00007f039c719a80 R08: 0000000000000001 R09: 00007fff6e90b1df
[ 55.847125][ T487] R10: 00007f039c3e2000 R11: 0000000000000246 R12: 000000000000d7d1
[ 55.854936][ T487] R13: 00007fff6e90aff0 R14: 0000000000000032 R15: ffffffffffffffff
[ 55.862795][ T487]
[ 55.865606][ T487]
[ 55.867779][ T487] Allocated by task 488:
[ 55.871910][ T487] __kasan_slab_alloc+0xb1/0xe0
[ 55.876556][ T487] slab_post_alloc_hook+0x53/0x2c0
[ 55.881580][ T487] kmem_cache_alloc+0xf5/0x250
[ 55.886257][ T487] skb_clone+0x1d1/0x360
[ 55.890343][ T487] sk_psock_verdict_recv+0x53/0x840
[ 55.895372][ T487] unix_read_sock+0x132/0x370
[ 55.899885][ T487] sk_psock_verdict_data_ready+0x147/0x1a0
[ 55.905528][ T487] unix_dgram_sendmsg+0x15fa/0x2090
[ 55.910568][ T487] ____sys_sendmsg+0x59e/0x8f0
[ 55.915162][ T487] ___sys_sendmsg+0x252/0x2e0
[ 55.919676][ T487] __se_sys_sendmsg+0x19a/0x260
[ 55.924361][ T487] __x64_sys_sendmsg+0x7b/0x90
[ 55.928975][ T487] x64_sys_call+0x16a/0x9a0
[ 55.933299][ T487] do_syscall_64+0x3b/0xb0
[ 55.937562][ T487] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 55.943284][ T487]
[ 55.945452][ T487] Freed by task 39:
[ 55.949109][ T487] kasan_set_track+0x4b/0x70
[ 55.953529][ T487] kasan_set_free_info+0x23/0x40
[ 55.958302][ T487] ____kasan_slab_free+0x126/0x160
[ 55.963269][ T487] __kasan_slab_free+0x11/0x20
[ 55.967867][ T487] slab_free_freelist_hook+0xbd/0x190
[ 55.973071][ T487] kmem_cache_free+0x115/0x330
[ 55.977657][ T487] kfree_skbmem+0x104/0x170
[ 55.982002][ T487] kfree_skb+0xc2/0x360
[ 55.986044][ T487] sk_psock_backlog+0xad1/0xdc0
[ 55.990669][ T487] process_one_work+0x6bb/0xc10
[ 55.995355][ T487] worker_thread+0xad5/0x12a0
[ 55.999867][ T487] kthread+0x421/0x510
[ 56.003775][ T487] ret_from_fork+0x1f/0x30
[ 56.008029][ T487]
[ 56.010214][ T487] The buggy address belongs to the object at ffff88811ade4500
[ 56.010214][ T487] which belongs to the cache skbuff_head_cache of size 248
[ 56.024707][ T487] The buggy address is located 0 bytes inside of
[ 56.024707][ T487] 248-byte region [ffff88811ade4500, ffff88811ade45f8)
[ 56.037626][ T487] The buggy address belongs to the page:
[ 56.043094][ T487] page:ffffea00046b7900 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x11ade4
[ 56.053160][ T487] flags: 0x4000000000000200(slab|zone=1)
[ 56.058665][ T487] raw: 4000000000000200 0000000000000000 dead000000000122 ffff8881081abb00
[ 56.067150][ T487] raw: 0000000000000000 00000000000c000c 00000001ffffffff 0000000000000000
[ 56.075550][ T487] page dumped because: kasan: bad access detected
[ 56.081830][ T487] page_owner tracks the page as allocated
[ 56.087360][ T487] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x112cc0(GFP_USER|__GFP_NOWARN|__GFP_NORETRY), pid 90, ts 54747333456, free_ts 53171045240
[ 56.103070][ T487] post_alloc_hook+0x1a3/0x1b0
[ 56.107677][ T487] prep_new_page+0x1b/0x110
[ 56.112124][ T487] get_page_from_freelist+0x3550/0x35d0
[ 56.117502][ T487] __alloc_pages+0x27e/0x8f0
[ 56.121935][ T487] new_slab+0x9a/0x4e0
[ 56.125921][ T487] ___slab_alloc+0x39e/0x830
[ 56.130447][ T487] __slab_alloc+0x4a/0x90
[ 56.134610][ T487] kmem_cache_alloc+0x139/0x250
[ 56.139293][ T487] __alloc_skb+0xbe/0x550
[ 56.143465][ T487] alloc_skb_with_frags+0xa6/0x680
[ 56.148760][ T487] sock_alloc_send_pskb+0x915/0xa50
[ 56.153792][ T487] unix_dgram_sendmsg+0x6fd/0x2090
[ 56.158747][ T487] __sys_sendto+0x564/0x720
[ 56.163080][ T487] __x64_sys_sendto+0xe5/0x100
[ 56.167678][ T487] x64_sys_call+0x15c/0x9a0
[ 56.172025][ T487] do_syscall_64+0x3b/0xb0
[ 56.176272][ T487] page last free stack trace:
[ 56.180787][ T487] free_unref_page_prepare+0x7c8/0x7d0
[ 56.186252][ T487] free_unref_page_list+0x14b/0xa60
[ 56.191284][ T487] release_pages+0x1310/0x1370
[ 56.195883][ T487] free_pages_and_swap_cache+0x8a/0xa0
[ 56.201176][ T487] tlb_finish_mmu+0x177/0x320
[ 56.205690][ T487] exit_mmap+0x484/0x990
[ 56.209767][ T487] __mmput+0x95/0x310
[ 56.213602][ T487] mmput+0x5b/0x170
[ 56.217231][ T487] do_exit+0xb9c/0x2ca0
[ 56.221224][ T487] do_group_exit+0x141/0x310
[ 56.225652][ T487] get_signal+0x7a3/0x1630
[ 56.230082][ T487] arch_do_signal_or_restart+0xbd/0x1680
[ 56.235551][ T487] exit_to_user_mode_loop+0xa0/0xe0
[ 56.240593][ T487] exit_to_user_mode_prepare+0x5a/0xa0
[ 56.245877][ T487] syscall_exit_to_user_mode+0x26/0x160
[ 56.251263][ T487] do_syscall_64+0x47/0xb0
[ 56.255617][ T487]
[ 56.257765][ T487] Memory state around the buggy address:
[ 56.263252][ T487] ffff88811ade4400: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 56.271256][ T487] ffff88811ade4480: fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc fc
[ 56.279285][ T487] >ffff88811ade4500: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 56.287243][ T487] ^
[ 56.291152][ T487] ffff88811ade4580: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fc
[ 56.299056][ T487] ffff88811ade4600: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
[ 56.306948][ T487] ==================================================================
[ 56.328139][ T491] FAULT_INJECTION: forcing a failure.
[ 56.328139][ T491] name failslab, interval 1, probability 0, space 0, times 0
[ 56.340623][ T491] CPU: 1 PID: 491 Comm: syz.2.21 Tainted: G B 5.15.178-syzkaller-1079147-g7d1f9b5c2ff5 #0
[ 56.351562][ T491] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[ 56.361453][ T491] Call Trace:
[ 56.364727][ T491]
[ 56.367494][ T491] dump_stack_lvl+0x151/0x1c0
[ 56.372015][ T491] ? io_uring_drop_tctx_refs+0x190/0x190
[ 56.377471][ T491] dump_stack+0x15/0x20
[ 56.381460][ T491] should_fail+0x3c6/0x510
[ 56.385745][ T491] __should_failslab+0xa4/0xe0
[ 56.390400][ T491] should_failslab+0x9/0x20
[ 56.394739][ T491] slab_pre_alloc_hook+0x37/0xd0
[ 56.399512][ T491] kmem_cache_alloc_trace+0x48/0x270
[ 56.404633][ T491] ? sk_psock_skb_ingress_self+0x60/0x330
[ 56.410188][ T491] ? migrate_disable+0x190/0x190
[ 56.414961][ T491] sk_psock_skb_ingress_self+0x60/0x330
[ 56.420342][ T491] sk_psock_verdict_recv+0x66d/0x840
[ 56.425463][ T491] unix_read_sock+0x132/0x370
[ 56.429984][ T491] ? sk_psock_skb_redirect+0x440/0x440
[ 56.435270][ T491] ? unix_stream_splice_actor+0x120/0x120
[ 56.440876][ T491] ? _raw_spin_lock_irqsave+0xf9/0x210
[ 56.446152][ T491] ? unix_stream_splice_actor+0x120/0x120
[ 56.451685][ T491] sk_psock_verdict_data_ready+0x147/0x1a0
[ 56.457315][ T491] ? sk_psock_start_verdict+0xc0/0xc0
[ 56.462525][ T491] ? _raw_spin_lock+0xa4/0x1b0
[ 56.467124][ T491] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 56.472775][ T491] ? skb_queue_tail+0xfb/0x120
[ 56.477371][ T491] unix_dgram_sendmsg+0x15fa/0x2090
[ 56.482414][ T491] ? unix_dgram_poll+0x690/0x690
[ 56.487174][ T491] ? kasan_set_track+0x5d/0x70
[ 56.491870][ T491] ? kasan_set_track+0x4b/0x70
[ 56.496479][ T491] ? security_socket_sendmsg+0x82/0xb0
[ 56.501753][ T491] ? unix_dgram_poll+0x690/0x690
[ 56.506535][ T491] ____sys_sendmsg+0x59e/0x8f0
[ 56.511146][ T491] ? __sys_sendmsg_sock+0x40/0x40
[ 56.515997][ T491] ? import_iovec+0xe5/0x120
[ 56.520416][ T491] ___sys_sendmsg+0x252/0x2e0
[ 56.524929][ T491] ? __sys_sendmsg+0x260/0x260
[ 56.529531][ T491] ? putname+0xfa/0x150
[ 56.533781][ T491] ? __fdget+0x1bc/0x240
[ 56.537868][ T491] __se_sys_sendmsg+0x19a/0x260
[ 56.542545][ T491] ? __x64_sys_sendmsg+0x90/0x90
[ 56.547319][ T491] ? ksys_write+0x260/0x2c0
[ 56.551660][ T491] ? debug_smp_processor_id+0x17/0x20
[ 56.556864][ T491] ? fpregs_assert_state_consistent+0xb6/0xe0
[ 56.562776][ T491] __x64_sys_sendmsg+0x7b/0x90
[ 56.567367][ T491] x64_sys_call+0x16a/0x9a0
[ 56.571713][ T491] do_syscall_64+0x3b/0xb0
[ 56.575976][ T491] ? clear_bhb_loop+0x35/0x90
[ 56.580478][ T491] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 56.586206][ T491] RIP: 0033:0x7f039c560759
[ 56.590469][ T491] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 56.609912][ T491] RSP: 002b:00007f039bfe1038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 56.618139][ T491] RAX: ffffffffffffffda RBX: 00007f039c717f80 RCX: 00007f039c560759
[ 56.625952][ T491] RDX: 0000000000000000 RSI: 0000000020000500 RDI: 0000000000000004
[ 56.633852][ T491] RBP: 00007f039bfe1090 R08: 0000000000000000 R09: 0000000000000000
[ 56.641714][ T491] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
2025/03/20 03:06:37 executed programs: 8
[ 56.649500][ T491] R13: 0000000000000000 R14: 00007f039c717f80 R15: 00007fff6e90ad88
[ 56.657295][ T491]
[ 56.661323][ T39] ==================================================================
[ 56.669206][ T39] BUG: KASAN: double-free or invalid-free in kmem_cache_free+0x115/0x330
[ 56.677534][ T39]
[ 56.679719][ T39] CPU: 1 PID: 39 Comm: kworker/1:1 Tainted: G B 5.15.178-syzkaller-1079147-g7d1f9b5c2ff5 #0
[ 56.690983][ T39] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[ 56.700879][ T39] Workqueue: events bpf_map_free_deferred
[ 56.706430][ T39] Call Trace:
[ 56.709555][ T39]
[ 56.712332][ T39] dump_stack_lvl+0x151/0x1c0
[ 56.716852][ T39] ? io_uring_drop_tctx_refs+0x190/0x190
[ 56.722314][ T39] ? panic+0x760/0x760
[ 56.726220][ T39] ? kasan_set_free_info+0x23/0x40
[ 56.731169][ T39] ? ____kasan_slab_free+0x126/0x160
[ 56.736287][ T39] ? kmem_cache_free+0x115/0x330
[ 56.741206][ T39] print_address_description+0x87/0x3b0
[ 56.746542][ T39] ? worker_thread+0xad5/0x12a0
[ 56.751218][ T39] ? kthread+0x421/0x510
[ 56.755298][ T39] ? kmem_cache_free+0x115/0x330
[ 56.760070][ T39] ? kmem_cache_free+0x115/0x330
[ 56.764850][ T39] kasan_report_invalid_free+0x6b/0xa0
[ 56.770138][ T39] ____kasan_slab_free+0x13e/0x160
[ 56.775093][ T39] __kasan_slab_free+0x11/0x20
[ 56.779688][ T39] slab_free_freelist_hook+0xbd/0x190
[ 56.784896][ T39] kmem_cache_free+0x115/0x330
[ 56.789491][ T39] ? kfree_skbmem+0x104/0x170
[ 56.794004][ T39] kfree_skbmem+0x104/0x170
[ 56.798346][ T39] consume_skb+0xb4/0x250
[ 56.802513][ T39] __sk_msg_free+0x2dd/0x370
[ 56.807060][ T39] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 56.812717][ T39] sk_psock_stop+0x4e3/0x580
[ 56.817210][ T39] sk_psock_drop+0x219/0x310
[ 56.821643][ T39] sock_map_unref+0x3c6/0x430
[ 56.826156][ T39] sock_map_free+0x137/0x2b0
[ 56.830605][ T39] bpf_map_free_deferred+0x10d/0x1e0
[ 56.835693][ T39] process_one_work+0x6bb/0xc10
[ 56.840381][ T39] worker_thread+0xad5/0x12a0
[ 56.844897][ T39] ? _raw_spin_lock+0x1b0/0x1b0
[ 56.849580][ T39] kthread+0x421/0x510
[ 56.853482][ T39] ? worker_clr_flags+0x180/0x180
[ 56.858440][ T39] ? kthread_blkcg+0xd0/0xd0
[ 56.862856][ T39] ret_from_fork+0x1f/0x30
[ 56.867113][ T39]
[ 56.869978][ T39]
[ 56.872144][ T39] Allocated by task 491:
[ 56.876233][ T39] __kasan_slab_alloc+0xb1/0xe0
[ 56.880916][ T39] slab_post_alloc_hook+0x53/0x2c0
[ 56.885858][ T39] kmem_cache_alloc+0xf5/0x250
[ 56.890543][ T39] skb_clone+0x1d1/0x360
[ 56.894623][ T39] sk_psock_verdict_recv+0x53/0x840
[ 56.899665][ T39] unix_read_sock+0x132/0x370
[ 56.904175][ T39] sk_psock_verdict_data_ready+0x147/0x1a0
[ 56.909815][ T39] unix_dgram_sendmsg+0x15fa/0x2090
[ 56.914853][ T39] ____sys_sendmsg+0x59e/0x8f0
[ 56.919529][ T39] ___sys_sendmsg+0x252/0x2e0
[ 56.924060][ T39] __se_sys_sendmsg+0x19a/0x260
[ 56.928829][ T39] __x64_sys_sendmsg+0x7b/0x90
[ 56.933428][ T39] x64_sys_call+0x16a/0x9a0
[ 56.937769][ T39] do_syscall_64+0x3b/0xb0
[ 56.942021][ T39] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 56.947753][ T39]
[ 56.949931][ T39] Freed by task 39:
[ 56.953741][ T39] kasan_set_track+0x4b/0x70
[ 56.958163][ T39] kasan_set_free_info+0x23/0x40
[ 56.962940][ T39] ____kasan_slab_free+0x126/0x160
[ 56.967886][ T39] __kasan_slab_free+0x11/0x20
[ 56.972499][ T39] slab_free_freelist_hook+0xbd/0x190
[ 56.977691][ T39] kmem_cache_free+0x115/0x330
[ 56.982295][ T39] kfree_skbmem+0x104/0x170
[ 56.986631][ T39] kfree_skb+0xc2/0x360
[ 56.990629][ T39] sk_psock_backlog+0xad1/0xdc0
[ 56.995397][ T39] process_one_work+0x6bb/0xc10
[ 57.000098][ T39] worker_thread+0xad5/0x12a0
[ 57.004622][ T39] kthread+0x421/0x510
[ 57.008504][ T39] ret_from_fork+0x1f/0x30
[ 57.012847][ T39]
[ 57.015026][ T39] The buggy address belongs to the object at ffff8881189e83c0
[ 57.015026][ T39] which belongs to the cache skbuff_head_cache of size 248
[ 57.029420][ T39] The buggy address is located 0 bytes inside of
[ 57.029420][ T39] 248-byte region [ffff8881189e83c0, ffff8881189e84b8)
[ 57.042356][ T39] The buggy address belongs to the page:
[ 57.047825][ T39] page:ffffea0004627a00 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1189e8
[ 57.057901][ T39] flags: 0x4000000000000200(slab|zone=1)
[ 57.063364][ T39] raw: 4000000000000200 ffffea000461b300 0000000200000002 ffff8881081abb00
[ 57.071821][ T39] raw: 0000000000000000 00000000000c000c 00000001ffffffff 0000000000000000
[ 57.080193][ T39] page dumped because: kasan: bad access detected
[ 57.086555][ T39] page_owner tracks the page as allocated
[ 57.092086][ T39] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x12cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY), pid 136, ts 5590999514, free_ts 0
[ 57.106929][ T39] post_alloc_hook+0x1a3/0x1b0
[ 57.111526][ T39] prep_new_page+0x1b/0x110
[ 57.115952][ T39] get_page_from_freelist+0x3550/0x35d0
[ 57.121418][ T39] __alloc_pages+0x27e/0x8f0
[ 57.125844][ T39] new_slab+0x9a/0x4e0
[ 57.129753][ T39] ___slab_alloc+0x39e/0x830
[ 57.134183][ T39] __slab_alloc+0x4a/0x90
[ 57.138350][ T39] kmem_cache_alloc+0x139/0x250
[ 57.143032][ T39] __alloc_skb+0xbe/0x550
[ 57.147199][ T39] sock_wmalloc+0xb2/0x130
[ 57.151453][ T39] unix_stream_connect+0x457/0x1510
[ 57.156492][ T39] __sys_connect+0x38b/0x410
[ 57.160909][ T39] __x64_sys_connect+0x7a/0x90
[ 57.165509][ T39] x64_sys_call+0x14e/0x9a0
[ 57.169849][ T39] do_syscall_64+0x3b/0xb0
[ 57.174104][ T39] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 57.179923][ T39] page_owner free stack trace missing
[ 57.185129][ T39]
[ 57.187293][ T39] Memory state around the buggy address:
[ 57.192766][ T39] ffff8881189e8280: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 57.200677][ T39] ffff8881189e8300: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fc
[ 57.208569][ T39] >ffff8881189e8380: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
[ 57.216459][ T39] ^
[ 57.222451][ T39] ffff8881189e8400: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 57.230350][ T39] ffff8881189e8480: fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc fc
[ 57.238243][ T39] ==================================================================
[ 57.259403][ T493] FAULT_INJECTION: forcing a failure.
[ 57.259403][ T493] name failslab, interval 1, probability 0, space 0, times 0
[ 57.272082][ T493] CPU: 1 PID: 493 Comm: syz.2.22 Tainted: G B 5.15.178-syzkaller-1079147-g7d1f9b5c2ff5 #0
[ 57.283113][ T493] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[ 57.292996][ T493] Call Trace:
[ 57.296124][ T493]
[ 57.298900][ T493] dump_stack_lvl+0x151/0x1c0
[ 57.303421][ T493] ? io_uring_drop_tctx_refs+0x190/0x190
[ 57.308880][ T493] dump_stack+0x15/0x20
[ 57.312872][ T493] should_fail+0x3c6/0x510
[ 57.317127][ T493] __should_failslab+0xa4/0xe0
[ 57.321722][ T493] should_failslab+0x9/0x20
[ 57.326164][ T493] slab_pre_alloc_hook+0x37/0xd0
[ 57.330932][ T493] kmem_cache_alloc_trace+0x48/0x270
[ 57.336045][ T493] ? sk_psock_skb_ingress_self+0x60/0x330
[ 57.341601][ T493] ? migrate_disable+0x190/0x190
[ 57.346376][ T493] sk_psock_skb_ingress_self+0x60/0x330
[ 57.351762][ T493] sk_psock_verdict_recv+0x66d/0x840
[ 57.356962][ T493] unix_read_sock+0x132/0x370
[ 57.361477][ T493] ? sk_psock_skb_redirect+0x440/0x440
[ 57.366798][ T493] ? unix_stream_splice_actor+0x120/0x120
[ 57.372336][ T493] ? _raw_spin_lock_irqsave+0xf9/0x210
[ 57.377704][ T493] ? unix_stream_splice_actor+0x120/0x120
[ 57.383350][ T493] sk_psock_verdict_data_ready+0x147/0x1a0
[ 57.389010][ T493] ? sk_psock_start_verdict+0xc0/0xc0
[ 57.394196][ T493] ? _raw_spin_lock+0xa4/0x1b0
[ 57.399124][ T493] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 57.404696][ T493] ? skb_queue_tail+0xfb/0x120
[ 57.409297][ T493] unix_dgram_sendmsg+0x15fa/0x2090
[ 57.414332][ T493] ? unix_dgram_poll+0x690/0x690
[ 57.419103][ T493] ? kasan_set_track+0x5d/0x70
[ 57.423701][ T493] ? kasan_set_track+0x4b/0x70
[ 57.428304][ T493] ? security_socket_sendmsg+0x82/0xb0
[ 57.433596][ T493] ? unix_dgram_poll+0x690/0x690
[ 57.438472][ T493] ____sys_sendmsg+0x59e/0x8f0
[ 57.443074][ T493] ? __sys_sendmsg_sock+0x40/0x40
[ 57.447932][ T493] ? import_iovec+0xe5/0x120
[ 57.452418][ T493] ___sys_sendmsg+0x252/0x2e0
[ 57.456874][ T493] ? __sys_sendmsg+0x260/0x260
[ 57.461481][ T493] ? putname+0xfa/0x150
[ 57.465465][ T493] ? __fdget+0x1bc/0x240
[ 57.469552][ T493] __se_sys_sendmsg+0x19a/0x260
[ 57.474250][ T493] ? __x64_sys_sendmsg+0x90/0x90
[ 57.479002][ T493] ? ksys_write+0x260/0x2c0
[ 57.483444][ T493] ? debug_smp_processor_id+0x17/0x20
[ 57.488656][ T493] ? fpregs_assert_state_consistent+0xb6/0xe0
[ 57.494563][ T493] __x64_sys_sendmsg+0x7b/0x90
[ 57.499203][ T493] x64_sys_call+0x16a/0x9a0
[ 57.503669][ T493] do_syscall_64+0x3b/0xb0
[ 57.508003][ T493] ? clear_bhb_loop+0x35/0x90
[ 57.512518][ T493] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 57.518248][ T493] RIP: 0033:0x7f039c560759
[ 57.522499][ T493] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 57.541940][ T493] RSP: 002b:00007f039bfe1038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 57.550277][ T493] RAX: ffffffffffffffda RBX: 00007f039c717f80 RCX: 00007f039c560759
[ 57.558093][ T493] RDX: 0000000000000000 RSI: 0000000020000500 RDI: 0000000000000004
[ 57.565893][ T493] RBP: 00007f039bfe1090 R08: 0000000000000000 R09: 0000000000000000
[ 57.573710][ T493] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 57.581605][ T493] R13: 0000000000000000 R14: 00007f039c717f80 R15: 00007fff6e90ad88
[ 57.589422][ T493]
[ 57.595738][ T472] ==================================================================
[ 57.603812][ T472] BUG: KASAN: double-free or invalid-free in kmem_cache_free+0x115/0x330
[ 57.612052][ T472]
[ 57.614222][ T472] CPU: 1 PID: 472 Comm: kworker/1:3 Tainted: G B 5.15.178-syzkaller-1079147-g7d1f9b5c2ff5 #0
[ 57.625723][ T472] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[ 57.635611][ T472] Workqueue: events bpf_map_free_deferred
[ 57.641159][ T472] Call Trace:
[ 57.644288][ T472]
[ 57.647066][ T472] dump_stack_lvl+0x151/0x1c0
[ 57.651667][ T472] ? io_uring_drop_tctx_refs+0x190/0x190
[ 57.657130][ T472] ? panic+0x760/0x760
[ 57.661036][ T472] ? kmem_cache_free+0x115/0x330
[ 57.665811][ T472] print_address_description+0x87/0x3b0
[ 57.671300][ T472] ? kmem_cache_free+0x115/0x330
[ 57.676069][ T472] ? kmem_cache_free+0x115/0x330
[ 57.680951][ T472] kasan_report_invalid_free+0x6b/0xa0
[ 57.686234][ T472] ____kasan_slab_free+0x13e/0x160
[ 57.691184][ T472] __kasan_slab_free+0x11/0x20
[ 57.695784][ T472] slab_free_freelist_hook+0xbd/0x190
[ 57.700983][ T472] kmem_cache_free+0x115/0x330
[ 57.705578][ T472] ? kfree_skbmem+0x104/0x170
[ 57.710097][ T472] kfree_skbmem+0x104/0x170
[ 57.714434][ T472] consume_skb+0xb4/0x250
[ 57.718601][ T472] __sk_msg_free+0x2dd/0x370
[ 57.723111][ T472] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 57.728764][ T472] sk_psock_stop+0x4e3/0x580
[ 57.733367][ T472] sk_psock_drop+0x219/0x310
[ 57.737780][ T472] sock_map_unref+0x3c6/0x430
[ 57.742302][ T472] sock_map_free+0x137/0x2b0
[ 57.746826][ T472] bpf_map_free_deferred+0x10d/0x1e0
[ 57.751946][ T472] process_one_work+0x6bb/0xc10
[ 57.756907][ T472] worker_thread+0xad5/0x12a0
[ 57.761414][ T472] ? _raw_spin_lock+0x1b0/0x1b0
[ 57.766090][ T472] kthread+0x421/0x510
[ 57.769994][ T472] ? worker_clr_flags+0x180/0x180
[ 57.774856][ T472] ? kthread_blkcg+0xd0/0xd0
[ 57.779291][ T472] ret_from_fork+0x1f/0x30
[ 57.783537][ T472]
[ 57.786400][ T472]
[ 57.788593][ T472] Allocated by task 493:
[ 57.792646][ T472] __kasan_slab_alloc+0xb1/0xe0
[ 57.797333][ T472] slab_post_alloc_hook+0x53/0x2c0
[ 57.802276][ T472] kmem_cache_alloc+0xf5/0x250
[ 57.806886][ T472] skb_clone+0x1d1/0x360
[ 57.810958][ T472] sk_psock_verdict_recv+0x53/0x840
[ 57.816003][ T472] unix_read_sock+0x132/0x370
[ 57.820541][ T472] sk_psock_verdict_data_ready+0x147/0x1a0
[ 57.826233][ T472] unix_dgram_sendmsg+0x15fa/0x2090
[ 57.831271][ T472] ____sys_sendmsg+0x59e/0x8f0
[ 57.835869][ T472] ___sys_sendmsg+0x252/0x2e0
[ 57.840497][ T472] __se_sys_sendmsg+0x19a/0x260
[ 57.845179][ T472] __x64_sys_sendmsg+0x7b/0x90
[ 57.849867][ T472] x64_sys_call+0x16a/0x9a0
[ 57.854208][ T472] do_syscall_64+0x3b/0xb0
[ 57.858466][ T472] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 57.864196][ T472]
[ 57.866358][ T472] Freed by task 39:
[ 57.870098][ T472] kasan_set_track+0x4b/0x70
[ 57.874514][ T472] kasan_set_free_info+0x23/0x40
[ 57.879294][ T472] ____kasan_slab_free+0x126/0x160
[ 57.884234][ T472] __kasan_slab_free+0x11/0x20
[ 57.888836][ T472] slab_free_freelist_hook+0xbd/0x190
[ 57.894044][ T472] kmem_cache_free+0x115/0x330
[ 57.898644][ T472] kfree_skbmem+0x104/0x170
[ 57.902984][ T472] kfree_skb+0xc2/0x360
[ 57.906975][ T472] sk_psock_backlog+0xad1/0xdc0
[ 57.911662][ T472] process_one_work+0x6bb/0xc10
[ 57.916354][ T472] worker_thread+0xad5/0x12a0
[ 57.920865][ T472] kthread+0x421/0x510
[ 57.924770][ T472] ret_from_fork+0x1f/0x30
[ 57.929026][ T472]
[ 57.931198][ T472] The buggy address belongs to the object at ffff8881189b1dc0
[ 57.931198][ T472] which belongs to the cache skbuff_head_cache of size 248
[ 57.945598][ T472] The buggy address is located 0 bytes inside of
[ 57.945598][ T472] 248-byte region [ffff8881189b1dc0, ffff8881189b1eb8)
[ 57.958676][ T472] The buggy address belongs to the page:
[ 57.964245][ T472] page:ffffea0004626c40 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1189b1
[ 57.974294][ T472] flags: 0x4000000000000200(slab|zone=1)
[ 57.979778][ T472] raw: 4000000000000200 0000000000000000 dead000000000122 ffff8881081abb00
[ 57.988184][ T472] raw: 0000000000000000 00000000000c000c 00000001ffffffff 0000000000000000
[ 57.996597][ T472] page dumped because: kasan: bad access detected
[ 58.003022][ T472] page_owner tracks the page as allocated
[ 58.008659][ T472] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x112cc0(GFP_USER|__GFP_NOWARN|__GFP_NORETRY), pid 90, ts 57250298419, free_ts 56318074439
[ 58.024549][ T472] post_alloc_hook+0x1a3/0x1b0
[ 58.029163][ T472] prep_new_page+0x1b/0x110
[ 58.033483][ T472] get_page_from_freelist+0x3550/0x35d0
[ 58.038863][ T472] __alloc_pages+0x27e/0x8f0
[ 58.043377][ T472] new_slab+0x9a/0x4e0
[ 58.047280][ T472] ___slab_alloc+0x39e/0x830
[ 58.051706][ T472] __slab_alloc+0x4a/0x90
[ 58.055876][ T472] kmem_cache_alloc+0x139/0x250
[ 58.060562][ T472] __alloc_skb+0xbe/0x550
[ 58.064727][ T472] alloc_skb_with_frags+0xa6/0x680
[ 58.069678][ T472] sock_alloc_send_pskb+0x915/0xa50
[ 58.074708][ T472] unix_dgram_sendmsg+0x6fd/0x2090
[ 58.079655][ T472] __sys_sendto+0x564/0x720
[ 58.083997][ T472] __x64_sys_sendto+0xe5/0x100
[ 58.088605][ T472] x64_sys_call+0x15c/0x9a0
[ 58.092938][ T472] do_syscall_64+0x3b/0xb0
[ 58.097188][ T472] page last free stack trace:
[ 58.101720][ T472] free_unref_page_prepare+0x7c8/0x7d0
[ 58.106997][ T472] free_unref_page+0xe8/0x750
[ 58.111722][ T472] __free_pages+0x61/0xf0
[ 58.115889][ T472] free_pages+0x7c/0x90
[ 58.119874][ T472] pgd_free+0x17d/0x190
[ 58.123949][ T472] __mmdrop+0xb0/0x410
[ 58.127856][ T472] finish_task_switch+0x2cd/0x7b0
[ 58.132804][ T472] __schedule+0xcd4/0x1590
[ 58.137056][ T472] schedule+0x11f/0x1e0
[ 58.141047][ T472] do_nanosleep+0x181/0x6a0
[ 58.145388][ T472] hrtimer_nanosleep+0x1c5/0x3f0
[ 58.150286][ T472] common_nsleep+0x91/0xb0
[ 58.154624][ T472] __se_sys_clock_nanosleep+0x323/0x3b0
[ 58.160010][ T472] __x64_sys_clock_nanosleep+0x9b/0xb0
[ 58.165303][ T472] x64_sys_call+0x609/0x9a0
[ 58.169646][ T472] do_syscall_64+0x3b/0xb0
[ 58.173897][ T472]
[ 58.176061][ T472] Memory state around the buggy address:
[ 58.181626][ T472] ffff8881189b1c80: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 58.189518][ T472] ffff8881189b1d00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fc
[ 58.197418][ T472] >ffff8881189b1d80: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
[ 58.205317][ T472] ^
[ 58.211305][ T472] ffff8881189b1e00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 58.219202][ T472] ffff8881189b1e80: fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc fc
[ 58.227095][ T472] ==================================================================
[ 58.251484][ T496] FAULT_INJECTION: forcing a failure.
[ 58.251484][ T496] name failslab, interval 1, probability 0, space 0, times 0
[ 58.263982][ T496] CPU: 1 PID: 496 Comm: syz.2.23 Tainted: G B 5.15.178-syzkaller-1079147-g7d1f9b5c2ff5 #0
[ 58.274930][ T496] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[ 58.284815][ T496] Call Trace:
[ 58.287939][ T496]
[ 58.290717][ T496] dump_stack_lvl+0x151/0x1c0
[ 58.295230][ T496] ? io_uring_drop_tctx_refs+0x190/0x190
[ 58.300701][ T496] dump_stack+0x15/0x20
[ 58.304701][ T496] should_fail+0x3c6/0x510
[ 58.308944][ T496] __should_failslab+0xa4/0xe0
[ 58.313551][ T496] should_failslab+0x9/0x20
[ 58.317892][ T496] slab_pre_alloc_hook+0x37/0xd0
[ 58.322749][ T496] kmem_cache_alloc_trace+0x48/0x270
[ 58.327865][ T496] ? sk_psock_skb_ingress_self+0x60/0x330
[ 58.333565][ T496] ? migrate_disable+0x190/0x190
[ 58.338437][ T496] sk_psock_skb_ingress_self+0x60/0x330
[ 58.343781][ T496] sk_psock_verdict_recv+0x66d/0x840
[ 58.348902][ T496] unix_read_sock+0x132/0x370
[ 58.353426][ T496] ? sk_psock_skb_redirect+0x440/0x440
[ 58.358838][ T496] ? unix_stream_splice_actor+0x120/0x120
[ 58.364468][ T496] ? _raw_spin_lock_irqsave+0xf9/0x210
[ 58.369843][ T496] ? unix_stream_splice_actor+0x120/0x120
[ 58.375394][ T496] sk_psock_verdict_data_ready+0x147/0x1a0
[ 58.381034][ T496] ? sk_psock_start_verdict+0xc0/0xc0
[ 58.386250][ T496] ? _raw_spin_lock+0xa4/0x1b0
[ 58.390998][ T496] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 58.396726][ T496] ? skb_queue_tail+0xfb/0x120
[ 58.401415][ T496] unix_dgram_sendmsg+0x15fa/0x2090
[ 58.406449][ T496] ? unix_dgram_poll+0x690/0x690
[ 58.411224][ T496] ? kasan_set_track+0x5d/0x70
[ 58.415831][ T496] ? kasan_set_track+0x4b/0x70
[ 58.420417][ T496] ? security_socket_sendmsg+0x82/0xb0
[ 58.425717][ T496] ? unix_dgram_poll+0x690/0x690
[ 58.430488][ T496] ____sys_sendmsg+0x59e/0x8f0
[ 58.435084][ T496] ? __sys_sendmsg_sock+0x40/0x40
[ 58.439954][ T496] ? import_iovec+0xe5/0x120
[ 58.444374][ T496] ___sys_sendmsg+0x252/0x2e0
[ 58.448887][ T496] ? __sys_sendmsg+0x260/0x260
[ 58.453496][ T496] ? putname+0xfa/0x150
[ 58.457572][ T496] ? __fdget+0x1bc/0x240
[ 58.461647][ T496] __se_sys_sendmsg+0x19a/0x260
[ 58.466337][ T496] ? __x64_sys_sendmsg+0x90/0x90
[ 58.471189][ T496] ? ksys_write+0x260/0x2c0
[ 58.475546][ T496] ? debug_smp_processor_id+0x17/0x20
[ 58.480750][ T496] ? fpregs_assert_state_consistent+0xb6/0xe0
[ 58.486645][ T496] __x64_sys_sendmsg+0x7b/0x90
[ 58.491242][ T496] x64_sys_call+0x16a/0x9a0
[ 58.495586][ T496] do_syscall_64+0x3b/0xb0
[ 58.499956][ T496] ? clear_bhb_loop+0x35/0x90
[ 58.504430][ T496] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 58.510160][ T496] RIP: 0033:0x7f039c560759
[ 58.514412][ T496] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 58.533855][ T496] RSP: 002b:00007f039bfe1038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 58.542099][ T496] RAX: ffffffffffffffda RBX: 00007f039c717f80 RCX: 00007f039c560759
[ 58.549910][ T496] RDX: 0000000000000000 RSI: 0000000020000500 RDI: 0000000000000004
[ 58.557719][ T496] RBP: 00007f039bfe1090 R08: 0000000000000000 R09: 0000000000000000
[ 58.565531][ T496] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 58.573341][ T496] R13: 0000000000000000 R14: 00007f039c717f80 R15: 00007fff6e90ad88
[ 58.581165][ T496]
[ 58.585917][ T367] ==================================================================
[ 58.593799][ T367] BUG: KASAN: double-free or invalid-free in kmem_cache_free+0x115/0x330
[ 58.602042][ T367]
[ 58.604213][ T367] CPU: 0 PID: 367 Comm: kworker/0:3 Tainted: G B 5.15.178-syzkaller-1079147-g7d1f9b5c2ff5 #0
[ 58.615495][ T367] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[ 58.625392][ T367] Workqueue: events bpf_map_free_deferred
[ 58.630943][ T367] Call Trace:
[ 58.634066][ T367]
[ 58.636844][ T367] dump_stack_lvl+0x151/0x1c0
[ 58.641357][ T367] ? io_uring_drop_tctx_refs+0x190/0x190
[ 58.646914][ T367] ? panic+0x760/0x760
[ 58.650821][ T367] ? kasan_set_free_info+0x23/0x40
[ 58.655763][ T367] ? ____kasan_slab_free+0x126/0x160
[ 58.660885][ T367] ? kmem_cache_free+0x115/0x330
[ 58.665660][ T367] print_address_description+0x87/0x3b0
[ 58.671040][ T367] ? worker_thread+0xad5/0x12a0
[ 58.675820][ T367] ? kthread+0x421/0x510
[ 58.679905][ T367] ? kmem_cache_free+0x115/0x330
[ 58.684677][ T367] ? kmem_cache_free+0x115/0x330
[ 58.689448][ T367] kasan_report_invalid_free+0x6b/0xa0
[ 58.694744][ T367] ____kasan_slab_free+0x13e/0x160
[ 58.699689][ T367] __kasan_slab_free+0x11/0x20
[ 58.704287][ T367] slab_free_freelist_hook+0xbd/0x190
[ 58.709500][ T367] kmem_cache_free+0x115/0x330
[ 58.714122][ T367] ? kfree_skbmem+0x104/0x170
[ 58.718612][ T367] kfree_skbmem+0x104/0x170
[ 58.722953][ T367] consume_skb+0xb4/0x250
[ 58.727118][ T367] __sk_msg_free+0x2dd/0x370
[ 58.731549][ T367] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 58.737186][ T367] sk_psock_stop+0x4e3/0x580
[ 58.741621][ T367] sk_psock_drop+0x219/0x310
[ 58.746041][ T367] sock_map_unref+0x3c6/0x430
[ 58.750550][ T367] sock_map_free+0x137/0x2b0
[ 58.754980][ T367] bpf_map_free_deferred+0x10d/0x1e0
[ 58.760105][ T367] process_one_work+0x6bb/0xc10
[ 58.764786][ T367] worker_thread+0xad5/0x12a0
[ 58.769300][ T367] ? _raw_spin_lock+0x1b0/0x1b0
[ 58.773989][ T367] kthread+0x421/0x510
[ 58.777977][ T367] ? worker_clr_flags+0x180/0x180
[ 58.782840][ T367] ? kthread_blkcg+0xd0/0xd0
[ 58.787261][ T367] ret_from_fork+0x1f/0x30
[ 58.791530][ T367]
[ 58.794386][ T367]
[ 58.796551][ T367] Allocated by task 496:
[ 58.800629][ T367] __kasan_slab_alloc+0xb1/0xe0
[ 58.805313][ T367] slab_post_alloc_hook+0x53/0x2c0
[ 58.810260][ T367] kmem_cache_alloc+0xf5/0x250
[ 58.814869][ T367] skb_clone+0x1d1/0x360
[ 58.818944][ T367] sk_psock_verdict_recv+0x53/0x840
[ 58.823977][ T367] unix_read_sock+0x132/0x370
[ 58.828494][ T367] sk_psock_verdict_data_ready+0x147/0x1a0
[ 58.834132][ T367] unix_dgram_sendmsg+0x15fa/0x2090
[ 58.839162][ T367] ____sys_sendmsg+0x59e/0x8f0
[ 58.843854][ T367] ___sys_sendmsg+0x252/0x2e0
[ 58.848365][ T367] __se_sys_sendmsg+0x19a/0x260
[ 58.853056][ T367] __x64_sys_sendmsg+0x7b/0x90
[ 58.857651][ T367] x64_sys_call+0x16a/0x9a0
[ 58.861989][ T367] do_syscall_64+0x3b/0xb0
[ 58.866255][ T367] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 58.871971][ T367]
[ 58.874139][ T367] Freed by task 472:
[ 58.877876][ T367] kasan_set_track+0x4b/0x70
[ 58.882297][ T367] kasan_set_free_info+0x23/0x40
[ 58.887073][ T367] ____kasan_slab_free+0x126/0x160
[ 58.892021][ T367] __kasan_slab_free+0x11/0x20
[ 58.896620][ T367] slab_free_freelist_hook+0xbd/0x190
[ 58.901829][ T367] kmem_cache_free+0x115/0x330
[ 58.906427][ T367] kfree_skbmem+0x104/0x170
[ 58.910765][ T367] kfree_skb+0xc2/0x360
[ 58.914758][ T367] sk_psock_backlog+0xad1/0xdc0
[ 58.919445][ T367] process_one_work+0x6bb/0xc10
[ 58.924134][ T367] worker_thread+0xad5/0x12a0
[ 58.928645][ T367] kthread+0x421/0x510
[ 58.932554][ T367] ret_from_fork+0x1f/0x30
[ 58.936802][ T367]
[ 58.938973][ T367] The buggy address belongs to the object at ffff888118a49000
[ 58.938973][ T367] which belongs to the cache skbuff_head_cache of size 248
[ 58.953383][ T367] The buggy address is located 0 bytes inside of
[ 58.953383][ T367] 248-byte region [ffff888118a49000, ffff888118a490f8)
[ 58.966412][ T367] The buggy address belongs to the page:
[ 58.971883][ T367] page:ffffea0004629240 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x118a49
[ 58.981940][ T367] flags: 0x4000000000000200(slab|zone=1)
[ 58.987410][ T367] raw: 4000000000000200 0000000000000000 dead000000000122 ffff8881081abb00
[ 58.996005][ T367] raw: 0000000000000000 00000000800c000c 00000001ffffffff 0000000000000000
[ 59.004431][ T367] page dumped because: kasan: bad access detected
[ 59.010668][ T367] page_owner tracks the page as allocated
[ 59.016329][ T367] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x112cc0(GFP_USER|__GFP_NOWARN|__GFP_NORETRY), pid 101, ts 58240847890, free_ts 57252085719
[ 59.032044][ T367] post_alloc_hook+0x1a3/0x1b0
[ 59.036642][ T367] prep_new_page+0x1b/0x110
[ 59.041064][ T367] get_page_from_freelist+0x3550/0x35d0
[ 59.046532][ T367] __alloc_pages+0x27e/0x8f0
[ 59.050965][ T367] new_slab+0x9a/0x4e0
[ 59.054864][ T367] ___slab_alloc+0x39e/0x830
[ 59.059289][ T367] __slab_alloc+0x4a/0x90
[ 59.063458][ T367] kmem_cache_alloc+0x139/0x250
[ 59.068164][ T367] skb_clone+0x1d1/0x360
[ 59.072219][ T367] netlink_broadcast_filtered+0x692/0x1220
[ 59.077863][ T367] netlink_broadcast+0x3a/0x50
[ 59.082478][ T367] kobject_uevent_net_broadcast+0x3a1/0x590
[ 59.088195][ T367] kobject_uevent_env+0x525/0x700
[ 59.093051][ T367] kobject_synth_uevent+0x4eb/0xae0
[ 59.098090][ T367] uevent_store+0x25/0x60
[ 59.102255][ T367] dev_attr_store+0x5c/0x80
[ 59.106609][ T367] page last free stack trace:
[ 59.111104][ T367] free_unref_page_prepare+0x7c8/0x7d0
[ 59.116396][ T367] free_unref_page+0xe8/0x750
[ 59.120926][ T367] __free_pages+0x61/0xf0
[ 59.125268][ T367] __free_slab+0xec/0x1d0
[ 59.129434][ T367] __unfreeze_partials+0x165/0x1a0
[ 59.134377][ T367] put_cpu_partial+0xc4/0x120
[ 59.138890][ T367] __slab_free+0x1c8/0x290
[ 59.143142][ T367] ___cache_free+0x109/0x120
[ 59.147567][ T367] qlink_free+0x4d/0x90
[ 59.151576][ T367] qlist_free_all+0x44/0xb0
[ 59.155911][ T367] kasan_quarantine_reduce+0x15a/0x180
[ 59.161282][ T367] __kasan_slab_alloc+0x2f/0xe0
[ 59.165984][ T367] slab_post_alloc_hook+0x53/0x2c0
[ 59.170967][ T367] kmem_cache_alloc+0xf5/0x250
[ 59.175525][ T367] getname_flags+0xba/0x520
[ 59.179855][ T367] getname+0x19/0x20
[ 59.183588][ T367]
[ 59.185758][ T367] Memory state around the buggy address:
[ 59.191319][ T367] ffff888118a48f00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 59.199216][ T367] ffff888118a48f80: fb fb fb fb fb fb fc fc fc fc fc fc fc fc fc fc
[ 59.207111][ T367] >ffff888118a49000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 59.215015][ T367] ^
[ 59.218914][ T367] ffff888118a49080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fc
[ 59.226816][ T367] ffff888118a49100: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
[ 59.234796][ T367] ==================================================================
[ 59.255602][ T499] FAULT_INJECTION: forcing a failure.
[ 59.255602][ T499] name failslab, interval 1, probability 0, space 0, times 0
[ 59.268223][ T499] CPU: 0 PID: 499 Comm: syz.2.24 Tainted: G B 5.15.178-syzkaller-1079147-g7d1f9b5c2ff5 #0
[ 59.279246][ T499] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[ 59.289140][ T499] Call Trace:
[ 59.292263][ T499]
[ 59.295042][ T499] dump_stack_lvl+0x151/0x1c0
[ 59.299553][ T499] ? io_uring_drop_tctx_refs+0x190/0x190
[ 59.305024][ T499] dump_stack+0x15/0x20
[ 59.309135][ T499] should_fail+0x3c6/0x510
[ 59.313380][ T499] __should_failslab+0xa4/0xe0
[ 59.317976][ T499] should_failslab+0x9/0x20
[ 59.322405][ T499] slab_pre_alloc_hook+0x37/0xd0
[ 59.327179][ T499] kmem_cache_alloc_trace+0x48/0x270
[ 59.332311][ T499] ? sk_psock_skb_ingress_self+0x60/0x330
[ 59.337854][ T499] ? migrate_disable+0x190/0x190
[ 59.342717][ T499] sk_psock_skb_ingress_self+0x60/0x330
[ 59.348100][ T499] sk_psock_verdict_recv+0x66d/0x840
[ 59.353212][ T499] unix_read_sock+0x132/0x370
[ 59.357734][ T499] ? sk_psock_skb_redirect+0x440/0x440
[ 59.363021][ T499] ? unix_stream_splice_actor+0x120/0x120
[ 59.368586][ T499] ? _raw_spin_lock_irqsave+0xf9/0x210
[ 59.373874][ T499] ? unix_stream_splice_actor+0x120/0x120
[ 59.379657][ T499] sk_psock_verdict_data_ready+0x147/0x1a0
[ 59.385572][ T499] ? sk_psock_start_verdict+0xc0/0xc0
[ 59.390747][ T499] ? _raw_spin_lock+0xa4/0x1b0
[ 59.395347][ T499] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 59.400989][ T499] ? skb_queue_tail+0xfb/0x120
[ 59.405596][ T499] unix_dgram_sendmsg+0x15fa/0x2090
[ 59.410628][ T499] ? unix_dgram_poll+0x690/0x690
[ 59.415401][ T499] ? kasan_set_track+0x5d/0x70
[ 59.419999][ T499] ? kasan_set_track+0x4b/0x70
[ 59.424594][ T499] ? security_socket_sendmsg+0x82/0xb0
[ 59.429889][ T499] ? unix_dgram_poll+0x690/0x690
[ 59.434662][ T499] ____sys_sendmsg+0x59e/0x8f0
[ 59.439262][ T499] ? __sys_sendmsg_sock+0x40/0x40
[ 59.444141][ T499] ? import_iovec+0xe5/0x120
[ 59.448562][ T499] ___sys_sendmsg+0x252/0x2e0
[ 59.453069][ T499] ? __sys_sendmsg+0x260/0x260
[ 59.457675][ T499] ? putname+0xfa/0x150
[ 59.461669][ T499] ? __fdget+0x1bc/0x240
[ 59.465736][ T499] __se_sys_sendmsg+0x19a/0x260
[ 59.470545][ T499] ? __x64_sys_sendmsg+0x90/0x90
[ 59.475504][ T499] ? ksys_write+0x260/0x2c0
[ 59.479848][ T499] ? debug_smp_processor_id+0x17/0x20
[ 59.485051][ T499] ? fpregs_assert_state_consistent+0xb6/0xe0
[ 59.491039][ T499] __x64_sys_sendmsg+0x7b/0x90
[ 59.495659][ T499] x64_sys_call+0x16a/0x9a0
[ 59.500111][ T499] do_syscall_64+0x3b/0xb0
[ 59.504346][ T499] ? clear_bhb_loop+0x35/0x90
[ 59.508869][ T499] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 59.514588][ T499] RIP: 0033:0x7f039c560759
[ 59.518870][ T499] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 59.538374][ T499] RSP: 002b:00007f039bfe1038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 59.546704][ T499] RAX: ffffffffffffffda RBX: 00007f039c717f80 RCX: 00007f039c560759
[ 59.554537][ T499] RDX: 0000000000000000 RSI: 0000000020000500 RDI: 0000000000000004
[ 59.562328][ T499] RBP: 00007f039bfe1090 R08: 0000000000000000 R09: 0000000000000000
[ 59.570134][ T499] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 59.577946][ T499] R13: 0000000000000000 R14: 00007f039c717f80 R15: 00007fff6e90ad88
[ 59.585762][ T499]
[ 59.591324][ T367] ==================================================================
[ 59.599318][ T367] BUG: KASAN: double-free or invalid-free in kmem_cache_free+0x115/0x330
[ 59.607558][ T367]
[ 59.609718][ T367] CPU: 0 PID: 367 Comm: kworker/0:3 Tainted: G B 5.15.178-syzkaller-1079147-g7d1f9b5c2ff5 #0
[ 59.621015][ T367] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[ 59.630991][ T367] Workqueue: events bpf_map_free_deferred
[ 59.636714][ T367] Call Trace:
[ 59.639934][ T367]
[ 59.642703][ T367] dump_stack_lvl+0x151/0x1c0
[ 59.647216][ T367] ? io_uring_drop_tctx_refs+0x190/0x190
[ 59.652679][ T367] ? panic+0x760/0x760
[ 59.656772][ T367] ? kasan_set_free_info+0x23/0x40
[ 59.661732][ T367] ? ____kasan_slab_free+0x126/0x160
[ 59.666944][ T367] ? kmem_cache_free+0x115/0x330
[ 59.671701][ T367] print_address_description+0x87/0x3b0
[ 59.677168][ T367] ? worker_thread+0xad5/0x12a0
[ 59.681866][ T367] ? kthread+0x421/0x510
[ 59.685933][ T367] ? kmem_cache_free+0x115/0x330
[ 59.690707][ T367] ? kmem_cache_free+0x115/0x330
[ 59.695481][ T367] kasan_report_invalid_free+0x6b/0xa0
[ 59.700775][ T367] ____kasan_slab_free+0x13e/0x160
[ 59.705726][ T367] __kasan_slab_free+0x11/0x20
[ 59.710325][ T367] slab_free_freelist_hook+0xbd/0x190
[ 59.715531][ T367] kmem_cache_free+0x115/0x330
[ 59.720137][ T367] ? kfree_skbmem+0x104/0x170
[ 59.724742][ T367] kfree_skbmem+0x104/0x170
[ 59.729076][ T367] consume_skb+0xb4/0x250
[ 59.733236][ T367] __sk_msg_free+0x2dd/0x370
[ 59.737662][ T367] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 59.743305][ T367] sk_psock_stop+0x4e3/0x580
[ 59.747732][ T367] sk_psock_drop+0x219/0x310
[ 59.752157][ T367] sock_map_unref+0x3c6/0x430
[ 59.756669][ T367] sock_map_free+0x137/0x2b0
[ 59.761094][ T367] bpf_map_free_deferred+0x10d/0x1e0
[ 59.766304][ T367] process_one_work+0x6bb/0xc10
[ 59.770992][ T367] worker_thread+0xad5/0x12a0
[ 59.775513][ T367] ? _raw_spin_lock+0x1b0/0x1b0
[ 59.780203][ T367] kthread+0x421/0x510
[ 59.784097][ T367] ? worker_clr_flags+0x180/0x180
[ 59.788956][ T367] ? kthread_blkcg+0xd0/0xd0
[ 59.793381][ T367] ret_from_fork+0x1f/0x30
[ 59.797644][ T367]
[ 59.800497][ T367]
[ 59.802668][ T367] Allocated by task 499:
[ 59.806749][ T367] __kasan_slab_alloc+0xb1/0xe0
[ 59.811434][ T367] slab_post_alloc_hook+0x53/0x2c0
[ 59.816404][ T367] kmem_cache_alloc+0xf5/0x250
[ 59.820981][ T367] skb_clone+0x1d1/0x360
[ 59.825063][ T367] sk_psock_verdict_recv+0x53/0x840
[ 59.830095][ T367] unix_read_sock+0x132/0x370
[ 59.834611][ T367] sk_psock_verdict_data_ready+0x147/0x1a0
[ 59.840250][ T367] unix_dgram_sendmsg+0x15fa/0x2090
[ 59.845371][ T367] ____sys_sendmsg+0x59e/0x8f0
[ 59.849978][ T367] ___sys_sendmsg+0x252/0x2e0
[ 59.854483][ T367] __se_sys_sendmsg+0x19a/0x260
[ 59.859179][ T367] __x64_sys_sendmsg+0x7b/0x90
[ 59.863770][ T367] x64_sys_call+0x16a/0x9a0
[ 59.868107][ T367] do_syscall_64+0x3b/0xb0
[ 59.872361][ T367] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 59.878090][ T367]
[ 59.880260][ T367] Freed by task 60:
[ 59.883905][ T367] kasan_set_track+0x4b/0x70
[ 59.888333][ T367] kasan_set_free_info+0x23/0x40
[ 59.893107][ T367] ____kasan_slab_free+0x126/0x160
[ 59.898053][ T367] __kasan_slab_free+0x11/0x20
[ 59.902650][ T367] slab_free_freelist_hook+0xbd/0x190
[ 59.907857][ T367] kmem_cache_free+0x115/0x330
[ 59.912466][ T367] kfree_skbmem+0x104/0x170
[ 59.916802][ T367] kfree_skb+0xc2/0x360
[ 59.920803][ T367] sk_psock_backlog+0xad1/0xdc0
[ 59.925480][ T367] process_one_work+0x6bb/0xc10
[ 59.930163][ T367] worker_thread+0xad5/0x12a0
[ 59.934679][ T367] kthread+0x421/0x510
[ 59.938758][ T367] ret_from_fork+0x1f/0x30
[ 59.943012][ T367]
[ 59.945178][ T367] The buggy address belongs to the object at ffff8881189dc640
[ 59.945178][ T367] which belongs to the cache skbuff_head_cache of size 248
[ 59.959591][ T367] The buggy address is located 0 bytes inside of
[ 59.959591][ T367] 248-byte region [ffff8881189dc640, ffff8881189dc738)
[ 59.972528][ T367] The buggy address belongs to the page:
[ 59.978000][ T367] page:ffffea0004627700 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1189dc
[ 59.988059][ T367] flags: 0x4000000000000200(slab|zone=1)
[ 59.993621][ T367] raw: 4000000000000200 0000000000000000 dead000000000122 ffff8881081abb00
[ 60.002037][ T367] raw: 0000000000000000 00000000800c000c 00000001ffffffff 0000000000000000
[ 60.010446][ T367] page dumped because: kasan: bad access detected
[ 60.016871][ T367] page_owner tracks the page as allocated
[ 60.022441][ T367] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x112cc0(GFP_USER|__GFP_NOWARN|__GFP_NORETRY), pid 90, ts 59249884755, free_ts 58244549623
[ 60.038051][ T367] post_alloc_hook+0x1a3/0x1b0
[ 60.042646][ T367] prep_new_page+0x1b/0x110
[ 60.046994][ T367] get_page_from_freelist+0x3550/0x35d0
[ 60.052387][ T367] __alloc_pages+0x27e/0x8f0
[ 60.056796][ T367] new_slab+0x9a/0x4e0
[ 60.060700][ T367] ___slab_alloc+0x39e/0x830
[ 60.065132][ T367] __slab_alloc+0x4a/0x90
[ 60.069294][ T367] kmem_cache_alloc+0x139/0x250
[ 60.073980][ T367] __alloc_skb+0xbe/0x550
[ 60.078159][ T367] alloc_skb_with_frags+0xa6/0x680
[ 60.083093][ T367] sock_alloc_send_pskb+0x915/0xa50
[ 60.088123][ T367] unix_dgram_sendmsg+0x6fd/0x2090
[ 60.093070][ T367] __sys_sendto+0x564/0x720
[ 60.097410][ T367] __x64_sys_sendto+0xe5/0x100
[ 60.102017][ T367] x64_sys_call+0x15c/0x9a0
[ 60.106357][ T367] do_syscall_64+0x3b/0xb0
[ 60.110608][ T367] page last free stack trace:
[ 60.115121][ T367] free_unref_page_prepare+0x7c8/0x7d0
[ 60.120501][ T367] free_unref_page+0xe8/0x750
[ 60.125029][ T367] __free_pages+0x61/0xf0
[ 60.129180][ T367] __free_slab+0xec/0x1d0
[ 60.133344][ T367] __unfreeze_partials+0x165/0x1a0
[ 60.138303][ T367] put_cpu_partial+0xc4/0x120
[ 60.142842][ T367] __slab_free+0x1c8/0x290
[ 60.147062][ T367] ___cache_free+0x109/0x120
[ 60.151487][ T367] qlink_free+0x4d/0x90
[ 60.155477][ T367] qlist_free_all+0x44/0xb0
[ 60.159819][ T367] kasan_quarantine_reduce+0x15a/0x180
[ 60.165211][ T367] __kasan_slab_alloc+0x2f/0xe0
[ 60.169898][ T367] slab_post_alloc_hook+0x53/0x2c0
[ 60.174840][ T367] kmem_cache_alloc_trace+0xf9/0x270
[ 60.179958][ T367] __get_vm_area_node+0x117/0x360
[ 60.184826][ T367] __vmalloc_node_range+0xe2/0x8d0
[ 60.189775][ T367]
[ 60.191936][ T367] Memory state around the buggy address:
[ 60.197420][ T367] ffff8881189dc500: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 60.205310][ T367] ffff8881189dc580: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fc
[ 60.213205][ T367] >ffff8881189dc600: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
[ 60.221218][ T367] ^
[ 60.227188][ T367] ffff8881189dc680: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 60.235093][ T367] ffff8881189dc700: fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc fc
[ 60.242979][ T367] ==================================================================
[ 60.261806][ T502] FAULT_INJECTION: forcing a failure.
[ 60.261806][ T502] name failslab, interval 1, probability 0, space 0, times 0
[ 60.274348][ T502] CPU: 0 PID: 502 Comm: syz.2.25 Tainted: G B 5.15.178-syzkaller-1079147-g7d1f9b5c2ff5 #0
[ 60.285335][ T502] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[ 60.295238][ T502] Call Trace:
[ 60.298337][ T502]
[ 60.301109][ T502] dump_stack_lvl+0x151/0x1c0
[ 60.305968][ T502] ? io_uring_drop_tctx_refs+0x190/0x190
[ 60.311444][ T502] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 60.317078][ T502] ? __skb_try_recv_datagram+0x495/0x6a0
[ 60.322546][ T502] dump_stack+0x15/0x20
[ 60.326549][ T502] should_fail+0x3c6/0x510
[ 60.330793][ T502] __should_failslab+0xa4/0xe0
[ 60.335411][ T502] ? skb_clone+0x1d1/0x360
[ 60.339647][ T502] should_failslab+0x9/0x20
[ 60.344021][ T502] slab_pre_alloc_hook+0x37/0xd0
[ 60.348845][ T502] ? skb_clone+0x1d1/0x360
[ 60.353105][ T502] kmem_cache_alloc+0x44/0x250
[ 60.357726][ T502] skb_clone+0x1d1/0x360
[ 60.361784][ T502] sk_psock_verdict_recv+0x53/0x840
[ 60.366817][ T502] ? avc_has_perm_noaudit+0x430/0x430
[ 60.372028][ T502] unix_read_sock+0x132/0x370
[ 60.376536][ T502] ? sk_psock_skb_redirect+0x440/0x440
[ 60.381938][ T502] ? unix_stream_splice_actor+0x120/0x120
[ 60.387470][ T502] ? _raw_spin_lock_irqsave+0xf9/0x210
[ 60.392849][ T502] ? unix_stream_splice_actor+0x120/0x120
[ 60.398575][ T502] sk_psock_verdict_data_ready+0x147/0x1a0
[ 60.404135][ T502] ? sk_psock_start_verdict+0xc0/0xc0
[ 60.409427][ T502] ? _raw_spin_lock+0xa4/0x1b0
[ 60.414023][ T502] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 60.419671][ T502] ? skb_queue_tail+0xfb/0x120
[ 60.424269][ T502] unix_dgram_sendmsg+0x15fa/0x2090
[ 60.429312][ T502] ? unix_dgram_poll+0x690/0x690
[ 60.434076][ T502] ? kasan_set_track+0x5d/0x70
[ 60.438764][ T502] ? kasan_set_track+0x4b/0x70
[ 60.443447][ T502] ? security_socket_sendmsg+0x82/0xb0
[ 60.448756][ T502] ? unix_dgram_poll+0x690/0x690
[ 60.453520][ T502] ____sys_sendmsg+0x59e/0x8f0
[ 60.458116][ T502] ? __sys_sendmsg_sock+0x40/0x40
[ 60.463066][ T502] ? import_iovec+0xe5/0x120
[ 60.467500][ T502] ___sys_sendmsg+0x252/0x2e0
[ 60.472005][ T502] ? __sys_sendmsg+0x260/0x260
[ 60.476610][ T502] ? putname+0xfa/0x150
[ 60.480695][ T502] ? __fdget+0x1bc/0x240
[ 60.484759][ T502] __se_sys_sendmsg+0x19a/0x260
[ 60.489458][ T502] ? __x64_sys_sendmsg+0x90/0x90
[ 60.494244][ T502] ? ksys_write+0x260/0x2c0
[ 60.498651][ T502] ? debug_smp_processor_id+0x17/0x20
[ 60.503859][ T502] ? fpregs_assert_state_consistent+0xb6/0xe0
[ 60.509757][ T502] __x64_sys_sendmsg+0x7b/0x90
[ 60.514358][ T502] x64_sys_call+0x16a/0x9a0
[ 60.518866][ T502] do_syscall_64+0x3b/0xb0
[ 60.523119][ T502] ? clear_bhb_loop+0x35/0x90
[ 60.527633][ T502] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 60.533364][ T502] RIP: 0033:0x7f039c560759
[ 60.537619][ T502] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 60.557056][ T502] RSP: 002b:00007f039bfe1038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 60.565305][ T502] RAX: ffffffffffffffda RBX: 00007f039c717f80 RCX: 00007f039c560759
[ 60.573116][ T502] RDX: 0000000000000000 RSI: 0000000020000500 RDI: 0000000000000004
[ 60.580923][ T502] RBP: 00007f039bfe1090 R08: 0000000000000000 R09: 0000000000000000
[ 60.588735][ T502] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 60.596546][ T502] R13: 0000000000000000 R14: 00007f039c717f80 R15: 00007fff6e90ad88
[ 60.604367][ T502]
[ 60.618225][ T504] FAULT_INJECTION: forcing a failure.
[ 60.618225][ T504] name failslab, interval 1, probability 0, space 0, times 0
[ 60.630811][ T504] CPU: 0 PID: 504 Comm: syz.2.26 Tainted: G B 5.15.178-syzkaller-1079147-g7d1f9b5c2ff5 #0
[ 60.641832][ T504] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[ 60.651822][ T504] Call Trace:
[ 60.654932][ T504]
[ 60.657711][ T504] dump_stack_lvl+0x151/0x1c0
[ 60.662228][ T504] ? io_uring_drop_tctx_refs+0x190/0x190
[ 60.667709][ T504] dump_stack+0x15/0x20
[ 60.671771][ T504] should_fail+0x3c6/0x510
[ 60.676035][ T504] __should_failslab+0xa4/0xe0
[ 60.680626][ T504] should_failslab+0x9/0x20
[ 60.684964][ T504] slab_pre_alloc_hook+0x37/0xd0
[ 60.689740][ T504] kmem_cache_alloc_trace+0x48/0x270
[ 60.694866][ T504] ? sk_psock_skb_ingress_self+0x60/0x330
[ 60.700502][ T504] ? migrate_disable+0x190/0x190
[ 60.705273][ T504] sk_psock_skb_ingress_self+0x60/0x330
[ 60.710834][ T504] sk_psock_verdict_recv+0x66d/0x840
[ 60.716124][ T504] unix_read_sock+0x132/0x370
[ 60.720722][ T504] ? sk_psock_skb_redirect+0x440/0x440
[ 60.726018][ T504] ? unix_stream_splice_actor+0x120/0x120
[ 60.731571][ T504] ? _raw_spin_lock_irqsave+0xf9/0x210
[ 60.736871][ T504] ? unix_stream_splice_actor+0x120/0x120
[ 60.742424][ T504] sk_psock_verdict_data_ready+0x147/0x1a0
[ 60.748157][ T504] ? sk_psock_start_verdict+0xc0/0xc0
[ 60.753376][ T504] ? _raw_spin_lock+0xa4/0x1b0
[ 60.757964][ T504] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 60.763606][ T504] ? skb_queue_tail+0xfb/0x120
[ 60.768222][ T504] unix_dgram_sendmsg+0x15fa/0x2090
[ 60.773248][ T504] ? unix_dgram_poll+0x690/0x690
[ 60.778013][ T504] ? kasan_set_track+0x5d/0x70
[ 60.782617][ T504] ? kasan_set_track+0x4b/0x70
[ 60.787213][ T504] ? security_socket_sendmsg+0x82/0xb0
[ 60.792615][ T504] ? unix_dgram_poll+0x690/0x690
[ 60.797396][ T504] ____sys_sendmsg+0x59e/0x8f0
[ 60.802000][ T504] ? __sys_sendmsg_sock+0x40/0x40
[ 60.806951][ T504] ? import_iovec+0xe5/0x120
[ 60.811359][ T504] ___sys_sendmsg+0x252/0x2e0
[ 60.815876][ T504] ? __sys_sendmsg+0x260/0x260
[ 60.820477][ T504] ? putname+0xfa/0x150
[ 60.824468][ T504] ? __fdget+0x1bc/0x240
[ 60.828556][ T504] __se_sys_sendmsg+0x19a/0x260
[ 60.833323][ T504] ? __x64_sys_sendmsg+0x90/0x90
[ 60.838091][ T504] ? ksys_write+0x260/0x2c0
[ 60.842436][ T504] ? debug_smp_processor_id+0x17/0x20
[ 60.847639][ T504] ? fpregs_assert_state_consistent+0xb6/0xe0
[ 60.853545][ T504] __x64_sys_sendmsg+0x7b/0x90
[ 60.858140][ T504] x64_sys_call+0x16a/0x9a0
[ 60.862481][ T504] do_syscall_64+0x3b/0xb0
[ 60.866741][ T504] ? clear_bhb_loop+0x35/0x90
[ 60.871277][ T504] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 60.876972][ T504] RIP: 0033:0x7f039c560759
[ 60.881237][ T504] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 60.900674][ T504] RSP: 002b:00007f039bfe1038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 60.908914][ T504] RAX: ffffffffffffffda RBX: 00007f039c717f80 RCX: 00007f039c560759
[ 60.916725][ T504] RDX: 0000000000000000 RSI: 0000000020000500 RDI: 0000000000000004
[ 60.924623][ T504] RBP: 00007f039bfe1090 R08: 0000000000000000 R09: 0000000000000000
[ 60.932435][ T504] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 60.940333][ T504] R13: 0000000000000000 R14: 00007f039c717f80 R15: 00007fff6e90ad88
[ 60.948147][ T504]
[ 60.953263][ T367] ==================================================================
[ 60.961156][ T367] BUG: KASAN: double-free or invalid-free in kmem_cache_free+0x115/0x330
[ 60.969510][ T367]
[ 60.971676][ T367] CPU: 0 PID: 367 Comm: kworker/0:3 Tainted: G B 5.15.178-syzkaller-1079147-g7d1f9b5c2ff5 #0
[ 60.983132][ T367] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[ 60.993032][ T367] Workqueue: events bpf_map_free_deferred
[ 60.998595][ T367] Call Trace:
[ 61.001708][ T367]
[ 61.004487][ T367] dump_stack_lvl+0x151/0x1c0
[ 61.009170][ T367] ? io_uring_drop_tctx_refs+0x190/0x190
[ 61.014639][ T367] ? panic+0x760/0x760
[ 61.018553][ T367] ? kasan_set_free_info+0x23/0x40
[ 61.023490][ T367] ? ____kasan_slab_free+0x126/0x160
[ 61.028613][ T367] ? kmem_cache_free+0x115/0x330
[ 61.033385][ T367] print_address_description+0x87/0x3b0
[ 61.038796][ T367] ? worker_thread+0xad5/0x12a0
[ 61.043453][ T367] ? kthread+0x421/0x510
[ 61.047536][ T367] ? kmem_cache_free+0x115/0x330
[ 61.052416][ T367] ? kmem_cache_free+0x115/0x330
[ 61.057189][ T367] kasan_report_invalid_free+0x6b/0xa0
[ 61.062481][ T367] ____kasan_slab_free+0x13e/0x160
[ 61.067438][ T367] __kasan_slab_free+0x11/0x20
[ 61.072036][ T367] slab_free_freelist_hook+0xbd/0x190
[ 61.077410][ T367] kmem_cache_free+0x115/0x330
[ 61.082011][ T367] ? kfree_skbmem+0x104/0x170
[ 61.086526][ T367] kfree_skbmem+0x104/0x170
[ 61.090870][ T367] consume_skb+0xb4/0x250
[ 61.095031][ T367] __sk_msg_free+0x2dd/0x370
[ 61.099454][ T367] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 61.105109][ T367] sk_psock_stop+0x4e3/0x580
[ 61.109523][ T367] sk_psock_drop+0x219/0x310
[ 61.113958][ T367] sock_map_unref+0x3c6/0x430
[ 61.118464][ T367] sock_map_free+0x137/0x2b0
[ 61.122889][ T367] bpf_map_free_deferred+0x10d/0x1e0
[ 61.128018][ T367] process_one_work+0x6bb/0xc10
[ 61.132697][ T367] worker_thread+0xad5/0x12a0
[ 61.137211][ T367] ? _raw_spin_lock+0x1b0/0x1b0
[ 61.141897][ T367] kthread+0x421/0x510
[ 61.145801][ T367] ? worker_clr_flags+0x180/0x180
[ 61.150748][ T367] ? kthread_blkcg+0xd0/0xd0
[ 61.155179][ T367] ret_from_fork+0x1f/0x30
[ 61.159429][ T367]
[ 61.162304][ T367]
[ 61.164460][ T367] Allocated by task 504:
[ 61.168551][ T367] __kasan_slab_alloc+0xb1/0xe0
[ 61.173229][ T367] slab_post_alloc_hook+0x53/0x2c0
[ 61.178266][ T367] kmem_cache_alloc+0xf5/0x250
[ 61.182865][ T367] skb_clone+0x1d1/0x360
[ 61.186942][ T367] sk_psock_verdict_recv+0x53/0x840
[ 61.191974][ T367] unix_read_sock+0x132/0x370
[ 61.196488][ T367] sk_psock_verdict_data_ready+0x147/0x1a0
[ 61.202130][ T367] unix_dgram_sendmsg+0x15fa/0x2090
[ 61.207168][ T367] ____sys_sendmsg+0x59e/0x8f0
[ 61.211905][ T367] ___sys_sendmsg+0x252/0x2e0
[ 61.216413][ T367] __se_sys_sendmsg+0x19a/0x260
[ 61.221104][ T367] __x64_sys_sendmsg+0x7b/0x90
[ 61.225701][ T367] x64_sys_call+0x16a/0x9a0
[ 61.230046][ T367] do_syscall_64+0x3b/0xb0
[ 61.234295][ T367] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 61.240033][ T367]
[ 61.242192][ T367] Freed by task 367:
[ 61.245926][ T367] kasan_set_track+0x4b/0x70
[ 61.250439][ T367] kasan_set_free_info+0x23/0x40
[ 61.255207][ T367] ____kasan_slab_free+0x126/0x160
[ 61.260158][ T367] __kasan_slab_free+0x11/0x20
[ 61.264757][ T367] slab_free_freelist_hook+0xbd/0x190
[ 61.269963][ T367] kmem_cache_free+0x115/0x330
[ 61.274569][ T367] kfree_skbmem+0x104/0x170
[ 61.278904][ T367] kfree_skb+0xc2/0x360
[ 61.282898][ T367] sk_psock_backlog+0xad1/0xdc0
[ 61.287583][ T367] process_one_work+0x6bb/0xc10
[ 61.292268][ T367] worker_thread+0xad5/0x12a0
[ 61.296793][ T367] kthread+0x421/0x510
[ 61.300690][ T367] ret_from_fork+0x1f/0x30
[ 61.304942][ T367]
[ 61.307119][ T367] The buggy address belongs to the object at ffff888119366a00
[ 61.307119][ T367] which belongs to the cache skbuff_head_cache of size 248
[ 61.321522][ T367] The buggy address is located 0 bytes inside of
[ 61.321522][ T367] 248-byte region [ffff888119366a00, ffff888119366af8)
[ 61.334577][ T367] The buggy address belongs to the page:
[ 61.340011][ T367] page:ffffea000464d980 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x119366
[ 61.350074][ T367] flags: 0x4000000000000200(slab|zone=1)
[ 61.355556][ T367] raw: 4000000000000200 ffffea000431b380 0000000200000002 ffff8881081abb00
[ 61.363975][ T367] raw: 0000000000000000 00000000000c000c 00000001ffffffff 0000000000000000
[ 61.372379][ T367] page dumped because: kasan: bad access detected
[ 61.378630][ T367] page_owner tracks the page as allocated
[ 61.384198][ T367] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x12cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY), pid 138, ts 5728876569, free_ts 5728760523
[ 61.399898][ T367] post_alloc_hook+0x1a3/0x1b0
[ 61.404500][ T367] prep_new_page+0x1b/0x110
[ 61.408831][ T367] get_page_from_freelist+0x3550/0x35d0
[ 61.414308][ T367] __alloc_pages+0x27e/0x8f0
[ 61.418738][ T367] new_slab+0x9a/0x4e0
[ 61.422641][ T367] ___slab_alloc+0x39e/0x830
[ 61.427068][ T367] __slab_alloc+0x4a/0x90
[ 61.431248][ T367] kmem_cache_alloc+0x139/0x250
[ 61.435921][ T367] __alloc_skb+0xbe/0x550
[ 61.440096][ T367] alloc_skb_with_frags+0xa6/0x680
[ 61.445033][ T367] sock_alloc_send_pskb+0x915/0xa50
[ 61.450068][ T367] unix_dgram_sendmsg+0x6fd/0x2090
[ 61.455017][ T367] sock_write_iter+0x39b/0x530
[ 61.459631][ T367] do_iter_readv_writev+0x58e/0x790
[ 61.464647][ T367] do_iter_write+0x1f1/0x760
[ 61.469090][ T367] vfs_writev+0x2ac/0x560
[ 61.473329][ T367] page last free stack trace:
[ 61.477841][ T367] free_unref_page_prepare+0x7c8/0x7d0
[ 61.483137][ T367] free_unref_page+0xe8/0x750
[ 61.487650][ T367] __free_pages+0x61/0xf0
[ 61.491816][ T367] free_pages+0x7c/0x90
[ 61.495809][ T367] pgd_free+0x17d/0x190
[ 61.499885][ T367] __mmdrop+0xb0/0x410
[ 61.503795][ T367] finish_task_switch+0x2cd/0x7b0
[ 61.508656][ T367] __schedule+0xcd4/0x1590
[ 61.512910][ T367] schedule+0x11f/0x1e0
[ 61.516898][ T367] schedule_hrtimeout_range_clock+0x250/0x3a0
[ 61.522807][ T367] schedule_hrtimeout_range+0x2a/0x40
[ 61.528016][ T367] do_sys_poll+0xe15/0x12d0
[ 61.532345][ T367] __se_sys_ppoll+0x29c/0x330
[ 61.536869][ T367] __x64_sys_ppoll+0xbf/0xd0
[ 61.541397][ T367] x64_sys_call+0x721/0x9a0
[ 61.545712][ T367] do_syscall_64+0x3b/0xb0
[ 61.549970][ T367]
[ 61.552133][ T367] Memory state around the buggy address:
[ 61.557609][ T367] ffff888119366900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 61.565504][ T367] ffff888119366980: fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc fc
[ 61.573412][ T367] >ffff888119366a00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 61.581296][ T367] ^
[ 61.585210][ T367] ffff888119366a80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fc
[ 61.593104][ T367] ffff888119366b00: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
[ 61.601110][ T367] ==================================================================
[ 61.618970][ T507] FAULT_INJECTION: forcing a failure.
[ 61.618970][ T507] name failslab, interval 1, probability 0, space 0, times 0
[ 61.631641][ T507] CPU: 0 PID: 507 Comm: syz.2.27 Tainted: G B 5.15.178-syzkaller-1079147-g7d1f9b5c2ff5 #0
[ 61.642744][ T507] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[ 61.652659][ T507] Call Trace:
[ 61.655761][ T507]
[ 61.658539][ T507] dump_stack_lvl+0x151/0x1c0
[ 61.663051][ T507] ? io_uring_drop_tctx_refs+0x190/0x190
[ 61.668608][ T507] dump_stack+0x15/0x20
[ 61.672684][ T507] should_fail+0x3c6/0x510
[ 61.676936][ T507] __should_failslab+0xa4/0xe0
[ 61.681535][ T507] should_failslab+0x9/0x20
[ 61.685881][ T507] slab_pre_alloc_hook+0x37/0xd0
[ 61.690650][ T507] kmem_cache_alloc_trace+0x48/0x270
[ 61.695770][ T507] ? sk_psock_skb_ingress_self+0x60/0x330
[ 61.701324][ T507] ? migrate_disable+0x190/0x190
[ 61.706097][ T507] sk_psock_skb_ingress_self+0x60/0x330
[ 61.711480][ T507] sk_psock_verdict_recv+0x66d/0x840
[ 61.716600][ T507] unix_read_sock+0x132/0x370
[ 61.721202][ T507] ? sk_psock_skb_redirect+0x440/0x440
[ 61.726494][ T507] ? unix_stream_splice_actor+0x120/0x120
[ 61.732049][ T507] ? _raw_spin_lock_irqsave+0xf9/0x210
[ 61.737343][ T507] ? unix_stream_splice_actor+0x120/0x120
[ 61.742910][ T507] sk_psock_verdict_data_ready+0x147/0x1a0
[ 61.748646][ T507] ? sk_psock_start_verdict+0xc0/0xc0
[ 61.753851][ T507] ? _raw_spin_lock+0xa4/0x1b0
[ 61.758470][ T507] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 61.764093][ T507] ? skb_queue_tail+0xfb/0x120
[ 61.768693][ T507] unix_dgram_sendmsg+0x15fa/0x2090
[ 61.773734][ T507] ? unix_dgram_poll+0x690/0x690
[ 61.778507][ T507] ? kasan_set_track+0x5d/0x70
[ 61.783101][ T507] ? kasan_set_track+0x4b/0x70
[ 61.787789][ T507] ? security_socket_sendmsg+0x82/0xb0
[ 61.793101][ T507] ? unix_dgram_poll+0x690/0x690
[ 61.797874][ T507] ____sys_sendmsg+0x59e/0x8f0
[ 61.802467][ T507] ? __sys_sendmsg_sock+0x40/0x40
[ 61.807320][ T507] ? import_iovec+0xe5/0x120
[ 61.811745][ T507] ___sys_sendmsg+0x252/0x2e0
[ 61.816261][ T507] ? __sys_sendmsg+0x260/0x260
[ 61.820868][ T507] ? putname+0xfa/0x150
[ 61.824861][ T507] ? __fdget+0x1bc/0x240
[ 61.828926][ T507] __se_sys_sendmsg+0x19a/0x260
[ 61.833621][ T507] ? __x64_sys_sendmsg+0x90/0x90
[ 61.838389][ T507] ? ksys_write+0x260/0x2c0
[ 61.842782][ T507] ? debug_smp_processor_id+0x17/0x20
[ 61.847936][ T507] ? fpregs_assert_state_consistent+0xb6/0xe0
[ 61.853839][ T507] __x64_sys_sendmsg+0x7b/0x90
[ 61.858527][ T507] x64_sys_call+0x16a/0x9a0
[ 61.862949][ T507] do_syscall_64+0x3b/0xb0
[ 61.867222][ T507] ? clear_bhb_loop+0x35/0x90
[ 61.871716][ T507] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 61.877446][ T507] RIP: 0033:0x7f039c560759
[ 61.881697][ T507] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 61.901144][ T507] RSP: 002b:00007f039bfe1038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 61.909395][ T507] RAX: ffffffffffffffda RBX: 00007f039c717f80 RCX: 00007f039c560759
[ 61.917282][ T507] RDX: 0000000000000000 RSI: 0000000020000500 RDI: 0000000000000004
[ 61.925186][ T507] RBP: 00007f039bfe1090 R08: 0000000000000000 R09: 0000000000000000
[ 61.932992][ T507] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 61.940804][ T507] R13: 0000000000000000 R14: 00007f039c717f80 R15: 00007fff6e90ad88
[ 61.948888][ T507]
[ 61.955038][ T367] ==================================================================
[ 61.962922][ T367] BUG: KASAN: double-free or invalid-free in kmem_cache_free+0x115/0x330
[ 61.971163][ T367]
[ 61.973342][ T367] CPU: 0 PID: 367 Comm: kworker/0:3 Tainted: G B 5.15.178-syzkaller-1079147-g7d1f9b5c2ff5 #0
[ 61.984614][ T367] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[ 61.994514][ T367] Workqueue: events bpf_map_free_deferred
[ 62.000063][ T367] Call Trace:
[ 62.003188][ T367]
[ 62.005966][ T367] dump_stack_lvl+0x151/0x1c0
[ 62.010481][ T367] ? io_uring_drop_tctx_refs+0x190/0x190
[ 62.015952][ T367] ? panic+0x760/0x760
[ 62.019853][ T367] ? kasan_set_free_info+0x23/0x40
[ 62.024799][ T367] ? ____kasan_slab_free+0x126/0x160
[ 62.029918][ T367] ? kmem_cache_free+0x115/0x330
[ 62.034692][ T367] print_address_description+0x87/0x3b0
[ 62.040159][ T367] ? worker_thread+0xad5/0x12a0
[ 62.044846][ T367] ? kthread+0x421/0x510
[ 62.048925][ T367] ? kmem_cache_free+0x115/0x330
[ 62.053703][ T367] ? kmem_cache_free+0x115/0x330
[ 62.058472][ T367] kasan_report_invalid_free+0x6b/0xa0
[ 62.063769][ T367] ____kasan_slab_free+0x13e/0x160
[ 62.068738][ T367] __kasan_slab_free+0x11/0x20
[ 62.073317][ T367] slab_free_freelist_hook+0xbd/0x190
[ 62.078522][ T367] kmem_cache_free+0x115/0x330
[ 62.083121][ T367] ? kfree_skbmem+0x104/0x170
[ 62.087639][ T367] kfree_skbmem+0x104/0x170
[ 62.091976][ T367] consume_skb+0xb4/0x250
[ 62.096145][ T367] __sk_msg_free+0x2dd/0x370
[ 62.100571][ T367] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 62.106304][ T367] sk_psock_stop+0x4e3/0x580
[ 62.110727][ T367] sk_psock_drop+0x219/0x310
[ 62.115153][ T367] sock_map_unref+0x3c6/0x430
[ 62.119697][ T367] sock_map_free+0x137/0x2b0
[ 62.124201][ T367] bpf_map_free_deferred+0x10d/0x1e0
[ 62.129519][ T367] process_one_work+0x6bb/0xc10
[ 62.134209][ T367] worker_thread+0xad5/0x12a0
[ 62.138723][ T367] ? _raw_spin_lock+0x1b0/0x1b0
[ 62.143416][ T367] kthread+0x421/0x510
[ 62.147327][ T367] ? worker_clr_flags+0x180/0x180
[ 62.152172][ T367] ? kthread_blkcg+0xd0/0xd0
[ 62.156597][ T367] ret_from_fork+0x1f/0x30
[ 62.160854][ T367]
[ 62.163802][ T367]
[ 62.165974][ T367] Allocated by task 507:
[ 62.170076][ T367] __kasan_slab_alloc+0xb1/0xe0
[ 62.174857][ T367] slab_post_alloc_hook+0x53/0x2c0
[ 62.179886][ T367] kmem_cache_alloc+0xf5/0x250
[ 62.184494][ T367] skb_clone+0x1d1/0x360
[ 62.188563][ T367] sk_psock_verdict_recv+0x53/0x840
[ 62.193598][ T367] unix_read_sock+0x132/0x370
[ 62.198111][ T367] sk_psock_verdict_data_ready+0x147/0x1a0
[ 62.203849][ T367] unix_dgram_sendmsg+0x15fa/0x2090
[ 62.208869][ T367] ____sys_sendmsg+0x59e/0x8f0
[ 62.213473][ T367] ___sys_sendmsg+0x252/0x2e0
[ 62.217985][ T367] __se_sys_sendmsg+0x19a/0x260
[ 62.222673][ T367] __x64_sys_sendmsg+0x7b/0x90
[ 62.227274][ T367] x64_sys_call+0x16a/0x9a0
[ 62.231613][ T367] do_syscall_64+0x3b/0xb0
[ 62.235876][ T367] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 62.241684][ T367]
[ 62.243859][ T367] Freed by task 6:
[ 62.247407][ T367] kasan_set_track+0x4b/0x70
[ 62.251832][ T367] kasan_set_free_info+0x23/0x40
[ 62.256624][ T367] ____kasan_slab_free+0x126/0x160
[ 62.261555][ T367] __kasan_slab_free+0x11/0x20
[ 62.266154][ T367] slab_free_freelist_hook+0xbd/0x190
[ 62.271476][ T367] kmem_cache_free+0x115/0x330
[ 62.276076][ T367] kfree_skbmem+0x104/0x170
[ 62.280412][ T367] kfree_skb+0xc2/0x360
[ 62.284407][ T367] sk_psock_backlog+0xad1/0xdc0
[ 62.289101][ T367] process_one_work+0x6bb/0xc10
[ 62.293788][ T367] worker_thread+0xad5/0x12a0
[ 62.298292][ T367] kthread+0x421/0x510
[ 62.302200][ T367] ret_from_fork+0x1f/0x30
[ 62.306548][ T367]
[ 62.308708][ T367] The buggy address belongs to the object at ffff8881196d6140
[ 62.308708][ T367] which belongs to the cache skbuff_head_cache of size 248
[ 62.323309][ T367] The buggy address is located 0 bytes inside of
[ 62.323309][ T367] 248-byte region [ffff8881196d6140, ffff8881196d6238)
[ 62.336343][ T367] The buggy address belongs to the page:
[ 62.341983][ T367] page:ffffea000465b580 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1196d6
[ 62.352047][ T367] flags: 0x4000000000000200(slab|zone=1)
[ 62.357522][ T367] raw: 4000000000000200 0000000000000000 dead000000000122 ffff8881081abb00
[ 62.365940][ T367] raw: 0000000000000000 00000000000c000c 00000001ffffffff 0000000000000000
[ 62.374349][ T367] page dumped because: kasan: bad access detected
[ 62.380601][ T367] page_owner tracks the page as allocated
[ 62.386157][ T367] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x112cc0(GFP_USER|__GFP_NOWARN|__GFP_NORETRY), pid 415, ts 61615647583, free_ts 61610161039
[ 62.401867][ T367] post_alloc_hook+0x1a3/0x1b0
[ 62.406463][ T367] prep_new_page+0x1b/0x110
[ 62.410802][ T367] get_page_from_freelist+0x3550/0x35d0
[ 62.416196][ T367] __alloc_pages+0x27e/0x8f0
[ 62.420607][ T367] new_slab+0x9a/0x4e0
[ 62.424524][ T367] ___slab_alloc+0x39e/0x830
[ 62.428940][ T367] __slab_alloc+0x4a/0x90
[ 62.433116][ T367] kmem_cache_alloc+0x139/0x250
[ 62.437793][ T367] __alloc_skb+0xbe/0x550
[ 62.441960][ T367] netlink_sendmsg+0x797/0xd20
[ 62.446568][ T367] ____sys_sendmsg+0x59e/0x8f0
[ 62.451160][ T367] ___sys_sendmsg+0x252/0x2e0
[ 62.455673][ T367] __se_sys_sendmsg+0x19a/0x260
[ 62.460449][ T367] __x64_sys_sendmsg+0x7b/0x90
[ 62.465201][ T367] x64_sys_call+0x16a/0x9a0
[ 62.469631][ T367] do_syscall_64+0x3b/0xb0
[ 62.473885][ T367] page last free stack trace:
[ 62.478440][ T367] free_unref_page_prepare+0x7c8/0x7d0
[ 62.483773][ T367] free_unref_page_list+0x14b/0xa60
[ 62.488811][ T367] release_pages+0x1310/0x1370
[ 62.493405][ T367] free_pages_and_swap_cache+0x8a/0xa0
[ 62.498703][ T367] tlb_finish_mmu+0x177/0x320
[ 62.503216][ T367] exit_mmap+0x484/0x990
[ 62.507289][ T367] __mmput+0x95/0x310
[ 62.511115][ T367] mmput+0x5b/0x170
[ 62.514769][ T367] do_exit+0xb9c/0x2ca0
[ 62.518747][ T367] do_group_exit+0x141/0x310
[ 62.523174][ T367] get_signal+0x7a3/0x1630
[ 62.527425][ T367] arch_do_signal_or_restart+0xbd/0x1680
[ 62.532896][ T367] exit_to_user_mode_loop+0xa0/0xe0
[ 62.537940][ T367] exit_to_user_mode_prepare+0x5a/0xa0
[ 62.543221][ T367] syscall_exit_to_user_mode+0x26/0x160
[ 62.548602][ T367] do_syscall_64+0x47/0xb0
[ 62.552862][ T367]
[ 62.555199][ T367] Memory state around the buggy address:
[ 62.560671][ T367] ffff8881196d6000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 62.568671][ T367] ffff8881196d6080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fc
[ 62.576664][ T367] >ffff8881196d6100: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
[ 62.584650][ T367] ^
[ 62.590659][ T367] ffff8881196d6180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 62.598546][ T367] ffff8881196d6200: fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc fc
[ 62.606435][ T367] ==================================================================
[ 62.626392][ T510] FAULT_INJECTION: forcing a failure.
2025/03/20 03:06:43 executed programs: 15
[ 62.626392][ T510] name failslab, interval 1, probability 0, space 0, times 0
[ 62.639042][ T510] CPU: 1 PID: 510 Comm: syz.2.28 Tainted: G B 5.15.178-syzkaller-1079147-g7d1f9b5c2ff5 #0
[ 62.650072][ T510] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[ 62.660043][ T510] Call Trace:
[ 62.663191][ T510]
[ 62.665940][ T510] dump_stack_lvl+0x151/0x1c0
[ 62.670541][ T510] ? io_uring_drop_tctx_refs+0x190/0x190
[ 62.676006][ T510] dump_stack+0x15/0x20
[ 62.680006][ T510] should_fail+0x3c6/0x510
[ 62.684261][ T510] __should_failslab+0xa4/0xe0
[ 62.688852][ T510] should_failslab+0x9/0x20
[ 62.693200][ T510] slab_pre_alloc_hook+0x37/0xd0
[ 62.697981][ T510] kmem_cache_alloc_trace+0x48/0x270
[ 62.703101][ T510] ? sk_psock_skb_ingress_self+0x60/0x330
[ 62.708650][ T510] ? migrate_disable+0x190/0x190
[ 62.713417][ T510] sk_psock_skb_ingress_self+0x60/0x330
[ 62.718796][ T510] sk_psock_verdict_recv+0x66d/0x840
[ 62.723919][ T510] unix_read_sock+0x132/0x370
[ 62.728435][ T510] ? sk_psock_skb_redirect+0x440/0x440
[ 62.733726][ T510] ? unix_stream_splice_actor+0x120/0x120
[ 62.739278][ T510] ? _raw_spin_lock_irqsave+0xf9/0x210
[ 62.744577][ T510] ? unix_stream_splice_actor+0x120/0x120
[ 62.750127][ T510] sk_psock_verdict_data_ready+0x147/0x1a0
[ 62.755771][ T510] ? sk_psock_start_verdict+0xc0/0xc0
[ 62.761189][ T510] ? _raw_spin_lock+0xa4/0x1b0
[ 62.765748][ T510] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 62.771389][ T510] ? skb_queue_tail+0xfb/0x120
[ 62.775990][ T510] unix_dgram_sendmsg+0x15fa/0x2090
[ 62.781029][ T510] ? unix_dgram_poll+0x690/0x690
[ 62.785801][ T510] ? kasan_set_track+0x5d/0x70
[ 62.790398][ T510] ? kasan_set_track+0x4b/0x70
[ 62.794999][ T510] ? security_socket_sendmsg+0x82/0xb0
[ 62.800291][ T510] ? unix_dgram_poll+0x690/0x690
[ 62.805066][ T510] ____sys_sendmsg+0x59e/0x8f0
[ 62.809667][ T510] ? __sys_sendmsg_sock+0x40/0x40
[ 62.814526][ T510] ? import_iovec+0xe5/0x120
[ 62.818954][ T510] ___sys_sendmsg+0x252/0x2e0
[ 62.823471][ T510] ? __sys_sendmsg+0x260/0x260
[ 62.828181][ T510] ? putname+0xfa/0x150
[ 62.832177][ T510] ? __fdget+0x1bc/0x240
[ 62.836244][ T510] __se_sys_sendmsg+0x19a/0x260
[ 62.840931][ T510] ? __x64_sys_sendmsg+0x90/0x90
[ 62.845704][ T510] ? ksys_write+0x260/0x2c0
[ 62.850045][ T510] ? debug_smp_processor_id+0x17/0x20
[ 62.855248][ T510] ? fpregs_assert_state_consistent+0xb6/0xe0
[ 62.861167][ T510] __x64_sys_sendmsg+0x7b/0x90
[ 62.865764][ T510] x64_sys_call+0x16a/0x9a0
[ 62.870165][ T510] do_syscall_64+0x3b/0xb0
[ 62.874342][ T510] ? clear_bhb_loop+0x35/0x90
[ 62.878858][ T510] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 62.884615][ T510] RIP: 0033:0x7f039c560759
[ 62.888841][ T510] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 62.908440][ T510] RSP: 002b:00007f039bfe1038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 62.916682][ T510] RAX: ffffffffffffffda RBX: 00007f039c717f80 RCX: 00007f039c560759
[ 62.924683][ T510] RDX: 0000000000000000 RSI: 0000000020000500 RDI: 0000000000000004
[ 62.932497][ T510] RBP: 00007f039bfe1090 R08: 0000000000000000 R09: 0000000000000000
[ 62.940301][ T510] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 62.948112][ T510] R13: 0000000000000000 R14: 00007f039c717f80 R15: 00007fff6e90ad88
[ 62.955928][ T510]
[ 62.962580][ T342] ==================================================================
[ 62.970560][ T342] BUG: KASAN: double-free or invalid-free in kmem_cache_free+0x115/0x330
[ 62.978889][ T342]
[ 62.981060][ T342] CPU: 1 PID: 342 Comm: kworker/1:2 Tainted: G B 5.15.178-syzkaller-1079147-g7d1f9b5c2ff5 #0
[ 62.992428][ T342] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[ 63.002332][ T342] Workqueue: events bpf_map_free_deferred
[ 63.007886][ T342] Call Trace:
[ 63.011008][ T342]
[ 63.013778][ T342] dump_stack_lvl+0x151/0x1c0
[ 63.018313][ T342] ? io_uring_drop_tctx_refs+0x190/0x190
[ 63.023759][ T342] ? panic+0x760/0x760
[ 63.027667][ T342] ? kasan_set_free_info+0x23/0x40
[ 63.032797][ T342] ? ____kasan_slab_free+0x126/0x160
[ 63.037917][ T342] ? kmem_cache_free+0x115/0x330
[ 63.042691][ T342] print_address_description+0x87/0x3b0
[ 63.048074][ T342] ? worker_thread+0xad5/0x12a0
[ 63.052760][ T342] ? kthread+0x421/0x510
[ 63.056884][ T342] ? kmem_cache_free+0x115/0x330
[ 63.061608][ T342] ? kmem_cache_free+0x115/0x330
[ 63.066383][ T342] kasan_report_invalid_free+0x6b/0xa0
[ 63.071682][ T342] ____kasan_slab_free+0x13e/0x160
[ 63.076624][ T342] __kasan_slab_free+0x11/0x20
[ 63.081229][ T342] slab_free_freelist_hook+0xbd/0x190
[ 63.086523][ T342] kmem_cache_free+0x115/0x330
[ 63.091129][ T342] ? kfree_skbmem+0x104/0x170
[ 63.095635][ T342] kfree_skbmem+0x104/0x170
[ 63.099976][ T342] consume_skb+0xb4/0x250
[ 63.104318][ T342] __sk_msg_free+0x2dd/0x370
[ 63.108824][ T342] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 63.114483][ T342] sk_psock_stop+0x4e3/0x580
[ 63.118902][ T342] sk_psock_drop+0x219/0x310
[ 63.123324][ T342] sock_map_unref+0x3c6/0x430
[ 63.127836][ T342] sock_map_free+0x137/0x2b0
[ 63.132263][ T342] bpf_map_free_deferred+0x10d/0x1e0
[ 63.137384][ T342] process_one_work+0x6bb/0xc10
[ 63.142072][ T342] worker_thread+0xad5/0x12a0
[ 63.146586][ T342] kthread+0x421/0x510
[ 63.150494][ T342] ? worker_clr_flags+0x180/0x180
[ 63.155351][ T342] ? kthread_blkcg+0xd0/0xd0
[ 63.160211][ T342] ret_from_fork+0x1f/0x30
[ 63.164461][ T342]
[ 63.167323][ T342]
[ 63.169493][ T342] Allocated by task 510:
[ 63.173580][ T342] __kasan_slab_alloc+0xb1/0xe0
[ 63.178265][ T342] slab_post_alloc_hook+0x53/0x2c0
[ 63.183209][ T342] kmem_cache_alloc+0xf5/0x250
[ 63.187895][ T342] skb_clone+0x1d1/0x360
[ 63.191970][ T342] sk_psock_verdict_recv+0x53/0x840
[ 63.197073][ T342] unix_read_sock+0x132/0x370
[ 63.201604][ T342] sk_psock_verdict_data_ready+0x147/0x1a0
[ 63.207256][ T342] unix_dgram_sendmsg+0x15fa/0x2090
[ 63.212286][ T342] ____sys_sendmsg+0x59e/0x8f0
[ 63.216879][ T342] ___sys_sendmsg+0x252/0x2e0
[ 63.221398][ T342] __se_sys_sendmsg+0x19a/0x260
[ 63.226088][ T342] __x64_sys_sendmsg+0x7b/0x90
[ 63.230680][ T342] x64_sys_call+0x16a/0x9a0
[ 63.235019][ T342] do_syscall_64+0x3b/0xb0
[ 63.239289][ T342] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 63.245008][ T342]
[ 63.247170][ T342] Freed by task 342:
[ 63.250905][ T342] kasan_set_track+0x4b/0x70
[ 63.255329][ T342] kasan_set_free_info+0x23/0x40
[ 63.260103][ T342] ____kasan_slab_free+0x126/0x160
[ 63.265141][ T342] __kasan_slab_free+0x11/0x20
[ 63.269743][ T342] slab_free_freelist_hook+0xbd/0x190
[ 63.274944][ T342] kmem_cache_free+0x115/0x330
[ 63.279552][ T342] kfree_skbmem+0x104/0x170
[ 63.283885][ T342] kfree_skb+0xc2/0x360
[ 63.287881][ T342] sk_psock_backlog+0xad1/0xdc0
[ 63.292827][ T342] process_one_work+0x6bb/0xc10
[ 63.297512][ T342] worker_thread+0xad5/0x12a0
[ 63.302025][ T342] kthread+0x421/0x510
[ 63.305928][ T342] ret_from_fork+0x1f/0x30
[ 63.310189][ T342]
[ 63.312354][ T342] The buggy address belongs to the object at ffff888119986b40
[ 63.312354][ T342] which belongs to the cache skbuff_head_cache of size 248
[ 63.326761][ T342] The buggy address is located 0 bytes inside of
[ 63.326761][ T342] 248-byte region [ffff888119986b40, ffff888119986c38)
[ 63.339700][ T342] The buggy address belongs to the page:
[ 63.345177][ T342] page:ffffea0004666180 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x119986
[ 63.355753][ T342] flags: 0x4000000000000200(slab|zone=1)
[ 63.361230][ T342] raw: 4000000000000200 0000000000000000 dead000000000122 ffff8881081abb00
[ 63.369644][ T342] raw: 0000000000000000 00000000000c000c 00000001ffffffff 0000000000000000
[ 63.378055][ T342] page dumped because: kasan: bad access detected
[ 63.384313][ T342] page_owner tracks the page as allocated
[ 63.389857][ T342] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x112cc0(GFP_USER|__GFP_NOWARN|__GFP_NORETRY), pid 90, ts 62625036189, free_ts 62618278995
[ 63.405568][ T342] post_alloc_hook+0x1a3/0x1b0
[ 63.410166][ T342] prep_new_page+0x1b/0x110
[ 63.414511][ T342] get_page_from_freelist+0x3550/0x35d0
[ 63.419890][ T342] __alloc_pages+0x27e/0x8f0
[ 63.424315][ T342] new_slab+0x9a/0x4e0
[ 63.428218][ T342] ___slab_alloc+0x39e/0x830
[ 63.432647][ T342] __slab_alloc+0x4a/0x90
[ 63.436813][ T342] kmem_cache_alloc+0x139/0x250
[ 63.441501][ T342] __alloc_skb+0xbe/0x550
[ 63.445670][ T342] alloc_skb_with_frags+0xa6/0x680
[ 63.450616][ T342] sock_alloc_send_pskb+0x915/0xa50
[ 63.455645][ T342] unix_dgram_sendmsg+0x6fd/0x2090
[ 63.460852][ T342] __sys_sendto+0x564/0x720
[ 63.465196][ T342] __x64_sys_sendto+0xe5/0x100
[ 63.469881][ T342] x64_sys_call+0x15c/0x9a0
[ 63.474220][ T342] do_syscall_64+0x3b/0xb0
[ 63.478474][ T342] page last free stack trace:
[ 63.483032][ T342] free_unref_page_prepare+0x7c8/0x7d0
[ 63.488282][ T342] free_unref_page+0xe8/0x750
[ 63.492791][ T342] __free_pages+0x61/0xf0
[ 63.496957][ T342] __free_slab+0xec/0x1d0
[ 63.501123][ T342] __unfreeze_partials+0x165/0x1a0
[ 63.506078][ T342] put_cpu_partial+0xc4/0x120
[ 63.510584][ T342] __slab_free+0x1c8/0x290
[ 63.514842][ T342] ___cache_free+0x109/0x120
[ 63.519263][ T342] qlink_free+0x4d/0x90
[ 63.523260][ T342] qlist_free_all+0x44/0xb0
[ 63.527592][ T342] kasan_quarantine_reduce+0x15a/0x180
[ 63.532890][ T342] __kasan_slab_alloc+0x2f/0xe0