Warning: Permanently added '10.128.1.95' (ED25519) to the list of known hosts.
2025/05/15 09:17:45 ignoring optional flag "sandboxArg"="0"
2025/05/15 09:17:45 ignoring optional flag "type"="gce"
2025/05/15 09:17:45 parsed 1 programs
2025/05/15 09:17:45 executed programs: 0
[ 44.845334][ T30] kauditd_printk_skb: 18 callbacks suppressed
[ 44.845347][ T30] audit: type=1400 audit(1747300665.346:92): avc: denied { unlink } for pid=320 comm="syz-executor" name="swap-file" dev="sda1" ino=2027 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[ 44.890921][ T320] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k
[ 44.949031][ T326] bridge0: port 1(bridge_slave_0) entered blocking state
[ 44.956207][ T326] bridge0: port 1(bridge_slave_0) entered disabled state
[ 44.963541][ T326] device bridge_slave_0 entered promiscuous mode
[ 44.970510][ T326] bridge0: port 2(bridge_slave_1) entered blocking state
[ 44.977663][ T326] bridge0: port 2(bridge_slave_1) entered disabled state
[ 44.985229][ T326] device bridge_slave_1 entered promiscuous mode
[ 45.030434][ T326] bridge0: port 2(bridge_slave_1) entered blocking state
[ 45.037588][ T326] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 45.044874][ T326] bridge0: port 1(bridge_slave_0) entered blocking state
[ 45.051904][ T326] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 45.071033][ T8] bridge0: port 1(bridge_slave_0) entered disabled state
[ 45.078544][ T8] bridge0: port 2(bridge_slave_1) entered disabled state
[ 45.086201][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[ 45.093666][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 45.102646][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 45.110815][ T8] bridge0: port 1(bridge_slave_0) entered blocking state
[ 45.117858][ T8] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 45.126766][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 45.135014][ T8] bridge0: port 2(bridge_slave_1) entered blocking state
[ 45.142034][ T8] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 45.153677][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 45.162958][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 45.177067][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 45.188175][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 45.197006][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[ 45.204484][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[ 45.212961][ T326] device veth0_vlan entered promiscuous mode
[ 45.222926][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 45.232141][ T326] device veth1_macvtap entered promiscuous mode
[ 45.241927][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 45.252225][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[ 45.275516][ T30] audit: type=1400 audit(1747300665.776:93): avc: denied { prog_load } for pid=330 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1
[ 45.300685][ T30] audit: type=1400 audit(1747300665.776:94): avc: denied { bpf } for pid=330 comm="syz-executor.0" capability=39 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1
[ 45.326383][ T333] FAULT_INJECTION: forcing a failure.
[ 45.326383][ T333] name fail_usercopy, interval 1, probability 0, space 0, times 1
[ 45.339729][ T30] audit: type=1400 audit(1747300665.826:95): avc: denied { map_create } for pid=330 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1
[ 45.359449][ T333] CPU: 1 PID: 333 Comm: syz-executor.0 Not tainted 5.15.182-syzkaller-1080481-g57725b368731 #0
[ 45.369799][ T333] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025
[ 45.379882][ T333] Call Trace:
[ 45.383169][ T333]
[ 45.386107][ T333] __dump_stack+0x21/0x30
[ 45.390570][ T333] dump_stack_lvl+0xee/0x150
[ 45.395185][ T333] ? show_regs_print_info+0x20/0x20
[ 45.400496][ T333] dump_stack+0x15/0x20
[ 45.404668][ T333] should_fail+0x3c1/0x510
[ 45.409104][ T333] should_fail_usercopy+0x1a/0x20
[ 45.414145][ T333] _copy_to_user+0x20/0x90
[ 45.418591][ T333] simple_read_from_buffer+0xe9/0x160
[ 45.423988][ T333] proc_fail_nth_read+0x19a/0x210
[ 45.429130][ T333] ? proc_fault_inject_write+0x2f0/0x2f0
[ 45.434787][ T333] ? security_file_permission+0x83/0xa0
[ 45.440360][ T333] ? proc_fault_inject_write+0x2f0/0x2f0
[ 45.446022][ T333] vfs_read+0x282/0xbe0
[ 45.450195][ T333] ? kernel_read+0x1f0/0x1f0
[ 45.454795][ T333] ? __kasan_check_write+0x14/0x20
[ 45.459916][ T333] ? mutex_lock+0x95/0x1a0
[ 45.464430][ T333] ? wait_for_completion_killable_timeout+0x10/0x10
[ 45.465174][ T30] audit: type=1400 audit(1747300665.826:96): avc: denied { map_read map_write } for pid=330 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1
[ 45.471034][ T333] ? __fget_files+0x2c4/0x320
[ 45.495571][ T333] ? __fdget_pos+0x2d2/0x380
[ 45.500182][ T333] ? ksys_read+0x71/0x240
[ 45.504534][ T333] ksys_read+0x140/0x240
[ 45.508793][ T333] ? vfs_write+0xf70/0xf70
[ 45.513218][ T333] ? debug_smp_processor_id+0x17/0x20
[ 45.518613][ T333] __x64_sys_read+0x7b/0x90
[ 45.523138][ T333] x64_sys_call+0x96d/0x9a0
[ 45.527650][ T333] do_syscall_64+0x4c/0xa0
[ 45.532067][ T333] ? clear_bhb_loop+0x35/0x90
[ 45.536735][ T333] ? clear_bhb_loop+0x35/0x90
[ 45.541504][ T333] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 45.547566][ T333] RIP: 0033:0x7f674460278c
[ 45.551992][ T333] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 59 81 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 af 81 02 00 48
[ 45.571605][ T333] RSP: 002b:00007f67441650c0 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[ 45.580032][ T333] RAX: ffffffffffffffda RBX: 00007f6744723050 RCX: 00007f674460278c
[ 45.588030][ T333] RDX: 000000000000000f RSI: 00007f6744165130 RDI: 0000000000000005
[ 45.595997][ T333] RBP: 00007f6744165120 R08: 0000000000000000 R09: 0000000000000000
[ 45.603986][ T333] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 45.611979][ T333] R13: 000000000000006e R14: 00007f6744723050 R15: 00007ffc08dbc228
[ 45.619961][ T333]
[ 45.667208][ T30] audit: type=1400 audit(1747300666.166:97): avc: denied { perfmon } for pid=330 comm="syz-executor.0" capability=38 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1
[ 45.695284][ T30] audit: type=1400 audit(1747300666.186:98): avc: denied { prog_run } for pid=334 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1
[ 45.696070][ T335] FAULT_INJECTION: forcing a failure.
[ 45.696070][ T335] name failslab, interval 1, probability 0, space 0, times 1
[ 45.727158][ T335] CPU: 0 PID: 335 Comm: syz-executor.0 Not tainted 5.15.182-syzkaller-1080481-g57725b368731 #0
[ 45.737680][ T335] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025
[ 45.747749][ T335] Call Trace:
[ 45.751039][ T335]
[ 45.753959][ T335] __dump_stack+0x21/0x30
[ 45.758286][ T335] dump_stack_lvl+0xee/0x150
[ 45.762897][ T335] ? show_regs_print_info+0x20/0x20
[ 45.768101][ T335] dump_stack+0x15/0x20
[ 45.772249][ T335] should_fail+0x3c1/0x510
[ 45.776663][ T335] __should_failslab+0xa4/0xe0
[ 45.781418][ T335] should_failslab+0x9/0x20
[ 45.785908][ T335] slab_pre_alloc_hook+0x3b/0xe0
[ 45.790840][ T335] kmem_cache_alloc_trace+0x48/0x270
[ 45.796117][ T335] ? sk_psock_skb_ingress_self+0x5f/0x330
[ 45.801828][ T335] ? migrate_disable+0x180/0x180
[ 45.806781][ T335] sk_psock_skb_ingress_self+0x5f/0x330
[ 45.812334][ T335] ? migrate_disable+0xd6/0x180
[ 45.817300][ T335] sk_psock_verdict_recv+0x636/0x800
[ 45.822584][ T335] unix_read_sock+0x10a/0x2c0
[ 45.827253][ T335] ? sk_psock_skb_redirect+0x440/0x440
[ 45.833052][ T335] ? unix_stream_splice_actor+0x120/0x120
[ 45.838771][ T335] ? __kasan_check_write+0x14/0x20
[ 45.843883][ T335] ? unix_stream_splice_actor+0x120/0x120
[ 45.849595][ T335] sk_psock_verdict_data_ready+0x115/0x170
[ 45.855393][ T335] ? sk_psock_start_verdict+0xc0/0xc0
[ 45.860754][ T335] ? _raw_spin_lock+0x8e/0xe0
[ 45.865433][ T335] ? _raw_spin_unlock_irqrestore+0x5b/0x80
[ 45.871237][ T335] ? skb_queue_tail+0xcb/0xf0
[ 45.875906][ T335] unix_dgram_sendmsg+0x11e6/0x1880
[ 45.881106][ T335] ? unix_dgram_poll+0x6b0/0x6b0
[ 45.886061][ T335] ? __mod_memcg_lruvec_state+0x122/0x1b0
[ 45.891776][ T335] ? security_socket_sendmsg+0x82/0xa0
[ 45.897227][ T335] ? unix_dgram_poll+0x6b0/0x6b0
[ 45.902171][ T335] ____sys_sendmsg+0x5a2/0x8c0
[ 45.906932][ T335] ? __sys_sendmsg_sock+0x40/0x40
[ 45.911947][ T335] ? import_iovec+0x7c/0xb0
[ 45.916457][ T335] ___sys_sendmsg+0x1f0/0x260
[ 45.921128][ T335] ? _kstrtoull+0x3c0/0x4d0
[ 45.925625][ T335] ? __sys_sendmsg+0x250/0x250
[ 45.930444][ T335] ? __fdget+0x1a1/0x230
[ 45.934695][ T335] __sys_sendmmsg+0x278/0x480
[ 45.939412][ T335] ? __ia32_sys_sendmsg+0x2a0/0x2a0
[ 45.944621][ T335] ? __ia32_sys_read+0x90/0x90
[ 45.949373][ T335] __x64_sys_sendmmsg+0xa0/0xb0
[ 45.954215][ T335] x64_sys_call+0x6c6/0x9a0
[ 45.958774][ T335] do_syscall_64+0x4c/0xa0
[ 45.963189][ T335] ? clear_bhb_loop+0x35/0x90
[ 45.967872][ T335] ? clear_bhb_loop+0x35/0x90
[ 45.972558][ T335] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 45.978447][ T335] RIP: 0033:0x7f6744603ae9
[ 45.982858][ T335] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[ 46.002479][ T335] RSP: 002b:00007f67441860c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 46.010978][ T335] RAX: ffffffffffffffda RBX: 00007f6744722f80 RCX: 00007f6744603ae9
[ 46.018944][ T335] RDX: 0000000000000001 RSI: 00000000200063c0 RDI: 0000000000000003
[ 46.026911][ T335] RBP: 00007f6744186120 R08: 0000000000000000 R09: 0000000000000000
[ 46.034925][ T335] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 46.042891][ T335] R13: 000000000000000b R14: 00007f6744722f80 R15: 00007ffc08dbc228
[ 46.050860][ T335]
[ 46.057075][ T334] ==================================================================
[ 46.065247][ T334] BUG: KASAN: use-after-free in consume_skb+0x3a/0x1f0
[ 46.072115][ T334] Read of size 4 at addr ffff8881253b522c by task syz-executor.0/334
[ 46.080178][ T334]
[ 46.082497][ T334] CPU: 1 PID: 334 Comm: syz-executor.0 Not tainted 5.15.182-syzkaller-1080481-g57725b368731 #0
[ 46.092823][ T334] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025
[ 46.103002][ T334] Call Trace:
[ 46.106288][ T334]
[ 46.109241][ T334] __dump_stack+0x21/0x30
[ 46.113577][ T334] dump_stack_lvl+0xee/0x150
[ 46.118170][ T334] ? show_regs_print_info+0x20/0x20
[ 46.123372][ T334] ? load_image+0x3a0/0x3a0
[ 46.127879][ T334] print_address_description+0x7f/0x2c0
[ 46.133436][ T334] ? consume_skb+0x3a/0x1f0
[ 46.137939][ T334] kasan_report+0xf1/0x140
[ 46.142353][ T334] ? consume_skb+0x3a/0x1f0
[ 46.146853][ T334] kasan_check_range+0x280/0x290
[ 46.151794][ T334] __kasan_check_read+0x11/0x20
[ 46.156652][ T334] consume_skb+0x3a/0x1f0
[ 46.161157][ T334] __sk_msg_free+0x4f4/0x560
[ 46.165742][ T334] ? _raw_spin_lock_bh+0x8e/0xe0
[ 46.170699][ T334] ? _raw_spin_lock_irq+0xe0/0xe0
[ 46.175923][ T334] ? skb_dequeue+0x125/0x160
[ 46.180514][ T334] sk_psock_stop+0x4c9/0x570
[ 46.185227][ T334] ? sock_no_sendpage_locked+0x130/0x130
[ 46.190883][ T334] sk_psock_drop+0x226/0x300
[ 46.195485][ T334] sock_map_unref+0x3c2/0x420
[ 46.200168][ T334] ? sk_psock_link_pop+0x154/0x170
[ 46.205279][ T334] sock_map_remove_links+0x3cd/0x600
[ 46.210679][ T334] ? sock_init_data+0xc0/0xc0
[ 46.215350][ T334] ? sock_map_unhash+0x130/0x130
[ 46.220283][ T334] sock_map_close+0x111/0x440
[ 46.224960][ T334] ? unix_peer_get+0xe0/0xe0
[ 46.229548][ T334] ? sock_map_remove_links+0x600/0x600
[ 46.235000][ T334] ? clear_nonspinnable+0x60/0x60
[ 46.240019][ T334] unix_release+0x82/0xc0
[ 46.244341][ T334] sock_close+0xe0/0x270
[ 46.248574][ T334] ? sock_mmap+0xa0/0xa0
[ 46.252825][ T334] __fput+0x20b/0x8b0
[ 46.256822][ T334] ____fput+0x15/0x20
[ 46.260811][ T334] task_work_run+0x127/0x190
[ 46.265403][ T334] exit_to_user_mode_loop+0xd0/0xe0
[ 46.270695][ T334] exit_to_user_mode_prepare+0x5a/0xa0
[ 46.276173][ T334] syscall_exit_to_user_mode+0x1a/0x30
[ 46.281635][ T334] do_syscall_64+0x58/0xa0
[ 46.286060][ T334] ? clear_bhb_loop+0x35/0x90
[ 46.290839][ T334] ? clear_bhb_loop+0x35/0x90
[ 46.295516][ T334] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 46.301604][ T334] RIP: 0033:0x7f67446029da
[ 46.306012][ T334] Code: 48 3d 00 f0 ff ff 77 48 c3 0f 1f 80 00 00 00 00 48 83 ec 18 89 7c 24 0c e8 03 7f 02 00 8b 7c 24 0c 89 c2 b8 03 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 36 89 d7 89 44 24 0c e8 63 7f 02 00 8b 44 24
[ 46.325628][ T334] RSP: 002b:00007ffc08dbc2f0 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[ 46.334125][ T334] RAX: 0000000000000000 RBX: 0000000000000004 RCX: 00007f67446029da
[ 46.342182][ T334] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003
[ 46.350149][ T334] RBP: 00007f6744724980 R08: 0000001b30160000 R09: 0001ab4844fdf950
[ 46.358118][ T334] R10: 0000000000000000 R11: 0000000000000293 R12: 000000000000b5a5
[ 46.366082][ T334] R13: ffffffffffffffff R14: 00007f6744187000 R15: 000000000000b264
[ 46.374055][ T334]
[ 46.377078][ T334]
[ 46.379396][ T334] Allocated by task 335:
[ 46.383623][ T334] __kasan_slab_alloc+0xbd/0xf0
[ 46.388470][ T334] slab_post_alloc_hook+0x4f/0x2b0
[ 46.393596][ T334] kmem_cache_alloc+0xf7/0x260
[ 46.398353][ T334] skb_clone+0x1cf/0x360
[ 46.402625][ T334] sk_psock_verdict_recv+0x53/0x800
[ 46.407813][ T334] unix_read_sock+0x10a/0x2c0
[ 46.412480][ T334] sk_psock_verdict_data_ready+0x115/0x170
[ 46.418287][ T334] unix_dgram_sendmsg+0x11e6/0x1880
[ 46.423484][ T334] ____sys_sendmsg+0x5a2/0x8c0
[ 46.428325][ T334] ___sys_sendmsg+0x1f0/0x260
[ 46.432997][ T334] __sys_sendmmsg+0x278/0x480
[ 46.437692][ T334] __x64_sys_sendmmsg+0xa0/0xb0
[ 46.442532][ T334] x64_sys_call+0x6c6/0x9a0
[ 46.447030][ T334] do_syscall_64+0x4c/0xa0
[ 46.451470][ T334] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 46.457380][ T334]
[ 46.459699][ T334] Freed by task 296:
[ 46.463584][ T334] kasan_set_track+0x4a/0x70
[ 46.468188][ T334] kasan_set_free_info+0x23/0x40
[ 46.473123][ T334] ____kasan_slab_free+0x125/0x160
[ 46.478320][ T334] __kasan_slab_free+0x11/0x20
[ 46.483077][ T334] slab_free_freelist_hook+0xc2/0x190
[ 46.488441][ T334] kmem_cache_free+0x100/0x320
[ 46.493202][ T334] kfree_skbmem+0x10c/0x180
[ 46.497699][ T334] kfree_skb+0xc1/0x2f0
[ 46.501846][ T334] sk_psock_backlog+0xa85/0xd80
[ 46.506689][ T334] process_one_work+0x6be/0xba0
[ 46.511543][ T334] worker_thread+0xa59/0x1200
[ 46.516213][ T334] kthread+0x411/0x500
[ 46.520281][ T334] ret_from_fork+0x1f/0x30
[ 46.524691][ T334]
[ 46.527009][ T334] The buggy address belongs to the object at ffff8881253b5140
[ 46.527009][ T334] which belongs to the cache skbuff_head_cache of size 248
[ 46.541573][ T334] The buggy address is located 236 bytes inside of
[ 46.541573][ T334] 248-byte region [ffff8881253b5140, ffff8881253b5238)
[ 46.554836][ T334] The buggy address belongs to the page:
[ 46.560469][ T334] page:ffffea000494ed40 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1253b5
[ 46.570706][ T334] flags: 0x4000000000000200(slab|zone=1)
[ 46.576349][ T334] raw: 4000000000000200 0000000000000000 dead000000000122 ffff8881081aa000
[ 46.584924][ T334] raw: 0000000000000000 00000000000c000c 00000001ffffffff 0000000000000000
[ 46.593492][ T334] page dumped because: kasan: bad access detected
[ 46.599890][ T334] page_owner tracks the page as allocated
[ 46.605592][ T334] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x112cc0(GFP_USER|__GFP_NOWARN|__GFP_NORETRY), pid 296, ts 45525341999, free_ts 44736809991
[ 46.621468][ T334] post_alloc_hook+0x192/0x1b0
[ 46.626227][ T334] prep_new_page+0x1c/0x110
[ 46.630726][ T334] get_page_from_freelist+0x2cc5/0x2d50
[ 46.636349][ T334] __alloc_pages+0x18f/0x440
[ 46.641024][ T334] new_slab+0xa1/0x4d0
[ 46.645090][ T334] ___slab_alloc+0x381/0x810
[ 46.649673][ T334] __slab_alloc+0x49/0x90
[ 46.653998][ T334] kmem_cache_alloc+0x138/0x260
[ 46.658845][ T334] __alloc_skb+0xe0/0x740
[ 46.663171][ T334] mld_newpack+0x13a/0x9d0
[ 46.667629][ T334] add_grhead+0x5e/0x290
[ 46.671863][ T334] add_grec+0xd41/0x1100
[ 46.676190][ T334] mld_ifc_work+0x75d/0xbe0
[ 46.680702][ T334] process_one_work+0x6be/0xba0
[ 46.685553][ T334] worker_thread+0xa59/0x1200
[ 46.690223][ T334] kthread+0x411/0x500
[ 46.694286][ T334] page last free stack trace:
[ 46.698942][ T334] free_unref_page_prepare+0x542/0x550
[ 46.704401][ T334] free_unref_page+0xa2/0x550
[ 46.709067][ T334] __free_pages+0x6c/0x100
[ 46.713493][ T334] __vunmap+0x84d/0x9e0
[ 46.717640][ T334] vfree+0x8b/0xc0
[ 46.721366][ T334] kcov_mmap+0x8f/0x130
[ 46.725514][ T334] mmap_file+0x60/0xb0
[ 46.729572][ T334] mmap_region+0xf94/0x1800
[ 46.734069][ T334] do_mmap+0x76c/0xe40
[ 46.738138][ T334] vm_mmap_pgoff+0x1ce/0x410
[ 46.742718][ T334] ksys_mmap_pgoff+0x161/0x1d0
[ 46.747478][ T334] __x64_sys_mmap+0xfa/0x110
[ 46.752060][ T334] x64_sys_call+0x83/0x9a0
[ 46.756498][ T334] do_syscall_64+0x4c/0xa0
[ 46.761172][ T334] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 46.767063][ T334]
[ 46.769377][ T334] Memory state around the buggy address:
[ 46.774997][ T334] ffff8881253b5100: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
[ 46.783046][ T334] ffff8881253b5180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 46.791094][ T334] >ffff8881253b5200: fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc fc
[ 46.799142][ T334] ^
[ 46.804501][ T334] ffff8881253b5280: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 46.812546][ T334] ffff8881253b5300: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fc
[ 46.820595][ T334] ==================================================================
[ 46.828665][ T334] Disabling lock debugging due to kernel taint
[ 46.834856][ T334] ==================================================================
[ 46.842914][ T334] BUG: KASAN: double-free or invalid-free in kmem_cache_free+0x100/0x320
[ 46.851384][ T334]
[ 46.853702][ T334] CPU: 1 PID: 334 Comm: syz-executor.0 Tainted: G B 5.15.182-syzkaller-1080481-g57725b368731 #0
[ 46.865409][ T334] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025
[ 46.875457][ T334] Call Trace:
[ 46.878738][ T334]
[ 46.881663][ T334] __dump_stack+0x21/0x30
[ 46.886011][ T334] dump_stack_lvl+0xee/0x150
[ 46.890599][ T334] ? show_regs_print_info+0x20/0x20
[ 46.895792][ T334] ? load_image+0x3a0/0x3a0
[ 46.900298][ T334] print_address_description+0x7f/0x2c0
[ 46.905839][ T334] ? kmem_cache_free+0x100/0x320
[ 46.910770][ T334] kasan_report_invalid_free+0x58/0x90
[ 46.916224][ T334] ? kmem_cache_free+0x100/0x320
[ 46.921155][ T334] ____kasan_slab_free+0x13d/0x160
[ 46.926256][ T334] __kasan_slab_free+0x11/0x20
[ 46.931013][ T334] slab_free_freelist_hook+0xc2/0x190
[ 46.936380][ T334] ? kfree_skbmem+0x10c/0x180
[ 46.941049][ T334] kmem_cache_free+0x100/0x320
[ 46.945807][ T334] ? skb_release_data+0x94f/0xa10
[ 46.950828][ T334] kfree_skbmem+0x10c/0x180
[ 46.955321][ T334] consume_skb+0xb3/0x1f0
[ 46.959644][ T334] __sk_msg_free+0x4f4/0x560
[ 46.964232][ T334] ? _raw_spin_lock_bh+0x8e/0xe0
[ 46.969163][ T334] ? _raw_spin_lock_irq+0xe0/0xe0
[ 46.974183][ T334] ? skb_dequeue+0x125/0x160
[ 46.978766][ T334] sk_psock_stop+0x4c9/0x570
[ 46.983351][ T334] ? sock_no_sendpage_locked+0x130/0x130
[ 46.989074][ T334] sk_psock_drop+0x226/0x300
[ 46.993690][ T334] sock_map_unref+0x3c2/0x420
[ 46.998365][ T334] ? sk_psock_link_pop+0x154/0x170
[ 47.003466][ T334] sock_map_remove_links+0x3cd/0x600
[ 47.008743][ T334] ? sock_init_data+0xc0/0xc0
[ 47.013414][ T334] ? sock_map_unhash+0x130/0x130
[ 47.018353][ T334] sock_map_close+0x111/0x440
[ 47.023033][ T334] ? unix_peer_get+0xe0/0xe0
[ 47.027707][ T334] ? sock_map_remove_links+0x600/0x600
[ 47.033246][ T334] ? clear_nonspinnable+0x60/0x60
[ 47.038268][ T334] unix_release+0x82/0xc0
[ 47.042596][ T334] sock_close+0xe0/0x270
[ 47.046829][ T334] ? sock_mmap+0xa0/0xa0
[ 47.051083][ T334] __fput+0x20b/0x8b0
[ 47.055060][ T334] ____fput+0x15/0x20
[ 47.059053][ T334] task_work_run+0x127/0x190
[ 47.063636][ T334] exit_to_user_mode_loop+0xd0/0xe0
[ 47.068824][ T334] exit_to_user_mode_prepare+0x5a/0xa0
[ 47.074279][ T334] syscall_exit_to_user_mode+0x1a/0x30
[ 47.079729][ T334] do_syscall_64+0x58/0xa0
[ 47.084136][ T334] ? clear_bhb_loop+0x35/0x90
[ 47.088806][ T334] ? clear_bhb_loop+0x35/0x90
[ 47.093493][ T334] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 47.099485][ T334] RIP: 0033:0x7f67446029da
[ 47.103892][ T334] Code: 48 3d 00 f0 ff ff 77 48 c3 0f 1f 80 00 00 00 00 48 83 ec 18 89 7c 24 0c e8 03 7f 02 00 8b 7c 24 0c 89 c2 b8 03 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 36 89 d7 89 44 24 0c e8 63 7f 02 00 8b 44 24
[ 47.123666][ T334] RSP: 002b:00007ffc08dbc2f0 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[ 47.132074][ T334] RAX: 0000000000000000 RBX: 0000000000000004 RCX: 00007f67446029da
[ 47.140038][ T334] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003
[ 47.148001][ T334] RBP: 00007f6744724980 R08: 0000001b30160000 R09: 0001ab4844fdf950
[ 47.155965][ T334] R10: 0000000000000000 R11: 0000000000000293 R12: 000000000000b5a5
[ 47.164105][ T334] R13: ffffffffffffffff R14: 00007f6744187000 R15: 000000000000b264
[ 47.172208][ T334]
[ 47.175218][ T334]
[ 47.177530][ T334] Allocated by task 335:
[ 47.181757][ T334] __kasan_slab_alloc+0xbd/0xf0
[ 47.186601][ T334] slab_post_alloc_hook+0x4f/0x2b0
[ 47.191707][ T334] kmem_cache_alloc+0xf7/0x260
[ 47.196461][ T334] skb_clone+0x1cf/0x360
[ 47.200701][ T334] sk_psock_verdict_recv+0x53/0x800
[ 47.205890][ T334] unix_read_sock+0x10a/0x2c0
[ 47.210571][ T334] sk_psock_verdict_data_ready+0x115/0x170
[ 47.216373][ T334] unix_dgram_sendmsg+0x11e6/0x1880
[ 47.221584][ T334] ____sys_sendmsg+0x5a2/0x8c0
[ 47.226447][ T334] ___sys_sendmsg+0x1f0/0x260
[ 47.231123][ T334] __sys_sendmmsg+0x278/0x480
[ 47.235913][ T334] __x64_sys_sendmmsg+0xa0/0xb0
[ 47.240784][ T334] x64_sys_call+0x6c6/0x9a0
[ 47.245294][ T334] do_syscall_64+0x4c/0xa0
[ 47.249708][ T334] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 47.255601][ T334]
[ 47.257914][ T334] Freed by task 296:
[ 47.261793][ T334] kasan_set_track+0x4a/0x70
[ 47.266495][ T334] kasan_set_free_info+0x23/0x40
[ 47.271530][ T334] ____kasan_slab_free+0x125/0x160
[ 47.276700][ T334] __kasan_slab_free+0x11/0x20
[ 47.281470][ T334] slab_free_freelist_hook+0xc2/0x190
[ 47.286851][ T334] kmem_cache_free+0x100/0x320
[ 47.291617][ T334] kfree_skbmem+0x10c/0x180
[ 47.296204][ T334] kfree_skb+0xc1/0x2f0
[ 47.300361][ T334] sk_psock_backlog+0xa85/0xd80
[ 47.305209][ T334] process_one_work+0x6be/0xba0
[ 47.310064][ T334] worker_thread+0xa59/0x1200
[ 47.314745][ T334] kthread+0x411/0x500
[ 47.318816][ T334] ret_from_fork+0x1f/0x30
[ 47.323236][ T334]
[ 47.325558][ T334] The buggy address belongs to the object at ffff8881253b5140
[ 47.325558][ T334] which belongs to the cache skbuff_head_cache of size 248
[ 47.340227][ T334] The buggy address is located 0 bytes inside of
[ 47.340227][ T334] 248-byte region [ffff8881253b5140, ffff8881253b5238)
[ 47.353345][ T334] The buggy address belongs to the page:
[ 47.358965][ T334] page:ffffea000494ed40 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1253b5
[ 47.369222][ T334] flags: 0x4000000000000200(slab|zone=1)
[ 47.374854][ T334] raw: 4000000000000200 0000000000000000 dead000000000122 ffff8881081aa000
[ 47.383428][ T334] raw: 0000000000000000 00000000000c000c 00000001ffffffff 0000000000000000
[ 47.391997][ T334] page dumped because: kasan: bad access detected
[ 47.398396][ T334] page_owner tracks the page as allocated
[ 47.404117][ T334] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x112cc0(GFP_USER|__GFP_NOWARN|__GFP_NORETRY), pid 296, ts 45525341999, free_ts 44736809991
[ 47.420264][ T334] post_alloc_hook+0x192/0x1b0
[ 47.425035][ T334] prep_new_page+0x1c/0x110
[ 47.429528][ T334] get_page_from_freelist+0x2cc5/0x2d50
[ 47.435067][ T334] __alloc_pages+0x18f/0x440
[ 47.439651][ T334] new_slab+0xa1/0x4d0
[ 47.443736][ T334] ___slab_alloc+0x381/0x810
[ 47.448316][ T334] __slab_alloc+0x49/0x90
[ 47.452634][ T334] kmem_cache_alloc+0x138/0x260
[ 47.457479][ T334] __alloc_skb+0xe0/0x740
[ 47.461801][ T334] mld_newpack+0x13a/0x9d0
[ 47.466203][ T334] add_grhead+0x5e/0x290
[ 47.470445][ T334] add_grec+0xd41/0x1100
[ 47.474684][ T334] mld_ifc_work+0x75d/0xbe0
[ 47.479176][ T334] process_one_work+0x6be/0xba0
[ 47.484018][ T334] worker_thread+0xa59/0x1200
[ 47.488689][ T334] kthread+0x411/0x500
[ 47.492838][ T334] page last free stack trace:
[ 47.497497][ T334] free_unref_page_prepare+0x542/0x550
[ 47.502949][ T334] free_unref_page+0xa2/0x550
[ 47.507614][ T334] __free_pages+0x6c/0x100
[ 47.512024][ T334] __vunmap+0x84d/0x9e0
[ 47.516169][ T334] vfree+0x8b/0xc0
[ 47.519984][ T334] kcov_mmap+0x8f/0x130
[ 47.524132][ T334] mmap_file+0x60/0xb0
[ 47.528194][ T334] mmap_region+0xf94/0x1800
[ 47.532689][ T334] do_mmap+0x76c/0xe40
[ 47.536748][ T334] vm_mmap_pgoff+0x1ce/0x410
[ 47.541325][ T334] ksys_mmap_pgoff+0x161/0x1d0
[ 47.546081][ T334] __x64_sys_mmap+0xfa/0x110
[ 47.550661][ T334] x64_sys_call+0x83/0x9a0
[ 47.555067][ T334] do_syscall_64+0x4c/0xa0
[ 47.559479][ T334] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 47.565365][ T334]
[ 47.567680][ T334] Memory state around the buggy address:
[ 47.573295][ T334] ffff8881253b5000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 47.581364][ T334] ffff8881253b5080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fc
[ 47.589420][ T334] >ffff8881253b5100: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
[ 47.597474][ T334] ^
[ 47.603623][ T334] ffff8881253b5180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 47.611673][ T334] ffff8881253b5200: fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc fc
[ 47.619723][ T334] ==================================================================
[ 47.637400][ T30] audit: type=1400 audit(1747300668.136:99): avc: denied { read } for pid=83 comm="syslogd" name="log" dev="sda1" ino=2010 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:var_t tclass=lnk_file permissive=1
[ 47.659876][ T337] FAULT_INJECTION: forcing a failure.
[ 47.659876][ T337] name failslab, interval 1, probability 0, space 0, times 0
[ 47.664019][ T30] audit: type=1400 audit(1747300668.136:100): avc: denied { search } for pid=83 comm="syslogd" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[ 47.672831][ T337] CPU: 0 PID: 337 Comm: syz-executor.0 Tainted: G B 5.15.182-syzkaller-1080481-g57725b368731 #0
[ 47.694601][ T30] audit: type=1400 audit(1747300668.136:101): avc: denied { write } for pid=83 comm="syslogd" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[ 47.705482][ T337] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025
[ 47.705495][ T337] Call Trace:
[ 47.705500][ T337]
[ 47.705507][ T337] __dump_stack+0x21/0x30
[ 47.747190][ T337] dump_stack_lvl+0xee/0x150
[ 47.751775][ T337] ? show_regs_print_info+0x20/0x20
[ 47.756969][ T337] dump_stack+0x15/0x20
[ 47.761115][ T337] should_fail+0x3c1/0x510
[ 47.765525][ T337] __should_failslab+0xa4/0xe0
[ 47.770298][ T337] should_failslab+0x9/0x20
[ 47.774790][ T337] slab_pre_alloc_hook+0x3b/0xe0
[ 47.779713][ T337] kmem_cache_alloc_trace+0x48/0x270
[ 47.784983][ T337] ? sk_psock_skb_ingress_self+0x5f/0x330
[ 47.790691][ T337] ? migrate_disable+0x180/0x180
[ 47.795617][ T337] sk_psock_skb_ingress_self+0x5f/0x330
[ 47.801146][ T337] ? migrate_disable+0xd6/0x180
[ 47.806005][ T337] sk_psock_verdict_recv+0x636/0x800
[ 47.811279][ T337] unix_read_sock+0x10a/0x2c0
[ 47.815963][ T337] ? sk_psock_skb_redirect+0x440/0x440
[ 47.821418][ T337] ? unix_stream_splice_actor+0x120/0x120
[ 47.827119][ T337] ? __kasan_check_write+0x14/0x20
[ 47.832215][ T337] ? unix_stream_splice_actor+0x120/0x120
[ 47.837919][ T337] sk_psock_verdict_data_ready+0x115/0x170
[ 47.843730][ T337] ? sk_psock_start_verdict+0xc0/0xc0
[ 47.849105][ T337] ? _raw_spin_lock+0x8e/0xe0
[ 47.853803][ T337] ? _raw_spin_unlock_irqrestore+0x5b/0x80
[ 47.859598][ T337] ? skb_queue_tail+0xcb/0xf0
[ 47.864282][ T337] unix_dgram_sendmsg+0x11e6/0x1880
[ 47.869473][ T337] ? unix_dgram_poll+0x6b0/0x6b0
[ 47.874396][ T337] ? __mod_memcg_lruvec_state+0x122/0x1b0
[ 47.880099][ T337] ? security_socket_sendmsg+0x82/0xa0
[ 47.885547][ T337] ? unix_dgram_poll+0x6b0/0x6b0
[ 47.890475][ T337] ____sys_sendmsg+0x5a2/0x8c0
[ 47.895246][ T337] ? __sys_sendmsg_sock+0x40/0x40
[ 47.900272][ T337] ? import_iovec+0x7c/0xb0
[ 47.904762][ T337] ___sys_sendmsg+0x1f0/0x260
[ 47.909426][ T337] ? _kstrtoull+0x3c0/0x4d0
[ 47.913914][ T337] ? __sys_sendmsg+0x250/0x250
[ 47.918667][ T337] ? __fdget+0x1a1/0x230
[ 47.922895][ T337] __sys_sendmmsg+0x278/0x480
[ 47.927556][ T337] ? __ia32_sys_sendmsg+0x2a0/0x2a0
[ 47.932742][ T337] ? __ia32_sys_read+0x90/0x90
[ 47.937493][ T337] __x64_sys_sendmmsg+0xa0/0xb0
[ 47.942327][ T337] x64_sys_call+0x6c6/0x9a0
[ 47.946816][ T337] do_syscall_64+0x4c/0xa0
[ 47.951221][ T337] ? clear_bhb_loop+0x35/0x90
[ 47.955884][ T337] ? clear_bhb_loop+0x35/0x90
[ 47.960576][ T337] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 47.966484][ T337] RIP: 0033:0x7f6744603ae9
[ 47.970885][ T337] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[ 47.990474][ T337] RSP: 002b:00007f67441860c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 47.998874][ T337] RAX: ffffffffffffffda RBX: 00007f6744722f80 RCX: 00007f6744603ae9
[ 48.006835][ T337] RDX: 0000000000000001 RSI: 00000000200063c0 RDI: 0000000000000003
[ 48.014793][ T337] RBP: 00007f6744186120 R08: 0000000000000000 R09: 0000000000000000
[ 48.022759][ T337] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 48.030817][ T337] R13: 000000000000000b R14: 00007f6744722f80 R15: 00007ffc08dbc228
[ 48.038787][ T337]
[ 48.043222][ T336] ==================================================================
[ 48.051295][ T336] BUG: KASAN: double-free or invalid-free in kmem_cache_free+0x100/0x320
[ 48.059716][ T336]
[ 48.062024][ T336] CPU: 0 PID: 336 Comm: syz-executor.0 Tainted: G B 5.15.182-syzkaller-1080481-g57725b368731 #0
[ 48.073899][ T336] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025
[ 48.084030][ T336] Call Trace:
[ 48.087294][ T336]
[ 48.090214][ T336] __dump_stack+0x21/0x30
[ 48.094531][ T336] dump_stack_lvl+0xee/0x150
[ 48.099110][ T336] ? show_regs_print_info+0x20/0x20
[ 48.104295][ T336] ? load_image+0x3a0/0x3a0
[ 48.108784][ T336] ? hrtimer_cancel+0x2d/0x60
[ 48.113448][ T336] print_address_description+0x7f/0x2c0
[ 48.118984][ T336] ? kmem_cache_free+0x100/0x320
[ 48.123905][ T336] kasan_report_invalid_free+0x58/0x90
[ 48.129355][ T336] ? kmem_cache_free+0x100/0x320
[ 48.134299][ T336] ____kasan_slab_free+0x13d/0x160
[ 48.139503][ T336] __kasan_slab_free+0x11/0x20
[ 48.144352][ T336] slab_free_freelist_hook+0xc2/0x190
[ 48.149746][ T336] ? kfree_skbmem+0x10c/0x180
[ 48.154425][ T336] kmem_cache_free+0x100/0x320
[ 48.159189][ T336] ? skb_release_data+0x94f/0xa10
[ 48.164208][ T336] kfree_skbmem+0x10c/0x180
[ 48.168702][ T336] consume_skb+0xb3/0x1f0
[ 48.173034][ T336] __sk_msg_free+0x4f4/0x560
[ 48.177622][ T336] ? _raw_spin_lock_bh+0x8e/0xe0
[ 48.182553][ T336] ? _raw_spin_lock_irq+0xe0/0xe0
[ 48.187571][ T336] ? skb_dequeue+0x125/0x160
[ 48.192159][ T336] sk_psock_stop+0x4c9/0x570
[ 48.196877][ T336] ? sock_no_sendpage_locked+0x130/0x130
[ 48.202520][ T336] sk_psock_drop+0x226/0x300
[ 48.207104][ T336] sock_map_unref+0x3c2/0x420
[ 48.211776][ T336] ? sk_psock_link_pop+0x154/0x170
[ 48.217030][ T336] sock_map_remove_links+0x3cd/0x600
[ 48.222306][ T336] ? sock_init_data+0xc0/0xc0
[ 48.226992][ T336] ? fput+0x1a/0x20
[ 48.230784][ T336] ? filp_close+0x105/0x150
[ 48.235280][ T336] ? close_fd+0x70/0x80
[ 48.239426][ T336] ? sock_map_unhash+0x130/0x130
[ 48.244352][ T336] sock_map_close+0x111/0x440
[ 48.249030][ T336] ? unix_peer_get+0xe0/0xe0
[ 48.253628][ T336] ? sock_map_remove_links+0x600/0x600
[ 48.259084][ T336] ? clear_nonspinnable+0x60/0x60
[ 48.264109][ T336] unix_release+0x82/0xc0
[ 48.268429][ T336] sock_close+0xe0/0x270
[ 48.272690][ T336] ? sock_mmap+0xa0/0xa0
[ 48.276920][ T336] __fput+0x20b/0x8b0
[ 48.280895][ T336] ____fput+0x15/0x20
[ 48.284866][ T336] task_work_run+0x127/0x190
[ 48.289454][ T336] exit_to_user_mode_loop+0xd0/0xe0
[ 48.294646][ T336] exit_to_user_mode_prepare+0x5a/0xa0
[ 48.300090][ T336] syscall_exit_to_user_mode+0x1a/0x30
[ 48.305538][ T336] do_syscall_64+0x58/0xa0
[ 48.309953][ T336] ? clear_bhb_loop+0x35/0x90
[ 48.314618][ T336] ? clear_bhb_loop+0x35/0x90
[ 48.319283][ T336] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 48.325170][ T336] RIP: 0033:0x7f67446029da
[ 48.329579][ T336] Code: 48 3d 00 f0 ff ff 77 48 c3 0f 1f 80 00 00 00 00 48 83 ec 18 89 7c 24 0c e8 03 7f 02 00 8b 7c 24 0c 89 c2 b8 03 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 36 89 d7 89 44 24 0c e8 63 7f 02 00 8b 44 24
[ 48.349177][ T336] RSP: 002b:00007ffc08dbc2f0 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[ 48.357589][ T336] RAX: 0000000000000000 RBX: 0000000000000004 RCX: 00007f67446029da
[ 48.365562][ T336] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003
[ 48.373549][ T336] RBP: 0000000000000032 R08: 0000001b30160000 R09: 00007f6744722f8c
[ 48.381513][ T336] R10: 00007ffc08dbc440 R11: 0000000000000293 R12: 00007f67441880d0
[ 48.389498][ T336] R13: ffffffffffffffff R14: 00007f6744187000 R15: 000000000000b9fe
[ 48.397472][ T336]
[ 48.400474][ T336]
[ 48.402780][ T336] Allocated by task 337:
[ 48.407118][ T336] __kasan_slab_alloc+0xbd/0xf0
[ 48.411971][ T336] slab_post_alloc_hook+0x4f/0x2b0
[ 48.417160][ T336] kmem_cache_alloc+0xf7/0x260
[ 48.422027][ T336] skb_clone+0x1cf/0x360
[ 48.426264][ T336] sk_psock_verdict_recv+0x53/0x800
[ 48.431453][ T336] unix_read_sock+0x10a/0x2c0
[ 48.436129][ T336] sk_psock_verdict_data_ready+0x115/0x170
[ 48.441922][ T336] unix_dgram_sendmsg+0x11e6/0x1880
[ 48.447106][ T336] ____sys_sendmsg+0x5a2/0x8c0
[ 48.452039][ T336] ___sys_sendmsg+0x1f0/0x260
[ 48.456716][ T336] __sys_sendmmsg+0x278/0x480
[ 48.461384][ T336] __x64_sys_sendmmsg+0xa0/0xb0
[ 48.466225][ T336] x64_sys_call+0x6c6/0x9a0
[ 48.470719][ T336] do_syscall_64+0x4c/0xa0
[ 48.475127][ T336] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 48.481011][ T336]
[ 48.483411][ T336] Freed by task 20:
[ 48.487207][ T336] kasan_set_track+0x4a/0x70
[ 48.491803][ T336] kasan_set_free_info+0x23/0x40
[ 48.496742][ T336] ____kasan_slab_free+0x125/0x160
[ 48.501836][ T336] __kasan_slab_free+0x11/0x20
[ 48.506582][ T336] slab_free_freelist_hook+0xc2/0x190
[ 48.511938][ T336] kmem_cache_free+0x100/0x320
[ 48.516685][ T336] kfree_skbmem+0x10c/0x180
[ 48.521187][ T336] kfree_skb+0xc1/0x2f0
[ 48.525324][ T336] sk_psock_backlog+0xa85/0xd80
[ 48.530162][ T336] process_one_work+0x6be/0xba0
[ 48.534997][ T336] worker_thread+0xa59/0x1200
[ 48.539660][ T336] kthread+0x411/0x500
[ 48.543710][ T336] ret_from_fork+0x1f/0x30
[ 48.548127][ T336]
[ 48.550434][ T336] The buggy address belongs to the object at ffff8881253c4000
[ 48.550434][ T336] which belongs to the cache skbuff_head_cache of size 248
[ 48.564994][ T336] The buggy address is located 0 bytes inside of
[ 48.564994][ T336] 248-byte region [ffff8881253c4000, ffff8881253c40f8)
[ 48.578120][ T336] The buggy address belongs to the page:
[ 48.583741][ T336] page:ffffea000494f100 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1253c4
[ 48.593972][ T336] flags: 0x4000000000000200(slab|zone=1)
[ 48.599604][ T336] raw: 4000000000000200 0000000000000000 dead000000000122 ffff8881081aa000
[ 48.608177][ T336] raw: 0000000000000000 00000000800c000c 00000001ffffffff 0000000000000000
[ 48.616833][ T336] page dumped because: kasan: bad access detected
[ 48.623325][ T336] page_owner tracks the page as allocated
[ 48.629037][ T336] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x112a20(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_HARDWALL), pid 83, ts 47637848410, free_ts 47631368262
[ 48.646313][ T336] post_alloc_hook+0x192/0x1b0
[ 48.651096][ T336] prep_new_page+0x1c/0x110
[ 48.655594][ T336] get_page_from_freelist+0x2cc5/0x2d50
[ 48.661133][ T336] __alloc_pages+0x18f/0x440
[ 48.665727][ T336] new_slab+0xa1/0x4d0
[ 48.669804][ T336] ___slab_alloc+0x381/0x810
[ 48.674524][ T336] __slab_alloc+0x49/0x90
[ 48.678853][ T336] kmem_cache_alloc+0x138/0x260
[ 48.683702][ T336] __alloc_skb+0xe0/0x740
[ 48.688032][ T336] audit_log_start+0x3c7/0x8b0
[ 48.692790][ T336] common_lsm_audit+0xd1/0x1600
[ 48.697640][ T336] slow_avc_audit+0x1ac/0x220
[ 48.702330][ T336] avc_has_perm+0x1e6/0x240
[ 48.706857][ T336] may_create+0x312/0x460
[ 48.711194][ T336] selinux_inode_create+0x22/0x30
[ 48.716217][ T336] security_inode_create+0xad/0x110
[ 48.721413][ T336] page last free stack trace:
[ 48.726066][ T336] free_unref_page_prepare+0x542/0x550
[ 48.731516][ T336] free_unref_page_list+0x134/0x9d0
[ 48.736702][ T336] release_pages+0x1076/0x10d0
[ 48.741457][ T336] free_pages_and_swap_cache+0x86/0xa0
[ 48.746900][ T336] tlb_finish_mmu+0x175/0x300
[ 48.751559][ T336] exit_mmap+0x40f/0x860
[ 48.755782][ T336] __mmput+0x93/0x320
[ 48.759745][ T336] mmput+0x50/0x150
[ 48.763545][ T336] do_exit+0x9ca/0x27a0
[ 48.767682][ T336] do_group_exit+0x141/0x310
[ 48.772263][ T336] get_signal+0x66a/0x1480
[ 48.776684][ T336] arch_do_signal_or_restart+0xc1/0x10f0
[ 48.782482][ T336] exit_to_user_mode_loop+0xa7/0xe0
[ 48.787667][ T336] exit_to_user_mode_prepare+0x5a/0xa0
[ 48.793125][ T336] syscall_exit_to_user_mode+0x1a/0x30
[ 48.798565][ T336] do_syscall_64+0x58/0xa0
[ 48.802967][ T336]
[ 48.805272][ T336] Memory state around the buggy address:
[ 48.810887][ T336] ffff8881253c3f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 48.818928][ T336] ffff8881253c3f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 48.826972][ T336] >ffff8881253c4000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 48.835013][ T336] ^
[ 48.839066][ T336] ffff8881253c4080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fc
[ 48.847366][ T336] ffff8881253c4100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 48.855415][ T336] ==================================================================
[ 48.875188][ T339] FAULT_INJECTION: forcing a failure.
[ 48.875188][ T339] name failslab, interval 1, probability 0, space 0, times 0
[ 48.887973][ T339] CPU: 1 PID: 339 Comm: syz-executor.0 Tainted: G B 5.15.182-syzkaller-1080481-g57725b368731 #0
[ 48.899859][ T339] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025
[ 48.909918][ T339] Call Trace:
[ 48.913202][ T339]
[ 48.916126][ T339] __dump_stack+0x21/0x30
[ 48.920455][ T339] dump_stack_lvl+0xee/0x150
[ 48.925040][ T339] ? show_regs_print_info+0x20/0x20
[ 48.930335][ T339] dump_stack+0x15/0x20
[ 48.934499][ T339] should_fail+0x3c1/0x510
[ 48.938922][ T339] __should_failslab+0xa4/0xe0
[ 48.943695][ T339] should_failslab+0x9/0x20
[ 48.948195][ T339] slab_pre_alloc_hook+0x3b/0xe0
[ 48.953132][ T339] kmem_cache_alloc_trace+0x48/0x270
[ 48.958437][ T339] ? sk_psock_skb_ingress_self+0x5f/0x330
[ 48.964151][ T339] ? migrate_disable+0x180/0x180
[ 48.969086][ T339] sk_psock_skb_ingress_self+0x5f/0x330
[ 48.974623][ T339] ? migrate_disable+0xd6/0x180
[ 48.979467][ T339] sk_psock_verdict_recv+0x636/0x800
[ 48.984754][ T339] unix_read_sock+0x10a/0x2c0
[ 48.989434][ T339] ? sk_psock_skb_redirect+0x440/0x440
[ 48.994885][ T339] ? unix_stream_splice_actor+0x120/0x120
[ 49.000601][ T339] ? __kasan_check_write+0x14/0x20
[ 49.005722][ T339] ? unix_stream_splice_actor+0x120/0x120
[ 49.011443][ T339] sk_psock_verdict_data_ready+0x115/0x170
[ 49.017240][ T339] ? sk_psock_start_verdict+0xc0/0xc0
[ 49.022617][ T339] ? _raw_spin_lock+0x8e/0xe0
[ 49.027374][ T339] ? _raw_spin_unlock_irqrestore+0x5b/0x80
[ 49.033175][ T339] ? skb_queue_tail+0xcb/0xf0
[ 49.037855][ T339] unix_dgram_sendmsg+0x11e6/0x1880
[ 49.043053][ T339] ? unix_dgram_poll+0x6b0/0x6b0
[ 49.047984][ T339] ? __mod_memcg_lruvec_state+0x122/0x1b0
[ 49.053704][ T339] ? security_socket_sendmsg+0x82/0xa0
[ 49.059168][ T339] ? unix_dgram_poll+0x6b0/0x6b0
[ 49.064102][ T339] ____sys_sendmsg+0x5a2/0x8c0
[ 49.068875][ T339] ? __sys_sendmsg_sock+0x40/0x40
[ 49.073891][ T339] ? import_iovec+0x7c/0xb0
[ 49.078388][ T339] ___sys_sendmsg+0x1f0/0x260
[ 49.083057][ T339] ? _kstrtoull+0x3c0/0x4d0
[ 49.087550][ T339] ? __sys_sendmsg+0x250/0x250
[ 49.092310][ T339] ? __fdget+0x1a1/0x230
[ 49.096542][ T339] __sys_sendmmsg+0x278/0x480
[ 49.101212][ T339] ? __ia32_sys_sendmsg+0x2a0/0x2a0
[ 49.106407][ T339] ? __ia32_sys_read+0x90/0x90
[ 49.111167][ T339] __x64_sys_sendmmsg+0xa0/0xb0
[ 49.116006][ T339] x64_sys_call+0x6c6/0x9a0
[ 49.120503][ T339] do_syscall_64+0x4c/0xa0
[ 49.124914][ T339] ? clear_bhb_loop+0x35/0x90
[ 49.129595][ T339] ? clear_bhb_loop+0x35/0x90
[ 49.134352][ T339] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 49.140253][ T339] RIP: 0033:0x7f6744603ae9
[ 49.144677][ T339] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[ 49.164280][ T339] RSP: 002b:00007f67441860c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 49.172694][ T339] RAX: ffffffffffffffda RBX: 00007f6744722f80 RCX: 00007f6744603ae9
[ 49.180659][ T339] RDX: 0000000000000001 RSI: 00000000200063c0 RDI: 0000000000000003
[ 49.188647][ T339] RBP: 00007f6744186120 R08: 0000000000000000 R09: 0000000000000000
[ 49.196634][ T339] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 49.204599][ T339] R13: 000000000000000b R14: 00007f6744722f80 R15: 00007ffc08dbc228
[ 49.212826][ T339]
[ 49.217545][ T338] ==================================================================
[ 49.225617][ T338] BUG: KASAN: double-free or invalid-free in kmem_cache_free+0x100/0x320
[ 49.234140][ T338]
[ 49.236467][ T338] CPU: 1 PID: 338 Comm: syz-executor.0 Tainted: G B 5.15.182-syzkaller-1080481-g57725b368731 #0
[ 49.248277][ T338] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025
[ 49.258325][ T338] Call Trace:
[ 49.261603][ T338]
[ 49.264540][ T338] __dump_stack+0x21/0x30
[ 49.268897][ T338] dump_stack_lvl+0xee/0x150
[ 49.273485][ T338] ? show_regs_print_info+0x20/0x20
[ 49.278681][ T338] ? load_image+0x3a0/0x3a0
[ 49.283176][ T338] ? reweight_entity+0x84/0x510
[ 49.288025][ T338] print_address_description+0x7f/0x2c0
[ 49.293572][ T338] ? kmem_cache_free+0x100/0x320
[ 49.298505][ T338] kasan_report_invalid_free+0x58/0x90
[ 49.303956][ T338] ? kmem_cache_free+0x100/0x320
[ 49.308891][ T338] ____kasan_slab_free+0x13d/0x160
[ 49.314025][ T338] __kasan_slab_free+0x11/0x20
[ 49.318785][ T338] slab_free_freelist_hook+0xc2/0x190
[ 49.324155][ T338] ? kfree_skbmem+0x10c/0x180
[ 49.328829][ T338] kmem_cache_free+0x100/0x320
[ 49.333592][ T338] ? skb_release_data+0x94f/0xa10
[ 49.338625][ T338] kfree_skbmem+0x10c/0x180
[ 49.343135][ T338] consume_skb+0xb3/0x1f0
[ 49.347612][ T338] __sk_msg_free+0x4f4/0x560
[ 49.352201][ T338] ? _raw_spin_lock_bh+0x8e/0xe0
[ 49.357134][ T338] ? _raw_spin_lock_irq+0xe0/0xe0
[ 49.362154][ T338] ? skb_dequeue+0x125/0x160
[ 49.366736][ T338] sk_psock_stop+0x4c9/0x570
[ 49.371319][ T338] ? sock_no_sendpage_locked+0x130/0x130
[ 49.376944][ T338] sk_psock_drop+0x226/0x300
[ 49.381548][ T338] sock_map_unref+0x3c2/0x420
[ 49.386256][ T338] ? sk_psock_link_pop+0x154/0x170
[ 49.391436][ T338] sock_map_remove_links+0x3cd/0x600
[ 49.396730][ T338] ? sock_init_data+0xc0/0xc0
[ 49.401438][ T338] ? fput+0x1a/0x20
[ 49.405372][ T338] ? filp_close+0x105/0x150
[ 49.409877][ T338] ? close_fd+0x70/0x80
[ 49.414032][ T338] ? sock_map_unhash+0x130/0x130
[ 49.418963][ T338] sock_map_close+0x111/0x440
[ 49.423635][ T338] ? unix_peer_get+0xe0/0xe0
[ 49.428222][ T338] ? sock_map_remove_links+0x600/0x600
[ 49.433676][ T338] ? clear_nonspinnable+0x60/0x60
[ 49.438696][ T338] unix_release+0x82/0xc0
[ 49.443019][ T338] sock_close+0xe0/0x270
[ 49.447254][ T338] ? sock_mmap+0xa0/0xa0
[ 49.451592][ T338] __fput+0x20b/0x8b0
[ 49.455578][ T338] ____fput+0x15/0x20
[ 49.459557][ T338] task_work_run+0x127/0x190
[ 49.464149][ T338] exit_to_user_mode_loop+0xd0/0xe0
[ 49.469372][ T338] exit_to_user_mode_prepare+0x5a/0xa0
[ 49.474851][ T338] syscall_exit_to_user_mode+0x1a/0x30
[ 49.480345][ T338] do_syscall_64+0x58/0xa0
[ 49.484762][ T338] ? clear_bhb_loop+0x35/0x90
[ 49.489436][ T338] ? clear_bhb_loop+0x35/0x90
[ 49.494103][ T338] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 49.499990][ T338] RIP: 0033:0x7f67446029da
[ 49.504399][ T338] Code: 48 3d 00 f0 ff ff 77 48 c3 0f 1f 80 00 00 00 00 48 83 ec 18 89 7c 24 0c e8 03 7f 02 00 8b 7c 24 0c 89 c2 b8 03 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 36 89 d7 89 44 24 0c e8 63 7f 02 00 8b 44 24
[ 49.524053][ T338] RSP: 002b:00007ffc08dbc2f0 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[ 49.532471][ T338] RAX: 0000000000000000 RBX: 0000000000000004 RCX: 00007f67446029da
[ 49.540451][ T338] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003
[ 49.548525][ T338] RBP: 00007f6744724980 R08: 0000001b30160000 R09: 000b34b07f7d21b8
[ 49.556500][ T338] R10: 0000000000000000 R11: 0000000000000293 R12: 000000000000c210
[ 49.564473][ T338] R13: ffffffffffffffff R14: 00007f6744187000 R15: 000000000000becf
[ 49.572444][ T338]
[ 49.575466][ T338]
[ 49.577779][ T338] Allocated by task 339:
[ 49.582001][ T338] __kasan_slab_alloc+0xbd/0xf0
[ 49.586856][ T338] slab_post_alloc_hook+0x4f/0x2b0
[ 49.592077][ T338] kmem_cache_alloc+0xf7/0x260
[ 49.596836][ T338] skb_clone+0x1cf/0x360
[ 49.601067][ T338] sk_psock_verdict_recv+0x53/0x800
[ 49.606262][ T338] unix_read_sock+0x10a/0x2c0
[ 49.610940][ T338] sk_psock_verdict_data_ready+0x115/0x170
[ 49.616823][ T338] unix_dgram_sendmsg+0x11e6/0x1880
[ 49.622011][ T338] ____sys_sendmsg+0x5a2/0x8c0
[ 49.626760][ T338] ___sys_sendmsg+0x1f0/0x260
[ 49.631428][ T338] __sys_sendmmsg+0x278/0x480
[ 49.636092][ T338] __x64_sys_sendmmsg+0xa0/0xb0
[ 49.640926][ T338] x64_sys_call+0x6c6/0x9a0
[ 49.645427][ T338] do_syscall_64+0x4c/0xa0
[ 49.649843][ T338] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 49.655733][ T338]
[ 49.658050][ T338] Freed by task 60:
[ 49.662030][ T338] kasan_set_track+0x4a/0x70
[ 49.666615][ T338] kasan_set_free_info+0x23/0x40
[ 49.671549][ T338] ____kasan_slab_free+0x125/0x160
[ 49.676650][ T338] __kasan_slab_free+0x11/0x20
[ 49.681404][ T338] slab_free_freelist_hook+0xc2/0x190
[ 49.686770][ T338] kmem_cache_free+0x100/0x320
[ 49.691530][ T338] kfree_skbmem+0x10c/0x180
[ 49.696028][ T338] kfree_skb+0xc1/0x2f0
[ 49.700170][ T338] sk_psock_backlog+0xa85/0xd80
[ 49.705018][ T338] process_one_work+0x6be/0xba0
[ 49.709874][ T338] worker_thread+0xa59/0x1200
[ 49.714627][ T338] kthread+0x411/0x500
[ 49.718771][ T338] ret_from_fork+0x1f/0x30
[ 49.723175][ T338]
[ 49.725482][ T338] The buggy address belongs to the object at ffff88810f27cdc0
[ 49.725482][ T338] which belongs to the cache skbuff_head_cache of size 248
[ 49.740046][ T338] The buggy address is located 0 bytes inside of
[ 49.740046][ T338] 248-byte region [ffff88810f27cdc0, ffff88810f27ceb8)
[ 49.753143][ T338] The buggy address belongs to the page:
[ 49.758763][ T338] page:ffffea00043c9f00 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10f27c
[ 49.768992][ T338] flags: 0x4000000000000200(slab|zone=1)
[ 49.774658][ T338] raw: 4000000000000200 ffffea00043682c0 0000000600000006 ffff8881081aa000
[ 49.783237][ T338] raw: 0000000000000000 00000000800c000c 00000001ffffffff 0000000000000000
[ 49.791893][ T338] page dumped because: kasan: bad access detected
[ 49.798303][ T338] page_owner tracks the page as allocated
[ 49.804097][ T338] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x12cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY), pid 101, ts 4922384431, free_ts 0
[ 49.819101][ T338] post_alloc_hook+0x192/0x1b0
[ 49.823861][ T338] prep_new_page+0x1c/0x110
[ 49.828448][ T338] get_page_from_freelist+0x2cc5/0x2d50
[ 49.833984][ T338] __alloc_pages+0x18f/0x440
[ 49.838560][ T338] new_slab+0xa1/0x4d0
[ 49.842618][ T338] ___slab_alloc+0x381/0x810
[ 49.847192][ T338] __slab_alloc+0x49/0x90
[ 49.851508][ T338] kmem_cache_alloc+0x138/0x260
[ 49.856385][ T338] __alloc_skb+0xe0/0x740
[ 49.860702][ T338] netlink_sendmsg+0x602/0xb70
[ 49.865457][ T338] ____sys_sendmsg+0x5a2/0x8c0
[ 49.870204][ T338] ___sys_sendmsg+0x1f0/0x260
[ 49.874868][ T338] __x64_sys_sendmsg+0x1e2/0x2a0
[ 49.879796][ T338] x64_sys_call+0x4b/0x9a0
2025/05/15 09:17:50 executed programs: 4
[ 49.884206][ T338] do_syscall_64+0x4c/0xa0
[ 49.888625][ T338] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 49.894690][ T338] page_owner free stack trace missing
[ 49.900047][ T338]
[ 49.902369][ T338] Memory state around the buggy address:
[ 49.907997][ T338] ffff88810f27cc80: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 49.916054][ T338] ffff88810f27cd00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fc
[ 49.924110][ T338] >ffff88810f27cd80: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
[ 49.932156][ T338] ^
[ 49.938294][ T338] ffff88810f27ce00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 49.946347][ T338] ffff88810f27ce80: fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc fc
[ 49.954393][ T338] ==================================================================
[ 49.997722][ T341] FAULT_INJECTION: forcing a failure.
[ 49.997722][ T341] name failslab, interval 1, probability 0, space 0, times 0
[ 50.010551][ T341] CPU: 0 PID: 341 Comm: syz-executor.0 Tainted: G B 5.15.182-syzkaller-1080481-g57725b368731 #0
[ 50.022279][ T341] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025
[ 50.032498][ T341] Call Trace:
[ 50.035764][ T341]
[ 50.038688][ T341] __dump_stack+0x21/0x30
[ 50.043009][ T341] dump_stack_lvl+0xee/0x150
[ 50.047588][ T341] ? show_regs_print_info+0x20/0x20
[ 50.052809][ T341] dump_stack+0x15/0x20
[ 50.056950][ T341] should_fail+0x3c1/0x510
[ 50.061353][ T341] __should_failslab+0xa4/0xe0
[ 50.066174][ T341] should_failslab+0x9/0x20
[ 50.070689][ T341] slab_pre_alloc_hook+0x3b/0xe0
[ 50.075638][ T341] kmem_cache_alloc_trace+0x48/0x270
[ 50.080941][ T341] ? sk_psock_skb_ingress_self+0x5f/0x330
[ 50.086657][ T341] ? migrate_disable+0x180/0x180
[ 50.091612][ T341] sk_psock_skb_ingress_self+0x5f/0x330
[ 50.097202][ T341] ? migrate_disable+0xd6/0x180
[ 50.102192][ T341] sk_psock_verdict_recv+0x636/0x800
[ 50.107572][ T341] unix_read_sock+0x10a/0x2c0
[ 50.112365][ T341] ? sk_psock_skb_redirect+0x440/0x440
[ 50.117822][ T341] ? unix_stream_splice_actor+0x120/0x120
[ 50.123632][ T341] ? __kasan_check_write+0x14/0x20
[ 50.128745][ T341] ? unix_stream_splice_actor+0x120/0x120
[ 50.134473][ T341] sk_psock_verdict_data_ready+0x115/0x170
[ 50.140273][ T341] ? sk_psock_start_verdict+0xc0/0xc0
[ 50.145638][ T341] ? _raw_spin_lock+0x8e/0xe0
[ 50.150457][ T341] ? _raw_spin_unlock_irqrestore+0x5b/0x80
[ 50.156266][ T341] ? skb_queue_tail+0xcb/0xf0
[ 50.160936][ T341] unix_dgram_sendmsg+0x11e6/0x1880
[ 50.166305][ T341] ? unix_dgram_poll+0x6b0/0x6b0
[ 50.171239][ T341] ? __mod_memcg_lruvec_state+0x122/0x1b0
[ 50.176953][ T341] ? security_socket_sendmsg+0x82/0xa0
[ 50.182407][ T341] ? unix_dgram_poll+0x6b0/0x6b0
[ 50.187340][ T341] ____sys_sendmsg+0x5a2/0x8c0
[ 50.192184][ T341] ? __sys_sendmsg_sock+0x40/0x40
[ 50.197199][ T341] ? import_iovec+0x7c/0xb0
[ 50.201796][ T341] ___sys_sendmsg+0x1f0/0x260
[ 50.206464][ T341] ? _kstrtoull+0x3c0/0x4d0
[ 50.211130][ T341] ? __sys_sendmsg+0x250/0x250
[ 50.215891][ T341] ? __fdget+0x1a1/0x230
[ 50.220129][ T341] __sys_sendmmsg+0x278/0x480
[ 50.224797][ T341] ? __ia32_sys_sendmsg+0x2a0/0x2a0
[ 50.229988][ T341] ? __ia32_sys_read+0x90/0x90
[ 50.234744][ T341] __x64_sys_sendmmsg+0xa0/0xb0
[ 50.239588][ T341] x64_sys_call+0x6c6/0x9a0
[ 50.244079][ T341] do_syscall_64+0x4c/0xa0
[ 50.248511][ T341] ? clear_bhb_loop+0x35/0x90
[ 50.253173][ T341] ? clear_bhb_loop+0x35/0x90
[ 50.257937][ T341] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 50.263919][ T341] RIP: 0033:0x7f6744603ae9
[ 50.268349][ T341] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[ 50.287956][ T341] RSP: 002b:00007f67441860c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 50.296373][ T341] RAX: ffffffffffffffda RBX: 00007f6744722f80 RCX: 00007f6744603ae9
[ 50.304446][ T341] RDX: 0000000000000001 RSI: 00000000200063c0 RDI: 0000000000000003
[ 50.312412][ T341] RBP: 00007f6744186120 R08: 0000000000000000 R09: 0000000000000000
[ 50.320570][ T341] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 50.328534][ T341] R13: 000000000000000b R14: 00007f6744722f80 R15: 00007ffc08dbc228
[ 50.336792][ T341]
[ 50.340057][ T340] ==================================================================
[ 50.348122][ T340] BUG: KASAN: double-free or invalid-free in kmem_cache_free+0x100/0x320
[ 50.356811][ T340]
[ 50.359126][ T340] CPU: 0 PID: 340 Comm: syz-executor.0 Tainted: G B 5.15.182-syzkaller-1080481-g57725b368731 #0
[ 50.370980][ T340] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025
[ 50.381030][ T340] Call Trace:
[ 50.384303][ T340]
[ 50.387227][ T340] __dump_stack+0x21/0x30
[ 50.391564][ T340] dump_stack_lvl+0xee/0x150
[ 50.396275][ T340] ? show_regs_print_info+0x20/0x20
[ 50.401484][ T340] ? load_image+0x3a0/0x3a0
[ 50.405980][ T340] ? hrtimer_cancel+0x2d/0x60
[ 50.410648][ T340] print_address_description+0x7f/0x2c0
[ 50.416191][ T340] ? kmem_cache_free+0x100/0x320
[ 50.421149][ T340] kasan_report_invalid_free+0x58/0x90
[ 50.426691][ T340] ? kmem_cache_free+0x100/0x320
[ 50.431622][ T340] ____kasan_slab_free+0x13d/0x160
[ 50.436728][ T340] __kasan_slab_free+0x11/0x20
[ 50.441481][ T340] slab_free_freelist_hook+0xc2/0x190
[ 50.446849][ T340] ? kfree_skbmem+0x10c/0x180
[ 50.451514][ T340] kmem_cache_free+0x100/0x320
[ 50.456269][ T340] ? skb_release_data+0x94f/0xa10
[ 50.461280][ T340] kfree_skbmem+0x10c/0x180
[ 50.465773][ T340] consume_skb+0xb3/0x1f0
[ 50.470090][ T340] __sk_msg_free+0x4f4/0x560
[ 50.475021][ T340] ? _raw_spin_lock_bh+0x8e/0xe0
[ 50.479993][ T340] ? _raw_spin_lock_irq+0xe0/0xe0
[ 50.485037][ T340] ? skb_dequeue+0x125/0x160
[ 50.489621][ T340] sk_psock_stop+0x4c9/0x570
[ 50.494217][ T340] ? sock_no_sendpage_locked+0x130/0x130
[ 50.499886][ T340] sk_psock_drop+0x226/0x300
[ 50.504470][ T340] sock_map_unref+0x3c2/0x420
[ 50.509144][ T340] ? sk_psock_link_pop+0x154/0x170
[ 50.514259][ T340] sock_map_remove_links+0x3cd/0x600
[ 50.519552][ T340] ? sock_init_data+0xc0/0xc0
[ 50.524231][ T340] ? fput+0x1a/0x20
[ 50.528034][ T340] ? filp_close+0x105/0x150
[ 50.532541][ T340] ? close_fd+0x70/0x80
[ 50.536690][ T340] ? sock_map_unhash+0x130/0x130
[ 50.541624][ T340] sock_map_close+0x111/0x440
[ 50.546297][ T340] ? unix_peer_get+0xe0/0xe0
[ 50.550976][ T340] ? sock_map_remove_links+0x600/0x600
[ 50.556433][ T340] ? clear_nonspinnable+0x60/0x60
[ 50.561482][ T340] unix_release+0x82/0xc0
[ 50.565820][ T340] sock_close+0xe0/0x270
[ 50.570062][ T340] ? sock_mmap+0xa0/0xa0
[ 50.574444][ T340] __fput+0x20b/0x8b0
[ 50.578436][ T340] ____fput+0x15/0x20
[ 50.582415][ T340] task_work_run+0x127/0x190
[ 50.587002][ T340] exit_to_user_mode_loop+0xd0/0xe0
[ 50.592192][ T340] exit_to_user_mode_prepare+0x5a/0xa0
[ 50.597644][ T340] syscall_exit_to_user_mode+0x1a/0x30
[ 50.603094][ T340] do_syscall_64+0x58/0xa0
[ 50.607512][ T340] ? clear_bhb_loop+0x35/0x90
[ 50.612187][ T340] ? clear_bhb_loop+0x35/0x90
[ 50.617046][ T340] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 50.622953][ T340] RIP: 0033:0x7f67446029da
[ 50.627363][ T340] Code: 48 3d 00 f0 ff ff 77 48 c3 0f 1f 80 00 00 00 00 48 83 ec 18 89 7c 24 0c e8 03 7f 02 00 8b 7c 24 0c 89 c2 b8 03 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 36 89 d7 89 44 24 0c e8 63 7f 02 00 8b 44 24
[ 50.646963][ T340] RSP: 002b:00007ffc08dbc2f0 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[ 50.655370][ T340] RAX: 0000000000000000 RBX: 0000000000000004 RCX: 00007f67446029da
[ 50.663336][ T340] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003
[ 50.671307][ T340] RBP: 0000000000000032 R08: 0000001b30160000 R09: 00007f6744722f8c
[ 50.679271][ T340] R10: 00007ffc08dbc440 R11: 0000000000000293 R12: 00007f67441880d0
[ 50.687240][ T340] R13: ffffffffffffffff R14: 00007f6744187000 R15: 000000000000c333
[ 50.695214][ T340]
[ 50.698224][ T340]
[ 50.700535][ T340] Allocated by task 341:
[ 50.704771][ T340] __kasan_slab_alloc+0xbd/0xf0
[ 50.709616][ T340] slab_post_alloc_hook+0x4f/0x2b0
[ 50.714714][ T340] kmem_cache_alloc+0xf7/0x260
[ 50.719469][ T340] skb_clone+0x1cf/0x360
[ 50.723699][ T340] sk_psock_verdict_recv+0x53/0x800
[ 50.728886][ T340] unix_read_sock+0x10a/0x2c0
[ 50.733556][ T340] sk_psock_verdict_data_ready+0x115/0x170
[ 50.739375][ T340] unix_dgram_sendmsg+0x11e6/0x1880
[ 50.744565][ T340] ____sys_sendmsg+0x5a2/0x8c0
[ 50.749317][ T340] ___sys_sendmsg+0x1f0/0x260
[ 50.753989][ T340] __sys_sendmmsg+0x278/0x480
[ 50.758653][ T340] __x64_sys_sendmmsg+0xa0/0xb0
[ 50.763497][ T340] x64_sys_call+0x6c6/0x9a0
[ 50.768000][ T340] do_syscall_64+0x4c/0xa0
[ 50.772402][ T340] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 50.778304][ T340]
[ 50.780620][ T340] Freed by task 6:
[ 50.784320][ T340] kasan_set_track+0x4a/0x70
[ 50.788901][ T340] kasan_set_free_info+0x23/0x40
[ 50.793858][ T340] ____kasan_slab_free+0x125/0x160
[ 50.798963][ T340] __kasan_slab_free+0x11/0x20
[ 50.803813][ T340] slab_free_freelist_hook+0xc2/0x190
[ 50.809193][ T340] kmem_cache_free+0x100/0x320
[ 50.813949][ T340] kfree_skbmem+0x10c/0x180
[ 50.818438][ T340] kfree_skb+0xc1/0x2f0
[ 50.822583][ T340] sk_psock_backlog+0xa85/0xd80
[ 50.827558][ T340] process_one_work+0x6be/0xba0
[ 50.832456][ T340] worker_thread+0xa59/0x1200
[ 50.837129][ T340] kthread+0x411/0x500
[ 50.841224][ T340] ret_from_fork+0x1f/0x30
[ 50.845627][ T340]
[ 50.847936][ T340] The buggy address belongs to the object at ffff8881253cc500
[ 50.847936][ T340] which belongs to the cache skbuff_head_cache of size 248
[ 50.862503][ T340] The buggy address is located 0 bytes inside of
[ 50.862503][ T340] 248-byte region [ffff8881253cc500, ffff8881253cc5f8)
[ 50.875603][ T340] The buggy address belongs to the page:
[ 50.881223][ T340] page:ffffea000494f300 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1253cc
[ 50.891551][ T340] flags: 0x4000000000000200(slab|zone=1)
[ 50.897273][ T340] raw: 4000000000000200 0000000000000000 dead000000000122 ffff8881081aa000
[ 50.905856][ T340] raw: 0000000000000000 00000000800c000c 00000001ffffffff 0000000000000000
[ 50.914419][ T340] page dumped because: kasan: bad access detected
[ 50.920814][ T340] page_owner tracks the page as allocated
[ 50.926510][ T340] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x112cc0(GFP_USER|__GFP_NOWARN|__GFP_NORETRY), pid 90, ts 49968138301, free_ts 49964174296
[ 50.942305][ T340] post_alloc_hook+0x192/0x1b0
[ 50.947073][ T340] prep_new_page+0x1c/0x110
[ 50.951565][ T340] get_page_from_freelist+0x2cc5/0x2d50
[ 50.957114][ T340] __alloc_pages+0x18f/0x440
[ 50.961694][ T340] new_slab+0xa1/0x4d0
[ 50.965753][ T340] ___slab_alloc+0x381/0x810
[ 50.970329][ T340] __slab_alloc+0x49/0x90
[ 50.974646][ T340] kmem_cache_alloc+0x138/0x260
[ 50.979487][ T340] __alloc_skb+0xe0/0x740
[ 50.983806][ T340] alloc_skb_with_frags+0xa8/0x620
[ 50.988907][ T340] sock_alloc_send_pskb+0x853/0x980
[ 50.994093][ T340] unix_dgram_sendmsg+0x5ea/0x1880
[ 50.999193][ T340] __sys_sendto+0x423/0x580
[ 51.003696][ T340] __x64_sys_sendto+0xe5/0x100
[ 51.008448][ T340] x64_sys_call+0x178/0x9a0
[ 51.012942][ T340] do_syscall_64+0x4c/0xa0
[ 51.017356][ T340] page last free stack trace:
[ 51.022031][ T340] free_unref_page_prepare+0x542/0x550
[ 51.027481][ T340] free_unref_page_list+0x134/0x9d0
[ 51.032667][ T340] release_pages+0x1076/0x10d0
[ 51.037442][ T340] free_pages_and_swap_cache+0x86/0xa0
[ 51.042889][ T340] tlb_finish_mmu+0x175/0x300
[ 51.047599][ T340] exit_mmap+0x40f/0x860
[ 51.051829][ T340] __mmput+0x93/0x320
[ 51.055802][ T340] mmput+0x50/0x150
[ 51.059597][ T340] do_exit+0x9ca/0x27a0
[ 51.063739][ T340] do_group_exit+0x141/0x310
[ 51.068314][ T340] __x64_sys_exit_group+0x3f/0x40
[ 51.073344][ T340] x64_sys_call+0x832/0x9a0
[ 51.077835][ T340] do_syscall_64+0x4c/0xa0
[ 51.082241][ T340] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 51.088144][ T340]
[ 51.090451][ T340] Memory state around the buggy address:
[ 51.096065][ T340] ffff8881253cc400: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 51.104142][ T340] ffff8881253cc480: fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc fc
[ 51.112197][ T340] >ffff8881253cc500: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 51.120255][ T340] ^
[ 51.124321][ T340] ffff8881253cc580: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fc
[ 51.132375][ T340] ffff8881253cc600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 51.140510][ T340] ==================================================================
[ 51.160553][ T343] FAULT_INJECTION: forcing a failure.
[ 51.160553][ T343] name failslab, interval 1, probability 0, space 0, times 0
[ 51.173193][ T343] CPU: 1 PID: 343 Comm: syz-executor.0 Tainted: G B 5.15.182-syzkaller-1080481-g57725b368731 #0
[ 51.185021][ T343] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025
[ 51.195092][ T343] Call Trace:
[ 51.198371][ T343]
[ 51.201300][ T343] __dump_stack+0x21/0x30
[ 51.205628][ T343] dump_stack_lvl+0xee/0x150
[ 51.210219][ T343] ? show_regs_print_info+0x20/0x20
[ 51.215408][ T343] ? entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 51.221558][ T343] ? __kasan_check_write+0x14/0x20
[ 51.226670][ T343] ? _raw_spin_lock_irqsave+0xb0/0x110
[ 51.232169][ T343] dump_stack+0x15/0x20
[ 51.236315][ T343] should_fail+0x3c1/0x510
[ 51.240744][ T343] __should_failslab+0xa4/0xe0
[ 51.245633][ T343] should_failslab+0x9/0x20
[ 51.250257][ T343] slab_pre_alloc_hook+0x3b/0xe0
[ 51.255199][ T343] ? skb_clone+0x1cf/0x360
[ 51.259611][ T343] kmem_cache_alloc+0x44/0x260
[ 51.264384][ T343] skb_clone+0x1cf/0x360
[ 51.268617][ T343] ? __kasan_check_write+0x14/0x20
[ 51.273727][ T343] sk_psock_verdict_recv+0x53/0x800
[ 51.278941][ T343] unix_read_sock+0x10a/0x2c0
[ 51.283622][ T343] ? sk_psock_skb_redirect+0x440/0x440
[ 51.289087][ T343] ? unix_stream_splice_actor+0x120/0x120
[ 51.294833][ T343] ? __kasan_check_write+0x14/0x20
[ 51.299943][ T343] ? unix_stream_splice_actor+0x120/0x120
[ 51.305664][ T343] sk_psock_verdict_data_ready+0x115/0x170
[ 51.311474][ T343] ? sk_psock_start_verdict+0xc0/0xc0
[ 51.316849][ T343] ? _raw_spin_lock+0x8e/0xe0
[ 51.321521][ T343] ? _raw_spin_unlock_irqrestore+0x5b/0x80
[ 51.327323][ T343] ? skb_queue_tail+0xcb/0xf0
[ 51.331993][ T343] unix_dgram_sendmsg+0x11e6/0x1880
[ 51.337186][ T343] ? unix_dgram_poll+0x6b0/0x6b0
[ 51.342197][ T343] ? __mod_memcg_lruvec_state+0x122/0x1b0
[ 51.347905][ T343] ? security_socket_sendmsg+0x82/0xa0
[ 51.353527][ T343] ? unix_dgram_poll+0x6b0/0x6b0
[ 51.358463][ T343] ____sys_sendmsg+0x5a2/0x8c0
[ 51.363305][ T343] ? __sys_sendmsg_sock+0x40/0x40
[ 51.368321][ T343] ? import_iovec+0x7c/0xb0
[ 51.372815][ T343] ___sys_sendmsg+0x1f0/0x260
[ 51.377482][ T343] ? _kstrtoull+0x3c0/0x4d0
[ 51.381977][ T343] ? __sys_sendmsg+0x250/0x250
[ 51.386735][ T343] ? __fdget+0x1a1/0x230
[ 51.390970][ T343] __sys_sendmmsg+0x278/0x480
[ 51.395652][ T343] ? __ia32_sys_sendmsg+0x2a0/0x2a0
[ 51.400867][ T343] ? __ia32_sys_read+0x90/0x90
[ 51.405622][ T343] __x64_sys_sendmmsg+0xa0/0xb0
[ 51.410462][ T343] x64_sys_call+0x6c6/0x9a0
[ 51.414952][ T343] do_syscall_64+0x4c/0xa0
[ 51.419357][ T343] ? clear_bhb_loop+0x35/0x90
[ 51.424020][ T343] ? clear_bhb_loop+0x35/0x90
[ 51.428683][ T343] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 51.434568][ T343] RIP: 0033:0x7f6744603ae9
[ 51.438975][ T343] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[ 51.458661][ T343] RSP: 002b:00007f67441860c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 51.467072][ T343] RAX: ffffffffffffffda RBX: 00007f6744722f80 RCX: 00007f6744603ae9
[ 51.475038][ T343] RDX: 0000000000000001 RSI: 00000000200063c0 RDI: 0000000000000003
[ 51.482998][ T343] RBP: 00007f6744186120 R08: 0000000000000000 R09: 0000000000000000
[ 51.491119][ T343] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 51.499082][ T343] R13: 000000000000000b R14: 00007f6744722f80 R15: 00007ffc08dbc228
[ 51.507051][ T343]
[ 51.519138][ T345] FAULT_INJECTION: forcing a failure.
[ 51.519138][ T345] name failslab, interval 1, probability 0, space 0, times 0
[ 51.532343][ T345] CPU: 0 PID: 345 Comm: syz-executor.0 Tainted: G B 5.15.182-syzkaller-1080481-g57725b368731 #0
[ 51.544073][ T345] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025
[ 51.554129][ T345] Call Trace:
[ 51.557414][ T345]
[ 51.560344][ T345] __dump_stack+0x21/0x30
[ 51.564670][ T345] dump_stack_lvl+0xee/0x150
[ 51.569474][ T345] ? show_regs_print_info+0x20/0x20
[ 51.574680][ T345] dump_stack+0x15/0x20
[ 51.578848][ T345] should_fail+0x3c1/0x510
[ 51.583259][ T345] __should_failslab+0xa4/0xe0
[ 51.588019][ T345] should_failslab+0x9/0x20
[ 51.592529][ T345] slab_pre_alloc_hook+0x3b/0xe0
[ 51.597459][ T345] kmem_cache_alloc_trace+0x48/0x270
[ 51.602735][ T345] ? sk_psock_skb_ingress_self+0x5f/0x330
[ 51.608444][ T345] ? migrate_disable+0x180/0x180
[ 51.613461][ T345] sk_psock_skb_ingress_self+0x5f/0x330
[ 51.619013][ T345] ? migrate_disable+0xd6/0x180
[ 51.623964][ T345] sk_psock_verdict_recv+0x636/0x800
[ 51.629296][ T345] unix_read_sock+0x10a/0x2c0
[ 51.633977][ T345] ? sk_psock_skb_redirect+0x440/0x440
[ 51.639424][ T345] ? unix_stream_splice_actor+0x120/0x120
[ 51.645134][ T345] ? __kasan_check_write+0x14/0x20
[ 51.650242][ T345] ? unix_stream_splice_actor+0x120/0x120
[ 51.655950][ T345] sk_psock_verdict_data_ready+0x115/0x170
[ 51.661755][ T345] ? sk_psock_start_verdict+0xc0/0xc0
[ 51.667116][ T345] ? _raw_spin_lock+0x8e/0xe0
[ 51.671789][ T345] ? _raw_spin_unlock_irqrestore+0x5b/0x80
[ 51.677607][ T345] ? skb_queue_tail+0xcb/0xf0
[ 51.682290][ T345] unix_dgram_sendmsg+0x11e6/0x1880
[ 51.687486][ T345] ? unix_dgram_poll+0x6b0/0x6b0
[ 51.692415][ T345] ? __mod_memcg_lruvec_state+0x164/0x1b0
[ 51.698138][ T345] ? security_socket_sendmsg+0x82/0xa0
[ 51.703587][ T345] ? unix_dgram_poll+0x6b0/0x6b0
[ 51.708515][ T345] ____sys_sendmsg+0x5a2/0x8c0
[ 51.713296][ T345] ? __sys_sendmsg_sock+0x40/0x40
[ 51.718312][ T345] ? import_iovec+0x7c/0xb0
[ 51.722824][ T345] ___sys_sendmsg+0x1f0/0x260
[ 51.727516][ T345] ? _kstrtoull+0x3c0/0x4d0
[ 51.732022][ T345] ? __sys_sendmsg+0x250/0x250
[ 51.736792][ T345] ? __fdget+0x1a1/0x230
[ 51.741040][ T345] __sys_sendmmsg+0x278/0x480
[ 51.745711][ T345] ? __ia32_sys_sendmsg+0x2a0/0x2a0
[ 51.751173][ T345] ? __ia32_sys_read+0x90/0x90
[ 51.755930][ T345] __x64_sys_sendmmsg+0xa0/0xb0
[ 51.760773][ T345] x64_sys_call+0x6c6/0x9a0
[ 51.765271][ T345] do_syscall_64+0x4c/0xa0
[ 51.769693][ T345] ? clear_bhb_loop+0x35/0x90
[ 51.774361][ T345] ? clear_bhb_loop+0x35/0x90
[ 51.779031][ T345] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 51.784922][ T345] RIP: 0033:0x7f6744603ae9
[ 51.789332][ T345] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[ 51.808933][ T345] RSP: 002b:00007f67441860c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 51.817360][ T345] RAX: ffffffffffffffda RBX: 00007f6744722f80 RCX: 00007f6744603ae9
[ 51.825327][ T345] RDX: 0000000000000001 RSI: 00000000200063c0 RDI: 0000000000000003
[ 51.833288][ T345] RBP: 00007f6744186120 R08: 0000000000000000 R09: 0000000000000000
[ 51.841334][ T345] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 51.849303][ T345] R13: 000000000000000b R14: 00007f6744722f80 R15: 00007ffc08dbc228
[ 51.857285][ T345]
[ 51.861032][ T344] ==================================================================
[ 51.869260][ T344] BUG: KASAN: double-free or invalid-free in kmem_cache_free+0x100/0x320
[ 51.877671][ T344]
[ 51.880003][ T344] CPU: 1 PID: 344 Comm: syz-executor.0 Tainted: G B 5.15.182-syzkaller-1080481-g57725b368731 #0
[ 51.891703][ T344] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025
[ 51.901750][ T344] Call Trace:
[ 51.905110][ T344]
[ 51.908071][ T344] __dump_stack+0x21/0x30
[ 51.912407][ T344] dump_stack_lvl+0xee/0x150
[ 51.916988][ T344] ? show_regs_print_info+0x20/0x20
[ 51.922196][ T344] ? load_image+0x3a0/0x3a0
[ 51.926687][ T344] ? hrtimer_cancel+0x2d/0x60
[ 51.931558][ T344] print_address_description+0x7f/0x2c0
[ 51.937098][ T344] ? kmem_cache_free+0x100/0x320
[ 51.942030][ T344] kasan_report_invalid_free+0x58/0x90
[ 51.947479][ T344] ? kmem_cache_free+0x100/0x320
[ 51.952407][ T344] ____kasan_slab_free+0x13d/0x160
[ 51.957503][ T344] __kasan_slab_free+0x11/0x20
[ 51.962252][ T344] slab_free_freelist_hook+0xc2/0x190
[ 51.967610][ T344] ? kfree_skbmem+0x10c/0x180
[ 51.972297][ T344] kmem_cache_free+0x100/0x320
[ 51.977058][ T344] ? skb_release_data+0x94f/0xa10
[ 51.982077][ T344] kfree_skbmem+0x10c/0x180
[ 51.986564][ T344] consume_skb+0xb3/0x1f0
[ 51.990910][ T344] __sk_msg_free+0x4f4/0x560
[ 51.995510][ T344] ? _raw_spin_lock_bh+0x8e/0xe0
[ 52.000443][ T344] ? _raw_spin_lock_irq+0xe0/0xe0
[ 52.005461][ T344] ? skb_dequeue+0x125/0x160
[ 52.010474][ T344] sk_psock_stop+0x4c9/0x570
[ 52.015051][ T344] ? sock_no_sendpage_locked+0x130/0x130
[ 52.020684][ T344] sk_psock_drop+0x226/0x300
[ 52.025439][ T344] sock_map_unref+0x3c2/0x420
[ 52.030099][ T344] ? sk_psock_link_pop+0x154/0x170
[ 52.035197][ T344] sock_map_remove_links+0x3cd/0x600
[ 52.040469][ T344] ? sock_init_data+0xc0/0xc0
[ 52.045137][ T344] ? fput+0x1a/0x20
[ 52.048926][ T344] ? filp_close+0x105/0x150
[ 52.053411][ T344] ? close_fd+0x70/0x80
[ 52.057556][ T344] ? sock_map_unhash+0x130/0x130
[ 52.062484][ T344] sock_map_close+0x111/0x440
[ 52.067146][ T344] ? unix_peer_get+0xe0/0xe0
[ 52.071719][ T344] ? sock_map_remove_links+0x600/0x600
[ 52.077187][ T344] ? clear_nonspinnable+0x60/0x60
[ 52.082292][ T344] unix_release+0x82/0xc0
[ 52.086610][ T344] sock_close+0xe0/0x270
[ 52.090841][ T344] ? sock_mmap+0xa0/0xa0
[ 52.095179][ T344] __fput+0x20b/0x8b0
[ 52.099149][ T344] ____fput+0x15/0x20
[ 52.103134][ T344] task_work_run+0x127/0x190
[ 52.107709][ T344] exit_to_user_mode_loop+0xd0/0xe0
[ 52.112975][ T344] exit_to_user_mode_prepare+0x5a/0xa0
[ 52.118542][ T344] syscall_exit_to_user_mode+0x1a/0x30
[ 52.124011][ T344] do_syscall_64+0x58/0xa0
[ 52.128435][ T344] ? clear_bhb_loop+0x35/0x90
[ 52.133097][ T344] ? clear_bhb_loop+0x35/0x90
[ 52.137766][ T344] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 52.143758][ T344] RIP: 0033:0x7f67446029da
[ 52.148161][ T344] Code: 48 3d 00 f0 ff ff 77 48 c3 0f 1f 80 00 00 00 00 48 83 ec 18 89 7c 24 0c e8 03 7f 02 00 8b 7c 24 0c 89 c2 b8 03 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 36 89 d7 89 44 24 0c e8 63 7f 02 00 8b 44 24
[ 52.167752][ T344] RSP: 002b:00007ffc08dbc2f0 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[ 52.176152][ T344] RAX: 0000000000000000 RBX: 0000000000000004 RCX: 00007f67446029da
[ 52.184109][ T344] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003
[ 52.192063][ T344] RBP: 0000000000000032 R08: 0000001b30160000 R09: 00007f6744722f8c
[ 52.200040][ T344] R10: 00007ffc08dbc440 R11: 0000000000000293 R12: 00007f67441880d0
[ 52.208008][ T344] R13: ffffffffffffffff R14: 00007f6744187000 R15: 000000000000c924
[ 52.215993][ T344]
[ 52.219015][ T344]
[ 52.221323][ T344] Allocated by task 345:
[ 52.225540][ T344] __kasan_slab_alloc+0xbd/0xf0
[ 52.230402][ T344] slab_post_alloc_hook+0x4f/0x2b0
[ 52.235500][ T344] kmem_cache_alloc+0xf7/0x260
[ 52.240249][ T344] skb_clone+0x1cf/0x360
[ 52.244490][ T344] sk_psock_verdict_recv+0x53/0x800
[ 52.249706][ T344] unix_read_sock+0x10a/0x2c0
[ 52.254369][ T344] sk_psock_verdict_data_ready+0x115/0x170
[ 52.260166][ T344] unix_dgram_sendmsg+0x11e6/0x1880
[ 52.265351][ T344] ____sys_sendmsg+0x5a2/0x8c0
[ 52.270227][ T344] ___sys_sendmsg+0x1f0/0x260
[ 52.274891][ T344] __sys_sendmmsg+0x278/0x480
[ 52.279639][ T344] __x64_sys_sendmmsg+0xa0/0xb0
[ 52.284474][ T344] x64_sys_call+0x6c6/0x9a0
[ 52.288969][ T344] do_syscall_64+0x4c/0xa0
[ 52.293369][ T344] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 52.299249][ T344]
[ 52.301555][ T344] Freed by task 60:
[ 52.305352][ T344] kasan_set_track+0x4a/0x70
[ 52.309925][ T344] kasan_set_free_info+0x23/0x40
[ 52.314850][ T344] ____kasan_slab_free+0x125/0x160
[ 52.319946][ T344] __kasan_slab_free+0x11/0x20
[ 52.324695][ T344] slab_free_freelist_hook+0xc2/0x190
[ 52.330054][ T344] kmem_cache_free+0x100/0x320
[ 52.334808][ T344] kfree_skbmem+0x10c/0x180
[ 52.339351][ T344] kfree_skb+0xc1/0x2f0
[ 52.343499][ T344] sk_psock_backlog+0xa85/0xd80
[ 52.348334][ T344] process_one_work+0x6be/0xba0
[ 52.353204][ T344] worker_thread+0xa59/0x1200
[ 52.357875][ T344] kthread+0x411/0x500
[ 52.361933][ T344] ret_from_fork+0x1f/0x30
[ 52.366359][ T344]
[ 52.368687][ T344] The buggy address belongs to the object at ffff88812535d780
[ 52.368687][ T344] which belongs to the cache skbuff_head_cache of size 248
[ 52.383244][ T344] The buggy address is located 0 bytes inside of
[ 52.383244][ T344] 248-byte region [ffff88812535d780, ffff88812535d878)
[ 52.396334][ T344] The buggy address belongs to the page:
[ 52.401956][ T344] page:ffffea000494d740 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x12535d
[ 52.412202][ T344] flags: 0x4000000000000200(slab|zone=1)
[ 52.417837][ T344] raw: 4000000000000200 0000000000000000 dead000000000122 ffff8881081aa000
[ 52.426414][ T344] raw: 0000000000000000 00000000000c000c 00000001ffffffff 0000000000000000
[ 52.434979][ T344] page dumped because: kasan: bad access detected
[ 52.441384][ T344] page_owner tracks the page as allocated
[ 52.447082][ T344] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x112cc0(GFP_USER|__GFP_NOWARN|__GFP_NORETRY), pid 90, ts 51512011914, free_ts 45694483436
[ 52.462878][ T344] post_alloc_hook+0x192/0x1b0
[ 52.467645][ T344] prep_new_page+0x1c/0x110
[ 52.472134][ T344] get_page_from_freelist+0x2cc5/0x2d50
[ 52.477667][ T344] __alloc_pages+0x18f/0x440
[ 52.482244][ T344] new_slab+0xa1/0x4d0
[ 52.486298][ T344] ___slab_alloc+0x381/0x810
[ 52.490873][ T344] __slab_alloc+0x49/0x90
[ 52.495186][ T344] kmem_cache_alloc+0x138/0x260
[ 52.500191][ T344] __alloc_skb+0xe0/0x740
[ 52.504549][ T344] alloc_skb_with_frags+0xa8/0x620
[ 52.509688][ T344] sock_alloc_send_pskb+0x853/0x980
[ 52.514894][ T344] unix_dgram_sendmsg+0x5ea/0x1880
[ 52.520147][ T344] __sys_sendto+0x423/0x580
[ 52.524664][ T344] __x64_sys_sendto+0xe5/0x100
[ 52.529426][ T344] x64_sys_call+0x178/0x9a0
[ 52.534030][ T344] do_syscall_64+0x4c/0xa0
[ 52.538441][ T344] page last free stack trace:
[ 52.543109][ T344] free_unref_page_prepare+0x542/0x550
[ 52.548561][ T344] free_unref_page+0xa2/0x550
[ 52.553233][ T344] __free_pages+0x6c/0x100
[ 52.557638][ T344] free_pages+0x82/0x90
[ 52.561782][ T344] kasan_depopulate_vmalloc_pte+0x6b/0x90
[ 52.567491][ T344] __apply_to_page_range+0x8b0/0xbf0
[ 52.572806][ T344] apply_to_existing_page_range+0x38/0x50
[ 52.578520][ T344] kasan_release_vmalloc+0x97/0xb0
[ 52.583616][ T344] __purge_vmap_area_lazy+0xc05/0x1840
[ 52.589062][ T344] _vm_unmap_aliases+0x2fd/0x380
[ 52.594002][ T344] vm_unmap_aliases+0x19/0x20
[ 52.598660][ T344] change_page_attr_set_clr+0x311/0xc10
[ 52.604190][ T344] set_memory_ro+0x89/0xd0
[ 52.608589][ T344] bpf_int_jit_compile+0xc154/0xc910
[ 52.613963][ T344] bpf_prog_select_runtime+0x6f1/0x9f0
[ 52.619427][ T344] bpf_prog_load+0x106d/0x1550
[ 52.624176][ T344]
[ 52.626482][ T344] Memory state around the buggy address:
[ 52.632093][ T344] ffff88812535d680: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 52.640221][ T344] ffff88812535d700: fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc fc
[ 52.648263][ T344] >ffff88812535d780: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 52.656320][ T344] ^
[ 52.660372][ T344] ffff88812535d800: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fc
[ 52.668414][ T344] ffff88812535d880: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
[ 52.676453][ T344] ==================================================================
[ 52.695965][ T347] FAULT_INJECTION: forcing a failure.
[ 52.695965][ T347] name failslab, interval 1, probability 0, space 0, times 0
[ 52.708615][ T347] CPU: 1 PID: 347 Comm: syz-executor.0 Tainted: G B 5.15.182-syzkaller-1080481-g57725b368731 #0
[ 52.720356][ T347] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025
[ 52.730422][ T347] Call Trace:
[ 52.733691][ T347]
[ 52.736614][ T347] __dump_stack+0x21/0x30
[ 52.740937][ T347] dump_stack_lvl+0xee/0x150
[ 52.745525][ T347] ? show_regs_print_info+0x20/0x20
[ 52.750731][ T347] dump_stack+0x15/0x20
[ 52.754873][ T347] should_fail+0x3c1/0x510
[ 52.759281][ T347] __should_failslab+0xa4/0xe0
[ 52.764049][ T347] should_failslab+0x9/0x20
[ 52.768544][ T347] slab_pre_alloc_hook+0x3b/0xe0
[ 52.773472][ T347] kmem_cache_alloc_trace+0x48/0x270
[ 52.778865][ T347] ? sk_psock_skb_ingress_self+0x5f/0x330
[ 52.784666][ T347] ? migrate_disable+0x180/0x180
[ 52.789597][ T347] sk_psock_skb_ingress_self+0x5f/0x330
[ 52.795137][ T347] ? migrate_disable+0xd6/0x180
[ 52.799976][ T347] sk_psock_verdict_recv+0x636/0x800
[ 52.805257][ T347] unix_read_sock+0x10a/0x2c0
[ 52.809943][ T347] ? sk_psock_skb_redirect+0x440/0x440
[ 52.815399][ T347] ? unix_stream_splice_actor+0x120/0x120
[ 52.821111][ T347] ? __kasan_check_write+0x14/0x20
[ 52.826214][ T347] ? unix_stream_splice_actor+0x120/0x120
[ 52.831925][ T347] sk_psock_verdict_data_ready+0x115/0x170
[ 52.837721][ T347] ? sk_psock_start_verdict+0xc0/0xc0
[ 52.843116][ T347] ? _raw_spin_lock+0x8e/0xe0
[ 52.847790][ T347] ? _raw_spin_unlock_irqrestore+0x5b/0x80
[ 52.853586][ T347] ? skb_queue_tail+0xcb/0xf0
[ 52.858269][ T347] unix_dgram_sendmsg+0x11e6/0x1880
[ 52.863467][ T347] ? unix_dgram_poll+0x6b0/0x6b0
[ 52.868395][ T347] ? __mod_memcg_lruvec_state+0x122/0x1b0
[ 52.874131][ T347] ? security_socket_sendmsg+0x82/0xa0
[ 52.879586][ T347] ? unix_dgram_poll+0x6b0/0x6b0
[ 52.884530][ T347] ____sys_sendmsg+0x5a2/0x8c0
[ 52.889292][ T347] ? __sys_sendmsg_sock+0x40/0x40
[ 52.894309][ T347] ? import_iovec+0x7c/0xb0
[ 52.898814][ T347] ___sys_sendmsg+0x1f0/0x260
[ 52.903481][ T347] ? _kstrtoull+0x3c0/0x4d0
[ 52.907971][ T347] ? __sys_sendmsg+0x250/0x250
[ 52.912735][ T347] ? __fdget+0x1a1/0x230
[ 52.916996][ T347] __sys_sendmmsg+0x278/0x480
[ 52.921664][ T347] ? __ia32_sys_sendmsg+0x2a0/0x2a0
[ 52.926862][ T347] ? __ia32_sys_read+0x90/0x90
[ 52.931630][ T347] __x64_sys_sendmmsg+0xa0/0xb0
[ 52.936492][ T347] x64_sys_call+0x6c6/0x9a0
[ 52.941026][ T347] do_syscall_64+0x4c/0xa0
[ 52.945464][ T347] ? clear_bhb_loop+0x35/0x90
[ 52.950142][ T347] ? clear_bhb_loop+0x35/0x90
[ 52.954812][ T347] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 52.960697][ T347] RIP: 0033:0x7f6744603ae9
[ 52.965103][ T347] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[ 52.984700][ T347] RSP: 002b:00007f67441860c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 52.993106][ T347] RAX: ffffffffffffffda RBX: 00007f6744722f80 RCX: 00007f6744603ae9
[ 53.001073][ T347] RDX: 0000000000000001 RSI: 00000000200063c0 RDI: 0000000000000003
[ 53.009470][ T347] RBP: 00007f6744186120 R08: 0000000000000000 R09: 0000000000000000
[ 53.017523][ T347] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 53.025496][ T347] R13: 000000000000000b R14: 00007f6744722f80 R15: 00007ffc08dbc228
[ 53.033459][ T347]
[ 53.037739][ T346] ==================================================================
[ 53.045805][ T346] BUG: KASAN: double-free or invalid-free in kmem_cache_free+0x100/0x320
[ 53.054207][ T346]
[ 53.056535][ T346] CPU: 0 PID: 346 Comm: syz-executor.0 Tainted: G B 5.15.182-syzkaller-1080481-g57725b368731 #0
[ 53.068226][ T346] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025
[ 53.078278][ T346] Call Trace:
[ 53.081551][ T346]
[ 53.084469][ T346] __dump_stack+0x21/0x30
[ 53.089318][ T346] dump_stack_lvl+0xee/0x150
[ 53.093997][ T346] ? show_regs_print_info+0x20/0x20
[ 53.099204][ T346] ? load_image+0x3a0/0x3a0
[ 53.103878][ T346] ? update_load_avg+0x410/0x1110
[ 53.108891][ T346] print_address_description+0x7f/0x2c0
[ 53.114437][ T346] ? kmem_cache_free+0x100/0x320
[ 53.119379][ T346] kasan_report_invalid_free+0x58/0x90
[ 53.124912][ T346] ? kmem_cache_free+0x100/0x320
[ 53.129845][ T346] ____kasan_slab_free+0x13d/0x160
[ 53.134941][ T346] __kasan_slab_free+0x11/0x20
[ 53.139772][ T346] slab_free_freelist_hook+0xc2/0x190
[ 53.145130][ T346] ? kfree_skbmem+0x10c/0x180
[ 53.149885][ T346] kmem_cache_free+0x100/0x320
[ 53.154633][ T346] ? skb_release_data+0x94f/0xa10
[ 53.159638][ T346] kfree_skbmem+0x10c/0x180
[ 53.164123][ T346] consume_skb+0xb3/0x1f0
[ 53.168437][ T346] __sk_msg_free+0x4f4/0x560
[ 53.173011][ T346] ? _raw_spin_lock_bh+0x8e/0xe0
[ 53.177940][ T346] ? _raw_spin_lock_irq+0xe0/0xe0
[ 53.182947][ T346] ? skb_dequeue+0x125/0x160
[ 53.187519][ T346] sk_psock_stop+0x4c9/0x570
[ 53.192091][ T346] ? sock_no_sendpage_locked+0x130/0x130
[ 53.197708][ T346] sk_psock_drop+0x226/0x300
[ 53.202285][ T346] sock_map_unref+0x3c2/0x420
[ 53.206944][ T346] ? sk_psock_link_pop+0x154/0x170
[ 53.212039][ T346] sock_map_remove_links+0x3cd/0x600
[ 53.217311][ T346] ? sock_init_data+0xc0/0xc0
[ 53.221977][ T346] ? fput+0x1a/0x20
[ 53.225853][ T346] ? filp_close+0x105/0x150
[ 53.230341][ T346] ? close_fd+0x70/0x80
[ 53.234480][ T346] ? sock_map_unhash+0x130/0x130
[ 53.239425][ T346] sock_map_close+0x111/0x440
[ 53.244085][ T346] ? unix_peer_get+0xe0/0xe0
[ 53.248744][ T346] ? sock_map_remove_links+0x600/0x600
[ 53.254710][ T346] ? clear_nonspinnable+0x60/0x60
[ 53.259717][ T346] unix_release+0x82/0xc0
[ 53.264027][ T346] sock_close+0xe0/0x270
[ 53.268263][ T346] ? sock_mmap+0xa0/0xa0
[ 53.272491][ T346] __fput+0x20b/0x8b0
[ 53.276460][ T346] ____fput+0x15/0x20
[ 53.280424][ T346] task_work_run+0x127/0x190
[ 53.284999][ T346] exit_to_user_mode_loop+0xd0/0xe0
[ 53.290194][ T346] exit_to_user_mode_prepare+0x5a/0xa0
[ 53.295745][ T346] syscall_exit_to_user_mode+0x1a/0x30
[ 53.301217][ T346] do_syscall_64+0x58/0xa0
[ 53.305626][ T346] ? clear_bhb_loop+0x35/0x90
[ 53.310302][ T346] ? clear_bhb_loop+0x35/0x90
[ 53.314964][ T346] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 53.320847][ T346] RIP: 0033:0x7f67446029da
[ 53.325249][ T346] Code: 48 3d 00 f0 ff ff 77 48 c3 0f 1f 80 00 00 00 00 48 83 ec 18 89 7c 24 0c e8 03 7f 02 00 8b 7c 24 0c 89 c2 b8 03 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 36 89 d7 89 44 24 0c e8 63 7f 02 00 8b 44 24
[ 53.344965][ T346] RSP: 002b:00007ffc08dbc2f0 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[ 53.353361][ T346] RAX: 0000000000000000 RBX: 0000000000000004 RCX: 00007f67446029da
[ 53.361338][ T346] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003
[ 53.369302][ T346] RBP: 00007f6744724980 R08: 0000001b30160000 R09: 00007a1bc634032c
[ 53.377259][ T346] R10: 0000000000000000 R11: 0000000000000293 R12: 000000000000d0fe
[ 53.385218][ T346] R13: ffffffffffffffff R14: 00007f6744187000 R15: 000000000000cdbd
[ 53.393179][ T346]
[ 53.396276][ T346]
[ 53.398593][ T346] Allocated by task 347:
[ 53.402812][ T346] __kasan_slab_alloc+0xbd/0xf0
[ 53.407646][ T346] slab_post_alloc_hook+0x4f/0x2b0
[ 53.412742][ T346] kmem_cache_alloc+0xf7/0x260
[ 53.417495][ T346] skb_clone+0x1cf/0x360
[ 53.421739][ T346] sk_psock_verdict_recv+0x53/0x800
[ 53.426943][ T346] unix_read_sock+0x10a/0x2c0
[ 53.431615][ T346] sk_psock_verdict_data_ready+0x115/0x170
[ 53.437416][ T346] unix_dgram_sendmsg+0x11e6/0x1880
[ 53.442601][ T346] ____sys_sendmsg+0x5a2/0x8c0
[ 53.447347][ T346] ___sys_sendmsg+0x1f0/0x260
[ 53.452212][ T346] __sys_sendmmsg+0x278/0x480
[ 53.456995][ T346] __x64_sys_sendmmsg+0xa0/0xb0
[ 53.461849][ T346] x64_sys_call+0x6c6/0x9a0
[ 53.466344][ T346] do_syscall_64+0x4c/0xa0
[ 53.470762][ T346] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 53.476655][ T346]
[ 53.478965][ T346] Freed by task 39:
[ 53.482771][ T346] kasan_set_track+0x4a/0x70
[ 53.487354][ T346] kasan_set_free_info+0x23/0x40
[ 53.492286][ T346] ____kasan_slab_free+0x125/0x160
[ 53.497384][ T346] __kasan_slab_free+0x11/0x20
[ 53.502145][ T346] slab_free_freelist_hook+0xc2/0x190
[ 53.507519][ T346] kmem_cache_free+0x100/0x320
[ 53.512284][ T346] kfree_skbmem+0x10c/0x180
[ 53.516784][ T346] kfree_skb+0xc1/0x2f0
[ 53.520948][ T346] sk_psock_backlog+0xa85/0xd80
[ 53.525786][ T346] process_one_work+0x6be/0xba0
[ 53.530738][ T346] worker_thread+0xa59/0x1200
[ 53.535409][ T346] kthread+0x411/0x500
[ 53.539487][ T346] ret_from_fork+0x1f/0x30
[ 53.543904][ T346]
[ 53.546218][ T346] The buggy address belongs to the object at ffff88810f4e4140
[ 53.546218][ T346] which belongs to the cache skbuff_head_cache of size 248
[ 53.560784][ T346] The buggy address is located 0 bytes inside of
[ 53.560784][ T346] 248-byte region [ffff88810f4e4140, ffff88810f4e4238)
[ 53.573888][ T346] The buggy address belongs to the page:
[ 53.579509][ T346] page:ffffea00043d3900 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10f4e4
[ 53.589738][ T346] flags: 0x4000000000000200(slab|zone=1)
[ 53.595369][ T346] raw: 4000000000000200 0000000000000000 0000000600000001 ffff8881081aa000
[ 53.603940][ T346] raw: 0000000000000000 00000000000c000c 00000001ffffffff 0000000000000000
[ 53.612505][ T346] page dumped because: kasan: bad access detected
[ 53.618917][ T346] page_owner tracks the page as allocated
[ 53.624615][ T346] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x12cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY), pid 102, ts 4938860664, free_ts 4938803495
[ 53.640401][ T346] post_alloc_hook+0x192/0x1b0
[ 53.645242][ T346] prep_new_page+0x1c/0x110
[ 53.649730][ T346] get_page_from_freelist+0x2cc5/0x2d50
[ 53.655256][ T346] __alloc_pages+0x18f/0x440
[ 53.659829][ T346] new_slab+0xa1/0x4d0
[ 53.663881][ T346] ___slab_alloc+0x381/0x810
[ 53.668455][ T346] __slab_alloc+0x49/0x90
[ 53.672769][ T346] kmem_cache_alloc+0x138/0x260
[ 53.677604][ T346] __alloc_skb+0xe0/0x740
[ 53.681916][ T346] alloc_uevent_skb+0x85/0x240
[ 53.686662][ T346] kobject_uevent_net_broadcast+0x335/0x5a0
[ 53.692538][ T346] kobject_uevent_env+0x52e/0x700
[ 53.697543][ T346] kobject_synth_uevent+0x520/0xaf0
[ 53.702741][ T346] uevent_store+0x4b/0x70
[ 53.707054][ T346] drv_attr_store+0x79/0xa0
[ 53.711542][ T346] sysfs_kf_write+0x129/0x150
[ 53.716200][ T346] page last free stack trace:
[ 53.720849][ T346] free_unref_page_prepare+0x542/0x550
[ 53.726298][ T346] free_unref_page+0xa2/0x550
[ 53.730983][ T346] __free_pages+0x6c/0x100
[ 53.735383][ T346] free_pages+0x82/0x90
[ 53.739524][ T346] selinux_genfs_get_sid+0x20b/0x250
[ 53.744791][ T346] inode_doinit_with_dentry+0x86e/0xd70
[ 53.750314][ T346] selinux_d_instantiate+0x27/0x40
[ 53.755420][ T346] security_d_instantiate+0x9e/0xf0
[ 53.760686][ T346] d_splice_alias+0x6d/0x390
[ 53.765262][ T346] kernfs_iop_lookup+0x2c2/0x310
[ 53.770201][ T346] path_openat+0xfcf/0x2f10
[ 53.774699][ T346] do_filp_open+0x1b3/0x3e0
[ 53.779184][ T346] do_sys_openat2+0x14c/0x7b0
[ 53.783846][ T346] __x64_sys_openat+0x136/0x160
[ 53.788960][ T346] x64_sys_call+0x219/0x9a0
[ 53.793450][ T346] do_syscall_64+0x4c/0xa0
[ 53.797857][ T346]
[ 53.800161][ T346] Memory state around the buggy address:
[ 53.805768][ T346] ffff88810f4e4000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 53.813810][ T346] ffff88810f4e4080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fc
[ 53.821863][ T346] >ffff88810f4e4100: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
[ 53.829901][ T346] ^
[ 53.836139][ T346] ffff88810f4e4180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 53.844176][ T346] ffff88810f4e4200: fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc fc
[ 53.852222][ T346] ==================================================================
[ 53.870415][ T349] FAULT_INJECTION: forcing a failure.
[ 53.870415][ T349] name failslab, interval 1, probability 0, space 0, times 0
[ 53.883151][ T349] CPU: 1 PID: 349 Comm: syz-executor.0 Tainted: G B 5.15.182-syzkaller-1080481-g57725b368731 #0
[ 53.894870][ T349] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025
[ 53.904924][ T349] Call Trace:
[ 53.908205][ T349]
[ 53.911123][ T349] __dump_stack+0x21/0x30
[ 53.915453][ T349] dump_stack_lvl+0xee/0x150
[ 53.920064][ T349] ? show_regs_print_info+0x20/0x20
[ 53.925253][ T349] ? entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 53.931321][ T349] ? __kasan_check_write+0x14/0x20
[ 53.936424][ T349] ? _raw_spin_lock_irqsave+0xb0/0x110
[ 53.941873][ T349] dump_stack+0x15/0x20
[ 53.946018][ T349] should_fail+0x3c1/0x510
[ 53.950426][ T349] __should_failslab+0xa4/0xe0
[ 53.955193][ T349] should_failslab+0x9/0x20
[ 53.959689][ T349] slab_pre_alloc_hook+0x3b/0xe0
[ 53.964614][ T349] ? skb_clone+0x1cf/0x360
[ 53.969025][ T349] kmem_cache_alloc+0x44/0x260
[ 53.973784][ T349] skb_clone+0x1cf/0x360
[ 53.978241][ T349] ? __kasan_check_write+0x14/0x20
[ 53.983371][ T349] sk_psock_verdict_recv+0x53/0x800
[ 53.988571][ T349] unix_read_sock+0x10a/0x2c0
[ 53.993251][ T349] ? sk_psock_skb_redirect+0x440/0x440
[ 53.998820][ T349] ? unix_stream_splice_actor+0x120/0x120
[ 54.004779][ T349] ? __kasan_check_write+0x14/0x20
[ 54.009890][ T349] ? unix_stream_splice_actor+0x120/0x120
[ 54.015617][ T349] sk_psock_verdict_data_ready+0x115/0x170
[ 54.021431][ T349] ? sk_psock_start_verdict+0xc0/0xc0
[ 54.026809][ T349] ? _raw_spin_lock+0x8e/0xe0
[ 54.031549][ T349] ? _raw_spin_unlock_irqrestore+0x5b/0x80
[ 54.037373][ T349] ? skb_queue_tail+0xcb/0xf0
[ 54.042053][ T349] unix_dgram_sendmsg+0x11e6/0x1880
[ 54.047259][ T349] ? unix_dgram_poll+0x6b0/0x6b0
[ 54.052195][ T349] ? __mod_memcg_lruvec_state+0x122/0x1b0
[ 54.057998][ T349] ? security_socket_sendmsg+0x82/0xa0
[ 54.063461][ T349] ? unix_dgram_poll+0x6b0/0x6b0
[ 54.068407][ T349] ____sys_sendmsg+0x5a2/0x8c0
[ 54.073173][ T349] ? __sys_sendmsg_sock+0x40/0x40
[ 54.078204][ T349] ? import_iovec+0x7c/0xb0
[ 54.082709][ T349] ___sys_sendmsg+0x1f0/0x260
[ 54.087380][ T349] ? _kstrtoull+0x3c0/0x4d0
[ 54.091883][ T349] ? __sys_sendmsg+0x250/0x250
[ 54.096648][ T349] ? __fdget+0x1a1/0x230
[ 54.100885][ T349] __sys_sendmmsg+0x278/0x480
[ 54.105552][ T349] ? __ia32_sys_sendmsg+0x2a0/0x2a0
[ 54.110741][ T349] ? __ia32_sys_read+0x90/0x90
[ 54.115494][ T349] __x64_sys_sendmmsg+0xa0/0xb0
[ 54.120354][ T349] x64_sys_call+0x6c6/0x9a0
[ 54.124849][ T349] do_syscall_64+0x4c/0xa0
[ 54.129272][ T349] ? clear_bhb_loop+0x35/0x90
[ 54.133938][ T349] ? clear_bhb_loop+0x35/0x90
[ 54.138614][ T349] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 54.144520][ T349] RIP: 0033:0x7f6744603ae9
[ 54.148926][ T349] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[ 54.168536][ T349] RSP: 002b:00007f67441860c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 54.176941][ T349] RAX: ffffffffffffffda RBX: 00007f6744722f80 RCX: 00007f6744603ae9
[ 54.184913][ T349] RDX: 0000000000000001 RSI: 00000000200063c0 RDI: 0000000000000003
[ 54.192886][ T349] RBP: 00007f6744186120 R08: 0000000000000000 R09: 0000000000000000
[ 54.200958][ T349] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 54.208925][ T349] R13: 000000000000000b R14: 00007f6744722f80 R15: 00007ffc08dbc228
[ 54.216894][ T349]
[ 54.228981][ T351] FAULT_INJECTION: forcing a failure.
[ 54.228981][ T351] name failslab, interval 1, probability 0, space 0, times 0
[ 54.241746][ T351] CPU: 1 PID: 351 Comm: syz-executor.0 Tainted: G B 5.15.182-syzkaller-1080481-g57725b368731 #0
[ 54.253540][ T351] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025
[ 54.263600][ T351] Call Trace:
[ 54.266886][ T351]
[ 54.269817][ T351] __dump_stack+0x21/0x30
[ 54.274201][ T351] dump_stack_lvl+0xee/0x150
[ 54.278786][ T351] ? show_regs_print_info+0x20/0x20
[ 54.283976][ T351] dump_stack+0x15/0x20
[ 54.288119][ T351] should_fail+0x3c1/0x510
[ 54.292528][ T351] __should_failslab+0xa4/0xe0
[ 54.297285][ T351] should_failslab+0x9/0x20
[ 54.301778][ T351] slab_pre_alloc_hook+0x3b/0xe0
[ 54.306712][ T351] kmem_cache_alloc_trace+0x48/0x270
[ 54.311998][ T351] ? sk_psock_skb_ingress_self+0x5f/0x330
[ 54.317709][ T351] ? migrate_disable+0x180/0x180
[ 54.322638][ T351] sk_psock_skb_ingress_self+0x5f/0x330
[ 54.328175][ T351] ? migrate_disable+0xd6/0x180
[ 54.333034][ T351] sk_psock_verdict_recv+0x636/0x800
[ 54.338312][ T351] unix_read_sock+0x10a/0x2c0
[ 54.342982][ T351] ? sk_psock_skb_redirect+0x440/0x440
[ 54.348429][ T351] ? unix_stream_splice_actor+0x120/0x120
[ 54.354150][ T351] ? __kasan_check_write+0x14/0x20
[ 54.359251][ T351] ? unix_stream_splice_actor+0x120/0x120
[ 54.364961][ T351] sk_psock_verdict_data_ready+0x115/0x170
[ 54.370753][ T351] ? sk_psock_start_verdict+0xc0/0xc0
[ 54.376119][ T351] ? _raw_spin_lock+0x8e/0xe0
[ 54.380787][ T351] ? _raw_spin_unlock_irqrestore+0x5b/0x80
[ 54.386609][ T351] ? skb_queue_tail+0xcb/0xf0
[ 54.391291][ T351] unix_dgram_sendmsg+0x11e6/0x1880
[ 54.396495][ T351] ? unix_dgram_poll+0x6b0/0x6b0
[ 54.401427][ T351] ? __mod_memcg_lruvec_state+0x122/0x1b0
[ 54.407140][ T351] ? security_socket_sendmsg+0x82/0xa0
[ 54.412618][ T351] ? unix_dgram_poll+0x6b0/0x6b0
[ 54.417564][ T351] ____sys_sendmsg+0x5a2/0x8c0
[ 54.422318][ T351] ? __sys_sendmsg_sock+0x40/0x40
[ 54.427329][ T351] ? import_iovec+0x7c/0xb0
[ 54.431823][ T351] ___sys_sendmsg+0x1f0/0x260
[ 54.436487][ T351] ? _kstrtoull+0x3c0/0x4d0
[ 54.440982][ T351] ? __sys_sendmsg+0x250/0x250
[ 54.445768][ T351] ? __fdget+0x1a1/0x230
[ 54.450009][ T351] __sys_sendmmsg+0x278/0x480
[ 54.454678][ T351] ? __ia32_sys_sendmsg+0x2a0/0x2a0
[ 54.459873][ T351] ? __ia32_sys_read+0x90/0x90
[ 54.464633][ T351] __x64_sys_sendmmsg+0xa0/0xb0
[ 54.469502][ T351] x64_sys_call+0x6c6/0x9a0
[ 54.474007][ T351] do_syscall_64+0x4c/0xa0
[ 54.478420][ T351] ? clear_bhb_loop+0x35/0x90
[ 54.483087][ T351] ? clear_bhb_loop+0x35/0x90
[ 54.487756][ T351] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 54.493650][ T351] RIP: 0033:0x7f6744603ae9
[ 54.498075][ T351] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[ 54.517761][ T351] RSP: 002b:00007f67441860c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 54.526170][ T351] RAX: ffffffffffffffda RBX: 00007f6744722f80 RCX: 00007f6744603ae9
[ 54.534250][ T351] RDX: 0000000000000001 RSI: 00000000200063c0 RDI: 0000000000000003
[ 54.542324][ T351] RBP: 00007f6744186120 R08: 0000000000000000 R09: 0000000000000000
[ 54.550290][ T351] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 54.558251][ T351] R13: 000000000000000b R14: 00007f6744722f80 R15: 00007ffc08dbc228
[ 54.566223][ T351]
[ 54.570433][ T350] ==================================================================
[ 54.578599][ T350] BUG: KASAN: double-free or invalid-free in kmem_cache_free+0x100/0x320
[ 54.587006][ T350]
[ 54.589330][ T350] CPU: 0 PID: 350 Comm: syz-executor.0 Tainted: G B 5.15.182-syzkaller-1080481-g57725b368731 #0
[ 54.601023][ T350] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025
[ 54.611162][ T350] Call Trace:
[ 54.614447][ T350]
[ 54.617374][ T350] __dump_stack+0x21/0x30
[ 54.621705][ T350] dump_stack_lvl+0xee/0x150
[ 54.626312][ T350] ? show_regs_print_info+0x20/0x20
[ 54.631502][ T350] ? load_image+0x3a0/0x3a0
[ 54.635992][ T350] ? reweight_entity+0x84/0x510
[ 54.640831][ T350] print_address_description+0x7f/0x2c0
[ 54.646367][ T350] ? kmem_cache_free+0x100/0x320
[ 54.651314][ T350] kasan_report_invalid_free+0x58/0x90
[ 54.656821][ T350] ? kmem_cache_free+0x100/0x320
[ 54.661744][ T350] ____kasan_slab_free+0x13d/0x160
[ 54.666852][ T350] __kasan_slab_free+0x11/0x20
[ 54.671618][ T350] slab_free_freelist_hook+0xc2/0x190
[ 54.676992][ T350] ? kfree_skbmem+0x10c/0x180
[ 54.681664][ T350] kmem_cache_free+0x100/0x320
[ 54.686420][ T350] ? skb_release_data+0x94f/0xa10
[ 54.691438][ T350] kfree_skbmem+0x10c/0x180
[ 54.695933][ T350] consume_skb+0xb3/0x1f0
[ 54.700252][ T350] __sk_msg_free+0x4f4/0x560
[ 54.704830][ T350] ? _raw_spin_lock_bh+0x8e/0xe0
[ 54.709755][ T350] ? _raw_spin_lock_irq+0xe0/0xe0
[ 54.714766][ T350] ? skb_dequeue+0x125/0x160
[ 54.719365][ T350] sk_psock_stop+0x4c9/0x570
[ 54.723943][ T350] ? sock_no_sendpage_locked+0x130/0x130
[ 54.729566][ T350] sk_psock_drop+0x226/0x300
[ 54.734144][ T350] sock_map_unref+0x3c2/0x420
[ 54.738812][ T350] ? sk_psock_link_pop+0x154/0x170
[ 54.743911][ T350] sock_map_remove_links+0x3cd/0x600
[ 54.749183][ T350] ? sock_init_data+0xc0/0xc0
[ 54.753852][ T350] ? fput+0x1a/0x20
[ 54.757652][ T350] ? filp_close+0x105/0x150
[ 54.762266][ T350] ? close_fd+0x70/0x80
[ 54.766427][ T350] ? sock_map_unhash+0x130/0x130
[ 54.771365][ T350] sock_map_close+0x111/0x440
[ 54.776052][ T350] ? unix_peer_get+0xe0/0xe0
[ 54.780638][ T350] ? sock_map_remove_links+0x600/0x600
[ 54.786095][ T350] ? clear_nonspinnable+0x60/0x60
[ 54.791129][ T350] unix_release+0x82/0xc0
[ 54.795456][ T350] sock_close+0xe0/0x270
[ 54.799690][ T350] ? sock_mmap+0xa0/0xa0
[ 54.803920][ T350] __fput+0x20b/0x8b0
[ 54.807901][ T350] ____fput+0x15/0x20
[ 54.811875][ T350] task_work_run+0x127/0x190
[ 54.816455][ T350] exit_to_user_mode_loop+0xd0/0xe0
[ 54.821640][ T350] exit_to_user_mode_prepare+0x5a/0xa0
[ 54.827086][ T350] syscall_exit_to_user_mode+0x1a/0x30
[ 54.832539][ T350] do_syscall_64+0x58/0xa0
[ 54.837038][ T350] ? clear_bhb_loop+0x35/0x90
[ 54.841700][ T350] ? clear_bhb_loop+0x35/0x90
[ 54.846363][ T350] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 54.852368][ T350] RIP: 0033:0x7f67446029da
[ 54.856822][ T350] Code: 48 3d 00 f0 ff ff 77 48 c3 0f 1f 80 00 00 00 00 48 83 ec 18 89 7c 24 0c e8 03 7f 02 00 8b 7c 24 0c 89 c2 b8 03 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 36 89 d7 89 44 24 0c e8 63 7f 02 00 8b 44 24
[ 54.876424][ T350] RSP: 002b:00007ffc08dbc2f0 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[ 54.884831][ T350] RAX: 0000000000000000 RBX: 0000000000000004 RCX: 00007f67446029da
[ 54.892919][ T350] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003
[ 54.900888][ T350] RBP: 00007f6744724980 R08: 0000001b30160000 R09: 002011446286a482
[ 54.908861][ T350] R10: 0000000000000000 R11: 0000000000000293 R12: 000000000000d6fb
[ 54.916822][ T350] R13: ffffffffffffffff R14: 00007f6744187000 R15: 000000000000d3ba
[ 54.924800][ T350]
[ 54.927803][ T350]
[ 54.930113][ T350] Allocated by task 351:
[ 54.934332][ T350] __kasan_slab_alloc+0xbd/0xf0
[ 54.939171][ T350] slab_post_alloc_hook+0x4f/0x2b0
[ 54.944270][ T350] kmem_cache_alloc+0xf7/0x260
[ 54.949030][ T350] skb_clone+0x1cf/0x360
[ 54.953257][ T350] sk_psock_verdict_recv+0x53/0x800
[ 54.958444][ T350] unix_read_sock+0x10a/0x2c0
[ 54.963188][ T350] sk_psock_verdict_data_ready+0x115/0x170
[ 54.968999][ T350] unix_dgram_sendmsg+0x11e6/0x1880
[ 54.974194][ T350] ____sys_sendmsg+0x5a2/0x8c0
[ 54.978944][ T350] ___sys_sendmsg+0x1f0/0x260
[ 54.983608][ T350] __sys_sendmmsg+0x278/0x480
[ 54.988363][ T350] __x64_sys_sendmmsg+0xa0/0xb0
[ 54.993334][ T350] x64_sys_call+0x6c6/0x9a0
[ 54.997837][ T350] do_syscall_64+0x4c/0xa0
[ 55.002274][ T350] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 55.008253][ T350]
[ 55.010572][ T350] Freed by task 60:
[ 55.014380][ T350] kasan_set_track+0x4a/0x70
[ 55.018984][ T350] kasan_set_free_info+0x23/0x40
[ 55.023909][ T350] ____kasan_slab_free+0x125/0x160
[ 55.029003][ T350] __kasan_slab_free+0x11/0x20
[ 55.033771][ T350] slab_free_freelist_hook+0xc2/0x190
[ 55.039126][ T350] kmem_cache_free+0x100/0x320
[ 55.043896][ T350] kfree_skbmem+0x10c/0x180
[ 55.048392][ T350] kfree_skb+0xc1/0x2f0
[ 55.052532][ T350] sk_psock_backlog+0xa85/0xd80
[ 55.057366][ T350] process_one_work+0x6be/0xba0
[ 55.062205][ T350] worker_thread+0xa59/0x1200
[ 55.066897][ T350] kthread+0x411/0x500
[ 55.070981][ T350] ret_from_fork+0x1f/0x30
[ 55.075383][ T350]
[ 55.077687][ T350] The buggy address belongs to the object at ffff88810f4f5a00
[ 55.077687][ T350] which belongs to the cache skbuff_head_cache of size 248
[ 55.092436][ T350] The buggy address is located 0 bytes inside of
[ 55.092436][ T350] 248-byte region [ffff88810f4f5a00, ffff88810f4f5af8)
[ 55.105528][ T350] The buggy address belongs to the page:
[ 55.111259][ T350] page:ffffea00043d3d40 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10f4f5
[ 55.121566][ T350] flags: 0x4000000000000200(slab|zone=1)
[ 55.127291][ T350] raw: 4000000000000200 ffffea0004376080 0000000a0000000a ffff8881081aa000
[ 55.135868][ T350] raw: 0000000000000000 00000000000c000c 00000001ffffffff 0000000000000000
[ 55.144537][ T350] page dumped because: kasan: bad access detected
[ 55.150937][ T350] page_owner tracks the page as allocated
[ 55.156631][ T350] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x12cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY), pid 101, ts 4955851592, free_ts 0
[ 55.171729][ T350] post_alloc_hook+0x192/0x1b0
[ 55.176508][ T350] prep_new_page+0x1c/0x110
[ 55.181080][ T350] get_page_from_freelist+0x2cc5/0x2d50
[ 55.186607][ T350] __alloc_pages+0x18f/0x440
[ 55.191200][ T350] new_slab+0xa1/0x4d0
[ 55.195263][ T350] ___slab_alloc+0x381/0x810
[ 55.199854][ T350] __slab_alloc+0x49/0x90
[ 55.204179][ T350] kmem_cache_alloc+0x138/0x260
[ 55.209016][ T350] __alloc_skb+0xe0/0x740
[ 55.213343][ T350] netlink_sendmsg+0x602/0xb70
[ 55.218095][ T350] ____sys_sendmsg+0x5a2/0x8c0
[ 55.222913][ T350] ___sys_sendmsg+0x1f0/0x260
[ 55.227578][ T350] __x64_sys_sendmsg+0x1e2/0x2a0
[ 55.232527][ T350] x64_sys_call+0x4b/0x9a0
[ 55.236928][ T350] do_syscall_64+0x4c/0xa0
[ 55.241331][ T350] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 55.247232][ T350] page_owner free stack trace missing
[ 55.252580][ T350]
[ 55.254885][ T350] Memory state around the buggy address:
[ 55.260501][ T350] ffff88810f4f5900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 55.268700][ T350] ffff88810f4f5980: fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc fc
[ 55.276753][ T350] >ffff88810f4f5a00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
2025/05/15 09:17:55 executed programs: 10
[ 55.284804][ T350] ^
[ 55.288912][ T350] ffff88810f4f5a80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fc
[ 55.297059][ T350] ffff88810f4f5b00: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
[ 55.305114][ T350] ==================================================================
[ 55.344864][ T353] FAULT_INJECTION: forcing a failure.
[ 55.344864][ T353] name failslab, interval 1, probability 0, space 0, times 0
[ 55.357516][ T353] CPU: 1 PID: 353 Comm: syz-executor.0 Tainted: G B 5.15.182-syzkaller-1080481-g57725b368731 #0
[ 55.369235][ T353] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025
[ 55.379288][ T353] Call Trace:
[ 55.382576][ T353]
[ 55.385505][ T353] __dump_stack+0x21/0x30
[ 55.389829][ T353] dump_stack_lvl+0xee/0x150
[ 55.394429][ T353] ? show_regs_print_info+0x20/0x20
[ 55.399620][ T353] ? __kasan_slab_free+0x11/0x20
[ 55.404546][ T353] ? kmem_cache_free+0x100/0x320
[ 55.409475][ T353] ? kern_path+0x157/0x1b0
[ 55.413883][ T353] ? unix_find_other+0xde/0x820
[ 55.418725][ T353] ? ____sys_sendmsg+0x5a2/0x8c0
[ 55.423655][ T353] dump_stack+0x15/0x20
[ 55.427804][ T353] should_fail+0x3c1/0x510
[ 55.432219][ T353] __should_failslab+0xa4/0xe0
[ 55.436973][ T353] should_failslab+0x9/0x20
[ 55.441466][ T353] slab_pre_alloc_hook+0x3b/0xe0
[ 55.446395][ T353] ? jbd2__journal_start+0x13d/0x6e0
[ 55.451683][ T353] kmem_cache_alloc+0x44/0x260
[ 55.456438][ T353] ? avc_denied+0x1b0/0x1b0
[ 55.460952][ T353] jbd2__journal_start+0x13d/0x6e0
[ 55.466522][ T353] __ext4_journal_start_sb+0xfb/0x2b0
[ 55.471893][ T353] ext4_dirty_inode+0x8f/0x100
[ 55.476651][ T353] ? __ext4_expand_extra_isize+0x3e0/0x3e0
[ 55.482463][ T353] __mark_inode_dirty+0x1e8/0x970
[ 55.487479][ T353] touch_atime+0x32c/0x4f0
[ 55.491890][ T353] ? current_time+0x2b0/0x2b0
[ 55.496557][ T353] ? security_inode_permission+0xb0/0x100
[ 55.502267][ T353] ? inode_permission+0xef/0x4a0
[ 55.507216][ T353] unix_find_other+0x6b6/0x820
[ 55.511991][ T353] ? sock_kzfree_s+0x60/0x60
[ 55.516590][ T353] ? __unix_set_addr+0x3d0/0x3d0
[ 55.521514][ T353] ? skb_put+0x10e/0x1f0
[ 55.525770][ T353] unix_dgram_sendmsg+0xabe/0x1880
[ 55.530879][ T353] ? is_bpf_text_address+0x177/0x190
[ 55.536164][ T353] ? unix_dgram_poll+0x6b0/0x6b0
[ 55.541096][ T353] ? __mod_memcg_lruvec_state+0x122/0x1b0
[ 55.546812][ T353] ? security_socket_sendmsg+0x82/0xa0
[ 55.552263][ T353] ? unix_dgram_poll+0x6b0/0x6b0
[ 55.557206][ T353] ____sys_sendmsg+0x5a2/0x8c0
[ 55.561965][ T353] ? __sys_sendmsg_sock+0x40/0x40
[ 55.567041][ T353] ? import_iovec+0x7c/0xb0
[ 55.571562][ T353] ___sys_sendmsg+0x1f0/0x260
[ 55.576230][ T353] ? _kstrtoull+0x3c0/0x4d0
[ 55.580725][ T353] ? __sys_sendmsg+0x250/0x250
[ 55.585484][ T353] ? __fdget+0x1a1/0x230
[ 55.589726][ T353] __sys_sendmmsg+0x278/0x480
[ 55.594393][ T353] ? __ia32_sys_sendmsg+0x2a0/0x2a0
[ 55.599581][ T353] ? __ia32_sys_read+0x90/0x90
[ 55.604333][ T353] __x64_sys_sendmmsg+0xa0/0xb0
[ 55.609214][ T353] x64_sys_call+0x6c6/0x9a0
[ 55.613754][ T353] do_syscall_64+0x4c/0xa0
[ 55.618167][ T353] ? clear_bhb_loop+0x35/0x90
[ 55.622844][ T353] ? clear_bhb_loop+0x35/0x90
[ 55.627523][ T353] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 55.633407][ T353] RIP: 0033:0x7f6744603ae9
[ 55.638069][ T353] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[ 55.657756][ T353] RSP: 002b:00007f67441860c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 55.666173][ T353] RAX: ffffffffffffffda RBX: 00007f6744722f80 RCX: 00007f6744603ae9
[ 55.674146][ T353] RDX: 0000000000000001 RSI: 00000000200063c0 RDI: 0000000000000003
[ 55.682125][ T353] RBP: 00007f6744186120 R08: 0000000000000000 R09: 0000000000000000
[ 55.690094][ T353] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 55.698057][ T353] R13: 000000000000000b R14: 00007f6744722f80 R15: 00007ffc08dbc228
[ 55.706020][ T353]
[ 55.716829][ T355] FAULT_INJECTION: forcing a failure.
[ 55.716829][ T355] name failslab, interval 1, probability 0, space 0, times 0
[ 55.729555][ T355] CPU: 1 PID: 355 Comm: syz-executor.0 Tainted: G B 5.15.182-syzkaller-1080481-g57725b368731 #0
[ 55.741275][ T355] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025
[ 55.751321][ T355] Call Trace:
[ 55.754588][ T355]
[ 55.757506][ T355] __dump_stack+0x21/0x30
[ 55.761929][ T355] dump_stack_lvl+0xee/0x150
[ 55.766539][ T355] ? show_regs_print_info+0x20/0x20
[ 55.771728][ T355] ? entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 55.777786][ T355] ? __kasan_check_write+0x14/0x20
[ 55.782889][ T355] ? _raw_spin_lock_irqsave+0xb0/0x110
[ 55.788350][ T355] dump_stack+0x15/0x20
[ 55.792592][ T355] should_fail+0x3c1/0x510
[ 55.796997][ T355] __should_failslab+0xa4/0xe0
[ 55.801749][ T355] should_failslab+0x9/0x20
[ 55.806238][ T355] slab_pre_alloc_hook+0x3b/0xe0
[ 55.811182][ T355] ? skb_clone+0x1cf/0x360
[ 55.815590][ T355] kmem_cache_alloc+0x44/0x260
[ 55.820365][ T355] skb_clone+0x1cf/0x360
[ 55.824592][ T355] ? __kasan_check_write+0x14/0x20
[ 55.829693][ T355] sk_psock_verdict_recv+0x53/0x800
[ 55.835059][ T355] unix_read_sock+0x10a/0x2c0
[ 55.839729][ T355] ? sk_psock_skb_redirect+0x440/0x440
[ 55.845176][ T355] ? unix_stream_splice_actor+0x120/0x120
[ 55.850937][ T355] ? __kasan_check_write+0x14/0x20
[ 55.856041][ T355] ? unix_stream_splice_actor+0x120/0x120
[ 55.861762][ T355] sk_psock_verdict_data_ready+0x115/0x170
[ 55.867566][ T355] ? sk_psock_start_verdict+0xc0/0xc0
[ 55.872951][ T355] ? _raw_spin_lock+0x8e/0xe0
[ 55.877626][ T355] ? _raw_spin_unlock_irqrestore+0x5b/0x80
[ 55.883438][ T355] ? skb_queue_tail+0xcb/0xf0
[ 55.888117][ T355] unix_dgram_sendmsg+0x11e6/0x1880
[ 55.893316][ T355] ? unix_dgram_poll+0x6b0/0x6b0
[ 55.898247][ T355] ? __mod_memcg_lruvec_state+0x122/0x1b0
[ 55.903962][ T355] ? security_socket_sendmsg+0x82/0xa0
[ 55.909469][ T355] ? unix_dgram_poll+0x6b0/0x6b0
[ 55.914487][ T355] ____sys_sendmsg+0x5a2/0x8c0
[ 55.919242][ T355] ? __sys_sendmsg_sock+0x40/0x40
[ 55.924258][ T355] ? import_iovec+0x7c/0xb0
[ 55.928765][ T355] ___sys_sendmsg+0x1f0/0x260
[ 55.933457][ T355] ? _kstrtoull+0x3c0/0x4d0
[ 55.937954][ T355] ? __sys_sendmsg+0x250/0x250
[ 55.942715][ T355] ? __fdget+0x1a1/0x230
[ 55.946956][ T355] __sys_sendmmsg+0x278/0x480
[ 55.951671][ T355] ? __ia32_sys_sendmsg+0x2a0/0x2a0
[ 55.956955][ T355] ? __ia32_sys_read+0x90/0x90
[ 55.961716][ T355] __x64_sys_sendmmsg+0xa0/0xb0
[ 55.966558][ T355] x64_sys_call+0x6c6/0x9a0
[ 55.971064][ T355] do_syscall_64+0x4c/0xa0
[ 55.975497][ T355] ? clear_bhb_loop+0x35/0x90
[ 55.980185][ T355] ? clear_bhb_loop+0x35/0x90
[ 55.984884][ T355] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 55.990786][ T355] RIP: 0033:0x7f6744603ae9
[ 55.995203][ T355] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[ 56.014807][ T355] RSP: 002b:00007f67441860c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 56.023221][ T355] RAX: ffffffffffffffda RBX: 00007f6744722f80 RCX: 00007f6744603ae9
[ 56.031188][ T355] RDX: 0000000000000001 RSI: 00000000200063c0 RDI: 0000000000000003
[ 56.039154][ T355] RBP: 00007f6744186120 R08: 0000000000000000 R09: 0000000000000000
[ 56.047210][ T355] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 56.055197][ T355] R13: 000000000000000b R14: 00007f6744722f80 R15: 00007ffc08dbc228
[ 56.063196][ T355]
[ 56.075724][ T357] FAULT_INJECTION: forcing a failure.
[ 56.075724][ T357] name failslab, interval 1, probability 0, space 0, times 0
[ 56.088518][ T357] CPU: 1 PID: 357 Comm: syz-executor.0 Tainted: G B 5.15.182-syzkaller-1080481-g57725b368731 #0
[ 56.100336][ T357] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025
[ 56.110393][ T357] Call Trace:
[ 56.113667][ T357]
[ 56.116594][ T357] __dump_stack+0x21/0x30
[ 56.121025][ T357] dump_stack_lvl+0xee/0x150
[ 56.125696][ T357] ? show_regs_print_info+0x20/0x20
[ 56.130910][ T357] dump_stack+0x15/0x20
[ 56.135061][ T357] should_fail+0x3c1/0x510
[ 56.139472][ T357] __should_failslab+0xa4/0xe0
[ 56.144228][ T357] should_failslab+0x9/0x20