Warning: Permanently added '10.128.0.252' (ED25519) to the list of known hosts.
2025/05/15 08:45:58 ignoring optional flag "sandboxArg"="0"
2025/05/15 08:45:58 ignoring optional flag "type"="gce"
2025/05/15 08:45:58 parsed 1 programs
[ 44.876058][ T30] kauditd_printk_skb: 18 callbacks suppressed
[ 44.876075][ T30] audit: type=1400 audit(1747298758.928:92): avc: denied { unlink } for pid=322 comm="syz-executor" name="swap-file" dev="sda1" ino=2027 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
2025/05/15 08:45:58 executed programs: 0
[ 44.924968][ T322] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k
[ 44.983361][ T328] bridge0: port 1(bridge_slave_0) entered blocking state
[ 44.990483][ T328] bridge0: port 1(bridge_slave_0) entered disabled state
[ 44.997939][ T328] device bridge_slave_0 entered promiscuous mode
[ 45.004750][ T328] bridge0: port 2(bridge_slave_1) entered blocking state
[ 45.011880][ T328] bridge0: port 2(bridge_slave_1) entered disabled state
[ 45.019269][ T328] device bridge_slave_1 entered promiscuous mode
[ 45.065945][ T328] bridge0: port 2(bridge_slave_1) entered blocking state
[ 45.073141][ T328] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 45.080474][ T328] bridge0: port 1(bridge_slave_0) entered blocking state
[ 45.087536][ T328] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 45.106570][ T45] bridge0: port 1(bridge_slave_0) entered disabled state
[ 45.113924][ T45] bridge0: port 2(bridge_slave_1) entered disabled state
[ 45.121538][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[ 45.129180][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 45.138467][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 45.146703][ T45] bridge0: port 1(bridge_slave_0) entered blocking state
[ 45.153769][ T45] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 45.163030][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 45.171326][ T45] bridge0: port 2(bridge_slave_1) entered blocking state
[ 45.178561][ T45] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 45.191458][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 45.201015][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 45.214518][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 45.226355][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 45.234616][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[ 45.242263][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[ 45.250178][ T328] device veth0_vlan entered promiscuous mode
[ 45.260885][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 45.270072][ T328] device veth1_macvtap entered promiscuous mode
[ 45.279487][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 45.289493][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[ 45.310582][ T30] audit: type=1400 audit(1747298759.358:93): avc: denied { prog_load } for pid=332 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1
[ 45.336794][ T30] audit: type=1400 audit(1747298759.358:94): avc: denied { bpf } for pid=332 comm="syz-executor.0" capability=39 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1
[ 45.365231][ T335] FAULT_INJECTION: forcing a failure.
[ 45.365231][ T335] name fail_usercopy, interval 1, probability 0, space 0, times 1
[ 45.378533][ T30] audit: type=1400 audit(1747298759.408:95): avc: denied { map_create } for pid=332 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1
[ 45.395848][ T335] CPU: 0 PID: 335 Comm: syz-executor.0 Not tainted 5.15.182-syzkaller-1080481-g57725b368731 #0
[ 45.397970][ T30] audit: type=1400 audit(1747298759.408:96): avc: denied { map_read map_write } for pid=332 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1
[ 45.408026][ T335] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025
[ 45.408053][ T335] Call Trace:
[ 45.408059][ T335]
[ 45.408066][ T335] __dump_stack+0x21/0x30
[ 45.448595][ T335] dump_stack_lvl+0xee/0x150
[ 45.453216][ T335] ? show_regs_print_info+0x20/0x20
[ 45.458432][ T335] ? format_decode+0x1bb/0x1520
[ 45.463301][ T335] dump_stack+0x15/0x20
[ 45.467466][ T335] should_fail+0x3c1/0x510
[ 45.471957][ T335] should_fail_usercopy+0x1a/0x20
[ 45.476999][ T335] _copy_from_user+0x20/0xd0
[ 45.481605][ T335] kstrtouint_from_user+0xbe/0x200
[ 45.486744][ T335] ? kstrtol_from_user+0x260/0x260
[ 45.491876][ T335] ? 0xffffffff81000000
[ 45.496035][ T335] ? _copy_to_user+0x78/0x90
[ 45.500641][ T335] ? simple_read_from_buffer+0x10f/0x160
[ 45.506420][ T335] proc_fail_nth_write+0x85/0x1f0
[ 45.511464][ T335] ? proc_fail_nth_read+0x210/0x210
[ 45.516765][ T335] ? security_file_permission+0x79/0xa0
[ 45.522327][ T335] ? security_file_permission+0x83/0xa0
[ 45.527886][ T335] ? proc_fail_nth_read+0x210/0x210
[ 45.533227][ T335] vfs_write+0x3ee/0xf70
[ 45.537518][ T335] ? file_end_write+0x1b0/0x1b0
[ 45.542472][ T335] ? __kasan_check_write+0x14/0x20
[ 45.547611][ T335] ? mutex_lock+0x95/0x1a0
[ 45.552044][ T335] ? wait_for_completion_killable_timeout+0x10/0x10
[ 45.558652][ T335] ? __fget_files+0x2c4/0x320
[ 45.563451][ T335] ? __fdget_pos+0x2d2/0x380
[ 45.568069][ T335] ? ksys_write+0x71/0x240
[ 45.572506][ T335] ksys_write+0x140/0x240
[ 45.576856][ T335] ? __ia32_sys_read+0x90/0x90
[ 45.581645][ T335] ? debug_smp_processor_id+0x17/0x20
[ 45.587034][ T335] __x64_sys_write+0x7b/0x90
[ 45.591646][ T335] x64_sys_call+0x8ef/0x9a0
[ 45.596165][ T335] do_syscall_64+0x4c/0xa0
[ 45.600605][ T335] ? clear_bhb_loop+0x35/0x90
[ 45.605296][ T335] ? clear_bhb_loop+0x35/0x90
[ 45.609985][ T335] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 45.615899][ T335] RIP: 0033:0x7f4a9a517aef
[ 45.620415][ T335] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 b9 80 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 0c 81 02 00 48
[ 45.635206][ T30] audit: type=1400 audit(1747298759.658:97): avc: denied { perfmon } for pid=332 comm="syz-executor.0" capability=38 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1
[ 45.640142][ T335] RSP: 002b:00007f4a9a07a0c0 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[ 45.640167][ T335] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f4a9a517aef
[ 45.677635][ T335] RDX: 0000000000000001 RSI: 00007f4a9a07a130 RDI: 0000000000000005
[ 45.685616][ T335] RBP: 00007f4a9a07a120 R08: 0000000000000000 R09: 0000000000000000
[ 45.693687][ T335] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000001
[ 45.701761][ T335] R13: 000000000000006e R14: 00007f4a9a648050 R15: 00007fff5317fe38
[ 45.709828][ T335]
[ 45.713714][ T30] audit: type=1400 audit(1747298759.758:98): avc: denied { prog_run } for pid=332 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1
[ 45.750198][ T338] FAULT_INJECTION: forcing a failure.
[ 45.750198][ T338] name failslab, interval 1, probability 0, space 0, times 1
[ 45.762997][ T338] CPU: 0 PID: 338 Comm: syz-executor.0 Not tainted 5.15.182-syzkaller-1080481-g57725b368731 #0
[ 45.773333][ T338] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025
[ 45.783380][ T338] Call Trace:
[ 45.786659][ T338]
[ 45.789580][ T338] __dump_stack+0x21/0x30
[ 45.793909][ T338] dump_stack_lvl+0xee/0x150
[ 45.798574][ T338] ? show_regs_print_info+0x20/0x20
[ 45.803768][ T338] dump_stack+0x15/0x20
[ 45.807913][ T338] should_fail+0x3c1/0x510
[ 45.812316][ T338] __should_failslab+0xa4/0xe0
[ 45.817152][ T338] should_failslab+0x9/0x20
[ 45.821638][ T338] slab_pre_alloc_hook+0x3b/0xe0
[ 45.826567][ T338] kmem_cache_alloc_trace+0x48/0x270
[ 45.831856][ T338] ? sk_psock_skb_ingress_self+0x5f/0x330
[ 45.837648][ T338] ? migrate_disable+0x180/0x180
[ 45.842579][ T338] sk_psock_skb_ingress_self+0x5f/0x330
[ 45.848118][ T338] ? migrate_disable+0xd6/0x180
[ 45.852953][ T338] sk_psock_verdict_recv+0x636/0x800
[ 45.858660][ T338] unix_read_sock+0x10a/0x2c0
[ 45.863329][ T338] ? sk_psock_skb_redirect+0x440/0x440
[ 45.868771][ T338] ? unix_stream_splice_actor+0x120/0x120
[ 45.874492][ T338] ? __kasan_check_write+0x14/0x20
[ 45.879601][ T338] ? unix_stream_splice_actor+0x120/0x120
[ 45.885315][ T338] sk_psock_verdict_data_ready+0x115/0x170
[ 45.891124][ T338] ? sk_psock_start_verdict+0xc0/0xc0
[ 45.896489][ T338] ? _raw_spin_lock+0x8e/0xe0
[ 45.901159][ T338] ? _raw_spin_unlock_irqrestore+0x5b/0x80
[ 45.907071][ T338] ? skb_queue_tail+0xcb/0xf0
[ 45.911742][ T338] unix_dgram_sendmsg+0x11e6/0x1880
[ 45.917144][ T338] ? unix_dgram_poll+0x6b0/0x6b0
[ 45.922197][ T338] ? __mod_memcg_lruvec_state+0x164/0x1b0
[ 45.927907][ T338] ? security_socket_sendmsg+0x82/0xa0
[ 45.933359][ T338] ? unix_dgram_poll+0x6b0/0x6b0
[ 45.938371][ T338] ____sys_sendmsg+0x5a2/0x8c0
[ 45.943121][ T338] ? __sys_sendmsg_sock+0x40/0x40
[ 45.948150][ T338] ? import_iovec+0x7c/0xb0
[ 45.952643][ T338] ___sys_sendmsg+0x1f0/0x260
[ 45.957362][ T338] ? _kstrtoull+0x3c0/0x4d0
[ 45.961851][ T338] ? __sys_sendmsg+0x250/0x250
[ 45.966611][ T338] ? __fdget+0x1a1/0x230
[ 45.970839][ T338] __sys_sendmmsg+0x278/0x480
[ 45.975523][ T338] ? __ia32_sys_sendmsg+0x2a0/0x2a0
[ 45.980709][ T338] ? __ia32_sys_read+0x90/0x90
[ 45.985458][ T338] __x64_sys_sendmmsg+0xa0/0xb0
[ 45.990316][ T338] x64_sys_call+0x6c6/0x9a0
[ 45.994821][ T338] do_syscall_64+0x4c/0xa0
[ 45.999228][ T338] ? clear_bhb_loop+0x35/0x90
[ 46.003894][ T338] ? clear_bhb_loop+0x35/0x90
[ 46.008644][ T338] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 46.014530][ T338] RIP: 0033:0x7f4a9a518da9
[ 46.018966][ T338] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[ 46.038573][ T338] RSP: 002b:00007f4a9a09b0c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 46.046974][ T338] RAX: ffffffffffffffda RBX: 00007f4a9a647f80 RCX: 00007f4a9a518da9
[ 46.054933][ T338] RDX: 0000000000000001 RSI: 0000000020001680 RDI: 0000000000000003
[ 46.063041][ T338] RBP: 00007f4a9a09b120 R08: 0000000000000000 R09: 0000000000000000
[ 46.071353][ T338] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 46.079333][ T338] R13: 000000000000000b R14: 00007f4a9a647f80 R15: 00007fff5317fe38
[ 46.087317][ T338]
[ 46.092189][ T337] ==================================================================
[ 46.100263][ T337] BUG: KASAN: use-after-free in consume_skb+0x3a/0x1f0
[ 46.107228][ T337] Read of size 4 at addr ffff8881231a99ac by task syz-executor.0/337
[ 46.115295][ T337]
[ 46.117610][ T337] CPU: 1 PID: 337 Comm: syz-executor.0 Not tainted 5.15.182-syzkaller-1080481-g57725b368731 #0
[ 46.127926][ T337] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025
[ 46.138083][ T337] Call Trace:
[ 46.141390][ T337]
[ 46.144328][ T337] __dump_stack+0x21/0x30
[ 46.148664][ T337] dump_stack_lvl+0xee/0x150
[ 46.153255][ T337] ? show_regs_print_info+0x20/0x20
[ 46.158559][ T337] ? load_image+0x3a0/0x3a0
[ 46.163060][ T337] print_address_description+0x7f/0x2c0
[ 46.168698][ T337] ? consume_skb+0x3a/0x1f0
[ 46.173213][ T337] kasan_report+0xf1/0x140
[ 46.177774][ T337] ? consume_skb+0x3a/0x1f0
[ 46.182292][ T337] kasan_check_range+0x280/0x290
[ 46.187237][ T337] __kasan_check_read+0x11/0x20
[ 46.192156][ T337] consume_skb+0x3a/0x1f0
[ 46.196484][ T337] __sk_msg_free+0x4f4/0x560
[ 46.201072][ T337] ? _raw_spin_lock_bh+0x8e/0xe0
[ 46.206014][ T337] ? _raw_spin_lock_irq+0xe0/0xe0
[ 46.211059][ T337] ? skb_dequeue+0x125/0x160
[ 46.215655][ T337] sk_psock_stop+0x4c9/0x570
[ 46.220278][ T337] ? sock_no_sendpage_locked+0x130/0x130
[ 46.225913][ T337] sk_psock_drop+0x226/0x300
[ 46.230500][ T337] sock_map_unref+0x3c2/0x420
[ 46.235178][ T337] ? sk_psock_link_pop+0x154/0x170
[ 46.240300][ T337] sock_map_remove_links+0x3cd/0x600
[ 46.245583][ T337] ? sock_init_data+0xc0/0xc0
[ 46.250256][ T337] ? fput+0x1a/0x20
[ 46.254065][ T337] ? filp_close+0x105/0x150
[ 46.258589][ T337] ? close_fd+0x70/0x80
[ 46.262859][ T337] ? sock_map_unhash+0x130/0x130
[ 46.267799][ T337] sock_map_close+0x111/0x440
[ 46.272585][ T337] ? unix_peer_get+0xe0/0xe0
[ 46.277187][ T337] ? sock_map_remove_links+0x600/0x600
[ 46.282658][ T337] ? clear_nonspinnable+0x60/0x60
[ 46.287702][ T337] unix_release+0x82/0xc0
[ 46.292038][ T337] sock_close+0xe0/0x270
[ 46.296289][ T337] ? sock_mmap+0xa0/0xa0
[ 46.300671][ T337] __fput+0x20b/0x8b0
[ 46.304662][ T337] ____fput+0x15/0x20
[ 46.308643][ T337] task_work_run+0x127/0x190
[ 46.313232][ T337] exit_to_user_mode_loop+0xd0/0xe0
[ 46.318427][ T337] exit_to_user_mode_prepare+0x5a/0xa0
[ 46.323882][ T337] syscall_exit_to_user_mode+0x1a/0x30
[ 46.329340][ T337] do_syscall_64+0x58/0xa0
[ 46.333757][ T337] ? clear_bhb_loop+0x35/0x90
[ 46.338433][ T337] ? clear_bhb_loop+0x35/0x90
[ 46.343104][ T337] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 46.348990][ T337] RIP: 0033:0x7f4a9a517c9a
[ 46.353397][ T337] Code: 48 3d 00 f0 ff ff 77 48 c3 0f 1f 80 00 00 00 00 48 83 ec 18 89 7c 24 0c e8 03 7f 02 00 8b 7c 24 0c 89 c2 b8 03 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 36 89 d7 89 44 24 0c e8 63 7f 02 00 8b 44 24
[ 46.372990][ T337] RSP: 002b:00007fff5317ff00 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[ 46.381400][ T337] RAX: 0000000000000000 RBX: 0000000000000004 RCX: 00007f4a9a517c9a
[ 46.389380][ T337] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003
[ 46.397346][ T337] RBP: 00007f4a9a649980 R08: 0000001b30360000 R09: 00036cf8771a4ff4
[ 46.405452][ T337] R10: 0000000000000000 R11: 0000000000000293 R12: 000000000000b5dc
[ 46.413458][ T337] R13: ffffffffffffffff R14: 00007f4a9a09c000 R15: 000000000000b29b
[ 46.421472][ T337]
[ 46.424489][ T337]
[ 46.426819][ T337] Allocated by task 338:
[ 46.431083][ T337] __kasan_slab_alloc+0xbd/0xf0
[ 46.436031][ T337] slab_post_alloc_hook+0x4f/0x2b0
[ 46.441134][ T337] kmem_cache_alloc+0xf7/0x260
[ 46.445891][ T337] skb_clone+0x1cf/0x360
[ 46.450133][ T337] sk_psock_verdict_recv+0x53/0x800
[ 46.455744][ T337] unix_read_sock+0x10a/0x2c0
[ 46.460414][ T337] sk_psock_verdict_data_ready+0x115/0x170
[ 46.466242][ T337] unix_dgram_sendmsg+0x11e6/0x1880
[ 46.471454][ T337] ____sys_sendmsg+0x5a2/0x8c0
[ 46.476230][ T337] ___sys_sendmsg+0x1f0/0x260
[ 46.480907][ T337] __sys_sendmmsg+0x278/0x480
[ 46.485597][ T337] __x64_sys_sendmmsg+0xa0/0xb0
[ 46.490469][ T337] x64_sys_call+0x6c6/0x9a0
[ 46.494999][ T337] do_syscall_64+0x4c/0xa0
[ 46.499417][ T337] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 46.505311][ T337]
[ 46.507626][ T337] Freed by task 287:
[ 46.511502][ T337] kasan_set_track+0x4a/0x70
[ 46.516086][ T337] kasan_set_free_info+0x23/0x40
[ 46.521012][ T337] ____kasan_slab_free+0x125/0x160
[ 46.526115][ T337] __kasan_slab_free+0x11/0x20
[ 46.530870][ T337] slab_free_freelist_hook+0xc2/0x190
[ 46.536243][ T337] kmem_cache_free+0x100/0x320
[ 46.540997][ T337] kfree_skbmem+0x10c/0x180
[ 46.545492][ T337] kfree_skb+0xc1/0x2f0
[ 46.549638][ T337] sk_psock_backlog+0xa85/0xd80
[ 46.554478][ T337] process_one_work+0x6be/0xba0
[ 46.559406][ T337] worker_thread+0xa59/0x1200
[ 46.564344][ T337] kthread+0x411/0x500
[ 46.568408][ T337] ret_from_fork+0x1f/0x30
[ 46.572822][ T337]
[ 46.575132][ T337] The buggy address belongs to the object at ffff8881231a98c0
[ 46.575132][ T337] which belongs to the cache skbuff_head_cache of size 248
[ 46.589693][ T337] The buggy address is located 236 bytes inside of
[ 46.589693][ T337] 248-byte region [ffff8881231a98c0, ffff8881231a99b8)
[ 46.603049][ T337] The buggy address belongs to the page:
[ 46.608693][ T337] page:ffffea00048c6a40 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1231a9
[ 46.618929][ T337] flags: 0x4000000000000200(slab|zone=1)
[ 46.624571][ T337] raw: 4000000000000200 0000000000000000 dead000000000122 ffff8881081aa480
[ 46.633147][ T337] raw: 0000000000000000 00000000000c000c 00000001ffffffff 0000000000000000
[ 46.641719][ T337] page dumped because: kasan: bad access detected
[ 46.648125][ T337] page_owner tracks the page as allocated
[ 46.653825][ T337] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x112cc0(GFP_USER|__GFP_NOWARN|__GFP_NORETRY), pid 90, ts 45733941353, free_ts 44796617170
[ 46.669616][ T337] post_alloc_hook+0x192/0x1b0
[ 46.674377][ T337] prep_new_page+0x1c/0x110
[ 46.678896][ T337] get_page_from_freelist+0x2cc5/0x2d50
[ 46.684435][ T337] __alloc_pages+0x18f/0x440
[ 46.689014][ T337] new_slab+0xa1/0x4d0
[ 46.693105][ T337] ___slab_alloc+0x381/0x810
[ 46.697685][ T337] __slab_alloc+0x49/0x90
[ 46.702004][ T337] kmem_cache_alloc+0x138/0x260
[ 46.706855][ T337] __alloc_skb+0xe0/0x740
[ 46.711190][ T337] alloc_skb_with_frags+0xa8/0x620
[ 46.716370][ T337] sock_alloc_send_pskb+0x853/0x980
[ 46.721578][ T337] unix_dgram_sendmsg+0x5ea/0x1880
[ 46.726694][ T337] __sys_sendto+0x423/0x580
[ 46.731192][ T337] __x64_sys_sendto+0xe5/0x100
[ 46.735965][ T337] x64_sys_call+0x178/0x9a0
[ 46.740467][ T337] do_syscall_64+0x4c/0xa0
[ 46.744881][ T337] page last free stack trace:
[ 46.749538][ T337] free_unref_page_prepare+0x542/0x550
[ 46.754993][ T337] free_unref_page+0xa2/0x550
[ 46.759661][ T337] __free_pages+0x6c/0x100
[ 46.764157][ T337] __vunmap+0x84d/0x9e0
[ 46.768309][ T337] vfree+0x8b/0xc0
[ 46.772025][ T337] kcov_close+0x2b/0x50
[ 46.776260][ T337] __fput+0x20b/0x8b0
[ 46.780234][ T337] ____fput+0x15/0x20
[ 46.784205][ T337] task_work_run+0x127/0x190
[ 46.788796][ T337] exit_to_user_mode_loop+0xd0/0xe0
[ 46.793981][ T337] exit_to_user_mode_prepare+0x5a/0xa0
[ 46.799450][ T337] syscall_exit_to_user_mode+0x1a/0x30
[ 46.804899][ T337] do_syscall_64+0x58/0xa0
[ 46.809312][ T337] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 46.815226][ T337]
[ 46.817539][ T337] Memory state around the buggy address:
[ 46.823153][ T337] ffff8881231a9880: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
[ 46.831463][ T337] ffff8881231a9900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 46.839635][ T337] >ffff8881231a9980: fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc fc
[ 46.847943][ T337] ^
[ 46.853304][ T337] ffff8881231a9a00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 46.861351][ T337] ffff8881231a9a80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fc
[ 46.869402][ T337] ==================================================================
[ 46.877455][ T337] Disabling lock debugging due to kernel taint
[ 46.883664][ T337] ==================================================================
[ 46.891721][ T337] BUG: KASAN: double-free or invalid-free in kmem_cache_free+0x100/0x320
[ 46.900157][ T337]
[ 46.902490][ T337] CPU: 1 PID: 337 Comm: syz-executor.0 Tainted: G B 5.15.182-syzkaller-1080481-g57725b368731 #0
[ 46.914374][ T337] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025
[ 46.924425][ T337] Call Trace:
[ 46.927699][ T337]
[ 46.930652][ T337] __dump_stack+0x21/0x30
[ 46.934981][ T337] dump_stack_lvl+0xee/0x150
[ 46.939574][ T337] ? show_regs_print_info+0x20/0x20
[ 46.944766][ T337] ? load_image+0x3a0/0x3a0
[ 46.949262][ T337] print_address_description+0x7f/0x2c0
[ 46.954804][ T337] ? kmem_cache_free+0x100/0x320
[ 46.959737][ T337] kasan_report_invalid_free+0x58/0x90
[ 46.965368][ T337] ? kmem_cache_free+0x100/0x320
[ 46.970302][ T337] ____kasan_slab_free+0x13d/0x160
[ 46.975440][ T337] __kasan_slab_free+0x11/0x20
[ 46.980202][ T337] slab_free_freelist_hook+0xc2/0x190
[ 46.985575][ T337] ? kfree_skbmem+0x10c/0x180
[ 46.990243][ T337] kmem_cache_free+0x100/0x320
[ 46.995012][ T337] ? skb_release_data+0x94f/0xa10
[ 47.000045][ T337] kfree_skbmem+0x10c/0x180
[ 47.004568][ T337] consume_skb+0xb3/0x1f0
[ 47.008898][ T337] __sk_msg_free+0x4f4/0x560
[ 47.013485][ T337] ? _raw_spin_lock_bh+0x8e/0xe0
[ 47.018427][ T337] ? _raw_spin_lock_irq+0xe0/0xe0
[ 47.023450][ T337] ? skb_dequeue+0x125/0x160
[ 47.028039][ T337] sk_psock_stop+0x4c9/0x570
[ 47.032654][ T337] ? sock_no_sendpage_locked+0x130/0x130
[ 47.038286][ T337] sk_psock_drop+0x226/0x300
[ 47.042907][ T337] sock_map_unref+0x3c2/0x420
[ 47.047584][ T337] ? sk_psock_link_pop+0x154/0x170
[ 47.052691][ T337] sock_map_remove_links+0x3cd/0x600
[ 47.057975][ T337] ? sock_init_data+0xc0/0xc0
[ 47.062650][ T337] ? fput+0x1a/0x20
[ 47.066728][ T337] ? filp_close+0x105/0x150
[ 47.071227][ T337] ? close_fd+0x70/0x80
[ 47.075409][ T337] ? sock_map_unhash+0x130/0x130
[ 47.080403][ T337] sock_map_close+0x111/0x440
[ 47.085083][ T337] ? unix_peer_get+0xe0/0xe0
[ 47.089666][ T337] ? sock_map_remove_links+0x600/0x600
[ 47.095127][ T337] ? clear_nonspinnable+0x60/0x60
[ 47.100158][ T337] unix_release+0x82/0xc0
[ 47.104490][ T337] sock_close+0xe0/0x270
[ 47.108742][ T337] ? sock_mmap+0xa0/0xa0
[ 47.112990][ T337] __fput+0x20b/0x8b0
[ 47.116976][ T337] ____fput+0x15/0x20
[ 47.120957][ T337] task_work_run+0x127/0x190
[ 47.125569][ T337] exit_to_user_mode_loop+0xd0/0xe0
[ 47.130785][ T337] exit_to_user_mode_prepare+0x5a/0xa0
[ 47.136249][ T337] syscall_exit_to_user_mode+0x1a/0x30
[ 47.141712][ T337] do_syscall_64+0x58/0xa0
[ 47.146163][ T337] ? clear_bhb_loop+0x35/0x90
[ 47.150834][ T337] ? clear_bhb_loop+0x35/0x90
[ 47.155509][ T337] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 47.161406][ T337] RIP: 0033:0x7f4a9a517c9a
[ 47.165821][ T337] Code: 48 3d 00 f0 ff ff 77 48 c3 0f 1f 80 00 00 00 00 48 83 ec 18 89 7c 24 0c e8 03 7f 02 00 8b 7c 24 0c 89 c2 b8 03 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 36 89 d7 89 44 24 0c e8 63 7f 02 00 8b 44 24
[ 47.185417][ T337] RSP: 002b:00007fff5317ff00 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[ 47.193825][ T337] RAX: 0000000000000000 RBX: 0000000000000004 RCX: 00007f4a9a517c9a
[ 47.201791][ T337] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003
[ 47.209759][ T337] RBP: 00007f4a9a649980 R08: 0000001b30360000 R09: 00036cf8771a4ff4
[ 47.217723][ T337] R10: 0000000000000000 R11: 0000000000000293 R12: 000000000000b5dc
[ 47.225684][ T337] R13: ffffffffffffffff R14: 00007f4a9a09c000 R15: 000000000000b29b
[ 47.233658][ T337]
[ 47.236675][ T337]
[ 47.238996][ T337] Allocated by task 338:
[ 47.243245][ T337] __kasan_slab_alloc+0xbd/0xf0
[ 47.248099][ T337] slab_post_alloc_hook+0x4f/0x2b0
[ 47.253264][ T337] kmem_cache_alloc+0xf7/0x260
[ 47.258019][ T337] skb_clone+0x1cf/0x360
[ 47.262264][ T337] sk_psock_verdict_recv+0x53/0x800
[ 47.267453][ T337] unix_read_sock+0x10a/0x2c0
[ 47.272123][ T337] sk_psock_verdict_data_ready+0x115/0x170
[ 47.277919][ T337] unix_dgram_sendmsg+0x11e6/0x1880
[ 47.283111][ T337] ____sys_sendmsg+0x5a2/0x8c0
[ 47.287861][ T337] ___sys_sendmsg+0x1f0/0x260
[ 47.292526][ T337] __sys_sendmmsg+0x278/0x480
[ 47.297197][ T337] __x64_sys_sendmmsg+0xa0/0xb0
[ 47.302060][ T337] x64_sys_call+0x6c6/0x9a0
[ 47.306570][ T337] do_syscall_64+0x4c/0xa0
[ 47.310989][ T337] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 47.316884][ T337]
[ 47.319219][ T337] Freed by task 287:
[ 47.323186][ T337] kasan_set_track+0x4a/0x70
[ 47.327772][ T337] kasan_set_free_info+0x23/0x40
[ 47.332707][ T337] ____kasan_slab_free+0x125/0x160
[ 47.337946][ T337] __kasan_slab_free+0x11/0x20
[ 47.342700][ T337] slab_free_freelist_hook+0xc2/0x190
[ 47.348071][ T337] kmem_cache_free+0x100/0x320
[ 47.352826][ T337] kfree_skbmem+0x10c/0x180
[ 47.357319][ T337] kfree_skb+0xc1/0x2f0
[ 47.361553][ T337] sk_psock_backlog+0xa85/0xd80
[ 47.366400][ T337] process_one_work+0x6be/0xba0
[ 47.371247][ T337] worker_thread+0xa59/0x1200
[ 47.375930][ T337] kthread+0x411/0x500
[ 47.380018][ T337] ret_from_fork+0x1f/0x30
[ 47.384524][ T337]
[ 47.386841][ T337] The buggy address belongs to the object at ffff8881231a98c0
[ 47.386841][ T337] which belongs to the cache skbuff_head_cache of size 248
[ 47.401417][ T337] The buggy address is located 0 bytes inside of
[ 47.401417][ T337] 248-byte region [ffff8881231a98c0, ffff8881231a99b8)
[ 47.414637][ T337] The buggy address belongs to the page:
[ 47.420264][ T337] page:ffffea00048c6a40 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1231a9
[ 47.430789][ T337] flags: 0x4000000000000200(slab|zone=1)
[ 47.436433][ T337] raw: 4000000000000200 0000000000000000 dead000000000122 ffff8881081aa480
[ 47.445013][ T337] raw: 0000000000000000 00000000000c000c 00000001ffffffff 0000000000000000
[ 47.453583][ T337] page dumped because: kasan: bad access detected
[ 47.459982][ T337] page_owner tracks the page as allocated
[ 47.465684][ T337] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x112cc0(GFP_USER|__GFP_NOWARN|__GFP_NORETRY), pid 90, ts 45733941353, free_ts 44796617170
[ 47.481472][ T337] post_alloc_hook+0x192/0x1b0
[ 47.486232][ T337] prep_new_page+0x1c/0x110
[ 47.490726][ T337] get_page_from_freelist+0x2cc5/0x2d50
[ 47.496264][ T337] __alloc_pages+0x18f/0x440
[ 47.500846][ T337] new_slab+0xa1/0x4d0
[ 47.504995][ T337] ___slab_alloc+0x381/0x810
[ 47.509573][ T337] __slab_alloc+0x49/0x90
[ 47.513893][ T337] kmem_cache_alloc+0x138/0x260
[ 47.518737][ T337] __alloc_skb+0xe0/0x740
[ 47.523064][ T337] alloc_skb_with_frags+0xa8/0x620
[ 47.528255][ T337] sock_alloc_send_pskb+0x853/0x980
[ 47.533448][ T337] unix_dgram_sendmsg+0x5ea/0x1880
[ 47.538574][ T337] __sys_sendto+0x423/0x580
[ 47.543068][ T337] __x64_sys_sendto+0xe5/0x100
[ 47.547829][ T337] x64_sys_call+0x178/0x9a0
[ 47.552326][ T337] do_syscall_64+0x4c/0xa0
[ 47.556740][ T337] page last free stack trace:
[ 47.561753][ T337] free_unref_page_prepare+0x542/0x550
[ 47.567207][ T337] free_unref_page+0xa2/0x550
[ 47.571877][ T337] __free_pages+0x6c/0x100
[ 47.576286][ T337] __vunmap+0x84d/0x9e0
[ 47.580437][ T337] vfree+0x8b/0xc0
[ 47.584145][ T337] kcov_close+0x2b/0x50
[ 47.588322][ T337] __fput+0x20b/0x8b0
[ 47.592312][ T337] ____fput+0x15/0x20
[ 47.596296][ T337] task_work_run+0x127/0x190
[ 47.600885][ T337] exit_to_user_mode_loop+0xd0/0xe0
[ 47.606076][ T337] exit_to_user_mode_prepare+0x5a/0xa0
[ 47.611528][ T337] syscall_exit_to_user_mode+0x1a/0x30
[ 47.616988][ T337] do_syscall_64+0x58/0xa0
[ 47.621402][ T337] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 47.627389][ T337]
[ 47.629706][ T337] Memory state around the buggy address:
[ 47.635321][ T337] ffff8881231a9780: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 47.643371][ T337] ffff8881231a9800: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fc
[ 47.651419][ T337] >ffff8881231a9880: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
[ 47.659474][ T337] ^
[ 47.665624][ T337] ffff8881231a9900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 47.673674][ T337] ffff8881231a9980: fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc fc
[ 47.681725][ T337] ==================================================================
[ 47.690981][ T30] audit: type=1400 audit(1747298760.938:99): avc: denied { read } for pid=83 comm="syslogd" name="log" dev="sda1" ino=2010 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:var_t tclass=lnk_file permissive=1
[ 47.713120][ T30] audit: type=1400 audit(1747298760.938:100): avc: denied { search } for pid=83 comm="syslogd" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[ 47.736076][ T30] audit: type=1400 audit(1747298760.938:101): avc: denied { write } for pid=83 comm="syslogd" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[ 47.758434][ T340] FAULT_INJECTION: forcing a failure.
[ 47.758434][ T340] name failslab, interval 1, probability 0, space 0, times 0
[ 47.771344][ T340] CPU: 0 PID: 340 Comm: syz-executor.0 Tainted: G B 5.15.182-syzkaller-1080481-g57725b368731 #0
[ 47.783059][ T340] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025
[ 47.793101][ T340] Call Trace:
[ 47.796374][ T340]
[ 47.799298][ T340] __dump_stack+0x21/0x30
[ 47.803622][ T340] dump_stack_lvl+0xee/0x150
[ 47.808211][ T340] ? show_regs_print_info+0x20/0x20
[ 47.813515][ T340] dump_stack+0x15/0x20
[ 47.817657][ T340] should_fail+0x3c1/0x510
[ 47.822064][ T340] __should_failslab+0xa4/0xe0
[ 47.826825][ T340] should_failslab+0x9/0x20
[ 47.831317][ T340] slab_pre_alloc_hook+0x3b/0xe0
[ 47.836336][ T340] kmem_cache_alloc_trace+0x48/0x270
[ 47.841611][ T340] ? sk_psock_skb_ingress_self+0x5f/0x330
[ 47.847362][ T340] ? migrate_disable+0x180/0x180
[ 47.852311][ T340] sk_psock_skb_ingress_self+0x5f/0x330
[ 47.857849][ T340] ? migrate_disable+0xd6/0x180
[ 47.862689][ T340] sk_psock_verdict_recv+0x636/0x800
[ 47.867961][ T340] unix_read_sock+0x10a/0x2c0
[ 47.872653][ T340] ? sk_psock_skb_redirect+0x440/0x440
[ 47.878099][ T340] ? unix_stream_splice_actor+0x120/0x120
[ 47.883814][ T340] ? __kasan_check_write+0x14/0x20
[ 47.888915][ T340] ? unix_stream_splice_actor+0x120/0x120
[ 47.894633][ T340] sk_psock_verdict_data_ready+0x115/0x170
[ 47.900445][ T340] ? sk_psock_start_verdict+0xc0/0xc0
[ 47.905819][ T340] ? _raw_spin_lock+0x8e/0xe0
[ 47.910487][ T340] ? _raw_spin_unlock_irqrestore+0x5b/0x80
[ 47.916290][ T340] ? skb_queue_tail+0xcb/0xf0
[ 47.920962][ T340] unix_dgram_sendmsg+0x11e6/0x1880
[ 47.926155][ T340] ? unix_dgram_poll+0x6b0/0x6b0
[ 47.931081][ T340] ? __mod_memcg_lruvec_state+0x122/0x1b0
[ 47.936794][ T340] ? security_socket_sendmsg+0x82/0xa0
[ 47.942247][ T340] ? unix_dgram_poll+0x6b0/0x6b0
[ 47.947187][ T340] ____sys_sendmsg+0x5a2/0x8c0
[ 47.951944][ T340] ? __sys_sendmsg_sock+0x40/0x40
[ 47.956955][ T340] ? import_iovec+0x7c/0xb0
[ 47.961457][ T340] ___sys_sendmsg+0x1f0/0x260
[ 47.966140][ T340] ? _kstrtoull+0x3c0/0x4d0
[ 47.970655][ T340] ? __sys_sendmsg+0x250/0x250
[ 47.975410][ T340] ? __fdget+0x1a1/0x230
[ 47.979732][ T340] __sys_sendmmsg+0x278/0x480
[ 47.984398][ T340] ? __ia32_sys_sendmsg+0x2a0/0x2a0
[ 47.989626][ T340] ? __ia32_sys_read+0x90/0x90
[ 47.994382][ T340] __x64_sys_sendmmsg+0xa0/0xb0
[ 47.999222][ T340] x64_sys_call+0x6c6/0x9a0
[ 48.003711][ T340] do_syscall_64+0x4c/0xa0
[ 48.008125][ T340] ? clear_bhb_loop+0x35/0x90
[ 48.012795][ T340] ? clear_bhb_loop+0x35/0x90
[ 48.017459][ T340] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 48.023344][ T340] RIP: 0033:0x7f4a9a518da9
[ 48.027750][ T340] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[ 48.047430][ T340] RSP: 002b:00007f4a9a09b0c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 48.055836][ T340] RAX: ffffffffffffffda RBX: 00007f4a9a647f80 RCX: 00007f4a9a518da9
[ 48.063803][ T340] RDX: 0000000000000001 RSI: 0000000020001680 RDI: 0000000000000003
[ 48.071761][ T340] RBP: 00007f4a9a09b120 R08: 0000000000000000 R09: 0000000000000000
[ 48.079724][ T340] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 48.087679][ T340] R13: 000000000000000b R14: 00007f4a9a647f80 R15: 00007fff5317fe38
[ 48.095652][ T340]
[ 48.100405][ T339] ==================================================================
[ 48.108511][ T339] BUG: KASAN: double-free or invalid-free in kmem_cache_free+0x100/0x320
[ 48.116962][ T339]
[ 48.119364][ T339] CPU: 1 PID: 339 Comm: syz-executor.0 Tainted: G B 5.15.182-syzkaller-1080481-g57725b368731 #0
[ 48.131065][ T339] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025
[ 48.141119][ T339] Call Trace:
[ 48.144408][ T339]
[ 48.147352][ T339] __dump_stack+0x21/0x30
[ 48.151677][ T339] dump_stack_lvl+0xee/0x150
[ 48.156282][ T339] ? show_regs_print_info+0x20/0x20
[ 48.161627][ T339] ? load_image+0x3a0/0x3a0
[ 48.166137][ T339] ? reweight_entity+0x84/0x510
[ 48.171098][ T339] print_address_description+0x7f/0x2c0
[ 48.176658][ T339] ? kmem_cache_free+0x100/0x320
[ 48.181592][ T339] kasan_report_invalid_free+0x58/0x90
[ 48.187071][ T339] ? kmem_cache_free+0x100/0x320
[ 48.192163][ T339] ____kasan_slab_free+0x13d/0x160
[ 48.197284][ T339] __kasan_slab_free+0x11/0x20
[ 48.202141][ T339] slab_free_freelist_hook+0xc2/0x190
[ 48.207538][ T339] ? kfree_skbmem+0x10c/0x180
[ 48.212228][ T339] kmem_cache_free+0x100/0x320
[ 48.217003][ T339] ? skb_release_data+0x94f/0xa10
[ 48.222125][ T339] kfree_skbmem+0x10c/0x180
[ 48.226634][ T339] consume_skb+0xb3/0x1f0
[ 48.230961][ T339] __sk_msg_free+0x4f4/0x560
[ 48.235547][ T339] ? _raw_spin_lock_bh+0x8e/0xe0
[ 48.240485][ T339] ? _raw_spin_lock_irq+0xe0/0xe0
[ 48.245527][ T339] ? skb_dequeue+0x125/0x160
[ 48.250132][ T339] sk_psock_stop+0x4c9/0x570
[ 48.254805][ T339] ? sock_no_sendpage_locked+0x130/0x130
[ 48.260441][ T339] sk_psock_drop+0x226/0x300
[ 48.265036][ T339] sock_map_unref+0x3c2/0x420
[ 48.269707][ T339] ? sk_psock_link_pop+0x154/0x170
[ 48.274820][ T339] sock_map_remove_links+0x3cd/0x600
[ 48.280207][ T339] ? sock_init_data+0xc0/0xc0
[ 48.284888][ T339] ? fput+0x1a/0x20
[ 48.288698][ T339] ? filp_close+0x105/0x150
[ 48.293287][ T339] ? close_fd+0x70/0x80
[ 48.297680][ T339] ? sock_map_unhash+0x130/0x130
[ 48.302621][ T339] sock_map_close+0x111/0x440
[ 48.307308][ T339] ? unix_peer_get+0xe0/0xe0
[ 48.311997][ T339] ? sock_map_remove_links+0x600/0x600
[ 48.317481][ T339] ? clear_nonspinnable+0x60/0x60
[ 48.322513][ T339] unix_release+0x82/0xc0
[ 48.326852][ T339] sock_close+0xe0/0x270
[ 48.331115][ T339] ? sock_mmap+0xa0/0xa0
[ 48.335356][ T339] __fput+0x20b/0x8b0
[ 48.339368][ T339] ____fput+0x15/0x20
[ 48.343346][ T339] task_work_run+0x127/0x190
[ 48.347933][ T339] exit_to_user_mode_loop+0xd0/0xe0
[ 48.353124][ T339] exit_to_user_mode_prepare+0x5a/0xa0
[ 48.358581][ T339] syscall_exit_to_user_mode+0x1a/0x30
[ 48.364042][ T339] do_syscall_64+0x58/0xa0
[ 48.368462][ T339] ? clear_bhb_loop+0x35/0x90
[ 48.373162][ T339] ? clear_bhb_loop+0x35/0x90
[ 48.377828][ T339] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 48.383717][ T339] RIP: 0033:0x7f4a9a517c9a
[ 48.388125][ T339] Code: 48 3d 00 f0 ff ff 77 48 c3 0f 1f 80 00 00 00 00 48 83 ec 18 89 7c 24 0c e8 03 7f 02 00 8b 7c 24 0c 89 c2 b8 03 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 36 89 d7 89 44 24 0c e8 63 7f 02 00 8b 44 24
[ 48.407722][ T339] RSP: 002b:00007fff5317ff00 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[ 48.416133][ T339] RAX: 0000000000000000 RBX: 0000000000000004 RCX: 00007f4a9a517c9a
[ 48.424184][ T339] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003
[ 48.432174][ T339] RBP: 00007f4a9a649980 R08: 0000001b30360000 R09: 0004058f1c4fa66a
[ 48.440171][ T339] R10: 0000000000000000 R11: 0000000000000293 R12: 000000000000bda5
[ 48.448145][ T339] R13: ffffffffffffffff R14: 00007f4a9a09c000 R15: 000000000000ba64
[ 48.456290][ T339]
[ 48.459313][ T339]
[ 48.461652][ T339] Allocated by task 340:
[ 48.465881][ T339] __kasan_slab_alloc+0xbd/0xf0
[ 48.470858][ T339] slab_post_alloc_hook+0x4f/0x2b0
[ 48.476087][ T339] kmem_cache_alloc+0xf7/0x260
[ 48.480846][ T339] skb_clone+0x1cf/0x360
[ 48.485130][ T339] sk_psock_verdict_recv+0x53/0x800
[ 48.490332][ T339] unix_read_sock+0x10a/0x2c0
[ 48.495004][ T339] sk_psock_verdict_data_ready+0x115/0x170
[ 48.500819][ T339] unix_dgram_sendmsg+0x11e6/0x1880
[ 48.506012][ T339] ____sys_sendmsg+0x5a2/0x8c0
[ 48.510768][ T339] ___sys_sendmsg+0x1f0/0x260
[ 48.515453][ T339] __sys_sendmmsg+0x278/0x480
[ 48.520124][ T339] __x64_sys_sendmmsg+0xa0/0xb0
[ 48.524965][ T339] x64_sys_call+0x6c6/0x9a0
[ 48.529460][ T339] do_syscall_64+0x4c/0xa0
[ 48.533875][ T339] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 48.540093][ T339]
[ 48.542407][ T339] Freed by task 60:
[ 48.546197][ T339] kasan_set_track+0x4a/0x70
[ 48.550776][ T339] kasan_set_free_info+0x23/0x40
[ 48.555703][ T339] ____kasan_slab_free+0x125/0x160
[ 48.560804][ T339] __kasan_slab_free+0x11/0x20
[ 48.565571][ T339] slab_free_freelist_hook+0xc2/0x190
[ 48.570934][ T339] kmem_cache_free+0x100/0x320
[ 48.575690][ T339] kfree_skbmem+0x10c/0x180
[ 48.580180][ T339] kfree_skb+0xc1/0x2f0
[ 48.584410][ T339] sk_psock_backlog+0xa85/0xd80
[ 48.589249][ T339] process_one_work+0x6be/0xba0
[ 48.594091][ T339] worker_thread+0xa59/0x1200
[ 48.598773][ T339] kthread+0x411/0x500
[ 48.602834][ T339] ret_from_fork+0x1f/0x30
[ 48.607245][ T339]
[ 48.609559][ T339] The buggy address belongs to the object at ffff8881232a0dc0
[ 48.609559][ T339] which belongs to the cache skbuff_head_cache of size 248
[ 48.624127][ T339] The buggy address is located 0 bytes inside of
[ 48.624127][ T339] 248-byte region [ffff8881232a0dc0, ffff8881232a0eb8)
[ 48.637223][ T339] The buggy address belongs to the page:
[ 48.642840][ T339] page:ffffea00048ca800 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1232a0
[ 48.653071][ T339] flags: 0x4000000000000200(slab|zone=1)
[ 48.658703][ T339] raw: 4000000000000200 0000000000000000 dead000000000122 ffff8881081aa480
[ 48.667283][ T339] raw: 0000000000000000 00000000000c000c 00000001ffffffff 0000000000000000
[ 48.675854][ T339] page dumped because: kasan: bad access detected
[ 48.682340][ T339] page_owner tracks the page as allocated
[ 48.688040][ T339] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x112cc0(GFP_USER|__GFP_NOWARN|__GFP_NORETRY), pid 90, ts 47698372456, free_ts 44796377894
[ 48.703828][ T339] post_alloc_hook+0x192/0x1b0
[ 48.708585][ T339] prep_new_page+0x1c/0x110
[ 48.713080][ T339] get_page_from_freelist+0x2cc5/0x2d50
[ 48.718615][ T339] __alloc_pages+0x18f/0x440
[ 48.723198][ T339] new_slab+0xa1/0x4d0
[ 48.727258][ T339] ___slab_alloc+0x381/0x810
[ 48.731861][ T339] __slab_alloc+0x49/0x90
[ 48.736186][ T339] kmem_cache_alloc+0x138/0x260
[ 48.741029][ T339] __alloc_skb+0xe0/0x740
[ 48.745358][ T339] alloc_skb_with_frags+0xa8/0x620
[ 48.750510][ T339] sock_alloc_send_pskb+0x853/0x980
[ 48.755714][ T339] unix_dgram_sendmsg+0x5ea/0x1880
[ 48.760830][ T339] __sys_sendto+0x423/0x580
[ 48.765430][ T339] __x64_sys_sendto+0xe5/0x100
[ 48.770204][ T339] x64_sys_call+0x178/0x9a0
[ 48.774713][ T339] do_syscall_64+0x4c/0xa0
[ 48.779139][ T339] page last free stack trace:
[ 48.783802][ T339] free_unref_page_prepare+0x542/0x550
[ 48.789257][ T339] free_unref_page+0xa2/0x550
[ 48.793932][ T339] __free_pages+0x6c/0x100
[ 48.798340][ T339] __vunmap+0x84d/0x9e0
[ 48.802490][ T339] vfree+0x8b/0xc0
[ 48.806198][ T339] kcov_mmap+0x8f/0x130
[ 48.810348][ T339] mmap_file+0x60/0xb0
[ 48.814408][ T339] mmap_region+0xf94/0x1800
[ 48.818903][ T339] do_mmap+0x76c/0xe40
[ 48.822970][ T339] vm_mmap_pgoff+0x1ce/0x410
[ 48.827553][ T339] ksys_mmap_pgoff+0x161/0x1d0
[ 48.832400][ T339] __x64_sys_mmap+0xfa/0x110
[ 48.836980][ T339] x64_sys_call+0x83/0x9a0
[ 48.841437][ T339] do_syscall_64+0x4c/0xa0
[ 48.845850][ T339] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 48.851740][ T339]
[ 48.854053][ T339] Memory state around the buggy address:
[ 48.859667][ T339] ffff8881232a0c80: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 48.867714][ T339] ffff8881232a0d00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fc
[ 48.875761][ T339] >ffff8881232a0d80: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
[ 48.883804][ T339] ^
[ 48.890038][ T339] ffff8881232a0e00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 48.898088][ T339] ffff8881232a0e80: fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc fc
[ 48.906165][ T339] ==================================================================
[ 48.925069][ T342] FAULT_INJECTION: forcing a failure.
[ 48.925069][ T342] name failslab, interval 1, probability 0, space 0, times 0
[ 48.937817][ T342] CPU: 0 PID: 342 Comm: syz-executor.0 Tainted: G B 5.15.182-syzkaller-1080481-g57725b368731 #0
[ 48.949536][ T342] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025
[ 48.960022][ T342] Call Trace:
[ 48.963298][ T342]
[ 48.966226][ T342] __dump_stack+0x21/0x30
[ 48.970568][ T342] dump_stack_lvl+0xee/0x150
[ 48.975168][ T342] ? show_regs_print_info+0x20/0x20
[ 48.980361][ T342] dump_stack+0x15/0x20
[ 48.984665][ T342] should_fail+0x3c1/0x510
[ 48.989084][ T342] __should_failslab+0xa4/0xe0
[ 48.993841][ T342] should_failslab+0x9/0x20
[ 48.998335][ T342] slab_pre_alloc_hook+0x3b/0xe0
[ 49.003268][ T342] kmem_cache_alloc_trace+0x48/0x270
[ 49.008544][ T342] ? sk_psock_skb_ingress_self+0x5f/0x330
[ 49.014266][ T342] ? migrate_disable+0x180/0x180
[ 49.019194][ T342] sk_psock_skb_ingress_self+0x5f/0x330
[ 49.024731][ T342] ? migrate_disable+0xd6/0x180
[ 49.029574][ T342] sk_psock_verdict_recv+0x636/0x800
[ 49.035013][ T342] unix_read_sock+0x10a/0x2c0
[ 49.039731][ T342] ? sk_psock_skb_redirect+0x440/0x440
[ 49.045195][ T342] ? unix_stream_splice_actor+0x120/0x120
[ 49.050919][ T342] ? __kasan_check_write+0x14/0x20
[ 49.056034][ T342] ? unix_stream_splice_actor+0x120/0x120
[ 49.061756][ T342] sk_psock_verdict_data_ready+0x115/0x170
[ 49.067909][ T342] ? sk_psock_start_verdict+0xc0/0xc0
[ 49.073270][ T342] ? _raw_spin_lock+0x8e/0xe0
[ 49.077946][ T342] ? _raw_spin_unlock_irqrestore+0x5b/0x80
[ 49.083753][ T342] ? skb_queue_tail+0xcb/0xf0
[ 49.088684][ T342] unix_dgram_sendmsg+0x11e6/0x1880
[ 49.093877][ T342] ? unix_dgram_poll+0x6b0/0x6b0
[ 49.098809][ T342] ? __mod_memcg_lruvec_state+0x122/0x1b0
[ 49.104543][ T342] ? security_socket_sendmsg+0x82/0xa0
[ 49.110024][ T342] ? unix_dgram_poll+0x6b0/0x6b0
[ 49.115090][ T342] ____sys_sendmsg+0x5a2/0x8c0
[ 49.120161][ T342] ? __sys_sendmsg_sock+0x40/0x40
[ 49.125352][ T342] ? import_iovec+0x7c/0xb0
[ 49.129859][ T342] ___sys_sendmsg+0x1f0/0x260
[ 49.134571][ T342] ? _kstrtoull+0x3c0/0x4d0
[ 49.139132][ T342] ? __sys_sendmsg+0x250/0x250
[ 49.143918][ T342] ? __fdget+0x1a1/0x230
[ 49.148165][ T342] __sys_sendmmsg+0x278/0x480
[ 49.152973][ T342] ? __ia32_sys_sendmsg+0x2a0/0x2a0
[ 49.158273][ T342] ? __ia32_sys_read+0x90/0x90
[ 49.163039][ T342] __x64_sys_sendmmsg+0xa0/0xb0
[ 49.167896][ T342] x64_sys_call+0x6c6/0x9a0
[ 49.172409][ T342] do_syscall_64+0x4c/0xa0
[ 49.176824][ T342] ? clear_bhb_loop+0x35/0x90
[ 49.181504][ T342] ? clear_bhb_loop+0x35/0x90
[ 49.186301][ T342] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 49.192280][ T342] RIP: 0033:0x7f4a9a518da9
[ 49.196686][ T342] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[ 49.216455][ T342] RSP: 002b:00007f4a9a09b0c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 49.224867][ T342] RAX: ffffffffffffffda RBX: 00007f4a9a647f80 RCX: 00007f4a9a518da9
[ 49.232840][ T342] RDX: 0000000000000001 RSI: 0000000020001680 RDI: 0000000000000003
[ 49.240806][ T342] RBP: 00007f4a9a09b120 R08: 0000000000000000 R09: 0000000000000000
[ 49.248771][ T342] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 49.256745][ T342] R13: 000000000000000b R14: 00007f4a9a647f80 R15: 00007fff5317fe38
[ 49.264717][ T342]
[ 49.269244][ T341] ==================================================================
[ 49.277333][ T341] BUG: KASAN: double-free or invalid-free in kmem_cache_free+0x100/0x320
[ 49.285765][ T341]
[ 49.288081][ T341] CPU: 1 PID: 341 Comm: syz-executor.0 Tainted: G B 5.15.182-syzkaller-1080481-g57725b368731 #0
[ 49.299776][ T341] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025
[ 49.309814][ T341] Call Trace:
[ 49.313078][ T341]
[ 49.315994][ T341] __dump_stack+0x21/0x30
[ 49.320315][ T341] dump_stack_lvl+0xee/0x150
[ 49.324926][ T341] ? show_regs_print_info+0x20/0x20
[ 49.330127][ T341] ? load_image+0x3a0/0x3a0
[ 49.334626][ T341] ? reweight_entity+0x84/0x510
[ 49.339479][ T341] print_address_description+0x7f/0x2c0
[ 49.345012][ T341] ? kmem_cache_free+0x100/0x320
[ 49.349938][ T341] kasan_report_invalid_free+0x58/0x90
[ 49.355382][ T341] ? kmem_cache_free+0x100/0x320
[ 49.360305][ T341] ____kasan_slab_free+0x13d/0x160
[ 49.365405][ T341] __kasan_slab_free+0x11/0x20
[ 49.370160][ T341] slab_free_freelist_hook+0xc2/0x190
[ 49.375605][ T341] ? kfree_skbmem+0x10c/0x180
[ 49.380354][ T341] kmem_cache_free+0x100/0x320
[ 49.385106][ T341] ? skb_release_data+0x94f/0xa10
[ 49.390117][ T341] kfree_skbmem+0x10c/0x180
[ 49.394603][ T341] consume_skb+0xb3/0x1f0
[ 49.398920][ T341] __sk_msg_free+0x4f4/0x560
[ 49.403495][ T341] ? _raw_spin_lock_bh+0x8e/0xe0
[ 49.408432][ T341] ? _raw_spin_lock_irq+0xe0/0xe0
[ 49.413463][ T341] ? skb_dequeue+0x125/0x160
[ 49.418060][ T341] sk_psock_stop+0x4c9/0x570
[ 49.422673][ T341] ? sock_no_sendpage_locked+0x130/0x130
[ 49.428316][ T341] sk_psock_drop+0x226/0x300
[ 49.432928][ T341] sock_map_unref+0x3c2/0x420
[ 49.437732][ T341] ? sk_psock_link_pop+0x154/0x170
[ 49.442851][ T341] sock_map_remove_links+0x3cd/0x600
[ 49.448133][ T341] ? sock_init_data+0xc0/0xc0
[ 49.452811][ T341] ? fput+0x1a/0x20
[ 49.456618][ T341] ? filp_close+0x105/0x150
[ 49.461133][ T341] ? close_fd+0x70/0x80
[ 49.465311][ T341] ? sock_map_unhash+0x130/0x130
[ 49.470274][ T341] sock_map_close+0x111/0x440
[ 49.475008][ T341] ? unix_peer_get+0xe0/0xe0
[ 49.479628][ T341] ? sock_map_remove_links+0x600/0x600
[ 49.485087][ T341] ? clear_nonspinnable+0x60/0x60
[ 49.490117][ T341] unix_release+0x82/0xc0
[ 49.494449][ T341] sock_close+0xe0/0x270
[ 49.498687][ T341] ? sock_mmap+0xa0/0xa0
[ 49.502924][ T341] __fput+0x20b/0x8b0
[ 49.506912][ T341] ____fput+0x15/0x20
[ 49.510886][ T341] task_work_run+0x127/0x190
[ 49.515466][ T341] exit_to_user_mode_loop+0xd0/0xe0
[ 49.520657][ T341] exit_to_user_mode_prepare+0x5a/0xa0
[ 49.526114][ T341] syscall_exit_to_user_mode+0x1a/0x30
[ 49.531564][ T341] do_syscall_64+0x58/0xa0
[ 49.535975][ T341] ? clear_bhb_loop+0x35/0x90
[ 49.540657][ T341] ? clear_bhb_loop+0x35/0x90
[ 49.545335][ T341] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 49.551243][ T341] RIP: 0033:0x7f4a9a517c9a
[ 49.555660][ T341] Code: 48 3d 00 f0 ff ff 77 48 c3 0f 1f 80 00 00 00 00 48 83 ec 18 89 7c 24 0c e8 03 7f 02 00 8b 7c 24 0c 89 c2 b8 03 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 36 89 d7 89 44 24 0c e8 63 7f 02 00 8b 44 24
[ 49.575743][ T341] RSP: 002b:00007fff5317ff00 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[ 49.584165][ T341] RAX: 0000000000000000 RBX: 0000000000000004 RCX: 00007f4a9a517c9a
[ 49.592359][ T341] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003
[ 49.600352][ T341] RBP: 00007f4a9a649980 R08: 0000001b30360000 R09: 000e278db1f83fe8
[ 49.608326][ T341] R10: 0000000000000000 R11: 0000000000000293 R12: 000000000000c243
[ 49.616310][ T341] R13: ffffffffffffffff R14: 00007f4a9a09c000 R15: 000000000000bf02
[ 49.624495][ T341]
[ 49.627506][ T341]
[ 49.629825][ T341] Allocated by task 342:
[ 49.634060][ T341] __kasan_slab_alloc+0xbd/0xf0
[ 49.639165][ T341] slab_post_alloc_hook+0x4f/0x2b0
[ 49.644277][ T341] kmem_cache_alloc+0xf7/0x260
[ 49.649039][ T341] skb_clone+0x1cf/0x360
[ 49.653277][ T341] sk_psock_verdict_recv+0x53/0x800
[ 49.658469][ T341] unix_read_sock+0x10a/0x2c0
[ 49.663147][ T341] sk_psock_verdict_data_ready+0x115/0x170
[ 49.668958][ T341] unix_dgram_sendmsg+0x11e6/0x1880
[ 49.674153][ T341] ____sys_sendmsg+0x5a2/0x8c0
[ 49.678969][ T341] ___sys_sendmsg+0x1f0/0x260
[ 49.683638][ T341] __sys_sendmmsg+0x278/0x480
[ 49.688308][ T341] __x64_sys_sendmmsg+0xa0/0xb0
[ 49.693153][ T341] x64_sys_call+0x6c6/0x9a0
[ 49.697676][ T341] do_syscall_64+0x4c/0xa0
[ 49.702089][ T341] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 49.707977][ T341]
[ 49.710295][ T341] Freed by task 60:
[ 49.714087][ T341] kasan_set_track+0x4a/0x70
[ 49.718784][ T341] kasan_set_free_info+0x23/0x40
[ 49.723924][ T341] ____kasan_slab_free+0x125/0x160
[ 49.729094][ T341] __kasan_slab_free+0x11/0x20
[ 49.733865][ T341] slab_free_freelist_hook+0xc2/0x190
[ 49.739270][ T341] kmem_cache_free+0x100/0x320
[ 49.744050][ T341] kfree_skbmem+0x10c/0x180
[ 49.748575][ T341] kfree_skb+0xc1/0x2f0
[ 49.752722][ T341] sk_psock_backlog+0xa85/0xd80
[ 49.757575][ T341] process_one_work+0x6be/0xba0
[ 49.762430][ T341] worker_thread+0xa59/0x1200
[ 49.767105][ T341] kthread+0x411/0x500
[ 49.771189][ T341] ret_from_fork+0x1f/0x30
[ 49.775601][ T341]
[ 49.777928][ T341] The buggy address belongs to the object at ffff888123296280
[ 49.777928][ T341] which belongs to the cache skbuff_head_cache of size 248
[ 49.792611][ T341] The buggy address is located 0 bytes inside of
[ 49.792611][ T341] 248-byte region [ffff888123296280, ffff888123296378)
[ 49.805796][ T341] The buggy address belongs to the page:
[ 49.811517][ T341] page:ffffea00048ca580 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x123296
[ 49.821749][ T341] flags: 0x4000000000000200(slab|zone=1)
[ 49.827392][ T341] raw: 4000000000000200 0000000000000000 dead000000000122 ffff8881081aa480
[ 49.835966][ T341] raw: 0000000000000000 00000000000c000c 00000001ffffffff 0000000000000000
[ 49.844535][ T341] page dumped because: kasan: bad access detected
[ 49.850935][ T341] page_owner tracks the page as allocated
[ 49.856636][ T341] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x112cc0(GFP_USER|__GFP_NOWARN|__GFP_NORETRY), pid 90, ts 48917285941, free_ts 44796304035
[ 49.872426][ T341] post_alloc_hook+0x192/0x1b0
[ 49.877186][ T341] prep_new_page+0x1c/0x110
[ 49.881686][ T341] get_page_from_freelist+0x2cc5/0x2d50
[ 49.887233][ T341] __alloc_pages+0x18f/0x440
[ 49.891814][ T341] new_slab+0xa1/0x4d0
[ 49.895876][ T341] ___slab_alloc+0x381/0x810
[ 49.900455][ T341] __slab_alloc+0x49/0x90
[ 49.904774][ T341] kmem_cache_alloc+0x138/0x260
[ 49.909616][ T341] __alloc_skb+0xe0/0x740
[ 49.913937][ T341] alloc_skb_with_frags+0xa8/0x620
[ 49.919042][ T341] sock_alloc_send_pskb+0x853/0x980
[ 49.924243][ T341] unix_dgram_sendmsg+0x5ea/0x1880
[ 49.929346][ T341] __sys_sendto+0x423/0x580
[ 49.933844][ T341] __x64_sys_sendto+0xe5/0x100
[ 49.938592][ T341] x64_sys_call+0x178/0x9a0
[ 49.943085][ T341] do_syscall_64+0x4c/0xa0
[ 49.947496][ T341] page last free stack trace:
[ 49.952155][ T341] free_unref_page_prepare+0x542/0x550
[ 49.957610][ T341] free_unref_page+0xa2/0x550
[ 49.962280][ T341] __free_pages+0x6c/0x100
[ 49.966701][ T341] __vunmap+0x84d/0x9e0
[ 49.970851][ T341] vfree+0x8b/0xc0
[ 49.974560][ T341] kcov_mmap+0x8f/0x130
[ 49.978707][ T341] mmap_file+0x60/0xb0
[ 49.982767][ T341] mmap_region+0xf94/0x1800
[ 49.987363][ T341] do_mmap+0x76c/0xe40
[ 49.991424][ T341] vm_mmap_pgoff+0x1ce/0x410
[ 49.996007][ T341] ksys_mmap_pgoff+0x161/0x1d0
[ 50.000762][ T341] __x64_sys_mmap+0xfa/0x110
[ 50.005340][ T341] x64_sys_call+0x83/0x9a0
[ 50.009747][ T341] do_syscall_64+0x4c/0xa0
[ 50.014251][ T341] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 50.020147][ T341]
[ 50.022458][ T341] Memory state around the buggy address:
[ 50.028074][ T341] ffff888123296180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
2025/05/15 08:46:04 executed programs: 4
[ 50.036125][ T341] ffff888123296200: fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc fc
[ 50.044183][ T341] >ffff888123296280: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 50.052233][ T341] ^
[ 50.056307][ T341] ffff888123296300: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fc
[ 50.064380][ T341] ffff888123296380: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
[ 50.072513][ T341] ==================================================================
[ 50.115489][ T344] FAULT_INJECTION: forcing a failure.
[ 50.115489][ T344] name failslab, interval 1, probability 0, space 0, times 0
[ 50.135620][ T344] CPU: 0 PID: 344 Comm: syz-executor.0 Tainted: G B 5.15.182-syzkaller-1080481-g57725b368731 #0
[ 50.147386][ T344] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025
[ 50.157545][ T344] Call Trace:
[ 50.160824][ T344]
[ 50.163746][ T344] __dump_stack+0x21/0x30
[ 50.168114][ T344] dump_stack_lvl+0xee/0x150
[ 50.172713][ T344] ? show_regs_print_info+0x20/0x20
[ 50.178053][ T344] ? entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 50.184225][ T344] ? __kasan_check_write+0x14/0x20
[ 50.189391][ T344] ? _raw_spin_lock_irqsave+0xb0/0x110
[ 50.194978][ T344] dump_stack+0x15/0x20
[ 50.199153][ T344] should_fail+0x3c1/0x510
[ 50.203595][ T344] __should_failslab+0xa4/0xe0
[ 50.208385][ T344] should_failslab+0x9/0x20
[ 50.212899][ T344] slab_pre_alloc_hook+0x3b/0xe0
[ 50.217833][ T344] ? skb_clone+0x1cf/0x360
[ 50.222250][ T344] kmem_cache_alloc+0x44/0x260
[ 50.227029][ T344] skb_clone+0x1cf/0x360
[ 50.231280][ T344] ? __kasan_check_write+0x14/0x20
[ 50.236384][ T344] sk_psock_verdict_recv+0x53/0x800
[ 50.241769][ T344] unix_read_sock+0x10a/0x2c0
[ 50.246540][ T344] ? sk_psock_skb_redirect+0x440/0x440
[ 50.252007][ T344] ? unix_stream_splice_actor+0x120/0x120
[ 50.257743][ T344] ? __kasan_check_write+0x14/0x20
[ 50.262933][ T344] ? unix_stream_splice_actor+0x120/0x120
[ 50.268676][ T344] sk_psock_verdict_data_ready+0x115/0x170
[ 50.274488][ T344] ? sk_psock_start_verdict+0xc0/0xc0
[ 50.279966][ T344] ? _raw_spin_lock+0x8e/0xe0
[ 50.284746][ T344] ? _raw_spin_unlock_irqrestore+0x5b/0x80
[ 50.290732][ T344] ? skb_queue_tail+0xcb/0xf0
[ 50.295410][ T344] unix_dgram_sendmsg+0x11e6/0x1880
[ 50.300614][ T344] ? unix_dgram_poll+0x6b0/0x6b0
[ 50.305571][ T344] ? __mod_memcg_lruvec_state+0x122/0x1b0
[ 50.311307][ T344] ? security_socket_sendmsg+0x82/0xa0
[ 50.316854][ T344] ? unix_dgram_poll+0x6b0/0x6b0
[ 50.321818][ T344] ____sys_sendmsg+0x5a2/0x8c0
[ 50.326576][ T344] ? __sys_sendmsg_sock+0x40/0x40
[ 50.331595][ T344] ? import_iovec+0x7c/0xb0
[ 50.336104][ T344] ___sys_sendmsg+0x1f0/0x260
[ 50.340782][ T344] ? _kstrtoull+0x3c0/0x4d0
[ 50.345292][ T344] ? __sys_sendmsg+0x250/0x250
[ 50.350060][ T344] ? __fdget+0x1a1/0x230
[ 50.354295][ T344] __sys_sendmmsg+0x278/0x480
[ 50.358959][ T344] ? __ia32_sys_sendmsg+0x2a0/0x2a0
[ 50.364168][ T344] ? __ia32_sys_read+0x90/0x90
[ 50.368929][ T344] __x64_sys_sendmmsg+0xa0/0xb0
[ 50.373780][ T344] x64_sys_call+0x6c6/0x9a0
[ 50.378274][ T344] do_syscall_64+0x4c/0xa0
[ 50.382681][ T344] ? clear_bhb_loop+0x35/0x90
[ 50.387343][ T344] ? clear_bhb_loop+0x35/0x90
[ 50.392011][ T344] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 50.397896][ T344] RIP: 0033:0x7f4a9a518da9
[ 50.402360][ T344] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[ 50.422135][ T344] RSP: 002b:00007f4a9a09b0c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 50.430652][ T344] RAX: ffffffffffffffda RBX: 00007f4a9a647f80 RCX: 00007f4a9a518da9
[ 50.438747][ T344] RDX: 0000000000000001 RSI: 0000000020001680 RDI: 0000000000000003
[ 50.446809][ T344] RBP: 00007f4a9a09b120 R08: 0000000000000000 R09: 0000000000000000
[ 50.454796][ T344] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 50.462779][ T344] R13: 000000000000000b R14: 00007f4a9a647f80 R15: 00007fff5317fe38
[ 50.470749][ T344]
[ 50.482341][ T346] FAULT_INJECTION: forcing a failure.
[ 50.482341][ T346] name failslab, interval 1, probability 0, space 0, times 0
[ 50.495022][ T346] CPU: 1 PID: 346 Comm: syz-executor.0 Tainted: G B 5.15.182-syzkaller-1080481-g57725b368731 #0
[ 50.506871][ T346] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025
[ 50.516922][ T346] Call Trace:
[ 50.520201][ T346]
[ 50.523125][ T346] __dump_stack+0x21/0x30
[ 50.527451][ T346] dump_stack_lvl+0xee/0x150
[ 50.532136][ T346] ? show_regs_print_info+0x20/0x20
[ 50.537347][ T346] dump_stack+0x15/0x20
[ 50.541491][ T346] should_fail+0x3c1/0x510
[ 50.545898][ T346] __should_failslab+0xa4/0xe0
[ 50.550744][ T346] should_failslab+0x9/0x20
[ 50.555236][ T346] slab_pre_alloc_hook+0x3b/0xe0
[ 50.560167][ T346] kmem_cache_alloc_trace+0x48/0x270
[ 50.565446][ T346] ? sk_psock_skb_ingress_self+0x5f/0x330
[ 50.571159][ T346] ? migrate_disable+0x180/0x180
[ 50.576100][ T346] sk_psock_skb_ingress_self+0x5f/0x330
[ 50.581762][ T346] ? migrate_disable+0xd6/0x180
[ 50.586609][ T346] sk_psock_verdict_recv+0x636/0x800
[ 50.591891][ T346] unix_read_sock+0x10a/0x2c0
[ 50.596573][ T346] ? sk_psock_skb_redirect+0x440/0x440
[ 50.602041][ T346] ? unix_stream_splice_actor+0x120/0x120
[ 50.607775][ T346] ? __kasan_check_write+0x14/0x20
[ 50.612884][ T346] ? unix_stream_splice_actor+0x120/0x120
[ 50.618605][ T346] sk_psock_verdict_data_ready+0x115/0x170
[ 50.624406][ T346] ? sk_psock_start_verdict+0xc0/0xc0
[ 50.629770][ T346] ? _raw_spin_lock+0x8e/0xe0
[ 50.634453][ T346] ? _raw_spin_unlock_irqrestore+0x5b/0x80
[ 50.640265][ T346] ? skb_queue_tail+0xcb/0xf0
[ 50.644934][ T346] unix_dgram_sendmsg+0x11e6/0x1880
[ 50.650144][ T346] ? unix_dgram_poll+0x6b0/0x6b0
[ 50.655092][ T346] ? __mod_memcg_lruvec_state+0x122/0x1b0
[ 50.660806][ T346] ? security_socket_sendmsg+0x82/0xa0
[ 50.666257][ T346] ? unix_dgram_poll+0x6b0/0x6b0
[ 50.671183][ T346] ____sys_sendmsg+0x5a2/0x8c0
[ 50.675956][ T346] ? __sys_sendmsg_sock+0x40/0x40
[ 50.680977][ T346] ? import_iovec+0x7c/0xb0
[ 50.685468][ T346] ___sys_sendmsg+0x1f0/0x260
[ 50.690162][ T346] ? _kstrtoull+0x3c0/0x4d0
[ 50.694660][ T346] ? __sys_sendmsg+0x250/0x250
[ 50.699414][ T346] ? __fdget+0x1a1/0x230
[ 50.703647][ T346] __sys_sendmmsg+0x278/0x480
[ 50.708317][ T346] ? __ia32_sys_sendmsg+0x2a0/0x2a0
[ 50.713517][ T346] ? __ia32_sys_read+0x90/0x90
[ 50.718382][ T346] __x64_sys_sendmmsg+0xa0/0xb0
[ 50.723220][ T346] x64_sys_call+0x6c6/0x9a0
[ 50.727721][ T346] do_syscall_64+0x4c/0xa0
[ 50.732128][ T346] ? clear_bhb_loop+0x35/0x90
[ 50.736801][ T346] ? clear_bhb_loop+0x35/0x90
[ 50.741465][ T346] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 50.747373][ T346] RIP: 0033:0x7f4a9a518da9
[ 50.751776][ T346] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[ 50.771372][ T346] RSP: 002b:00007f4a9a09b0c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 50.779891][ T346] RAX: ffffffffffffffda RBX: 00007f4a9a647f80 RCX: 00007f4a9a518da9
[ 50.787885][ T346] RDX: 0000000000000001 RSI: 0000000020001680 RDI: 0000000000000003
[ 50.795850][ T346] RBP: 00007f4a9a09b120 R08: 0000000000000000 R09: 0000000000000000
[ 50.803807][ T346] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 50.811763][ T346] R13: 000000000000000b R14: 00007f4a9a647f80 R15: 00007fff5317fe38
[ 50.819755][ T346]
[ 50.823131][ T345] ==================================================================
[ 50.831197][ T345] BUG: KASAN: double-free or invalid-free in kmem_cache_free+0x100/0x320
[ 50.839613][ T345]
[ 50.841928][ T345] CPU: 1 PID: 345 Comm: syz-executor.0 Tainted: G B 5.15.182-syzkaller-1080481-g57725b368731 #0
[ 50.853627][ T345] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025
[ 50.863668][ T345] Call Trace:
[ 50.866937][ T345]
[ 50.869858][ T345] __dump_stack+0x21/0x30
[ 50.874270][ T345] dump_stack_lvl+0xee/0x150
[ 50.878862][ T345] ? show_regs_print_info+0x20/0x20
[ 50.884075][ T345] ? load_image+0x3a0/0x3a0
[ 50.888570][ T345] ? hrtimer_cancel+0x2d/0x60
[ 50.893244][ T345] print_address_description+0x7f/0x2c0
[ 50.898792][ T345] ? kmem_cache_free+0x100/0x320
[ 50.903725][ T345] kasan_report_invalid_free+0x58/0x90
[ 50.909175][ T345] ? kmem_cache_free+0x100/0x320
[ 50.914112][ T345] ____kasan_slab_free+0x13d/0x160
[ 50.919218][ T345] __kasan_slab_free+0x11/0x20
[ 50.923970][ T345] slab_free_freelist_hook+0xc2/0x190
[ 50.929336][ T345] ? kfree_skbmem+0x10c/0x180
[ 50.934005][ T345] kmem_cache_free+0x100/0x320
[ 50.938764][ T345] ? skb_release_data+0x94f/0xa10
[ 50.943782][ T345] kfree_skbmem+0x10c/0x180
[ 50.948276][ T345] consume_skb+0xb3/0x1f0
[ 50.952599][ T345] __sk_msg_free+0x4f4/0x560
[ 50.957187][ T345] ? _raw_spin_lock_bh+0x8e/0xe0
[ 50.962127][ T345] ? _raw_spin_lock_irq+0xe0/0xe0
[ 50.967147][ T345] ? skb_dequeue+0x125/0x160
[ 50.971730][ T345] sk_psock_stop+0x4c9/0x570
[ 50.976312][ T345] ? sock_no_sendpage_locked+0x130/0x130
[ 50.982228][ T345] sk_psock_drop+0x226/0x300
[ 50.986819][ T345] sock_map_unref+0x3c2/0x420
[ 50.991499][ T345] ? sk_psock_link_pop+0x154/0x170
[ 50.996612][ T345] sock_map_remove_links+0x3cd/0x600
[ 51.001897][ T345] ? sock_init_data+0xc0/0xc0
[ 51.006570][ T345] ? fput+0x1a/0x20
[ 51.010370][ T345] ? filp_close+0x105/0x150
[ 51.014865][ T345] ? close_fd+0x70/0x80
[ 51.019023][ T345] ? sock_map_unhash+0x130/0x130
[ 51.023961][ T345] sock_map_close+0x111/0x440
[ 51.028629][ T345] ? unix_peer_get+0xe0/0xe0
[ 51.033384][ T345] ? sock_map_remove_links+0x600/0x600
[ 51.038853][ T345] ? clear_nonspinnable+0x60/0x60
[ 51.043888][ T345] unix_release+0x82/0xc0
[ 51.048208][ T345] sock_close+0xe0/0x270
[ 51.052450][ T345] ? sock_mmap+0xa0/0xa0
[ 51.056681][ T345] __fput+0x20b/0x8b0
[ 51.060663][ T345] ____fput+0x15/0x20
[ 51.064634][ T345] task_work_run+0x127/0x190
[ 51.069216][ T345] exit_to_user_mode_loop+0xd0/0xe0
[ 51.074503][ T345] exit_to_user_mode_prepare+0x5a/0xa0
[ 51.079953][ T345] syscall_exit_to_user_mode+0x1a/0x30
[ 51.085417][ T345] do_syscall_64+0x58/0xa0
[ 51.089830][ T345] ? clear_bhb_loop+0x35/0x90
[ 51.094504][ T345] ? clear_bhb_loop+0x35/0x90
[ 51.099181][ T345] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 51.105081][ T345] RIP: 0033:0x7f4a9a517c9a
[ 51.109492][ T345] Code: 48 3d 00 f0 ff ff 77 48 c3 0f 1f 80 00 00 00 00 48 83 ec 18 89 7c 24 0c e8 03 7f 02 00 8b 7c 24 0c 89 c2 b8 03 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 36 89 d7 89 44 24 0c e8 63 7f 02 00 8b 44 24
[ 51.129088][ T345] RSP: 002b:00007fff5317ff00 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[ 51.137493][ T345] RAX: 0000000000000000 RBX: 0000000000000004 RCX: 00007f4a9a517c9a
[ 51.145460][ T345] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003
[ 51.153506][ T345] RBP: 0000000000000032 R08: 0000001b30360000 R09: 00007f4a9a647f8c
[ 51.161467][ T345] R10: 00007fff53180050 R11: 0000000000000293 R12: 00007f4a9a09d1b0
[ 51.169440][ T345] R13: ffffffffffffffff R14: 00007f4a9a09c000 R15: 000000000000c517
[ 51.177416][ T345]
[ 51.180438][ T345]
[ 51.182749][ T345] Allocated by task 346:
[ 51.186997][ T345] __kasan_slab_alloc+0xbd/0xf0
[ 51.191839][ T345] slab_post_alloc_hook+0x4f/0x2b0
[ 51.196946][ T345] kmem_cache_alloc+0xf7/0x260
[ 51.201809][ T345] skb_clone+0x1cf/0x360
[ 51.206054][ T345] sk_psock_verdict_recv+0x53/0x800
[ 51.211259][ T345] unix_read_sock+0x10a/0x2c0
[ 51.216023][ T345] sk_psock_verdict_data_ready+0x115/0x170
[ 51.221850][ T345] unix_dgram_sendmsg+0x11e6/0x1880
[ 51.227044][ T345] ____sys_sendmsg+0x5a2/0x8c0
[ 51.231839][ T345] ___sys_sendmsg+0x1f0/0x260
[ 51.236522][ T345] __sys_sendmmsg+0x278/0x480
[ 51.241192][ T345] __x64_sys_sendmmsg+0xa0/0xb0
[ 51.246035][ T345] x64_sys_call+0x6c6/0x9a0
[ 51.250544][ T345] do_syscall_64+0x4c/0xa0
[ 51.254967][ T345] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 51.260858][ T345]
[ 51.263177][ T345] Freed by task 26:
[ 51.266981][ T345] kasan_set_track+0x4a/0x70
[ 51.271597][ T345] kasan_set_free_info+0x23/0x40
[ 51.276536][ T345] ____kasan_slab_free+0x125/0x160
[ 51.281641][ T345] __kasan_slab_free+0x11/0x20
[ 51.286482][ T345] slab_free_freelist_hook+0xc2/0x190
[ 51.291856][ T345] kmem_cache_free+0x100/0x320
[ 51.296613][ T345] kfree_skbmem+0x10c/0x180
[ 51.301286][ T345] kfree_skb+0xc1/0x2f0
[ 51.305430][ T345] sk_psock_backlog+0xa85/0xd80
[ 51.310270][ T345] process_one_work+0x6be/0xba0
[ 51.315114][ T345] worker_thread+0xa59/0x1200
[ 51.319783][ T345] kthread+0x411/0x500
[ 51.323861][ T345] ret_from_fork+0x1f/0x30
[ 51.328400][ T345]
[ 51.330721][ T345] The buggy address belongs to the object at ffff88810edf53c0
[ 51.330721][ T345] which belongs to the cache skbuff_head_cache of size 248
[ 51.345303][ T345] The buggy address is located 0 bytes inside of
[ 51.345303][ T345] 248-byte region [ffff88810edf53c0, ffff88810edf54b8)
[ 51.358583][ T345] The buggy address belongs to the page:
[ 51.364206][ T345] page:ffffea00043b7d40 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10edf5
[ 51.374448][ T345] flags: 0x4000000000000200(slab|zone=1)
[ 51.380207][ T345] raw: 4000000000000200 dead000000000100 dead000000000122 ffff8881081aa480
[ 51.388783][ T345] raw: 0000000000000000 00000000800c000c 00000001ffffffff 0000000000000000
[ 51.397351][ T345] page dumped because: kasan: bad access detected
[ 51.403755][ T345] page_owner tracks the page as allocated
[ 51.409639][ T345] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x12cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY), pid 109, ts 4902285575, free_ts 0
[ 51.424654][ T345] post_alloc_hook+0x192/0x1b0
[ 51.429422][ T345] prep_new_page+0x1c/0x110
[ 51.433917][ T345] get_page_from_freelist+0x2cc5/0x2d50
[ 51.439454][ T345] __alloc_pages+0x18f/0x440
[ 51.444038][ T345] new_slab+0xa1/0x4d0
[ 51.448096][ T345] ___slab_alloc+0x381/0x810
[ 51.452678][ T345] __slab_alloc+0x49/0x90
[ 51.457023][ T345] kmem_cache_alloc+0x138/0x260
[ 51.461880][ T345] __alloc_skb+0xe0/0x740
[ 51.466217][ T345] alloc_skb_with_frags+0xa8/0x620
[ 51.471337][ T345] sock_alloc_send_pskb+0x853/0x980
[ 51.476540][ T345] unix_dgram_sendmsg+0x5ea/0x1880
[ 51.481649][ T345] sock_write_iter+0x29c/0x380
[ 51.486407][ T345] vfs_write+0x802/0xf70
[ 51.490643][ T345] ksys_write+0x140/0x240
[ 51.494960][ T345] __x64_sys_write+0x7b/0x90
[ 51.499539][ T345] page_owner free stack trace missing
[ 51.504892][ T345]
[ 51.507205][ T345] Memory state around the buggy address:
[ 51.512819][ T345] ffff88810edf5280: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 51.520865][ T345] ffff88810edf5300: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fc
[ 51.528925][ T345] >ffff88810edf5380: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
[ 51.536974][ T345] ^
[ 51.543113][ T345] ffff88810edf5400: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 51.551173][ T345] ffff88810edf5480: fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc fc
[ 51.559221][ T345] ==================================================================
[ 51.580509][ T348] FAULT_INJECTION: forcing a failure.
[ 51.580509][ T348] name failslab, interval 1, probability 0, space 0, times 0
[ 51.593389][ T348] CPU: 1 PID: 348 Comm: syz-executor.0 Tainted: G B 5.15.182-syzkaller-1080481-g57725b368731 #0
[ 51.605104][ T348] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025
[ 51.615265][ T348] Call Trace:
[ 51.618538][ T348]
[ 51.621461][ T348] __dump_stack+0x21/0x30
[ 51.625802][ T348] dump_stack_lvl+0xee/0x150
[ 51.630392][ T348] ? show_regs_print_info+0x20/0x20
[ 51.635594][ T348] dump_stack+0x15/0x20
[ 51.639743][ T348] should_fail+0x3c1/0x510
[ 51.644152][ T348] __should_failslab+0xa4/0xe0
[ 51.648919][ T348] should_failslab+0x9/0x20
[ 51.653414][ T348] slab_pre_alloc_hook+0x3b/0xe0
[ 51.658364][ T348] kmem_cache_alloc_trace+0x48/0x270
[ 51.663645][ T348] ? sk_psock_skb_ingress_self+0x5f/0x330
[ 51.669358][ T348] ? migrate_disable+0x180/0x180
[ 51.674291][ T348] sk_psock_skb_ingress_self+0x5f/0x330
[ 51.679829][ T348] ? migrate_disable+0xd6/0x180
[ 51.684674][ T348] sk_psock_verdict_recv+0x636/0x800
[ 51.689955][ T348] unix_read_sock+0x10a/0x2c0
[ 51.694773][ T348] ? sk_psock_skb_redirect+0x440/0x440
[ 51.700222][ T348] ? unix_stream_splice_actor+0x120/0x120
[ 51.705940][ T348] ? __kasan_check_write+0x14/0x20
[ 51.711055][ T348] ? unix_stream_splice_actor+0x120/0x120
[ 51.716771][ T348] sk_psock_verdict_data_ready+0x115/0x170
[ 51.722575][ T348] ? sk_psock_start_verdict+0xc0/0xc0
[ 51.727937][ T348] ? _raw_spin_lock+0x8e/0xe0
[ 51.732615][ T348] ? _raw_spin_unlock_irqrestore+0x5b/0x80
[ 51.738429][ T348] ? skb_queue_tail+0xcb/0xf0
[ 51.743099][ T348] unix_dgram_sendmsg+0x11e6/0x1880
[ 51.748296][ T348] ? unix_dgram_poll+0x6b0/0x6b0
[ 51.753230][ T348] ? __mod_memcg_lruvec_state+0x122/0x1b0
[ 51.758953][ T348] ? security_socket_sendmsg+0x82/0xa0
[ 51.764409][ T348] ? unix_dgram_poll+0x6b0/0x6b0
[ 51.769339][ T348] ____sys_sendmsg+0x5a2/0x8c0
[ 51.774095][ T348] ? __sys_sendmsg_sock+0x40/0x40
[ 51.779112][ T348] ? import_iovec+0x7c/0xb0
[ 51.783627][ T348] ___sys_sendmsg+0x1f0/0x260
[ 51.788329][ T348] ? _kstrtoull+0x3c0/0x4d0
[ 51.792908][ T348] ? __sys_sendmsg+0x250/0x250
[ 51.797668][ T348] ? __fdget+0x1a1/0x230
[ 51.801904][ T348] __sys_sendmmsg+0x278/0x480
[ 51.806699][ T348] ? __ia32_sys_sendmsg+0x2a0/0x2a0
[ 51.812004][ T348] ? __ia32_sys_read+0x90/0x90
[ 51.816768][ T348] __x64_sys_sendmmsg+0xa0/0xb0
[ 51.821614][ T348] x64_sys_call+0x6c6/0x9a0
[ 51.826121][ T348] do_syscall_64+0x4c/0xa0
[ 51.830558][ T348] ? clear_bhb_loop+0x35/0x90
[ 51.835258][ T348] ? clear_bhb_loop+0x35/0x90
[ 51.839961][ T348] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 51.845867][ T348] RIP: 0033:0x7f4a9a518da9
[ 51.850294][ T348] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[ 51.870162][ T348] RSP: 002b:00007f4a9a09b0c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 51.878671][ T348] RAX: ffffffffffffffda RBX: 00007f4a9a647f80 RCX: 00007f4a9a518da9
[ 51.886648][ T348] RDX: 0000000000000001 RSI: 0000000020001680 RDI: 0000000000000003
[ 51.894631][ T348] RBP: 00007f4a9a09b120 R08: 0000000000000000 R09: 0000000000000000
[ 51.902613][ T348] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 51.910697][ T348] R13: 000000000000000b R14: 00007f4a9a647f80 R15: 00007fff5317fe38
[ 51.918861][ T348]
[ 51.923851][ T347] ==================================================================
[ 51.931929][ T347] BUG: KASAN: double-free or invalid-free in kmem_cache_free+0x100/0x320
[ 51.940367][ T347]
[ 51.942770][ T347] CPU: 0 PID: 347 Comm: syz-executor.0 Tainted: G B 5.15.182-syzkaller-1080481-g57725b368731 #0
[ 51.954480][ T347] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025
[ 51.964618][ T347] Call Trace:
[ 51.967892][ T347]
[ 51.970825][ T347] __dump_stack+0x21/0x30
[ 51.975168][ T347] dump_stack_lvl+0xee/0x150
[ 51.979755][ T347] ? show_regs_print_info+0x20/0x20
[ 51.984950][ T347] ? load_image+0x3a0/0x3a0
[ 51.989445][ T347] ? update_load_avg+0x410/0x1110
[ 51.994517][ T347] print_address_description+0x7f/0x2c0
[ 52.000067][ T347] ? kmem_cache_free+0x100/0x320
[ 52.005009][ T347] kasan_report_invalid_free+0x58/0x90
[ 52.010463][ T347] ? kmem_cache_free+0x100/0x320
[ 52.015411][ T347] ____kasan_slab_free+0x13d/0x160
[ 52.020515][ T347] __kasan_slab_free+0x11/0x20
[ 52.025283][ T347] slab_free_freelist_hook+0xc2/0x190
[ 52.030653][ T347] ? kfree_skbmem+0x10c/0x180
[ 52.035340][ T347] kmem_cache_free+0x100/0x320
[ 52.040101][ T347] ? skb_release_data+0x94f/0xa10
[ 52.045124][ T347] kfree_skbmem+0x10c/0x180
[ 52.049628][ T347] consume_skb+0xb3/0x1f0
[ 52.053945][ T347] __sk_msg_free+0x4f4/0x560
[ 52.058524][ T347] ? _raw_spin_lock_bh+0x8e/0xe0
[ 52.063452][ T347] ? _raw_spin_lock_irq+0xe0/0xe0
[ 52.068473][ T347] ? skb_dequeue+0x125/0x160
[ 52.073053][ T347] sk_psock_stop+0x4c9/0x570
[ 52.077639][ T347] ? sock_no_sendpage_locked+0x130/0x130
[ 52.083361][ T347] sk_psock_drop+0x226/0x300
[ 52.087958][ T347] sock_map_unref+0x3c2/0x420
[ 52.092719][ T347] ? sk_psock_link_pop+0x154/0x170
[ 52.097828][ T347] sock_map_remove_links+0x3cd/0x600
[ 52.103134][ T347] ? sock_init_data+0xc0/0xc0
[ 52.107834][ T347] ? fput+0x1a/0x20
[ 52.111636][ T347] ? filp_close+0x105/0x150
[ 52.116139][ T347] ? close_fd+0x70/0x80
[ 52.120290][ T347] ? sock_map_unhash+0x130/0x130
[ 52.125222][ T347] sock_map_close+0x111/0x440
[ 52.129910][ T347] ? unix_peer_get+0xe0/0xe0
[ 52.134578][ T347] ? sock_map_remove_links+0x600/0x600
[ 52.140026][ T347] ? clear_nonspinnable+0x60/0x60
[ 52.145046][ T347] unix_release+0x82/0xc0
[ 52.149383][ T347] sock_close+0xe0/0x270
[ 52.153710][ T347] ? sock_mmap+0xa0/0xa0
[ 52.158036][ T347] __fput+0x20b/0x8b0
[ 52.162019][ T347] ____fput+0x15/0x20
[ 52.165993][ T347] task_work_run+0x127/0x190
[ 52.170581][ T347] exit_to_user_mode_loop+0xd0/0xe0
[ 52.175772][ T347] exit_to_user_mode_prepare+0x5a/0xa0
[ 52.181226][ T347] syscall_exit_to_user_mode+0x1a/0x30
[ 52.186675][ T347] do_syscall_64+0x58/0xa0
[ 52.191080][ T347] ? clear_bhb_loop+0x35/0x90
[ 52.195751][ T347] ? clear_bhb_loop+0x35/0x90
[ 52.200418][ T347] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 52.206305][ T347] RIP: 0033:0x7f4a9a517c9a
[ 52.210708][ T347] Code: 48 3d 00 f0 ff ff 77 48 c3 0f 1f 80 00 00 00 00 48 83 ec 18 89 7c 24 0c e8 03 7f 02 00 8b 7c 24 0c 89 c2 b8 03 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 36 89 d7 89 44 24 0c e8 63 7f 02 00 8b 44 24
[ 52.230536][ T347] RSP: 002b:00007fff5317ff00 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[ 52.239035][ T347] RAX: 0000000000000000 RBX: 0000000000000004 RCX: 00007f4a9a517c9a
[ 52.246999][ T347] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003
[ 52.254965][ T347] RBP: 00007f4a9a649980 R08: 0000001b30360000 R09: 0034e5c4630687de
[ 52.262930][ T347] R10: 0000000000000000 R11: 0000000000000293 R12: 000000000000cca2
[ 52.270909][ T347] R13: ffffffffffffffff R14: 00007f4a9a09c000 R15: 000000000000c961
[ 52.278971][ T347]
[ 52.281979][ T347]
[ 52.284410][ T347] Allocated by task 348:
[ 52.288650][ T347] __kasan_slab_alloc+0xbd/0xf0
[ 52.293604][ T347] slab_post_alloc_hook+0x4f/0x2b0
[ 52.298753][ T347] kmem_cache_alloc+0xf7/0x260
[ 52.303513][ T347] skb_clone+0x1cf/0x360
[ 52.307757][ T347] sk_psock_verdict_recv+0x53/0x800
[ 52.312944][ T347] unix_read_sock+0x10a/0x2c0
[ 52.317615][ T347] sk_psock_verdict_data_ready+0x115/0x170
[ 52.323412][ T347] unix_dgram_sendmsg+0x11e6/0x1880
[ 52.328601][ T347] ____sys_sendmsg+0x5a2/0x8c0
[ 52.333368][ T347] ___sys_sendmsg+0x1f0/0x260
[ 52.338032][ T347] __sys_sendmmsg+0x278/0x480
[ 52.342696][ T347] __x64_sys_sendmmsg+0xa0/0xb0
[ 52.347544][ T347] x64_sys_call+0x6c6/0x9a0
[ 52.352035][ T347] do_syscall_64+0x4c/0xa0
[ 52.356441][ T347] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 52.362324][ T347]
[ 52.364641][ T347] Freed by task 26:
[ 52.368429][ T347] kasan_set_track+0x4a/0x70
[ 52.373004][ T347] kasan_set_free_info+0x23/0x40
[ 52.377926][ T347] ____kasan_slab_free+0x125/0x160
[ 52.383132][ T347] __kasan_slab_free+0x11/0x20
[ 52.387918][ T347] slab_free_freelist_hook+0xc2/0x190
[ 52.393290][ T347] kmem_cache_free+0x100/0x320
[ 52.398041][ T347] kfree_skbmem+0x10c/0x180
[ 52.402549][ T347] kfree_skb+0xc1/0x2f0
[ 52.406691][ T347] sk_psock_backlog+0xa85/0xd80
[ 52.411557][ T347] process_one_work+0x6be/0xba0
[ 52.416530][ T347] worker_thread+0xa59/0x1200
[ 52.421205][ T347] kthread+0x411/0x500
[ 52.425264][ T347] ret_from_fork+0x1f/0x30
[ 52.429674][ T347]
[ 52.431992][ T347] The buggy address belongs to the object at ffff88810f475140
[ 52.431992][ T347] which belongs to the cache skbuff_head_cache of size 248
[ 52.446551][ T347] The buggy address is located 0 bytes inside of
[ 52.446551][ T347] 248-byte region [ffff88810f475140, ffff88810f475238)
[ 52.459678][ T347] The buggy address belongs to the page:
[ 52.465291][ T347] page:ffffea00043d1d40 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10f475
[ 52.475516][ T347] flags: 0x4000000000000200(slab|zone=1)
[ 52.481286][ T347] raw: 4000000000000200 0000000000000000 0000000600000001 ffff8881081aa480
[ 52.489901][ T347] raw: 0000000000000000 00000000000c000c 00000001ffffffff 0000000000000000
[ 52.498554][ T347] page dumped because: kasan: bad access detected
[ 52.504953][ T347] page_owner tracks the page as allocated
[ 52.510685][ T347] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x12cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY), pid 102, ts 4923819609, free_ts 4923762905
[ 52.526481][ T347] post_alloc_hook+0x192/0x1b0
[ 52.531414][ T347] prep_new_page+0x1c/0x110
[ 52.535925][ T347] get_page_from_freelist+0x2cc5/0x2d50
[ 52.541476][ T347] __alloc_pages+0x18f/0x440
[ 52.546064][ T347] new_slab+0xa1/0x4d0
[ 52.550152][ T347] ___slab_alloc+0x381/0x810
[ 52.554736][ T347] __slab_alloc+0x49/0x90
[ 52.559058][ T347] kmem_cache_alloc+0x138/0x260
[ 52.563906][ T347] __alloc_skb+0xe0/0x740
[ 52.568238][ T347] alloc_uevent_skb+0x85/0x240
[ 52.573015][ T347] kobject_uevent_net_broadcast+0x335/0x5a0
[ 52.578897][ T347] kobject_uevent_env+0x52e/0x700
[ 52.583919][ T347] kobject_synth_uevent+0x520/0xaf0
[ 52.589111][ T347] uevent_store+0x4b/0x70
[ 52.593434][ T347] drv_attr_store+0x79/0xa0
[ 52.597929][ T347] sysfs_kf_write+0x129/0x150
[ 52.602605][ T347] page last free stack trace:
[ 52.607266][ T347] free_unref_page_prepare+0x542/0x550
[ 52.612716][ T347] free_unref_page+0xa2/0x550
[ 52.617467][ T347] __free_pages+0x6c/0x100
[ 52.621867][ T347] free_pages+0x82/0x90
[ 52.626015][ T347] selinux_genfs_get_sid+0x20b/0x250
[ 52.631304][ T347] inode_doinit_with_dentry+0x86e/0xd70
[ 52.636856][ T347] selinux_d_instantiate+0x27/0x40
[ 52.642071][ T347] security_d_instantiate+0x9e/0xf0
[ 52.647257][ T347] d_splice_alias+0x6d/0x390
[ 52.651836][ T347] kernfs_iop_lookup+0x2c2/0x310
[ 52.656761][ T347] path_openat+0xfcf/0x2f10
[ 52.661250][ T347] do_filp_open+0x1b3/0x3e0
[ 52.665740][ T347] do_sys_openat2+0x14c/0x7b0
[ 52.670408][ T347] __x64_sys_openat+0x136/0x160
[ 52.675250][ T347] x64_sys_call+0x219/0x9a0
[ 52.679742][ T347] do_syscall_64+0x4c/0xa0
[ 52.684158][ T347]
[ 52.686476][ T347] Memory state around the buggy address:
[ 52.692090][ T347] ffff88810f475000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 52.700248][ T347] ffff88810f475080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fc
[ 52.708320][ T347] >ffff88810f475100: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
[ 52.716366][ T347] ^
[ 52.722508][ T347] ffff88810f475180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 52.730568][ T347] ffff88810f475200: fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc fc
[ 52.738617][ T347] ==================================================================
[ 52.757160][ T350] FAULT_INJECTION: forcing a failure.
[ 52.757160][ T350] name failslab, interval 1, probability 0, space 0, times 0
[ 52.769937][ T350] CPU: 1 PID: 350 Comm: syz-executor.0 Tainted: G B 5.15.182-syzkaller-1080481-g57725b368731 #0
[ 52.781654][ T350] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025
[ 52.791710][ T350] Call Trace:
[ 52.794983][ T350]
[ 52.797902][ T350] __dump_stack+0x21/0x30
[ 52.802312][ T350] dump_stack_lvl+0xee/0x150
[ 52.806906][ T350] ? show_regs_print_info+0x20/0x20
[ 52.812101][ T350] dump_stack+0x15/0x20
[ 52.816245][ T350] should_fail+0x3c1/0x510
[ 52.820648][ T350] __should_failslab+0xa4/0xe0
[ 52.825399][ T350] should_failslab+0x9/0x20
[ 52.829892][ T350] slab_pre_alloc_hook+0x3b/0xe0
[ 52.834823][ T350] kmem_cache_alloc_trace+0x48/0x270
[ 52.840115][ T350] ? sk_psock_skb_ingress_self+0x5f/0x330
[ 52.845979][ T350] ? migrate_disable+0x180/0x180
[ 52.850916][ T350] sk_psock_skb_ingress_self+0x5f/0x330
[ 52.856456][ T350] ? migrate_disable+0xd6/0x180
[ 52.861299][ T350] sk_psock_verdict_recv+0x636/0x800
[ 52.866593][ T350] unix_read_sock+0x10a/0x2c0
[ 52.871282][ T350] ? sk_psock_skb_redirect+0x440/0x440
[ 52.876731][ T350] ? unix_stream_splice_actor+0x120/0x120
[ 52.882440][ T350] ? __kasan_check_write+0x14/0x20
[ 52.887540][ T350] ? unix_stream_splice_actor+0x120/0x120
[ 52.893348][ T350] sk_psock_verdict_data_ready+0x115/0x170
[ 52.899146][ T350] ? sk_psock_start_verdict+0xc0/0xc0
[ 52.904510][ T350] ? _raw_spin_lock+0x8e/0xe0
[ 52.909184][ T350] ? _raw_spin_unlock_irqrestore+0x5b/0x80
[ 52.915025][ T350] ? skb_queue_tail+0xcb/0xf0
[ 52.919696][ T350] unix_dgram_sendmsg+0x11e6/0x1880
[ 52.924888][ T350] ? unix_dgram_poll+0x6b0/0x6b0
[ 52.929818][ T350] ? __mod_memcg_lruvec_state+0x122/0x1b0
[ 52.935545][ T350] ? security_socket_sendmsg+0x82/0xa0
[ 52.941014][ T350] ? unix_dgram_poll+0x6b0/0x6b0
[ 52.945940][ T350] ____sys_sendmsg+0x5a2/0x8c0
[ 52.950708][ T350] ? __sys_sendmsg_sock+0x40/0x40
[ 52.955719][ T350] ? import_iovec+0x7c/0xb0
[ 52.960217][ T350] ___sys_sendmsg+0x1f0/0x260
[ 52.964999][ T350] ? _kstrtoull+0x3c0/0x4d0
[ 52.969499][ T350] ? __sys_sendmsg+0x250/0x250
[ 52.974276][ T350] ? __fdget+0x1a1/0x230
[ 52.978530][ T350] __sys_sendmmsg+0x278/0x480
[ 52.983211][ T350] ? __ia32_sys_sendmsg+0x2a0/0x2a0
[ 52.988434][ T350] ? __ia32_sys_read+0x90/0x90
[ 52.993281][ T350] __x64_sys_sendmmsg+0xa0/0xb0
[ 52.998122][ T350] x64_sys_call+0x6c6/0x9a0
[ 53.002725][ T350] do_syscall_64+0x4c/0xa0
[ 53.007167][ T350] ? clear_bhb_loop+0x35/0x90
[ 53.011836][ T350] ? clear_bhb_loop+0x35/0x90
[ 53.016500][ T350] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 53.022388][ T350] RIP: 0033:0x7f4a9a518da9
[ 53.026801][ T350] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[ 53.046400][ T350] RSP: 002b:00007f4a9a09b0c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 53.054905][ T350] RAX: ffffffffffffffda RBX: 00007f4a9a647f80 RCX: 00007f4a9a518da9
[ 53.062870][ T350] RDX: 0000000000000001 RSI: 0000000020001680 RDI: 0000000000000003
[ 53.070840][ T350] RBP: 00007f4a9a09b120 R08: 0000000000000000 R09: 0000000000000000
[ 53.078805][ T350] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 53.086766][ T350] R13: 000000000000000b R14: 00007f4a9a647f80 R15: 00007fff5317fe38
[ 53.094744][ T350]
[ 53.097990][ T349] ==================================================================
[ 53.106058][ T349] BUG: KASAN: double-free or invalid-free in kmem_cache_free+0x100/0x320
[ 53.114465][ T349]
[ 53.116794][ T349] CPU: 1 PID: 349 Comm: syz-executor.0 Tainted: G B 5.15.182-syzkaller-1080481-g57725b368731 #0
[ 53.128502][ T349] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025
[ 53.138553][ T349] Call Trace:
[ 53.141849][ T349]
[ 53.144773][ T349] __dump_stack+0x21/0x30
[ 53.149100][ T349] dump_stack_lvl+0xee/0x150
[ 53.153692][ T349] ? show_regs_print_info+0x20/0x20
[ 53.158881][ T349] ? load_image+0x3a0/0x3a0
[ 53.163380][ T349] ? hrtimer_cancel+0x2d/0x60
[ 53.168053][ T349] print_address_description+0x7f/0x2c0
[ 53.173596][ T349] ? kmem_cache_free+0x100/0x320
[ 53.178527][ T349] kasan_report_invalid_free+0x58/0x90
[ 53.183984][ T349] ? kmem_cache_free+0x100/0x320
[ 53.188918][ T349] ____kasan_slab_free+0x13d/0x160
[ 53.194021][ T349] __kasan_slab_free+0x11/0x20
[ 53.198777][ T349] slab_free_freelist_hook+0xc2/0x190
[ 53.204250][ T349] ? kfree_skbmem+0x10c/0x180
[ 53.208931][ T349] kmem_cache_free+0x100/0x320
[ 53.213689][ T349] ? skb_release_data+0x94f/0xa10
[ 53.218715][ T349] kfree_skbmem+0x10c/0x180
[ 53.223209][ T349] consume_skb+0xb3/0x1f0
[ 53.227523][ T349] __sk_msg_free+0x4f4/0x560
[ 53.232108][ T349] ? _raw_spin_lock_bh+0x8e/0xe0
[ 53.237142][ T349] ? _raw_spin_lock_irq+0xe0/0xe0
[ 53.242161][ T349] ? skb_dequeue+0x125/0x160
[ 53.246919][ T349] sk_psock_stop+0x4c9/0x570
[ 53.251504][ T349] ? sock_no_sendpage_locked+0x130/0x130
[ 53.257222][ T349] sk_psock_drop+0x226/0x300
[ 53.261919][ T349] sock_map_unref+0x3c2/0x420
[ 53.266588][ T349] ? sk_psock_link_pop+0x154/0x170
[ 53.271691][ T349] sock_map_remove_links+0x3cd/0x600
[ 53.276974][ T349] ? sock_init_data+0xc0/0xc0
[ 53.281646][ T349] ? fput+0x1a/0x20
[ 53.285448][ T349] ? filp_close+0x105/0x150
[ 53.289958][ T349] ? close_fd+0x70/0x80
[ 53.294108][ T349] ? sock_map_unhash+0x130/0x130
[ 53.299042][ T349] sock_map_close+0x111/0x440
[ 53.303713][ T349] ? unix_peer_get+0xe0/0xe0
[ 53.308385][ T349] ? sock_map_remove_links+0x600/0x600
[ 53.313855][ T349] ? clear_nonspinnable+0x60/0x60
[ 53.318892][ T349] unix_release+0x82/0xc0
[ 53.323219][ T349] sock_close+0xe0/0x270
[ 53.327481][ T349] ? sock_mmap+0xa0/0xa0
[ 53.331723][ T349] __fput+0x20b/0x8b0
[ 53.335752][ T349] ____fput+0x15/0x20
[ 53.339735][ T349] task_work_run+0x127/0x190
[ 53.344316][ T349] exit_to_user_mode_loop+0xd0/0xe0
[ 53.349503][ T349] exit_to_user_mode_prepare+0x5a/0xa0
[ 53.354952][ T349] syscall_exit_to_user_mode+0x1a/0x30
[ 53.360400][ T349] do_syscall_64+0x58/0xa0
[ 53.364813][ T349] ? clear_bhb_loop+0x35/0x90
[ 53.369497][ T349] ? clear_bhb_loop+0x35/0x90
[ 53.374174][ T349] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 53.380061][ T349] RIP: 0033:0x7f4a9a517c9a
[ 53.384467][ T349] Code: 48 3d 00 f0 ff ff 77 48 c3 0f 1f 80 00 00 00 00 48 83 ec 18 89 7c 24 0c e8 03 7f 02 00 8b 7c 24 0c 89 c2 b8 03 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 36 89 d7 89 44 24 0c e8 63 7f 02 00 8b 44 24
[ 53.404058][ T349] RSP: 002b:00007fff5317ff00 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[ 53.412465][ T349] RAX: 0000000000000000 RBX: 0000000000000004 RCX: 00007f4a9a517c9a
[ 53.420434][ T349] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003
[ 53.428400][ T349] RBP: 0000000000000032 R08: 0000001b30360000 R09: 00007f4a9a647f8c
[ 53.436373][ T349] R10: 00007fff53180050 R11: 0000000000000293 R12: 00007f4a9a09d1b0
[ 53.444333][ T349] R13: ffffffffffffffff R14: 00007f4a9a09c000 R15: 000000000000cdf9
[ 53.452305][ T349]
[ 53.455315][ T349]
[ 53.457638][ T349] Allocated by task 350:
[ 53.461872][ T349] __kasan_slab_alloc+0xbd/0xf0
[ 53.466712][ T349] slab_post_alloc_hook+0x4f/0x2b0
[ 53.471814][ T349] kmem_cache_alloc+0xf7/0x260
[ 53.476567][ T349] skb_clone+0x1cf/0x360
[ 53.480822][ T349] sk_psock_verdict_recv+0x53/0x800
[ 53.486013][ T349] unix_read_sock+0x10a/0x2c0
[ 53.490693][ T349] sk_psock_verdict_data_ready+0x115/0x170
[ 53.496497][ T349] unix_dgram_sendmsg+0x11e6/0x1880
[ 53.501741][ T349] ____sys_sendmsg+0x5a2/0x8c0
[ 53.506513][ T349] ___sys_sendmsg+0x1f0/0x260
[ 53.511192][ T349] __sys_sendmmsg+0x278/0x480
[ 53.515864][ T349] __x64_sys_sendmmsg+0xa0/0xb0
[ 53.520712][ T349] x64_sys_call+0x6c6/0x9a0
[ 53.525216][ T349] do_syscall_64+0x4c/0xa0
[ 53.529724][ T349] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 53.535611][ T349]
[ 53.537924][ T349] Freed by task 26:
[ 53.541723][ T349] kasan_set_track+0x4a/0x70
[ 53.546309][ T349] kasan_set_free_info+0x23/0x40
[ 53.551244][ T349] ____kasan_slab_free+0x125/0x160
[ 53.556346][ T349] __kasan_slab_free+0x11/0x20
[ 53.561097][ T349] slab_free_freelist_hook+0xc2/0x190
[ 53.566459][ T349] kmem_cache_free+0x100/0x320
[ 53.571211][ T349] kfree_skbmem+0x10c/0x180
[ 53.575703][ T349] kfree_skb+0xc1/0x2f0
[ 53.579842][ T349] sk_psock_backlog+0xa85/0xd80
[ 53.584687][ T349] process_one_work+0x6be/0xba0
[ 53.589530][ T349] worker_thread+0xa59/0x1200
[ 53.594197][ T349] kthread+0x411/0x500
[ 53.598252][ T349] ret_from_fork+0x1f/0x30
[ 53.602656][ T349]
[ 53.604971][ T349] The buggy address belongs to the object at ffff8881232348c0
[ 53.604971][ T349] which belongs to the cache skbuff_head_cache of size 248
[ 53.619934][ T349] The buggy address is located 0 bytes inside of
[ 53.619934][ T349] 248-byte region [ffff8881232348c0, ffff8881232349b8)
[ 53.633030][ T349] The buggy address belongs to the page:
[ 53.638656][ T349] page:ffffea00048c8d00 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x123234
[ 53.648898][ T349] flags: 0x4000000000000200(slab|zone=1)
[ 53.654528][ T349] raw: 4000000000000200 0000000000000000 dead000000000122 ffff8881081aa480
[ 53.663106][ T349] raw: 0000000000000000 00000000800c000c 00000001ffffffff 0000000000000000
[ 53.671672][ T349] page dumped because: kasan: bad access detected
[ 53.678070][ T349] page_owner tracks the page as allocated
[ 53.683766][ T349] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x112cc0(GFP_USER|__GFP_NOWARN|__GFP_NORETRY), pid 90, ts 52747091732, free_ts 45713446147
[ 53.699571][ T349] post_alloc_hook+0x192/0x1b0
[ 53.704335][ T349] prep_new_page+0x1c/0x110
[ 53.708826][ T349] get_page_from_freelist+0x2cc5/0x2d50
[ 53.714364][ T349] __alloc_pages+0x18f/0x440
[ 53.718940][ T349] new_slab+0xa1/0x4d0
[ 53.722996][ T349] ___slab_alloc+0x381/0x810
[ 53.727572][ T349] __slab_alloc+0x49/0x90
[ 53.731888][ T349] kmem_cache_alloc+0x138/0x260
[ 53.736724][ T349] __alloc_skb+0xe0/0x740
[ 53.741040][ T349] alloc_skb_with_frags+0xa8/0x620
[ 53.746138][ T349] sock_alloc_send_pskb+0x853/0x980
[ 53.751328][ T349] unix_dgram_sendmsg+0x5ea/0x1880
[ 53.756439][ T349] __sys_sendto+0x423/0x580
[ 53.760931][ T349] __x64_sys_sendto+0xe5/0x100
[ 53.765683][ T349] x64_sys_call+0x178/0x9a0
[ 53.770177][ T349] do_syscall_64+0x4c/0xa0
[ 53.774595][ T349] page last free stack trace:
[ 53.779259][ T349] free_unref_page_prepare+0x542/0x550
[ 53.784707][ T349] free_unref_page+0xa2/0x550
[ 53.789370][ T349] __free_pages+0x6c/0x100
[ 53.793773][ T349] free_pages+0x82/0x90
[ 53.797920][ T349] kasan_depopulate_vmalloc_pte+0x6b/0x90
[ 53.803631][ T349] __apply_to_page_range+0x8b0/0xbf0
[ 53.808924][ T349] apply_to_existing_page_range+0x38/0x50
[ 53.814633][ T349] kasan_release_vmalloc+0x97/0xb0
[ 53.819912][ T349] __purge_vmap_area_lazy+0xc05/0x1840
[ 53.825372][ T349] _vm_unmap_aliases+0x2fd/0x380
[ 53.830314][ T349] vm_unmap_aliases+0x19/0x20
[ 53.834977][ T349] change_page_attr_set_clr+0x311/0xc10
[ 53.840510][ T349] set_memory_ro+0x89/0xd0
[ 53.844945][ T349] bpf_int_jit_compile+0xc154/0xc910
[ 53.850227][ T349] bpf_prog_select_runtime+0x6f1/0x9f0
[ 53.855672][ T349] bpf_prog_load+0x106d/0x1550
[ 53.860422][ T349]
[ 53.862819][ T349] Memory state around the buggy address:
[ 53.868431][ T349] ffff888123234780: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 53.876577][ T349] ffff888123234800: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fc
[ 53.884637][ T349] >ffff888123234880: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
[ 53.892687][ T349] ^
[ 53.898839][ T349] ffff888123234900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 53.906899][ T349] ffff888123234980: fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc fc
[ 53.915031][ T349] ==================================================================
[ 53.934271][ T352] FAULT_INJECTION: forcing a failure.
[ 53.934271][ T352] name failslab, interval 1, probability 0, space 0, times 0
[ 53.947128][ T352] CPU: 0 PID: 352 Comm: syz-executor.0 Tainted: G B 5.15.182-syzkaller-1080481-g57725b368731 #0
[ 53.958867][ T352] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025
[ 53.968942][ T352] Call Trace:
[ 53.972232][ T352]
[ 53.975164][ T352] __dump_stack+0x21/0x30
[ 53.979491][ T352] dump_stack_lvl+0xee/0x150
[ 53.984083][ T352] ? show_regs_print_info+0x20/0x20
[ 53.989442][ T352] ? entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 53.995562][ T352] ? __kasan_check_write+0x14/0x20
[ 54.000684][ T352] ? _raw_spin_lock_irqsave+0xb0/0x110
[ 54.006147][ T352] dump_stack+0x15/0x20
[ 54.010299][ T352] should_fail+0x3c1/0x510
[ 54.014716][ T352] __should_failslab+0xa4/0xe0
[ 54.019485][ T352] should_failslab+0x9/0x20
[ 54.024023][ T352] slab_pre_alloc_hook+0x3b/0xe0
[ 54.028962][ T352] ? skb_clone+0x1cf/0x360
[ 54.033377][ T352] kmem_cache_alloc+0x44/0x260
[ 54.038151][ T352] skb_clone+0x1cf/0x360
[ 54.042388][ T352] ? __kasan_check_write+0x14/0x20
[ 54.047495][ T352] sk_psock_verdict_recv+0x53/0x800
[ 54.052690][ T352] unix_read_sock+0x10a/0x2c0
[ 54.057363][ T352] ? sk_psock_skb_redirect+0x440/0x440
[ 54.062821][ T352] ? unix_stream_splice_actor+0x120/0x120
[ 54.068533][ T352] ? __kasan_check_write+0x14/0x20
[ 54.073645][ T352] ? unix_stream_splice_actor+0x120/0x120
[ 54.079379][ T352] sk_psock_verdict_data_ready+0x115/0x170
[ 54.085182][ T352] ? sk_psock_start_verdict+0xc0/0xc0
[ 54.090553][ T352] ? _raw_spin_lock+0x8e/0xe0
[ 54.095231][ T352] ? _raw_spin_unlock_irqrestore+0x5b/0x80
[ 54.101039][ T352] ? skb_queue_tail+0xcb/0xf0
[ 54.105716][ T352] unix_dgram_sendmsg+0x11e6/0x1880
[ 54.110913][ T352] ? unix_dgram_poll+0x6b0/0x6b0
[ 54.115850][ T352] ? __mod_memcg_lruvec_state+0x122/0x1b0
[ 54.121724][ T352] ? security_socket_sendmsg+0x82/0xa0
[ 54.127189][ T352] ? unix_dgram_poll+0x6b0/0x6b0
[ 54.132123][ T352] ____sys_sendmsg+0x5a2/0x8c0
[ 54.136885][ T352] ? __sys_sendmsg_sock+0x40/0x40
[ 54.141917][ T352] ? import_iovec+0x7c/0xb0
[ 54.146419][ T352] ___sys_sendmsg+0x1f0/0x260
[ 54.151101][ T352] ? _kstrtoull+0x3c0/0x4d0
[ 54.155598][ T352] ? __sys_sendmsg+0x250/0x250
[ 54.160352][ T352] ? __fdget+0x1a1/0x230
[ 54.164586][ T352] __sys_sendmmsg+0x278/0x480
[ 54.169252][ T352] ? __ia32_sys_sendmsg+0x2a0/0x2a0
[ 54.174458][ T352] ? __ia32_sys_read+0x90/0x90
[ 54.179216][ T352] __x64_sys_sendmmsg+0xa0/0xb0
[ 54.184193][ T352] x64_sys_call+0x6c6/0x9a0
[ 54.188715][ T352] do_syscall_64+0x4c/0xa0
[ 54.193140][ T352] ? clear_bhb_loop+0x35/0x90
[ 54.197816][ T352] ? clear_bhb_loop+0x35/0x90
[ 54.202566][ T352] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 54.208548][ T352] RIP: 0033:0x7f4a9a518da9
[ 54.212956][ T352] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[ 54.232990][ T352] RSP: 002b:00007f4a9a09b0c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 54.241502][ T352] RAX: ffffffffffffffda RBX: 00007f4a9a647f80 RCX: 00007f4a9a518da9
[ 54.249560][ T352] RDX: 0000000000000001 RSI: 0000000020001680 RDI: 0000000000000003
[ 54.257682][ T352] RBP: 00007f4a9a09b120 R08: 0000000000000000 R09: 0000000000000000
[ 54.265652][ T352] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 54.273618][ T352] R13: 000000000000000b R14: 00007f4a9a647f80 R15: 00007fff5317fe38
[ 54.281893][ T352]
[ 54.293752][ T354] FAULT_INJECTION: forcing a failure.
[ 54.293752][ T354] name failslab, interval 1, probability 0, space 0, times 0
[ 54.306470][ T354] CPU: 0 PID: 354 Comm: syz-executor.0 Tainted: G B 5.15.182-syzkaller-1080481-g57725b368731 #0
[ 54.318186][ T354] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025
[ 54.328243][ T354] Call Trace:
[ 54.331539][ T354]
[ 54.334468][ T354] __dump_stack+0x21/0x30
[ 54.338798][ T354] dump_stack_lvl+0xee/0x150
[ 54.343385][ T354] ? show_regs_print_info+0x20/0x20
[ 54.348580][ T354] dump_stack+0x15/0x20
[ 54.352727][ T354] should_fail+0x3c1/0x510
[ 54.357134][ T354] __should_failslab+0xa4/0xe0
[ 54.361891][ T354] should_failslab+0x9/0x20
[ 54.366387][ T354] slab_pre_alloc_hook+0x3b/0xe0
[ 54.371321][ T354] kmem_cache_alloc_trace+0x48/0x270
[ 54.376711][ T354] ? sk_psock_skb_ingress_self+0x5f/0x330
[ 54.382437][ T354] ? migrate_disable+0x180/0x180
[ 54.387393][ T354] sk_psock_skb_ingress_self+0x5f/0x330
[ 54.392941][ T354] ? migrate_disable+0xd6/0x180
[ 54.397875][ T354] sk_psock_verdict_recv+0x636/0x800
[ 54.403169][ T354] unix_read_sock+0x10a/0x2c0
[ 54.407850][ T354] ? sk_psock_skb_redirect+0x440/0x440
[ 54.413313][ T354] ? unix_stream_splice_actor+0x120/0x120
[ 54.419029][ T354] ? __kasan_check_write+0x14/0x20
[ 54.424224][ T354] ? unix_stream_splice_actor+0x120/0x120
[ 54.429948][ T354] sk_psock_verdict_data_ready+0x115/0x170
[ 54.435751][ T354] ? sk_psock_start_verdict+0xc0/0xc0
[ 54.441118][ T354] ? _raw_spin_lock+0x8e/0xe0
[ 54.445791][ T354] ? _raw_spin_unlock_irqrestore+0x5b/0x80
[ 54.451680][ T354] ? skb_queue_tail+0xcb/0xf0
[ 54.456351][ T354] unix_dgram_sendmsg+0x11e6/0x1880
[ 54.461548][ T354] ? unix_dgram_poll+0x6b0/0x6b0
[ 54.466707][ T354] ? __mod_memcg_lruvec_state+0x122/0x1b0
[ 54.472442][ T354] ? security_socket_sendmsg+0x82/0xa0
[ 54.478001][ T354] ? unix_dgram_poll+0x6b0/0x6b0
[ 54.482943][ T354] ____sys_sendmsg+0x5a2/0x8c0
[ 54.487706][ T354] ? __sys_sendmsg_sock+0x40/0x40
[ 54.492727][ T354] ? import_iovec+0x7c/0xb0
[ 54.497230][ T354] ___sys_sendmsg+0x1f0/0x260
[ 54.501934][ T354] ? _kstrtoull+0x3c0/0x4d0
[ 54.506453][ T354] ? __sys_sendmsg+0x250/0x250
[ 54.511304][ T354] ? __fdget+0x1a1/0x230
[ 54.515547][ T354] __sys_sendmmsg+0x278/0x480
[ 54.520224][ T354] ? __ia32_sys_sendmsg+0x2a0/0x2a0
[ 54.525444][ T354] ? __ia32_sys_read+0x90/0x90
[ 54.530210][ T354] __x64_sys_sendmmsg+0xa0/0xb0
[ 54.535078][ T354] x64_sys_call+0x6c6/0x9a0
[ 54.539599][ T354] do_syscall_64+0x4c/0xa0
[ 54.544016][ T354] ? clear_bhb_loop+0x35/0x90
[ 54.548723][ T354] ? clear_bhb_loop+0x35/0x90
[ 54.553392][ T354] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 54.559286][ T354] RIP: 0033:0x7f4a9a518da9
[ 54.563696][ T354] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[ 54.583295][ T354] RSP: 002b:00007f4a9a09b0c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 54.591703][ T354] RAX: ffffffffffffffda RBX: 00007f4a9a647f80 RCX: 00007f4a9a518da9
[ 54.599670][ T354] RDX: 0000000000000001 RSI: 0000000020001680 RDI: 0000000000000003
[ 54.607639][ T354] RBP: 00007f4a9a09b120 R08: 0000000000000000 R09: 0000000000000000
[ 54.615603][ T354] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 54.623673][ T354] R13: 000000000000000b R14: 00007f4a9a647f80 R15: 00007fff5317fe38
[ 54.631887][ T354]
[ 54.636461][ T353] ==================================================================
[ 54.644535][ T353] BUG: KASAN: double-free or invalid-free in kmem_cache_free+0x100/0x320
[ 54.653046][ T353]
[ 54.655369][ T353] CPU: 1 PID: 353 Comm: syz-executor.0 Tainted: G B 5.15.182-syzkaller-1080481-g57725b368731 #0
[ 54.667282][ T353] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025
[ 54.677335][ T353] Call Trace:
[ 54.680615][ T353]
[ 54.683535][ T353] __dump_stack+0x21/0x30
[ 54.687881][ T353] dump_stack_lvl+0xee/0x150
[ 54.692469][ T353] ? show_regs_print_info+0x20/0x20
[ 54.697657][ T353] ? load_image+0x3a0/0x3a0
[ 54.702147][ T353] ? reweight_entity+0x84/0x510
[ 54.706999][ T353] print_address_description+0x7f/0x2c0
[ 54.712541][ T353] ? kmem_cache_free+0x100/0x320
[ 54.717480][ T353] kasan_report_invalid_free+0x58/0x90
[ 54.722929][ T353] ? kmem_cache_free+0x100/0x320
[ 54.727874][ T353] ____kasan_slab_free+0x13d/0x160
[ 54.732973][ T353] __kasan_slab_free+0x11/0x20
[ 54.737815][ T353] slab_free_freelist_hook+0xc2/0x190
[ 54.743382][ T353] ? kfree_skbmem+0x10c/0x180
[ 54.748109][ T353] kmem_cache_free+0x100/0x320
[ 54.752869][ T353] ? skb_release_data+0x94f/0xa10
[ 54.757882][ T353] kfree_skbmem+0x10c/0x180
[ 54.762373][ T353] consume_skb+0xb3/0x1f0
[ 54.766695][ T353] __sk_msg_free+0x4f4/0x560
[ 54.771275][ T353] ? _raw_spin_lock_bh+0x8e/0xe0
[ 54.776226][ T353] ? _raw_spin_lock_irq+0xe0/0xe0
[ 54.781237][ T353] ? skb_dequeue+0x125/0x160
[ 54.785818][ T353] sk_psock_stop+0x4c9/0x570
[ 54.790406][ T353] ? sock_no_sendpage_locked+0x130/0x130
[ 54.796044][ T353] sk_psock_drop+0x226/0x300
[ 54.800630][ T353] sock_map_unref+0x3c2/0x420
[ 54.805303][ T353] ? sk_psock_link_pop+0x154/0x170
[ 54.810405][ T353] sock_map_remove_links+0x3cd/0x600
[ 54.815692][ T353] ? sock_init_data+0xc0/0xc0
[ 54.820358][ T353] ? fput+0x1a/0x20
[ 54.824150][ T353] ? filp_close+0x105/0x150
[ 54.828637][ T353] ? close_fd+0x70/0x80
[ 54.832837][ T353] ? sock_map_unhash+0x130/0x130
[ 54.837766][ T353] sock_map_close+0x111/0x440
[ 54.842447][ T353] ? unix_peer_get+0xe0/0xe0
[ 54.847033][ T353] ? sock_map_remove_links+0x600/0x600
[ 54.852487][ T353] ? clear_nonspinnable+0x60/0x60
[ 54.857500][ T353] unix_release+0x82/0xc0
[ 54.861906][ T353] sock_close+0xe0/0x270
[ 54.866138][ T353] ? sock_mmap+0xa0/0xa0
[ 54.870377][ T353] __fput+0x20b/0x8b0
[ 54.874348][ T353] ____fput+0x15/0x20
[ 54.878323][ T353] task_work_run+0x127/0x190
[ 54.882899][ T353] exit_to_user_mode_loop+0xd0/0xe0
[ 54.888089][ T353] exit_to_user_mode_prepare+0x5a/0xa0
[ 54.893535][ T353] syscall_exit_to_user_mode+0x1a/0x30
[ 54.898986][ T353] do_syscall_64+0x58/0xa0
[ 54.903512][ T353] ? clear_bhb_loop+0x35/0x90
[ 54.908175][ T353] ? clear_bhb_loop+0x35/0x90
[ 54.912942][ T353] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 54.918835][ T353] RIP: 0033:0x7f4a9a517c9a
[ 54.923237][ T353] Code: 48 3d 00 f0 ff ff 77 48 c3 0f 1f 80 00 00 00 00 48 83 ec 18 89 7c 24 0c e8 03 7f 02 00 8b 7c 24 0c 89 c2 b8 03 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 36 89 d7 89 44 24 0c e8 63 7f 02 00 8b 44 24
[ 54.942829][ T353] RSP: 002b:00007fff5317ff00 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[ 54.951316][ T353] RAX: 0000000000000000 RBX: 0000000000000004 RCX: 00007f4a9a517c9a
[ 54.959283][ T353] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003
[ 54.967238][ T353] RBP: 00007f4a9a649980 R08: 0000001b30360000 R09: 00239cb815312678
[ 54.975204][ T353] R10: 0000000000000000 R11: 0000000000000293 R12: 000000000000d73b
[ 54.983160][ T353] R13: ffffffffffffffff R14: 00007f4a9a09c000 R15: 000000000000d3fa
[ 54.991123][ T353]
[ 54.994128][ T353]
[ 54.996434][ T353] Allocated by task 354:
[ 55.000802][ T353] __kasan_slab_alloc+0xbd/0xf0
[ 55.005642][ T353] slab_post_alloc_hook+0x4f/0x2b0
[ 55.010742][ T353] kmem_cache_alloc+0xf7/0x260
[ 55.015506][ T353] skb_clone+0x1cf/0x360
[ 55.019736][ T353] sk_psock_verdict_recv+0x53/0x800
[ 55.025007][ T353] unix_read_sock+0x10a/0x2c0
[ 55.029681][ T353] sk_psock_verdict_data_ready+0x115/0x170
[ 55.035479][ T353] unix_dgram_sendmsg+0x11e6/0x1880
[ 55.040674][ T353] ____sys_sendmsg+0x5a2/0x8c0
[ 55.045511][ T353] ___sys_sendmsg+0x1f0/0x260
[ 55.050180][ T353] __sys_sendmmsg+0x278/0x480
[ 55.054842][ T353] __x64_sys_sendmmsg+0xa0/0xb0
[ 55.059678][ T353] x64_sys_call+0x6c6/0x9a0
[ 55.064168][ T353] do_syscall_64+0x4c/0xa0
[ 55.068588][ T353] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 55.074476][ T353]
[ 55.076832][ T353] Freed by task 60:
[ 55.080714][ T353] kasan_set_track+0x4a/0x70
[ 55.085292][ T353] kasan_set_free_info+0x23/0x40
[ 55.090214][ T353] ____kasan_slab_free+0x125/0x160
[ 55.095316][ T353] __kasan_slab_free+0x11/0x20
[ 55.100065][ T353] slab_free_freelist_hook+0xc2/0x190
[ 55.105501][ T353] kmem_cache_free+0x100/0x320
[ 55.110277][ T353] kfree_skbmem+0x10c/0x180
[ 55.114776][ T353] kfree_skb+0xc1/0x2f0
[ 55.118921][ T353] sk_psock_backlog+0xa85/0xd80
[ 55.124109][ T353] process_one_work+0x6be/0xba0
[ 55.128954][ T353] worker_thread+0xa59/0x1200
[ 55.133623][ T353] kthread+0x411/0x500
[ 55.137682][ T353] ret_from_fork+0x1f/0x30
[ 55.142186][ T353]
[ 55.144504][ T353] The buggy address belongs to the object at ffff88812329fb40
[ 55.144504][ T353] which belongs to the cache skbuff_head_cache of size 248
[ 55.159065][ T353] The buggy address is located 0 bytes inside of
[ 55.159065][ T353] 248-byte region [ffff88812329fb40, ffff88812329fc38)
[ 55.172251][ T353] The buggy address belongs to the page:
[ 55.177877][ T353] page:ffffea00048ca7c0 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x12329f
[ 55.188107][ T353] flags: 0x4000000000000200(slab|zone=1)
[ 55.193744][ T353] raw: 4000000000000200 0000000000000000 dead000000000122 ffff8881081aa480
[ 55.202319][ T353] raw: 0000000000000000 00000000000c000c 00000001ffffffff 0000000000000000
[ 55.210920][ T353] page dumped because: kasan: bad access detected
[ 55.217466][ T353] page_owner tracks the page as allocated
[ 55.223184][ T353] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x112cc0(GFP_USER|__GFP_NOWARN|__GFP_NORETRY), pid 90, ts 54286736296, free_ts 51569055038
[ 55.239007][ T353] post_alloc_hook+0x192/0x1b0
[ 55.243785][ T353] prep_new_page+0x1c/0x110
[ 55.248282][ T353] get_page_from_freelist+0x2cc5/0x2d50
[ 55.253825][ T353] __alloc_pages+0x18f/0x440
[ 55.258414][ T353] new_slab+0xa1/0x4d0
[ 55.262999][ T353] ___slab_alloc+0x381/0x810
[ 55.267583][ T353] __slab_alloc+0x49/0x90
[ 55.271911][ T353] kmem_cache_alloc+0x138/0x260
[ 55.276758][ T353] __alloc_skb+0xe0/0x740
[ 55.281081][ T353] alloc_skb_with_frags+0xa8/0x620
[ 55.286291][ T353] sock_alloc_send_pskb+0x853/0x980
[ 55.291537][ T353] unix_dgram_sendmsg+0x5ea/0x1880
[ 55.296835][ T353] __sys_sendto+0x423/0x580
[ 55.301434][ T353] __x64_sys_sendto+0xe5/0x100
[ 55.306204][ T353] x64_sys_call+0x178/0x9a0
[ 55.310804][ T353] do_syscall_64+0x4c/0xa0
[ 55.315231][ T353] page last free stack trace:
[ 55.319893][ T353] free_unref_page_prepare+0x542/0x550
[ 55.325477][ T353] free_unref_page_list+0x134/0x9d0
[ 55.330672][ T353] release_pages+0x1076/0x10d0
[ 55.335427][ T353] free_pages_and_swap_cache+0x86/0xa0
[ 55.340879][ T353] tlb_finish_mmu+0x175/0x300
[ 55.345557][ T353] exit_mmap+0x40f/0x860
[ 55.349801][ T353] __mmput+0x93/0x320
[ 55.353776][ T353] mmput+0x50/0x150
[ 55.357575][ T353] do_exit+0x9ca/0x27a0
[ 55.361725][ T353] do_group_exit+0x141/0x310
[ 55.366311][ T353] get_signal+0x66a/0x1480
[ 55.370720][ T353] arch_do_signal_or_restart+0xc1/0x10f0
[ 55.376340][ T353] exit_to_user_mode_loop+0xa7/0xe0
[ 55.381528][ T353] exit_to_user_mode_prepare+0x5a/0xa0
[ 55.386978][ T353] syscall_exit_to_user_mode+0x1a/0x30
[ 55.392435][ T353] do_syscall_64+0x58/0xa0
[ 55.396845][ T353]
[ 55.399172][ T353] Memory state around the buggy address:
[ 55.404790][ T353] ffff88812329fa00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 55.412839][ T353] ffff88812329fa80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fc
[ 55.420900][ T353] >ffff88812329fb00: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
[ 55.428945][ T353] ^
[ 55.435087][ T353] ffff88812329fb80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
2025/05/15 08:46:09 executed programs: 10
[ 55.443138][ T353] ffff88812329fc00: fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc fc
[ 55.451192][ T353] ==================================================================
[ 55.481083][ T356] FAULT_INJECTION: forcing a failure.
[ 55.481083][ T356] name failslab, interval 1, probability 0, space 0, times 0
[ 55.494240][ T356] CPU: 1 PID: 356 Comm: syz-executor.0 Tainted: G B 5.15.182-syzkaller-1080481-g57725b368731 #0
[ 55.506090][ T356] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025
[ 55.516146][ T356] Call Trace:
[ 55.519422][ T356]
[ 55.522363][ T356] __dump_stack+0x21/0x30
[ 55.526710][ T356] dump_stack_lvl+0xee/0x150
[ 55.531307][ T356] ? show_regs_print_info+0x20/0x20
[ 55.536528][ T356] dump_stack+0x15/0x20
[ 55.540681][ T356] should_fail+0x3c1/0x510
[ 55.545096][ T356] __should_failslab+0xa4/0xe0
[ 55.549860][ T356] should_failslab+0x9/0x20
[ 55.554368][ T356] slab_pre_alloc_hook+0x3b/0xe0
[ 55.559314][ T356] kmem_cache_alloc_trace+0x48/0x270
[ 55.564618][ T356] ? sk_psock_skb_ingress_self+0x5f/0x330
[ 55.570349][ T356] ? migrate_disable+0x180/0x180
[ 55.575387][ T356] sk_psock_skb_ingress_self+0x5f/0x330
[ 55.580951][ T356] ? migrate_disable+0xd6/0x180
[ 55.585800][ T356] sk_psock_verdict_recv+0x636/0x800
[ 55.591077][ T356] unix_read_sock+0x10a/0x2c0
[ 55.595749][ T356] ? sk_psock_skb_redirect+0x440/0x440
[ 55.601198][ T356] ? unix_stream_splice_actor+0x120/0x120
[ 55.606910][ T356] ? __kasan_check_write+0x14/0x20
[ 55.612012][ T356] ? unix_stream_splice_actor+0x120/0x120
[ 55.617727][ T356] sk_psock_verdict_data_ready+0x115/0x170
[ 55.623547][ T356] ? sk_psock_start_verdict+0xc0/0xc0
[ 55.628913][ T356] ? _raw_spin_lock+0x8e/0xe0
[ 55.633586][ T356] ? _raw_spin_unlock_irqrestore+0x5b/0x80
[ 55.639563][ T356] ? skb_queue_tail+0xcb/0xf0
[ 55.644229][ T356] unix_dgram_sendmsg+0x11e6/0x1880
[ 55.649420][ T356] ? unix_dgram_poll+0x6b0/0x6b0
[ 55.654392][ T356] ? __mod_memcg_lruvec_state+0x122/0x1b0
[ 55.660107][ T356] ? security_socket_sendmsg+0x82/0xa0
[ 55.665564][ T356] ? unix_dgram_poll+0x6b0/0x6b0
[ 55.670498][ T356] ____sys_sendmsg+0x5a2/0x8c0
[ 55.675254][ T356] ? __sys_sendmsg_sock+0x40/0x40
[ 55.680266][ T356] ? import_iovec+0x7c/0xb0
[ 55.684758][ T356] ___sys_sendmsg+0x1f0/0x260
[ 55.689438][ T356] ? _kstrtoull+0x3c0/0x4d0
[ 55.693931][ T356] ? __sys_sendmsg+0x250/0x250
[ 55.698686][ T356] ? __fdget+0x1a1/0x230
[ 55.702920][ T356] __sys_sendmmsg+0x278/0x480
[ 55.707585][ T356] ? __ia32_sys_sendmsg+0x2a0/0x2a0
[ 55.712773][ T356] ? __ia32_sys_read+0x90/0x90
[ 55.717524][ T356] __x64_sys_sendmmsg+0xa0/0xb0
[ 55.722364][ T356] x64_sys_call+0x6c6/0x9a0
[ 55.727034][ T356] do_syscall_64+0x4c/0xa0
[ 55.731534][ T356] ? clear_bhb_loop+0x35/0x90
[ 55.736206][ T356] ? clear_bhb_loop+0x35/0x90
[ 55.740882][ T356] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 55.746776][ T356] RIP: 0033:0x7f4a9a518da9
[ 55.751183][ T356] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[ 55.770789][ T356] RSP: 002b:00007f4a9a09b0c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 55.779205][ T356] RAX: ffffffffffffffda RBX: 00007f4a9a647f80 RCX: 00007f4a9a518da9
[ 55.787177][ T356] RDX: 0000000000000001 RSI: 0000000020001680 RDI: 0000000000000003
[ 55.795142][ T356] RBP: 00007f4a9a09b120 R08: 0000000000000000 R09: 0000000000000000
[ 55.803100][ T356] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 55.811173][ T356] R13: 000000000000000b R14: 00007f4a9a647f80 R15: 00007fff5317fe38
[ 55.819175][ T356]
[ 55.823858][ T355] ==================================================================
[ 55.831933][ T355] BUG: KASAN: double-free or invalid-free in kmem_cache_free+0x100/0x320
[ 55.840355][ T355]
[ 55.842668][ T355] CPU: 0 PID: 355 Comm: syz-executor.0 Tainted: G B 5.15.182-syzkaller-1080481-g57725b368731 #0
[ 55.854453][ T355] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025
[ 55.864494][ T355] Call Trace:
[ 55.867768][ T355]
[ 55.870698][ T355] __dump_stack+0x21/0x30
[ 55.875022][ T355] dump_stack_lvl+0xee/0x150
[ 55.879606][ T355] ? show_regs_print_info+0x20/0x20
[ 55.884795][ T355] ? load_image+0x3a0/0x3a0
[ 55.889303][ T355] ? update_load_avg+0x410/0x1110
[ 55.894328][ T355] print_address_description+0x7f/0x2c0
[ 55.899902][ T355] ? kmem_cache_free+0x100/0x320
[ 55.904836][ T355] kasan_report_invalid_free+0x58/0x90
[ 55.910298][ T355] ? kmem_cache_free+0x100/0x320
[ 55.915234][ T355] ____kasan_slab_free+0x13d/0x160
[ 55.920361][ T355] __kasan_slab_free+0x11/0x20
[ 55.925121][ T355] slab_free_freelist_hook+0xc2/0x190
[ 55.930498][ T355] ? kfree_skbmem+0x10c/0x180
[ 55.935165][ T355] kmem_cache_free+0x100/0x320
[ 55.939927][ T355] ? skb_release_data+0x94f/0xa10
[ 55.944939][ T355] kfree_skbmem+0x10c/0x180
[ 55.949426][ T355] consume_skb+0xb3/0x1f0
[ 55.953743][ T355] __sk_msg_free+0x4f4/0x560
[ 55.958327][ T355] ? _raw_spin_lock_bh+0x8e/0xe0
[ 55.963254][ T355] ? _raw_spin_lock_irq+0xe0/0xe0
[ 55.968273][ T355] ? skb_dequeue+0x125/0x160
[ 55.972860][ T355] sk_psock_stop+0x4c9/0x570
[ 55.977451][ T355] ? sock_no_sendpage_locked+0x130/0x130
[ 55.983076][ T355] sk_psock_drop+0x226/0x300
[ 55.987657][ T355] sock_map_unref+0x3c2/0x420
[ 55.992328][ T355] ? sk_psock_link_pop+0x154/0x170
[ 55.997435][ T355] sock_map_remove_links+0x3cd/0x600
[ 56.002715][ T355] ? sock_init_data+0xc0/0xc0
[ 56.007401][ T355] ? fput+0x1a/0x20
[ 56.011203][ T355] ? filp_close+0x105/0x150
[ 56.015700][ T355] ? close_fd+0x70/0x80
[ 56.019854][ T355] ? sock_map_unhash+0x130/0x130
[ 56.024785][ T355] sock_map_close+0x111/0x440
[ 56.029465][ T355] ? unix_peer_get+0xe0/0xe0
[ 56.034063][ T355] ? sock_map_remove_links+0x600/0x600
[ 56.039520][ T355] ? clear_nonspinnable+0x60/0x60
[ 56.044641][ T355] unix_release+0x82/0xc0
[ 56.048976][ T355] sock_close+0xe0/0x270
[ 56.053212][ T355] ? sock_mmap+0xa0/0xa0
[ 56.057468][ T355] __fput+0x20b/0x8b0
[ 56.061449][ T355] ____fput+0x15/0x20
[ 56.065484][ T355] task_work_run+0x127/0x190
[ 56.070093][ T355] exit_to_user_mode_loop+0xd0/0xe0
[ 56.075289][ T355] exit_to_user_mode_prepare+0x5a/0xa0
[ 56.080750][ T355] syscall_exit_to_user_mode+0x1a/0x30
[ 56.086208][ T355] do_syscall_64+0x58/0xa0
[ 56.090619][ T355] ? clear_bhb_loop+0x35/0x90
[ 56.095293][ T355] ? clear_bhb_loop+0x35/0x90