Warning: Permanently added '10.128.1.74' (ED25519) to the list of known hosts.
2024/08/23 20:10:02 ignoring optional flag "sandboxArg"="0"
2024/08/23 20:10:03 parsed 1 programs
[ 51.867833][ T30] kauditd_printk_skb: 30 callbacks suppressed
[ 51.867851][ T30] audit: type=1400 audit(1724443804.339:106): avc: denied { unlink } for pid=406 comm="syz-executor" name="swap-file" dev="sda1" ino=1929 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[ 51.936375][ T406] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k
[ 52.481436][ T30] audit: type=1401 audit(1724443804.949:107): op=setxattr invalid_context="u:object_r:app_data_file:s0:c512,c768"
[ 52.783001][ T449] bridge0: port 1(bridge_slave_0) entered blocking state
[ 52.794682][ T449] bridge0: port 1(bridge_slave_0) entered disabled state
[ 52.803042][ T449] device bridge_slave_0 entered promiscuous mode
[ 52.810973][ T449] bridge0: port 2(bridge_slave_1) entered blocking state
[ 52.819039][ T449] bridge0: port 2(bridge_slave_1) entered disabled state
[ 52.828730][ T449] device bridge_slave_1 entered promiscuous mode
[ 52.904543][ T449] bridge0: port 2(bridge_slave_1) entered blocking state
[ 52.911554][ T449] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 52.919271][ T449] bridge0: port 1(bridge_slave_0) entered blocking state
[ 52.926766][ T449] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 52.948253][ T352] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 52.956515][ T352] bridge0: port 1(bridge_slave_0) entered disabled state
[ 52.964431][ T352] bridge0: port 2(bridge_slave_1) entered disabled state
[ 52.988482][ T352] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 52.996968][ T352] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 53.005469][ T352] bridge0: port 1(bridge_slave_0) entered blocking state
[ 53.012787][ T352] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 53.021334][ T352] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 53.030502][ T352] bridge0: port 2(bridge_slave_1) entered blocking state
[ 53.037977][ T352] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 53.045409][ T352] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 53.054004][ T352] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 53.066020][ T449] device veth0_vlan entered promiscuous mode
[ 53.073044][ T354] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 53.081663][ T354] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[ 53.089981][ T354] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[ 53.102806][ T352] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 53.113182][ T449] device veth1_macvtap entered promiscuous mode
[ 53.125837][ T354] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 53.139104][ T352] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
2024/08/23 20:10:05 executed programs: 0
[ 53.454752][ T469] bridge0: port 1(bridge_slave_0) entered blocking state
[ 53.463223][ T469] bridge0: port 1(bridge_slave_0) entered disabled state
[ 53.470975][ T469] device bridge_slave_0 entered promiscuous mode
[ 53.484754][ T469] bridge0: port 2(bridge_slave_1) entered blocking state
[ 53.492339][ T469] bridge0: port 2(bridge_slave_1) entered disabled state
[ 53.499982][ T469] device bridge_slave_1 entered promiscuous mode
[ 53.574381][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[ 53.583357][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 53.607376][ T352] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[ 53.617428][ T352] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 53.625902][ T352] bridge0: port 1(bridge_slave_0) entered blocking state
[ 53.633950][ T352] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 53.642729][ T352] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[ 53.653554][ T352] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 53.662628][ T352] bridge0: port 2(bridge_slave_1) entered blocking state
[ 53.670168][ T352] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 53.678077][ T352] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[ 53.686672][ T352] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 53.695962][ T352] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[ 53.704225][ T352] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 53.721128][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[ 53.733763][ T469] device veth0_vlan entered promiscuous mode
[ 53.741959][ T352] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[ 53.750634][ T352] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 53.759368][ T352] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[ 53.770034][ T352] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 53.780932][ T352] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[ 53.791868][ T352] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[ 53.818367][ T354] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 53.829363][ T469] device veth1_macvtap entered promiscuous mode
[ 53.840835][ T354] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[ 53.851452][ T354] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 53.872144][ T354] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[ 53.880725][ T354] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[ 53.910658][ T30] audit: type=1400 audit(1724443806.379:108): avc: denied { prog_load } for pid=473 comm="syz.0.15" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1
[ 53.931981][ T474] FAULT_INJECTION: forcing a failure.
[ 53.931981][ T474] name failslab, interval 1, probability 0, space 0, times 1
[ 53.946354][ T30] audit: type=1400 audit(1724443806.379:109): avc: denied { bpf } for pid=473 comm="syz.0.15" capability=39 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1
[ 53.954877][ T474] CPU: 1 PID: 474 Comm: syz.0.15 Not tainted 5.15.156-syzkaller-1070798-g29d153aabd54 #0
[ 53.969174][ T30] audit: type=1400 audit(1724443806.379:110): avc: denied { perfmon } for pid=473 comm="syz.0.15" capability=38 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1
[ 53.977535][ T474] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024
[ 53.977562][ T474] Call Trace:
[ 53.977569][ T474]
[ 53.977576][ T474] dump_stack_lvl+0x151/0x1c0
[ 53.977614][ T474] ? io_uring_drop_tctx_refs+0x190/0x190
[ 54.000241][ T30] audit: type=1400 audit(1724443806.379:111): avc: denied { prog_run } for pid=473 comm="syz.0.15" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1
[ 54.008646][ T474] dump_stack+0x15/0x20
[ 54.008683][ T474] should_fail+0x3c6/0x510
[ 54.008705][ T474] __should_failslab+0xa4/0xe0
[ 54.012405][ T30] audit: type=1400 audit(1724443806.399:112): avc: denied { map_create } for pid=473 comm="syz.0.15" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1
[ 54.014807][ T474] should_failslab+0x9/0x20
[ 54.014834][ T474] slab_pre_alloc_hook+0x37/0xd0
[ 54.021010][ T30] audit: type=1400 audit(1724443806.399:113): avc: denied { map_read map_write } for pid=473 comm="syz.0.15" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1
[ 54.025890][ T474] kmem_cache_alloc_trace+0x48/0x210
[ 54.025923][ T474] ? sk_psock_skb_ingress_self+0x60/0x330
[ 54.122446][ T474] ? migrate_disable+0x190/0x190
[ 54.127646][ T474] sk_psock_skb_ingress_self+0x60/0x330
[ 54.133668][ T474] sk_psock_verdict_recv+0x66d/0x840
[ 54.139427][ T474] unix_read_sock+0x132/0x370
[ 54.144593][ T474] ? sk_psock_skb_redirect+0x440/0x440
[ 54.150438][ T474] ? unix_stream_splice_actor+0x120/0x120
[ 54.156630][ T474] ? _raw_spin_lock_irqsave+0xf9/0x210
[ 54.162317][ T474] ? unix_stream_splice_actor+0x120/0x120
[ 54.169229][ T474] sk_psock_verdict_data_ready+0x147/0x1a0
[ 54.174963][ T474] ? sk_psock_start_verdict+0xc0/0xc0
[ 54.181020][ T474] ? _raw_spin_lock+0xa4/0x1b0
[ 54.186854][ T474] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 54.192805][ T474] ? skb_queue_tail+0xfb/0x120
[ 54.198107][ T474] unix_dgram_sendmsg+0x15fa/0x2090
[ 54.203731][ T474] ? unix_dgram_poll+0x710/0x710
[ 54.209294][ T474] ? kasan_set_track+0x5d/0x70
[ 54.214844][ T474] ? kasan_set_track+0x4b/0x70
[ 54.220287][ T474] ? security_socket_sendmsg+0x82/0xb0
[ 54.226108][ T474] ? unix_dgram_poll+0x710/0x710
[ 54.231186][ T474] ____sys_sendmsg+0x59e/0x8f0
[ 54.235983][ T474] ? __sys_sendmsg_sock+0x40/0x40
[ 54.241178][ T474] ? import_iovec+0xe5/0x120
[ 54.245821][ T474] ___sys_sendmsg+0x252/0x2e0
[ 54.250326][ T474] ? __sys_sendmsg+0x260/0x260
[ 54.255056][ T474] ? __fdget+0x1bc/0x240
[ 54.259213][ T474] __se_sys_sendmsg+0x19a/0x260
[ 54.263950][ T474] ? __x64_sys_sendmsg+0x90/0x90
[ 54.268769][ T474] ? ksys_write+0x260/0x2c0
[ 54.274003][ T474] ? debug_smp_processor_id+0x17/0x20
[ 54.279769][ T474] ? fpregs_assert_state_consistent+0xb6/0xe0
[ 54.286429][ T474] __x64_sys_sendmsg+0x7b/0x90
[ 54.291966][ T474] x64_sys_call+0x16a/0x9a0
[ 54.296699][ T474] do_syscall_64+0x3b/0xb0
[ 54.301134][ T474] ? clear_bhb_loop+0x35/0x90
[ 54.306034][ T474] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 54.312620][ T474] RIP: 0033:0x7f98bf2f19f9
[ 54.316865][ T474] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 54.340037][ T474] RSP: 002b:00007f98bed79038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 54.349172][ T474] RAX: ffffffffffffffda RBX: 00007f98bf47ff80 RCX: 00007f98bf2f19f9
[ 54.358701][ T474] RDX: 0000000000000000 RSI: 0000000020000500 RDI: 0000000000000004
[ 54.367824][ T474] RBP: 00007f98bed79090 R08: 0000000000000000 R09: 0000000000000000
[ 54.376125][ T474] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 54.385884][ T474] R13: 0000000000000000 R14: 00007f98bf47ff80 R15: 00007ffec901b9d8
[ 54.395232][ T474]
[ 54.401818][ T473] ==================================================================
[ 54.410397][ T473] BUG: KASAN: use-after-free in consume_skb+0x3c/0x250
[ 54.417308][ T473] Read of size 4 at addr ffff88810db899ac by task syz.0.15/473
[ 54.425989][ T473]
[ 54.428138][ T473] CPU: 0 PID: 473 Comm: syz.0.15 Not tainted 5.15.156-syzkaller-1070798-g29d153aabd54 #0
[ 54.438531][ T473] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024
[ 54.449603][ T473] Call Trace:
[ 54.452813][ T473]
[ 54.455705][ T473] dump_stack_lvl+0x151/0x1c0
[ 54.460340][ T473] ? io_uring_drop_tctx_refs+0x190/0x190
[ 54.465805][ T473] ? panic+0x760/0x760
[ 54.469934][ T473] ? debug_smp_processor_id+0x17/0x20
[ 54.475444][ T473] print_address_description+0x87/0x3b0
[ 54.480894][ T473] kasan_report+0x179/0x1c0
[ 54.485221][ T473] ? consume_skb+0x3c/0x250
[ 54.489574][ T473] ? consume_skb+0x3c/0x250
[ 54.493998][ T473] kasan_check_range+0x293/0x2a0
[ 54.498879][ T473] __kasan_check_read+0x11/0x20
[ 54.503565][ T473] consume_skb+0x3c/0x250
[ 54.507916][ T473] __sk_msg_free+0x2dd/0x370
[ 54.512454][ T473] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 54.518081][ T473] sk_psock_stop+0x44c/0x4d0
[ 54.522677][ T473] ? unix_peer_get+0xe0/0xe0
[ 54.527238][ T473] sock_map_close+0x2b9/0x4c0
[ 54.531929][ T473] ? sock_map_remove_links+0x650/0x650
[ 54.537753][ T473] ? rwsem_mark_wake+0x770/0x770
[ 54.542995][ T473] ? security_file_free+0xc6/0xe0
[ 54.548068][ T473] unix_release+0x82/0xc0
[ 54.552490][ T473] sock_close+0xdf/0x270
[ 54.556750][ T473] ? sock_mmap+0xa0/0xa0
[ 54.560809][ T473] __fput+0x3fe/0x910
[ 54.564629][ T473] ____fput+0x15/0x20
[ 54.568548][ T473] task_work_run+0x129/0x190
[ 54.572965][ T473] exit_to_user_mode_loop+0xc4/0xe0
[ 54.578116][ T473] exit_to_user_mode_prepare+0x5a/0xa0
[ 54.583409][ T473] syscall_exit_to_user_mode+0x26/0x160
[ 54.588975][ T473] do_syscall_64+0x47/0xb0
[ 54.593223][ T473] ? clear_bhb_loop+0x35/0x90
[ 54.598242][ T473] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 54.604552][ T473] RIP: 0033:0x7f98bf2f19f9
[ 54.609183][ T473] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 54.629707][ T473] RSP: 002b:00007ffec901bb38 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4
[ 54.638120][ T473] RAX: 0000000000000000 RBX: 00007f98bf481a80 RCX: 00007f98bf2f19f9
[ 54.647898][ T473] RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003
[ 54.655869][ T473] RBP: 00007f98bf481a80 R08: 0000000000000000 R09: 00007ffec901be1f
[ 54.664411][ T473] R10: 000000000003fda8 R11: 0000000000000246 R12: 000000000000d5b9
[ 54.672384][ T473] R13: 00007ffec901bc30 R14: 00007ffec901bc50 R15: ffffffffffffffff
[ 54.680209][ T473]
[ 54.683143][ T473]
[ 54.685319][ T473] Allocated by task 474:
[ 54.689570][ T473] __kasan_slab_alloc+0xb1/0xe0
[ 54.694253][ T473] slab_post_alloc_hook+0x53/0x2c0
[ 54.699233][ T473] kmem_cache_alloc+0xf5/0x200
[ 54.704238][ T473] skb_clone+0x1d1/0x360
[ 54.708318][ T473] sk_psock_verdict_recv+0x53/0x840
[ 54.713446][ T473] unix_read_sock+0x132/0x370
[ 54.718532][ T473] sk_psock_verdict_data_ready+0x147/0x1a0
[ 54.724363][ T473] unix_dgram_sendmsg+0x15fa/0x2090
[ 54.730038][ T473] ____sys_sendmsg+0x59e/0x8f0
[ 54.735110][ T473] ___sys_sendmsg+0x252/0x2e0
[ 54.739699][ T473] __se_sys_sendmsg+0x19a/0x260
[ 54.744731][ T473] __x64_sys_sendmsg+0x7b/0x90
[ 54.749529][ T473] x64_sys_call+0x16a/0x9a0
[ 54.754321][ T473] do_syscall_64+0x3b/0xb0
[ 54.758873][ T473] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 54.765498][ T473]
[ 54.768980][ T473] Freed by task 352:
[ 54.773773][ T473] kasan_set_track+0x4b/0x70
[ 54.780402][ T473] kasan_set_free_info+0x23/0x40
[ 54.786787][ T473] ____kasan_slab_free+0x126/0x160
[ 54.792560][ T473] __kasan_slab_free+0x11/0x20
[ 54.798306][ T473] slab_free_freelist_hook+0xbd/0x190
[ 54.804485][ T473] kmem_cache_free+0x116/0x2e0
[ 54.810661][ T473] kfree_skbmem+0x104/0x170
[ 54.815859][ T473] kfree_skb+0xc2/0x360
[ 54.820682][ T473] sk_psock_backlog+0xc21/0xd90
[ 54.826522][ T473] process_one_work+0x6bb/0xc10
[ 54.832129][ T473] worker_thread+0xad5/0x12a0
[ 54.836827][ T473] kthread+0x421/0x510
[ 54.841392][ T473] ret_from_fork+0x1f/0x30
[ 54.846555][ T473]
[ 54.849098][ T473] The buggy address belongs to the object at ffff88810db898c0
[ 54.849098][ T473] which belongs to the cache skbuff_head_cache of size 248
[ 54.863754][ T473] The buggy address is located 236 bytes inside of
[ 54.863754][ T473] 248-byte region [ffff88810db898c0, ffff88810db899b8)
[ 54.878105][ T473] The buggy address belongs to the page:
[ 54.884751][ T473] page:ffffea000436e240 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10db89
[ 54.895165][ T473] flags: 0x4000000000000200(slab|zone=1)
[ 54.900729][ T473] raw: 4000000000000200 0000000000000000 dead000000000122 ffff8881081b3800
[ 54.909332][ T473] raw: 0000000000000000 00000000000c000c 00000001ffffffff 0000000000000000
[ 54.918334][ T473] page dumped because: kasan: bad access detected
[ 54.924761][ T473] page_owner tracks the page as allocated
[ 54.930731][ T473] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x112a20(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_HARDWALL), pid 474, ts 53908326602, free_ts 53322068016
[ 54.948752][ T473] post_alloc_hook+0x1a3/0x1b0
[ 54.953861][ T473] prep_new_page+0x1b/0x110
[ 54.958610][ T473] get_page_from_freelist+0x3550/0x35d0
[ 54.963990][ T473] __alloc_pages+0x27e/0x8f0
[ 54.968427][ T473] new_slab+0x9a/0x4e0
[ 54.972314][ T473] ___slab_alloc+0x39e/0x830
[ 54.976773][ T473] __slab_alloc+0x4a/0x90
[ 54.981280][ T473] kmem_cache_alloc+0x134/0x200
[ 54.986159][ T473] __alloc_skb+0xbe/0x550
[ 54.990325][ T473] audit_log_start+0x456/0xa80
[ 54.995042][ T473] common_lsm_audit+0xd8/0x18b0
[ 55.000120][ T473] slow_avc_audit+0x26c/0x3c0
[ 55.004977][ T473] selinux_capable+0x279/0x430
[ 55.009824][ T473] security_capable+0x77/0xb0
[ 55.014695][ T473] capable+0x6d/0xe0
[ 55.018841][ T473] bpf_check+0x18af/0x12b20
[ 55.023371][ T473] page last free stack trace:
[ 55.028299][ T473] free_unref_page_prepare+0x7c8/0x7d0
[ 55.033696][ T473] free_unref_page+0xe8/0x750
[ 55.038284][ T473] __free_pages+0x61/0xf0
[ 55.042621][ T473] __vunmap+0x7bc/0x8f0
[ 55.046846][ T473] vfree+0x7f/0xb0
[ 55.050552][ T473] kcov_close+0x2b/0x50
[ 55.055150][ T473] __fput+0x3fe/0x910
[ 55.059063][ T473] ____fput+0x15/0x20
[ 55.063077][ T473] task_work_run+0x129/0x190
[ 55.067738][ T473] do_exit+0xc48/0x2ca0
[ 55.071896][ T473] do_group_exit+0x141/0x310
[ 55.076884][ T473] get_signal+0x7a3/0x1630
[ 55.081371][ T473] arch_do_signal_or_restart+0xbd/0x1680
[ 55.087066][ T473] exit_to_user_mode_loop+0xa0/0xe0
[ 55.092269][ T473] exit_to_user_mode_prepare+0x5a/0xa0
[ 55.097660][ T473] syscall_exit_to_user_mode+0x26/0x160
[ 55.103139][ T473]
[ 55.105496][ T473] Memory state around the buggy address:
[ 55.111310][ T473] ffff88810db89880: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
[ 55.119529][ T473] ffff88810db89900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 55.128435][ T473] >ffff88810db89980: fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc fc
[ 55.136949][ T473] ^
[ 55.143857][ T473] ffff88810db89a00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 55.152326][ T473] ffff88810db89a80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fc
[ 55.160910][ T473] ==================================================================
[ 55.169526][ T473] Disabling lock debugging due to kernel taint
[ 55.175857][ T473] ==================================================================
[ 55.184112][ T473] BUG: KASAN: double-free or invalid-free in kmem_cache_free+0x116/0x2e0
[ 55.192774][ T473]
[ 55.195041][ T473] CPU: 0 PID: 473 Comm: syz.0.15 Tainted: G B 5.15.156-syzkaller-1070798-g29d153aabd54 #0
[ 55.206421][ T473] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024
[ 55.216684][ T473] Call Trace:
[ 55.219830][ T473]
[ 55.222670][ T473] dump_stack_lvl+0x151/0x1c0
[ 55.227543][ T473] ? io_uring_drop_tctx_refs+0x190/0x190
[ 55.233264][ T473] ? __wake_up_klogd+0xd5/0x110
[ 55.238220][ T473] ? panic+0x760/0x760
[ 55.242242][ T473] ? kmem_cache_free+0x116/0x2e0
[ 55.247123][ T473] print_address_description+0x87/0x3b0
[ 55.252891][ T473] ? asm_sysvec_apic_timer_interrupt+0x1b/0x20
[ 55.259102][ T473] ? kmem_cache_free+0x116/0x2e0
[ 55.264406][ T473] ? kmem_cache_free+0x116/0x2e0
[ 55.269472][ T473] kasan_report_invalid_free+0x6b/0xa0
[ 55.275937][ T473] ____kasan_slab_free+0x13e/0x160
[ 55.281454][ T473] __kasan_slab_free+0x11/0x20
[ 55.287294][ T473] slab_free_freelist_hook+0xbd/0x190
[ 55.293467][ T473] ? kfree_skbmem+0x104/0x170
[ 55.298609][ T473] kmem_cache_free+0x116/0x2e0
[ 55.303937][ T473] kfree_skbmem+0x104/0x170
[ 55.309905][ T473] consume_skb+0xb4/0x250
[ 55.314220][ T473] __sk_msg_free+0x2dd/0x370
[ 55.319498][ T473] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 55.325902][ T473] sk_psock_stop+0x44c/0x4d0
[ 55.330667][ T473] ? unix_peer_get+0xe0/0xe0
[ 55.335262][ T473] sock_map_close+0x2b9/0x4c0
[ 55.340115][ T473] ? sock_map_remove_links+0x650/0x650
[ 55.345843][ T473] ? rwsem_mark_wake+0x770/0x770
[ 55.350702][ T473] ? security_file_free+0xc6/0xe0
[ 55.356204][ T473] unix_release+0x82/0xc0
[ 55.360457][ T473] sock_close+0xdf/0x270
[ 55.364764][ T473] ? sock_mmap+0xa0/0xa0
[ 55.369017][ T473] __fput+0x3fe/0x910
[ 55.373076][ T473] ____fput+0x15/0x20
[ 55.377108][ T473] task_work_run+0x129/0x190
[ 55.381975][ T473] exit_to_user_mode_loop+0xc4/0xe0
[ 55.387872][ T473] exit_to_user_mode_prepare+0x5a/0xa0
[ 55.393803][ T473] syscall_exit_to_user_mode+0x26/0x160
[ 55.399607][ T473] do_syscall_64+0x47/0xb0
[ 55.404776][ T473] ? clear_bhb_loop+0x35/0x90
[ 55.409497][ T473] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 55.415341][ T473] RIP: 0033:0x7f98bf2f19f9
[ 55.419681][ T473] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 55.439922][ T473] RSP: 002b:00007ffec901bb38 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4
[ 55.448250][ T473] RAX: 0000000000000000 RBX: 00007f98bf481a80 RCX: 00007f98bf2f19f9
[ 55.457098][ T473] RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003
[ 55.465493][ T473] RBP: 00007f98bf481a80 R08: 0000000000000000 R09: 00007ffec901be1f
[ 55.474816][ T473] R10: 000000000003fda8 R11: 0000000000000246 R12: 000000000000d5b9
[ 55.482746][ T473] R13: 00007ffec901bc30 R14: 00007ffec901bc50 R15: ffffffffffffffff
[ 55.490810][ T473]
[ 55.493747][ T473]
[ 55.495912][ T473] Allocated by task 474:
[ 55.500326][ T473] __kasan_slab_alloc+0xb1/0xe0
[ 55.505725][ T473] slab_post_alloc_hook+0x53/0x2c0
[ 55.510904][ T473] kmem_cache_alloc+0xf5/0x200
[ 55.516298][ T473] skb_clone+0x1d1/0x360
[ 55.520598][ T473] sk_psock_verdict_recv+0x53/0x840
[ 55.525964][ T473] unix_read_sock+0x132/0x370
[ 55.530697][ T473] sk_psock_verdict_data_ready+0x147/0x1a0
[ 55.536578][ T473] unix_dgram_sendmsg+0x15fa/0x2090
[ 55.542276][ T473] ____sys_sendmsg+0x59e/0x8f0
[ 55.547213][ T473] ___sys_sendmsg+0x252/0x2e0
[ 55.552242][ T473] __se_sys_sendmsg+0x19a/0x260
[ 55.557468][ T473] __x64_sys_sendmsg+0x7b/0x90
[ 55.563374][ T473] x64_sys_call+0x16a/0x9a0
[ 55.568162][ T473] do_syscall_64+0x3b/0xb0
[ 55.573521][ T473] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 55.580759][ T473]
[ 55.583654][ T473] Freed by task 352:
[ 55.588053][ T473] kasan_set_track+0x4b/0x70
[ 55.593326][ T473] kasan_set_free_info+0x23/0x40
[ 55.599159][ T473] ____kasan_slab_free+0x126/0x160
[ 55.606325][ T473] __kasan_slab_free+0x11/0x20
[ 55.612288][ T473] slab_free_freelist_hook+0xbd/0x190
[ 55.617925][ T473] kmem_cache_free+0x116/0x2e0
[ 55.623113][ T473] kfree_skbmem+0x104/0x170
[ 55.627809][ T473] kfree_skb+0xc2/0x360
[ 55.633251][ T473] sk_psock_backlog+0xc21/0xd90
[ 55.639427][ T473] process_one_work+0x6bb/0xc10
[ 55.644815][ T473] worker_thread+0xad5/0x12a0
[ 55.649920][ T473] kthread+0x421/0x510
[ 55.653993][ T473] ret_from_fork+0x1f/0x30
[ 55.658423][ T473]
[ 55.661006][ T473] The buggy address belongs to the object at ffff88810db898c0
[ 55.661006][ T473] which belongs to the cache skbuff_head_cache of size 248
[ 55.678036][ T473] The buggy address is located 0 bytes inside of
[ 55.678036][ T473] 248-byte region [ffff88810db898c0, ffff88810db899b8)
[ 55.693660][ T473] The buggy address belongs to the page:
[ 55.699991][ T473] page:ffffea000436e240 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10db89
[ 55.711646][ T473] flags: 0x4000000000000200(slab|zone=1)
[ 55.719130][ T473] raw: 4000000000000200 0000000000000000 dead000000000122 ffff8881081b3800
[ 55.732657][ T473] raw: 0000000000000000 00000000000c000c 00000001ffffffff 0000000000000000
[ 55.744283][ T473] page dumped because: kasan: bad access detected
[ 55.754614][ T473] page_owner tracks the page as allocated
[ 55.762501][ T473] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x112a20(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_HARDWALL), pid 474, ts 53908326602, free_ts 53322068016
[ 55.788408][ T473] post_alloc_hook+0x1a3/0x1b0
[ 55.795830][ T473] prep_new_page+0x1b/0x110
[ 55.800711][ T473] get_page_from_freelist+0x3550/0x35d0
[ 55.811373][ T473] __alloc_pages+0x27e/0x8f0
[ 55.819569][ T473] new_slab+0x9a/0x4e0
[ 55.824740][ T473] ___slab_alloc+0x39e/0x830
[ 55.830597][ T473] __slab_alloc+0x4a/0x90
[ 55.837150][ T473] kmem_cache_alloc+0x134/0x200
[ 55.843106][ T473] __alloc_skb+0xbe/0x550
[ 55.848744][ T473] audit_log_start+0x456/0xa80
[ 55.856037][ T473] common_lsm_audit+0xd8/0x18b0
[ 55.863076][ T473] slow_avc_audit+0x26c/0x3c0
[ 55.869118][ T473] selinux_capable+0x279/0x430
[ 55.874668][ T473] security_capable+0x77/0xb0
[ 55.880411][ T473] capable+0x6d/0xe0
[ 55.884516][ T473] bpf_check+0x18af/0x12b20
[ 55.889736][ T473] page last free stack trace:
[ 55.895852][ T473] free_unref_page_prepare+0x7c8/0x7d0
[ 55.902061][ T473] free_unref_page+0xe8/0x750
[ 55.906822][ T473] __free_pages+0x61/0xf0
[ 55.911317][ T473] __vunmap+0x7bc/0x8f0
[ 55.915982][ T473] vfree+0x7f/0xb0
[ 55.920001][ T473] kcov_close+0x2b/0x50
[ 55.925276][ T473] __fput+0x3fe/0x910
[ 55.931055][ T473] ____fput+0x15/0x20
[ 55.936473][ T473] task_work_run+0x129/0x190
[ 55.942533][ T473] do_exit+0xc48/0x2ca0
[ 55.948761][ T473] do_group_exit+0x141/0x310
[ 55.954106][ T473] get_signal+0x7a3/0x1630
[ 55.960292][ T473] arch_do_signal_or_restart+0xbd/0x1680
[ 55.966656][ T473] exit_to_user_mode_loop+0xa0/0xe0
[ 55.972815][ T473] exit_to_user_mode_prepare+0x5a/0xa0
[ 55.979142][ T473] syscall_exit_to_user_mode+0x26/0x160
[ 55.987054][ T473]
[ 55.989215][ T473] Memory state around the buggy address:
[ 55.994945][ T473] ffff88810db89780: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 56.003887][ T473] ffff88810db89800: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fc
[ 56.013160][ T473] >ffff88810db89880: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
[ 56.021989][ T473] ^
[ 56.029229][ T473] ffff88810db89900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 56.037565][ T473] ffff88810db89980: fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc fc
[ 56.046001][ T473] ==================================================================
[ 56.072155][ T477] FAULT_INJECTION: forcing a failure.
[ 56.072155][ T477] name failslab, interval 1, probability 0, space 0, times 0
[ 56.085785][ T477] CPU: 1 PID: 477 Comm: syz.0.16 Tainted: G B 5.15.156-syzkaller-1070798-g29d153aabd54 #0
[ 56.097961][ T477] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024
[ 56.110133][ T477] Call Trace:
[ 56.113699][ T477]
[ 56.116855][ T477] dump_stack_lvl+0x151/0x1c0
[ 56.122133][ T477] ? io_uring_drop_tctx_refs+0x190/0x190
[ 56.128133][ T477] dump_stack+0x15/0x20
[ 56.132306][ T477] should_fail+0x3c6/0x510
[ 56.137480][ T477] __should_failslab+0xa4/0xe0
[ 56.142500][ T477] should_failslab+0x9/0x20
[ 56.147467][ T477] slab_pre_alloc_hook+0x37/0xd0
[ 56.152386][ T477] kmem_cache_alloc_trace+0x48/0x210
[ 56.157681][ T477] ? sk_psock_skb_ingress_self+0x60/0x330
[ 56.163691][ T477] ? migrate_disable+0x190/0x190
[ 56.168715][ T477] sk_psock_skb_ingress_self+0x60/0x330
[ 56.174383][ T477] sk_psock_verdict_recv+0x66d/0x840
[ 56.179585][ T477] unix_read_sock+0x132/0x370
[ 56.184043][ T477] ? sk_psock_skb_redirect+0x440/0x440
[ 56.189607][ T477] ? unix_stream_splice_actor+0x120/0x120
[ 56.195183][ T477] ? _raw_spin_lock_irqsave+0xf9/0x210
[ 56.200657][ T477] ? unix_stream_splice_actor+0x120/0x120
[ 56.206398][ T477] sk_psock_verdict_data_ready+0x147/0x1a0
[ 56.212331][ T477] ? sk_psock_start_verdict+0xc0/0xc0
[ 56.217708][ T477] ? _raw_spin_lock+0xa4/0x1b0
[ 56.222623][ T477] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 56.228259][ T477] ? skb_queue_tail+0xfb/0x120
[ 56.233338][ T477] unix_dgram_sendmsg+0x15fa/0x2090
[ 56.238450][ T477] ? unix_dgram_poll+0x710/0x710
[ 56.243248][ T477] ? kasan_set_track+0x5d/0x70
[ 56.247816][ T477] ? kasan_set_track+0x4b/0x70
[ 56.252422][ T477] ? security_socket_sendmsg+0x82/0xb0
[ 56.257790][ T477] ? unix_dgram_poll+0x710/0x710
[ 56.262755][ T477] ____sys_sendmsg+0x59e/0x8f0
[ 56.267751][ T477] ? __sys_sendmsg_sock+0x40/0x40
[ 56.272844][ T477] ? import_iovec+0xe5/0x120
[ 56.277409][ T477] ___sys_sendmsg+0x252/0x2e0
[ 56.282701][ T477] ? __sys_sendmsg+0x260/0x260
[ 56.287989][ T477] ? __fdget+0x1bc/0x240
[ 56.292306][ T477] __se_sys_sendmsg+0x19a/0x260
[ 56.297066][ T477] ? __x64_sys_sendmsg+0x90/0x90
[ 56.302793][ T477] ? ksys_write+0x260/0x2c0
[ 56.307713][ T477] ? debug_smp_processor_id+0x17/0x20
[ 56.313002][ T477] ? fpregs_assert_state_consistent+0xb6/0xe0
[ 56.319184][ T477] __x64_sys_sendmsg+0x7b/0x90
[ 56.324651][ T477] x64_sys_call+0x16a/0x9a0
[ 56.329257][ T477] do_syscall_64+0x3b/0xb0
[ 56.333794][ T477] ? clear_bhb_loop+0x35/0x90
[ 56.338964][ T477] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 56.345359][ T477] RIP: 0033:0x7f98bf2f19f9
[ 56.349613][ T477] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 56.372110][ T477] RSP: 002b:00007f98bed79038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 56.381134][ T477] RAX: ffffffffffffffda RBX: 00007f98bf47ff80 RCX: 00007f98bf2f19f9
[ 56.390111][ T477] RDX: 0000000000000000 RSI: 0000000020000500 RDI: 0000000000000004
[ 56.398872][ T477] RBP: 00007f98bed79090 R08: 0000000000000000 R09: 0000000000000000
[ 56.407217][ T477] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 56.415691][ T477] R13: 0000000000000000 R14: 00007f98bf47ff80 R15: 00007ffec901b9d8
[ 56.425134][ T477]
[ 56.432462][ T6] ==================================================================
[ 56.440459][ T6] BUG: KASAN: double-free or invalid-free in kmem_cache_free+0x116/0x2e0
[ 56.449656][ T6]
[ 56.451835][ T6] CPU: 0 PID: 6 Comm: kworker/0:0 Tainted: G B 5.15.156-syzkaller-1070798-g29d153aabd54 #0
[ 56.463195][ T6] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024
[ 56.473440][ T6] Workqueue: events bpf_map_free_deferred
[ 56.479646][ T6] Call Trace:
[ 56.482800][ T6]
[ 56.485801][ T6] dump_stack_lvl+0x151/0x1c0
[ 56.490325][ T6] ? io_uring_drop_tctx_refs+0x190/0x190
[ 56.495865][ T6] ? panic+0x760/0x760
[ 56.499769][ T6] ? kasan_set_free_info+0x23/0x40
[ 56.504806][ T6] ? ____kasan_slab_free+0x126/0x160
[ 56.509937][ T6] ? kmem_cache_free+0x116/0x2e0
[ 56.514788][ T6] print_address_description+0x87/0x3b0
[ 56.520268][ T6] ? worker_thread+0xad5/0x12a0
[ 56.525112][ T6] ? kthread+0x421/0x510
[ 56.529287][ T6] ? kmem_cache_free+0x116/0x2e0
[ 56.534086][ T6] ? kmem_cache_free+0x116/0x2e0
[ 56.539097][ T6] kasan_report_invalid_free+0x6b/0xa0
[ 56.545523][ T6] ____kasan_slab_free+0x13e/0x160
[ 56.551180][ T6] __kasan_slab_free+0x11/0x20
[ 56.556059][ T6] slab_free_freelist_hook+0xbd/0x190
[ 56.561697][ T6] ? kfree_skbmem+0x104/0x170
[ 56.566470][ T6] kmem_cache_free+0x116/0x2e0
[ 56.571225][ T6] kfree_skbmem+0x104/0x170
[ 56.575741][ T6] consume_skb+0xb4/0x250
[ 56.580497][ T6] __sk_msg_free+0x2dd/0x370
[ 56.584995][ T6] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 56.590622][ T6] sk_psock_stop+0x44c/0x4d0
[ 56.595137][ T6] sk_psock_drop+0x219/0x310
[ 56.600053][ T6] sock_map_unref+0x48f/0x4d0
[ 56.605057][ T6] sock_map_free+0x137/0x2b0
[ 56.609870][ T6] bpf_map_free_deferred+0x10d/0x1e0
[ 56.615620][ T6] process_one_work+0x6bb/0xc10
[ 56.620714][ T6] worker_thread+0xad5/0x12a0
[ 56.626181][ T6] kthread+0x421/0x510
[ 56.630174][ T6] ? worker_clr_flags+0x180/0x180
[ 56.636516][ T6] ? kthread_blkcg+0xd0/0xd0
[ 56.641420][ T6] ret_from_fork+0x1f/0x30
[ 56.645987][ T6]
[ 56.649028][ T6]
[ 56.651282][ T6] Allocated by task 477:
[ 56.655370][ T6] __kasan_slab_alloc+0xb1/0xe0
[ 56.660255][ T6] slab_post_alloc_hook+0x53/0x2c0
[ 56.665265][ T6] kmem_cache_alloc+0xf5/0x200
[ 56.670638][ T6] skb_clone+0x1d1/0x360
[ 56.675090][ T6] sk_psock_verdict_recv+0x53/0x840
[ 56.681272][ T6] unix_read_sock+0x132/0x370
[ 56.685966][ T6] sk_psock_verdict_data_ready+0x147/0x1a0
[ 56.691962][ T6] unix_dgram_sendmsg+0x15fa/0x2090
[ 56.697603][ T6] ____sys_sendmsg+0x59e/0x8f0
[ 56.702221][ T6] ___sys_sendmsg+0x252/0x2e0
[ 56.706808][ T6] __se_sys_sendmsg+0x19a/0x260
[ 56.711560][ T6] __x64_sys_sendmsg+0x7b/0x90
[ 56.716393][ T6] x64_sys_call+0x16a/0x9a0
[ 56.720683][ T6] do_syscall_64+0x3b/0xb0
[ 56.725124][ T6] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 56.730930][ T6]
[ 56.733355][ T6] Freed by task 6:
[ 56.736991][ T6] kasan_set_track+0x4b/0x70
[ 56.742805][ T6] kasan_set_free_info+0x23/0x40
[ 56.747851][ T6] ____kasan_slab_free+0x126/0x160
[ 56.753524][ T6] __kasan_slab_free+0x11/0x20
[ 56.758116][ T6] slab_free_freelist_hook+0xbd/0x190
[ 56.763572][ T6] kmem_cache_free+0x116/0x2e0
[ 56.768875][ T6] kfree_skbmem+0x104/0x170
[ 56.775670][ T6] kfree_skb+0xc2/0x360
[ 56.780912][ T6] sk_psock_backlog+0xc21/0xd90
[ 56.786845][ T6] process_one_work+0x6bb/0xc10
[ 56.792692][ T6] worker_thread+0xad5/0x12a0
[ 56.797509][ T6] kthread+0x421/0x510
[ 56.801500][ T6] ret_from_fork+0x1f/0x30
[ 56.806647][ T6]
[ 56.808813][ T6] The buggy address belongs to the object at ffff88812af3a140
[ 56.808813][ T6] which belongs to the cache skbuff_head_cache of size 248
[ 56.824648][ T6] The buggy address is located 0 bytes inside of
[ 56.824648][ T6] 248-byte region [ffff88812af3a140, ffff88812af3a238)
[ 56.838480][ T6] The buggy address belongs to the page:
[ 56.844380][ T6] page:ffffea0004abce80 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x12af3a
[ 56.855116][ T6] flags: 0x4000000000000200(slab|zone=1)
[ 56.860790][ T6] raw: 4000000000000200 0000000000000000 dead000000000122 ffff8881081b3800
[ 56.869821][ T6] raw: 0000000000000000 00000000000c000c 00000001ffffffff 0000000000000000
[ 56.878706][ T6] page dumped because: kasan: bad access detected
[ 56.885256][ T6] page_owner tracks the page as allocated
[ 56.891056][ T6] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x112cc0(GFP_USER|__GFP_NOWARN|__GFP_NORETRY), pid 90, ts 56062348875, free_ts 53436144318
[ 56.907128][ T6] post_alloc_hook+0x1a3/0x1b0
[ 56.911701][ T6] prep_new_page+0x1b/0x110
[ 56.916454][ T6] get_page_from_freelist+0x3550/0x35d0
[ 56.922364][ T6] __alloc_pages+0x27e/0x8f0
[ 56.926724][ T6] new_slab+0x9a/0x4e0
[ 56.930627][ T6] ___slab_alloc+0x39e/0x830
[ 56.935138][ T6] __slab_alloc+0x4a/0x90
[ 56.939597][ T6] kmem_cache_alloc+0x134/0x200
[ 56.944278][ T6] __alloc_skb+0xbe/0x550
[ 56.948636][ T6] alloc_skb_with_frags+0xa6/0x680
[ 56.953661][ T6] sock_alloc_send_pskb+0x915/0xa50
[ 56.958781][ T6] unix_dgram_sendmsg+0x6fd/0x2090
[ 56.964054][ T6] __sys_sendto+0x564/0x720
[ 56.968580][ T6] __x64_sys_sendto+0xe5/0x100
[ 56.973271][ T6] x64_sys_call+0x15c/0x9a0
[ 56.977972][ T6] do_syscall_64+0x3b/0xb0
[ 56.982989][ T6] page last free stack trace:
[ 56.987905][ T6] free_unref_page_prepare+0x7c8/0x7d0
[ 56.993476][ T6] free_unref_page+0xe8/0x750
[ 56.998059][ T6] __free_pages+0x61/0xf0
[ 57.002499][ T6] __vunmap+0x7bc/0x8f0
[ 57.006698][ T6] vfree+0x7f/0xb0
[ 57.010258][ T6] kcov_close+0x2b/0x50
[ 57.014240][ T6] __fput+0x3fe/0x910
[ 57.018392][ T6] ____fput+0x15/0x20
[ 57.022459][ T6] task_work_run+0x129/0x190
[ 57.027140][ T6] do_exit+0xc48/0x2ca0
[ 57.031506][ T6] do_group_exit+0x141/0x310
[ 57.036133][ T6] get_signal+0x7a3/0x1630
[ 57.040569][ T6] arch_do_signal_or_restart+0xbd/0x1680
[ 57.046042][ T6] exit_to_user_mode_loop+0xa0/0xe0
[ 57.051558][ T6] exit_to_user_mode_prepare+0x5a/0xa0
[ 57.056849][ T6] syscall_exit_to_user_mode+0x26/0x160
[ 57.062382][ T6]
[ 57.064550][ T6] Memory state around the buggy address:
[ 57.070133][ T6] ffff88812af3a000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 57.078418][ T6] ffff88812af3a080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fc
[ 57.086478][ T6] >ffff88812af3a100: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
[ 57.094665][ T6] ^
[ 57.101620][ T6] ffff88812af3a180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 57.110104][ T6] ffff88812af3a200: fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc fc
[ 57.119436][ T6] ==================================================================
[ 57.142047][ T480] FAULT_INJECTION: forcing a failure.
[ 57.142047][ T480] name failslab, interval 1, probability 0, space 0, times 0
[ 57.155624][ T480] CPU: 1 PID: 480 Comm: syz.0.17 Tainted: G B 5.15.156-syzkaller-1070798-g29d153aabd54 #0
[ 57.167515][ T480] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024
[ 57.177880][ T480] Call Trace:
[ 57.181068][ T480]
[ 57.184103][ T480] dump_stack_lvl+0x151/0x1c0
[ 57.189137][ T480] ? io_uring_drop_tctx_refs+0x190/0x190
[ 57.194872][ T480] dump_stack+0x15/0x20
[ 57.199225][ T480] should_fail+0x3c6/0x510
[ 57.203654][ T480] __should_failslab+0xa4/0xe0
[ 57.208502][ T480] should_failslab+0x9/0x20
[ 57.213125][ T480] slab_pre_alloc_hook+0x37/0xd0
[ 57.219396][ T480] kmem_cache_alloc_trace+0x48/0x210
[ 57.224533][ T480] ? sk_psock_skb_ingress_self+0x60/0x330
[ 57.230145][ T480] ? migrate_disable+0x190/0x190
[ 57.235143][ T480] sk_psock_skb_ingress_self+0x60/0x330
[ 57.240783][ T480] sk_psock_verdict_recv+0x66d/0x840
[ 57.246163][ T480] unix_read_sock+0x132/0x370
[ 57.250664][ T480] ? sk_psock_skb_redirect+0x440/0x440
[ 57.255956][ T480] ? unix_stream_splice_actor+0x120/0x120
[ 57.261817][ T480] ? _raw_spin_lock_irqsave+0xf9/0x210
[ 57.267109][ T480] ? unix_stream_splice_actor+0x120/0x120
[ 57.272841][ T480] sk_psock_verdict_data_ready+0x147/0x1a0
[ 57.279084][ T480] ? sk_psock_start_verdict+0xc0/0xc0
[ 57.284529][ T480] ? _raw_spin_lock+0xa4/0x1b0
[ 57.289404][ T480] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 57.295026][ T480] ? skb_queue_tail+0xfb/0x120
[ 57.299644][ T480] unix_dgram_sendmsg+0x15fa/0x2090
[ 57.304845][ T480] ? unix_dgram_poll+0x710/0x710
[ 57.309728][ T480] ? kasan_set_track+0x5d/0x70
[ 57.314329][ T480] ? kasan_set_track+0x4b/0x70
[ 57.318929][ T480] ? security_socket_sendmsg+0x82/0xb0
[ 57.324350][ T480] ? unix_dgram_poll+0x710/0x710
[ 57.329431][ T480] ____sys_sendmsg+0x59e/0x8f0
[ 57.334203][ T480] ? __sys_sendmsg_sock+0x40/0x40
[ 57.339298][ T480] ? import_iovec+0xe5/0x120
[ 57.343978][ T480] ___sys_sendmsg+0x252/0x2e0
[ 57.348601][ T480] ? __sys_sendmsg+0x260/0x260
[ 57.353182][ T480] ? __fdget+0x1bc/0x240
[ 57.357237][ T480] __se_sys_sendmsg+0x19a/0x260
[ 57.362208][ T480] ? __x64_sys_sendmsg+0x90/0x90
[ 57.367285][ T480] ? ksys_write+0x260/0x2c0
[ 57.371900][ T480] ? debug_smp_processor_id+0x17/0x20
[ 57.377909][ T480] ? fpregs_assert_state_consistent+0xb6/0xe0
[ 57.384071][ T480] __x64_sys_sendmsg+0x7b/0x90
[ 57.388850][ T480] x64_sys_call+0x16a/0x9a0
[ 57.393266][ T480] do_syscall_64+0x3b/0xb0
[ 57.397894][ T480] ? clear_bhb_loop+0x35/0x90
[ 57.402339][ T480] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 57.408489][ T480] RIP: 0033:0x7f98bf2f19f9
[ 57.413023][ T480] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 57.433158][ T480] RSP: 002b:00007f98bed79038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 57.441565][ T480] RAX: ffffffffffffffda RBX: 00007f98bf47ff80 RCX: 00007f98bf2f19f9
[ 57.449769][ T480] RDX: 0000000000000000 RSI: 0000000020000500 RDI: 0000000000000004
[ 57.457660][ T480] RBP: 00007f98bed79090 R08: 0000000000000000 R09: 0000000000000000
[ 57.465674][ T480] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 57.473492][ T480] R13: 0000000000000000 R14: 00007f98bf47ff80 R15: 00007ffec901b9d8
[ 57.481553][ T480]
[ 57.488507][ T479] ==================================================================
[ 57.496407][ T479] BUG: KASAN: double-free or invalid-free in kmem_cache_free+0x116/0x2e0
[ 57.504837][ T479]
[ 57.507000][ T479] CPU: 1 PID: 479 Comm: syz.0.17 Tainted: G B 5.15.156-syzkaller-1070798-g29d153aabd54 #0
[ 57.519052][ T479] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024
[ 57.529954][ T479] Call Trace:
[ 57.533328][ T479]
[ 57.536575][ T479] dump_stack_lvl+0x151/0x1c0
[ 57.541571][ T479] ? io_uring_drop_tctx_refs+0x190/0x190
[ 57.547865][ T479] ? __wake_up_klogd+0xd5/0x110
[ 57.552706][ T479] ? panic+0x760/0x760
[ 57.556791][ T479] ? kmem_cache_free+0x116/0x2e0
[ 57.561978][ T479] print_address_description+0x87/0x3b0
[ 57.567822][ T479] ? kmem_cache_free+0x116/0x2e0
[ 57.572893][ T479] ? kmem_cache_free+0x116/0x2e0
[ 57.578369][ T479] kasan_report_invalid_free+0x6b/0xa0
[ 57.583976][ T479] ____kasan_slab_free+0x13e/0x160
[ 57.589448][ T479] __kasan_slab_free+0x11/0x20
[ 57.594201][ T479] slab_free_freelist_hook+0xbd/0x190
[ 57.599616][ T479] ? kfree_skbmem+0x104/0x170
[ 57.604603][ T479] kmem_cache_free+0x116/0x2e0
[ 57.609578][ T479] kfree_skbmem+0x104/0x170
[ 57.614133][ T479] consume_skb+0xb4/0x250
[ 57.618932][ T479] __sk_msg_free+0x2dd/0x370
[ 57.623463][ T479] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 57.629435][ T479] sk_psock_stop+0x44c/0x4d0
[ 57.634106][ T479] ? unix_peer_get+0xe0/0xe0
[ 57.639869][ T479] sock_map_close+0x2b9/0x4c0
[ 57.645476][ T479] ? sock_map_remove_links+0x650/0x650
[ 57.650952][ T479] ? rwsem_mark_wake+0x770/0x770
[ 57.655750][ T479] ? security_file_free+0xc6/0xe0
[ 57.660896][ T479] unix_release+0x82/0xc0
[ 57.665204][ T479] sock_close+0xdf/0x270
[ 57.669870][ T479] ? sock_mmap+0xa0/0xa0
[ 57.674459][ T479] __fput+0x3fe/0x910
[ 57.678632][ T479] ____fput+0x15/0x20
[ 57.682467][ T479] task_work_run+0x129/0x190
[ 57.687265][ T479] exit_to_user_mode_loop+0xc4/0xe0
[ 57.692766][ T479] exit_to_user_mode_prepare+0x5a/0xa0
[ 57.698272][ T479] syscall_exit_to_user_mode+0x26/0x160
[ 57.704581][ T479] do_syscall_64+0x47/0xb0
[ 57.709653][ T479] ? clear_bhb_loop+0x35/0x90
[ 57.714254][ T479] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 57.720575][ T479] RIP: 0033:0x7f98bf2f19f9
[ 57.724953][ T479] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 57.745828][ T479] RSP: 002b:00007ffec901bb38 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4
[ 57.755444][ T479] RAX: 0000000000000000 RBX: 00007f98bf481a80 RCX: 00007f98bf2f19f9
[ 57.763822][ T479] RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003
[ 57.774923][ T479] RBP: 00007f98bf481a80 R08: 0000000000000000 R09: 00007ffec901be1f
[ 57.784811][ T479] R10: 000000000003fda8 R11: 0000000000000246 R12: 000000000000e25a
[ 57.796995][ T479] R13: 00007ffec901bc30 R14: 00007ffec901bc50 R15: ffffffffffffffff
[ 57.807273][ T479]
[ 57.811207][ T479]
[ 57.813713][ T479] Allocated by task 480:
[ 57.819463][ T479] __kasan_slab_alloc+0xb1/0xe0
[ 57.827453][ T479] slab_post_alloc_hook+0x53/0x2c0
[ 57.833895][ T479] kmem_cache_alloc+0xf5/0x200
[ 57.839162][ T479] skb_clone+0x1d1/0x360
[ 57.844571][ T479] sk_psock_verdict_recv+0x53/0x840
[ 57.851572][ T479] unix_read_sock+0x132/0x370
[ 57.856139][ T479] sk_psock_verdict_data_ready+0x147/0x1a0
[ 57.862351][ T479] unix_dgram_sendmsg+0x15fa/0x2090
[ 57.867914][ T479] ____sys_sendmsg+0x59e/0x8f0
[ 57.873095][ T479] ___sys_sendmsg+0x252/0x2e0
[ 57.877809][ T479] __se_sys_sendmsg+0x19a/0x260
[ 57.883102][ T479] __x64_sys_sendmsg+0x7b/0x90
[ 57.887980][ T479] x64_sys_call+0x16a/0x9a0
[ 57.892839][ T479] do_syscall_64+0x3b/0xb0
[ 57.897618][ T479] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 57.903664][ T479]
[ 57.905805][ T479] Freed by task 354:
[ 57.910872][ T479] kasan_set_track+0x4b/0x70
[ 57.915493][ T479] kasan_set_free_info+0x23/0x40
[ 57.920397][ T479] ____kasan_slab_free+0x126/0x160
[ 57.926041][ T479] __kasan_slab_free+0x11/0x20
[ 57.932229][ T479] slab_free_freelist_hook+0xbd/0x190
[ 57.938253][ T479] kmem_cache_free+0x116/0x2e0
[ 57.944961][ T479] kfree_skbmem+0x104/0x170
[ 57.949947][ T479] kfree_skb+0xc2/0x360
[ 57.954604][ T479] sk_psock_backlog+0xc21/0xd90
[ 57.961889][ T479] process_one_work+0x6bb/0xc10
[ 57.967188][ T479] worker_thread+0xad5/0x12a0
[ 57.972201][ T479] kthread+0x421/0x510
[ 57.976212][ T479] ret_from_fork+0x1f/0x30
[ 57.981524][ T479]
[ 57.983813][ T479] The buggy address belongs to the object at ffff88811579aa00
[ 57.983813][ T479] which belongs to the cache skbuff_head_cache of size 248
[ 58.000987][ T479] The buggy address is located 0 bytes inside of
[ 58.000987][ T479] 248-byte region [ffff88811579aa00, ffff88811579aaf8)
[ 58.016920][ T479] The buggy address belongs to the page:
[ 58.023708][ T479] page:ffffea000455e680 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x11579a
[ 58.035325][ T479] flags: 0x4000000000000200(slab|zone=1)
[ 58.041124][ T479] raw: 4000000000000200 ffffea000453bd80 0000000200000002 ffff8881081b3800
[ 58.049906][ T479] raw: 0000000000000000 00000000000c000c 00000001ffffffff 0000000000000000
[ 58.059843][ T479] page dumped because: kasan: bad access detected
[ 58.066741][ T479] page_owner tracks the page as allocated
[ 58.073212][ T479] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x12cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY), pid 106, ts 5911632435, free_ts 0
[ 58.090683][ T479] post_alloc_hook+0x1a3/0x1b0
[ 58.096795][ T479] prep_new_page+0x1b/0x110
[ 58.102537][ T479] get_page_from_freelist+0x3550/0x35d0
[ 58.109502][ T479] __alloc_pages+0x27e/0x8f0
[ 58.115289][ T479] new_slab+0x9a/0x4e0
[ 58.121911][ T479] ___slab_alloc+0x39e/0x830
[ 58.128015][ T479] __slab_alloc+0x4a/0x90
[ 58.134753][ T479] kmem_cache_alloc+0x134/0x200
[ 58.141166][ T479] __alloc_skb+0xbe/0x550
[ 58.146558][ T479] alloc_skb_with_frags+0xa6/0x680
[ 58.152949][ T479] sock_alloc_send_pskb+0x915/0xa50
[ 58.158668][ T479] unix_dgram_sendmsg+0x6fd/0x2090
[ 58.163973][ T479] sock_write_iter+0x39b/0x530
[ 58.169803][ T479] vfs_write+0xd5d/0x1110
[ 58.174391][ T479] ksys_write+0x199/0x2c0
[ 58.179199][ T479] __x64_sys_write+0x7b/0x90
[ 58.184881][ T479] page_owner free stack trace missing
[ 58.190636][ T479]
[ 58.193318][ T479] Memory state around the buggy address:
[ 58.199913][ T479] ffff88811579a900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 58.208412][ T479] ffff88811579a980: fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc fc
[ 58.216916][ T479] >ffff88811579aa00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 58.225537][ T479] ^
[ 58.229412][ T479] ffff88811579aa80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fc
[ 58.237786][ T479] ffff88811579ab00: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
[ 58.245855][ T479] ==================================================================
[ 58.265104][ T483] FAULT_INJECTION: forcing a failure.
[ 58.265104][ T483] name failslab, interval 1, probability 0, space 0, times 0
[ 58.279075][ T483] CPU: 0 PID: 483 Comm: syz.0.18 Tainted: G B 5.15.156-syzkaller-1070798-g29d153aabd54 #0
[ 58.291404][ T483] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024
[ 58.302197][ T483] Call Trace:
[ 58.305511][ T483]
[ 58.308455][ T483] dump_stack_lvl+0x151/0x1c0
[ 58.313614][ T483] ? io_uring_drop_tctx_refs+0x190/0x190
[ 58.319582][ T483] dump_stack+0x15/0x20
[ 58.324627][ T483] should_fail+0x3c6/0x510
[ 58.329969][ T483] __should_failslab+0xa4/0xe0
[ 58.335618][ T483] should_failslab+0x9/0x20
[ 58.340592][ T483] slab_pre_alloc_hook+0x37/0xd0
[ 58.345892][ T483] kmem_cache_alloc_trace+0x48/0x210
[ 58.351261][ T483] ? sk_psock_skb_ingress_self+0x60/0x330
[ 58.356968][ T483] ? migrate_disable+0x190/0x190
[ 58.361811][ T483] sk_psock_skb_ingress_self+0x60/0x330
[ 58.367627][ T483] sk_psock_verdict_recv+0x66d/0x840
[ 58.372829][ T483] unix_read_sock+0x132/0x370
[ 58.377408][ T483] ? sk_psock_skb_redirect+0x440/0x440
[ 58.382928][ T483] ? unix_stream_splice_actor+0x120/0x120
[ 58.389012][ T483] ? _raw_spin_lock_irqsave+0xf9/0x210
[ 58.394408][ T483] ? unix_stream_splice_actor+0x120/0x120
[ 58.399965][ T483] sk_psock_verdict_data_ready+0x147/0x1a0
[ 58.405597][ T483] ? sk_psock_start_verdict+0xc0/0xc0
[ 58.410999][ T483] ? _raw_spin_lock+0xa4/0x1b0
[ 58.415959][ T483] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 58.422537][ T483] ? skb_queue_tail+0xfb/0x120
[ 58.427224][ T483] unix_dgram_sendmsg+0x15fa/0x2090
[ 58.432513][ T483] ? unix_dgram_poll+0x710/0x710
[ 58.437272][ T483] ? kasan_set_track+0x5d/0x70
[ 58.442059][ T483] ? kasan_set_track+0x4b/0x70
[ 58.446984][ T483] ? security_socket_sendmsg+0x82/0xb0
[ 58.452928][ T483] ? unix_dgram_poll+0x710/0x710
[ 58.457755][ T483] ____sys_sendmsg+0x59e/0x8f0
[ 58.462427][ T483] ? __sys_sendmsg_sock+0x40/0x40
[ 58.467287][ T483] ? import_iovec+0xe5/0x120
[ 58.471868][ T483] ___sys_sendmsg+0x252/0x2e0
[ 58.478671][ T483] ? __sys_sendmsg+0x260/0x260
[ 58.483883][ T483] ? __fdget+0x1bc/0x240
[ 58.488062][ T483] __se_sys_sendmsg+0x19a/0x260
[ 58.493357][ T483] ? __x64_sys_sendmsg+0x90/0x90
[ 58.498287][ T483] ? ksys_write+0x260/0x2c0
[ 58.503219][ T483] ? debug_smp_processor_id+0x17/0x20
[ 58.508824][ T483] ? fpregs_assert_state_consistent+0xb6/0xe0
[ 58.514837][ T483] __x64_sys_sendmsg+0x7b/0x90
[ 58.519412][ T483] x64_sys_call+0x16a/0x9a0
[ 58.523749][ T483] do_syscall_64+0x3b/0xb0
[ 58.528011][ T483] ? clear_bhb_loop+0x35/0x90
[ 58.532776][ T483] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 58.539100][ T483] RIP: 0033:0x7f98bf2f19f9
[ 58.544071][ T483] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 58.565305][ T483] RSP: 002b:00007f98bed79038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 58.575218][ T483] RAX: ffffffffffffffda RBX: 00007f98bf47ff80 RCX: 00007f98bf2f19f9
[ 58.584726][ T483] RDX: 0000000000000000 RSI: 0000000020000500 RDI: 0000000000000004
[ 58.594531][ T483] RBP: 00007f98bed79090 R08: 0000000000000000 R09: 0000000000000000
[ 58.603088][ T483] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 58.611339][ T483] R13: 0000000000000000 R14: 00007f98bf47ff80 R15: 00007ffec901b9d8
[ 58.619793][ T483]
[ 58.623879][ T6] ==================================================================
[ 58.632527][ T6] BUG: KASAN: double-free or invalid-free in kmem_cache_free+0x116/0x2e0
[ 58.641043][ T6]
[ 58.643650][ T6] CPU: 0 PID: 6 Comm: kworker/0:0 Tainted: G B 5.15.156-syzkaller-1070798-g29d153aabd54 #0
[ 58.655687][ T6] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024
[ 58.666315][ T6] Workqueue: events bpf_map_free_deferred
[ 58.672886][ T6] Call Trace:
[ 58.676898][ T6]
[ 58.679930][ T6] dump_stack_lvl+0x151/0x1c0
[ 58.684885][ T6] ? io_uring_drop_tctx_refs+0x190/0x190
[ 58.690732][ T6] ? panic+0x760/0x760
[ 58.695036][ T6] ? kasan_set_free_info+0x23/0x40
[ 58.700889][ T6] ? ____kasan_slab_free+0x126/0x160
[ 58.706366][ T6] ? kmem_cache_free+0x116/0x2e0
[ 58.711248][ T6] print_address_description+0x87/0x3b0
[ 58.716601][ T6] ? worker_thread+0xad5/0x12a0
[ 58.721636][ T6] ? kthread+0x421/0x510
[ 58.725992][ T6] ? kmem_cache_free+0x116/0x2e0
[ 58.731015][ T6] ? kmem_cache_free+0x116/0x2e0
[ 58.736283][ T6] kasan_report_invalid_free+0x6b/0xa0
[ 58.741787][ T6] ____kasan_slab_free+0x13e/0x160
[ 58.746769][ T6] __kasan_slab_free+0x11/0x20
[ 58.751745][ T6] slab_free_freelist_hook+0xbd/0x190
[ 58.758105][ T6] ? kfree_skbmem+0x104/0x170
[ 58.762964][ T6] kmem_cache_free+0x116/0x2e0
[ 58.768396][ T6] kfree_skbmem+0x104/0x170
[ 58.774378][ T6] consume_skb+0xb4/0x250
[ 58.780369][ T6] __sk_msg_free+0x2dd/0x370
[ 58.786640][ T6] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 58.794794][ T6] sk_psock_stop+0x44c/0x4d0
[ 58.801044][ T6] sk_psock_drop+0x219/0x310
[ 58.807178][ T6] sock_map_unref+0x48f/0x4d0
[ 58.813244][ T6] sock_map_free+0x137/0x2b0
[ 58.818775][ T6] bpf_map_free_deferred+0x10d/0x1e0
[ 58.825614][ T6] process_one_work+0x6bb/0xc10
[ 58.832108][ T6] worker_thread+0xad5/0x12a0
[ 58.838503][ T6] kthread+0x421/0x510
[ 58.843953][ T6] ? worker_clr_flags+0x180/0x180
[ 58.850171][ T6] ? kthread_blkcg+0xd0/0xd0
[ 58.855826][ T6] ret_from_fork+0x1f/0x30
[ 58.861132][ T6]
[ 58.864356][ T6]
[ 58.866712][ T6] Allocated by task 483:
[ 58.871363][ T6] __kasan_slab_alloc+0xb1/0xe0
[ 58.876866][ T6] slab_post_alloc_hook+0x53/0x2c0
[ 58.882740][ T6] kmem_cache_alloc+0xf5/0x200
[ 58.887798][ T6] skb_clone+0x1d1/0x360
[ 58.892819][ T6] sk_psock_verdict_recv+0x53/0x840
[ 58.898531][ T6] unix_read_sock+0x132/0x370
[ 58.904073][ T6] sk_psock_verdict_data_ready+0x147/0x1a0
[ 58.911173][ T6] unix_dgram_sendmsg+0x15fa/0x2090
[ 58.916335][ T6] ____sys_sendmsg+0x59e/0x8f0
[ 58.921333][ T6] ___sys_sendmsg+0x252/0x2e0
[ 58.926528][ T6] __se_sys_sendmsg+0x19a/0x260
[ 58.932059][ T6] __x64_sys_sendmsg+0x7b/0x90
[ 58.936876][ T6] x64_sys_call+0x16a/0x9a0
[ 58.941307][ T6] do_syscall_64+0x3b/0xb0
[ 58.945750][ T6] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 58.951970][ T6]
[ 58.954119][ T6] Freed by task 6:
[ 58.957887][ T6] kasan_set_track+0x4b/0x70
[ 58.962645][ T6] kasan_set_free_info+0x23/0x40
[ 58.968461][ T6] ____kasan_slab_free+0x126/0x160
[ 58.973853][ T6] __kasan_slab_free+0x11/0x20
[ 58.979168][ T6] slab_free_freelist_hook+0xbd/0x190
[ 58.984668][ T6] kmem_cache_free+0x116/0x2e0
[ 58.990033][ T6] kfree_skbmem+0x104/0x170
[ 58.994833][ T6] kfree_skb+0xc2/0x360
[ 58.999466][ T6] sk_psock_backlog+0xc21/0xd90
[ 59.004186][ T6] process_one_work+0x6bb/0xc10
[ 59.009533][ T6] worker_thread+0xad5/0x12a0
[ 59.014821][ T6] kthread+0x421/0x510
[ 59.019747][ T6] ret_from_fork+0x1f/0x30
[ 59.024720][ T6]
[ 59.026982][ T6] The buggy address belongs to the object at ffff88812af5f280
[ 59.026982][ T6] which belongs to the cache skbuff_head_cache of size 248
[ 59.041990][ T6] The buggy address is located 0 bytes inside of
[ 59.041990][ T6] 248-byte region [ffff88812af5f280, ffff88812af5f378)
[ 59.057236][ T6] The buggy address belongs to the page:
[ 59.063932][ T6] page:ffffea0004abd7c0 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x12af5f
[ 59.074648][ T6] flags: 0x4000000000000200(slab|zone=1)
[ 59.080559][ T6] raw: 4000000000000200 0000000000000000 dead000000000122 ffff8881081b3800
[ 59.090526][ T6] raw: 0000000000000000 00000000000c000c 00000001ffffffff 0000000000000000
[ 59.099583][ T6] page dumped because: kasan: bad access detected
[ 59.106491][ T6] page_owner tracks the page as allocated
[ 59.112568][ T6] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x112a20(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_HARDWALL), pid 479, ts 58254559267, free_ts 57487164374
[ 59.131167][ T6] post_alloc_hook+0x1a3/0x1b0
[ 59.136467][ T6] prep_new_page+0x1b/0x110
[ 59.141427][ T6] get_page_from_freelist+0x3550/0x35d0
[ 59.147936][ T6] __alloc_pages+0x27e/0x8f0
[ 59.153040][ T6] new_slab+0x9a/0x4e0
[ 59.157753][ T6] ___slab_alloc+0x39e/0x830
[ 59.162416][ T6] __slab_alloc+0x4a/0x90
[ 59.166765][ T6] kmem_cache_alloc+0x134/0x200
[ 59.171868][ T6] __alloc_skb+0xbe/0x550
[ 59.176317][ T6] ndisc_alloc_skb+0xf3/0x2d0
[ 59.181707][ T6] ndisc_send_rs+0x26c/0x6a0
[ 59.187505][ T6] addrconf_rs_timer+0x2d1/0x600
[ 59.192839][ T6] call_timer_fn+0x3b/0x2d0
[ 59.197351][ T6] __run_timers+0x72a/0xa10
[ 59.201719][ T6] run_timer_softirq+0x69/0xf0
[ 59.206931][ T6] __do_softirq+0x26d/0x5bf
[ 59.211568][ T6] page last free stack trace:
[ 59.216193][ T6] free_unref_page_prepare+0x7c8/0x7d0
[ 59.222747][ T6] free_unref_page+0xe8/0x750
[ 59.228014][ T6] __free_pages+0x61/0xf0
[ 59.232459][ T6] __vunmap+0x7bc/0x8f0
[ 59.236742][ T6] vfree+0x7f/0xb0
[ 59.240592][ T6] module_memfree+0x17/0x30
[ 59.244907][ T6] bpf_jit_free_exec+0x15/0x20
[ 59.249503][ T6] bpf_jit_free+0x98/0x240
[ 59.253960][ T6] bpf_prog_free_deferred+0x61e/0x730
[ 59.259275][ T6] process_one_work+0x6bb/0xc10
[ 59.264470][ T6] worker_thread+0xad5/0x12a0
[ 59.269493][ T6] kthread+0x421/0x510
[ 59.273934][ T6] ret_from_fork+0x1f/0x30
[ 59.278821][ T6]
[ 59.282130][ T6] Memory state around the buggy address:
[ 59.288136][ T6] ffff88812af5f180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 59.296320][ T6] ffff88812af5f200: fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc fc
[ 59.304654][ T6] >ffff88812af5f280: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 59.313129][ T6] ^
[ 59.317921][ T6] ffff88812af5f300: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fc
[ 59.326627][ T6] ffff88812af5f380: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
[ 59.335197][ T6] ==================================================================
2024/08/23 20:10:11 executed programs: 6
[ 59.354552][ T30] audit: type=1400 audit(1724443811.819:114): avc: denied { remove_name } for pid=83 comm="syslogd" name="messages" dev="tmpfs" ino=2 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[ 59.380029][ T30] audit: type=1400 audit(1724443811.819:115): avc: denied { rename } for pid=83 comm="syslogd" name="messages" dev="tmpfs" ino=2 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[ 59.404786][ T487] FAULT_INJECTION: forcing a failure.
[ 59.404786][ T487] name failslab, interval 1, probability 0, space 0, times 0
[ 59.418451][ T487] CPU: 0 PID: 487 Comm: syz.0.19 Tainted: G B 5.15.156-syzkaller-1070798-g29d153aabd54 #0
[ 59.429659][ T487] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024
[ 59.439557][ T487] Call Trace:
[ 59.442763][ T487]
[ 59.445544][ T487] dump_stack_lvl+0x151/0x1c0
[ 59.450282][ T487] ? io_uring_drop_tctx_refs+0x190/0x190
[ 59.455831][ T487] dump_stack+0x15/0x20
[ 59.460000][ T487] should_fail+0x3c6/0x510
[ 59.464502][ T487] __should_failslab+0xa4/0xe0
[ 59.469754][ T487] should_failslab+0x9/0x20
[ 59.474275][ T487] slab_pre_alloc_hook+0x37/0xd0
[ 59.479057][ T487] kmem_cache_alloc_trace+0x48/0x210
[ 59.484553][ T487] ? sk_psock_skb_ingress_self+0x60/0x330
[ 59.490258][ T487] ? migrate_disable+0x190/0x190
[ 59.495105][ T487] sk_psock_skb_ingress_self+0x60/0x330
[ 59.501561][ T487] sk_psock_verdict_recv+0x66d/0x840
[ 59.506676][ T487] unix_read_sock+0x132/0x370
[ 59.511290][ T487] ? sk_psock_skb_redirect+0x440/0x440
[ 59.516744][ T487] ? unix_stream_splice_actor+0x120/0x120
[ 59.522308][ T487] ? _raw_spin_lock_irqsave+0xf9/0x210
[ 59.528386][ T487] ? unix_stream_splice_actor+0x120/0x120
[ 59.534970][ T487] sk_psock_verdict_data_ready+0x147/0x1a0
[ 59.541411][ T487] ? sk_psock_start_verdict+0xc0/0xc0
[ 59.547219][ T487] ? _raw_spin_lock+0xa4/0x1b0
[ 59.551828][ T487] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 59.557776][ T487] ? skb_queue_tail+0xfb/0x120
[ 59.562506][ T487] unix_dgram_sendmsg+0x15fa/0x2090
[ 59.568131][ T487] ? unix_dgram_poll+0x710/0x710
[ 59.573412][ T487] ? kasan_set_track+0x5d/0x70
[ 59.578363][ T487] ? kasan_set_track+0x4b/0x70
[ 59.583939][ T487] ? security_socket_sendmsg+0x82/0xb0
[ 59.589411][ T487] ? unix_dgram_poll+0x710/0x710
[ 59.594456][ T487] ____sys_sendmsg+0x59e/0x8f0
[ 59.599274][ T487] ? __sys_sendmsg_sock+0x40/0x40
[ 59.604693][ T487] ? import_iovec+0xe5/0x120
[ 59.609559][ T487] ___sys_sendmsg+0x252/0x2e0
[ 59.615076][ T487] ? __sys_sendmsg+0x260/0x260
[ 59.620132][ T487] ? __fdget+0x1bc/0x240
[ 59.625075][ T487] __se_sys_sendmsg+0x19a/0x260
[ 59.630134][ T487] ? __x64_sys_sendmsg+0x90/0x90
[ 59.635118][ T487] ? ksys_write+0x260/0x2c0
[ 59.639892][ T487] ? debug_smp_processor_id+0x17/0x20
[ 59.646564][ T487] ? fpregs_assert_state_consistent+0xb6/0xe0
[ 59.652903][ T487] __x64_sys_sendmsg+0x7b/0x90
[ 59.658318][ T487] x64_sys_call+0x16a/0x9a0
[ 59.662990][ T487] do_syscall_64+0x3b/0xb0
[ 59.667447][ T487] ? clear_bhb_loop+0x35/0x90
[ 59.672481][ T487] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 59.678379][ T487] RIP: 0033:0x7f98bf2f19f9
[ 59.682913][ T487] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 59.704184][ T487] RSP: 002b:00007f98bed79038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 59.713211][ T487] RAX: ffffffffffffffda RBX: 00007f98bf47ff80 RCX: 00007f98bf2f19f9
[ 59.721889][ T487] RDX: 0000000000000000 RSI: 0000000020000500 RDI: 0000000000000004
[ 59.730738][ T487] RBP: 00007f98bed79090 R08: 0000000000000000 R09: 0000000000000000
[ 59.739751][ T487] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 59.748725][ T487] R13: 0000000000000000 R14: 00007f98bf47ff80 R15: 00007ffec901b9d8
[ 59.759981][ T487]
[ 59.764388][ T6] ==================================================================
[ 59.775801][ T6] BUG: KASAN: double-free or invalid-free in kmem_cache_free+0x116/0x2e0
[ 59.786432][ T6]
[ 59.789501][ T6] CPU: 0 PID: 6 Comm: kworker/0:0 Tainted: G B 5.15.156-syzkaller-1070798-g29d153aabd54 #0
[ 59.806289][ T6] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024
[ 59.818931][ T6] Workqueue: events bpf_map_free_deferred
[ 59.826770][ T6] Call Trace:
[ 59.830535][ T6]
[ 59.833999][ T6] dump_stack_lvl+0x151/0x1c0
[ 59.838778][ T6] ? io_uring_drop_tctx_refs+0x190/0x190
[ 59.845594][ T6] ? panic+0x760/0x760
[ 59.850006][ T6] ? kasan_set_free_info+0x23/0x40
[ 59.856007][ T6] ? ____kasan_slab_free+0x126/0x160
[ 59.862092][ T6] ? kmem_cache_free+0x116/0x2e0
[ 59.867876][ T6] print_address_description+0x87/0x3b0
[ 59.874454][ T6] ? worker_thread+0xad5/0x12a0
[ 59.880220][ T6] ? kthread+0x421/0x510
[ 59.885158][ T6] ? kmem_cache_free+0x116/0x2e0
[ 59.889919][ T6] ? kmem_cache_free+0x116/0x2e0
[ 59.894763][ T6] kasan_report_invalid_free+0x6b/0xa0
[ 59.900210][ T6] ____kasan_slab_free+0x13e/0x160
[ 59.905154][ T6] __kasan_slab_free+0x11/0x20
[ 59.909764][ T6] slab_free_freelist_hook+0xbd/0x190
[ 59.915303][ T6] ? kfree_skbmem+0x104/0x170
[ 59.919919][ T6] kmem_cache_free+0x116/0x2e0
[ 59.924464][ T6] kfree_skbmem+0x104/0x170
[ 59.929244][ T6] consume_skb+0xb4/0x250
[ 59.933405][ T6] __sk_msg_free+0x2dd/0x370
[ 59.937919][ T6] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 59.943833][ T6] sk_psock_stop+0x44c/0x4d0
[ 59.948263][ T6] sk_psock_drop+0x219/0x310
[ 59.952882][ T6] sock_map_unref+0x48f/0x4d0
[ 59.957564][ T6] sock_map_free+0x137/0x2b0
[ 59.962175][ T6] bpf_map_free_deferred+0x10d/0x1e0
[ 59.967308][ T6] process_one_work+0x6bb/0xc10
[ 59.971998][ T6] worker_thread+0xad5/0x12a0
[ 59.976860][ T6] kthread+0x421/0x510
[ 59.980933][ T6] ? worker_clr_flags+0x180/0x180
[ 59.985972][ T6] ? kthread_blkcg+0xd0/0xd0
[ 59.990392][ T6] ret_from_fork+0x1f/0x30
[ 59.994822][ T6]
[ 59.997692][ T6]
[ 60.000034][ T6] Allocated by task 487:
[ 60.004322][ T6] __kasan_slab_alloc+0xb1/0xe0
[ 60.009191][ T6] slab_post_alloc_hook+0x53/0x2c0
[ 60.014133][ T6] kmem_cache_alloc+0xf5/0x200
[ 60.018737][ T6] skb_clone+0x1d1/0x360
[ 60.022912][ T6] sk_psock_verdict_recv+0x53/0x840
[ 60.028111][ T6] unix_read_sock+0x132/0x370
[ 60.032619][ T6] sk_psock_verdict_data_ready+0x147/0x1a0
[ 60.038275][ T6] unix_dgram_sendmsg+0x15fa/0x2090
[ 60.043809][ T6] ____sys_sendmsg+0x59e/0x8f0
[ 60.049125][ T6] ___sys_sendmsg+0x252/0x2e0
[ 60.053848][ T6] __se_sys_sendmsg+0x19a/0x260
[ 60.059722][ T6] __x64_sys_sendmsg+0x7b/0x90
[ 60.064665][ T6] x64_sys_call+0x16a/0x9a0
[ 60.069294][ T6] do_syscall_64+0x3b/0xb0
[ 60.074696][ T6] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 60.080566][ T6]
[ 60.082833][ T6] Freed by task 6:
[ 60.086938][ T6] kasan_set_track+0x4b/0x70
[ 60.092385][ T6] kasan_set_free_info+0x23/0x40
[ 60.097285][ T6] ____kasan_slab_free+0x126/0x160
[ 60.102452][ T6] __kasan_slab_free+0x11/0x20
[ 60.107316][ T6] slab_free_freelist_hook+0xbd/0x190
[ 60.112771][ T6] kmem_cache_free+0x116/0x2e0
[ 60.117602][ T6] kfree_skbmem+0x104/0x170
[ 60.122112][ T6] kfree_skb+0xc2/0x360
[ 60.126317][ T6] sk_psock_backlog+0xc21/0xd90
[ 60.132575][ T6] process_one_work+0x6bb/0xc10
[ 60.137453][ T6] worker_thread+0xad5/0x12a0
[ 60.142307][ T6] kthread+0x421/0x510
[ 60.146399][ T6] ret_from_fork+0x1f/0x30
[ 60.150642][ T6]
[ 60.152824][ T6] The buggy address belongs to the object at ffff88812af6a000
[ 60.152824][ T6] which belongs to the cache skbuff_head_cache of size 248
[ 60.167841][ T6] The buggy address is located 0 bytes inside of
[ 60.167841][ T6] 248-byte region [ffff88812af6a000, ffff88812af6a0f8)
[ 60.181204][ T6] The buggy address belongs to the page:
[ 60.186765][ T6] page:ffffea0004abda80 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x12af6a
[ 60.196915][ T6] flags: 0x4000000000000200(slab|zone=1)
[ 60.202478][ T6] raw: 4000000000000200 0000000000000000 dead000000000122 ffff8881081b3800
[ 60.211156][ T6] raw: 0000000000000000 00000000800c000c 00000001ffffffff 0000000000000000
[ 60.219845][ T6] page dumped because: kasan: bad access detected
[ 60.226262][ T6] page_owner tracks the page as allocated
[ 60.232260][ T6] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x112cc0(GFP_USER|__GFP_NOWARN|__GFP_NORETRY), pid 101, ts 59351716480, free_ts 59347923388
[ 60.247973][ T6] post_alloc_hook+0x1a3/0x1b0
[ 60.252738][ T6] prep_new_page+0x1b/0x110
[ 60.257222][ T6] get_page_from_freelist+0x3550/0x35d0
[ 60.262863][ T6] __alloc_pages+0x27e/0x8f0
[ 60.267374][ T6] new_slab+0x9a/0x4e0
[ 60.271477][ T6] ___slab_alloc+0x39e/0x830
[ 60.276166][ T6] __slab_alloc+0x4a/0x90
[ 60.280430][ T6] kmem_cache_alloc+0x134/0x200
[ 60.285358][ T6] skb_clone+0x1d1/0x360
[ 60.289597][ T6] netlink_broadcast_filtered+0x692/0x1220
[ 60.295253][ T6] netlink_broadcast+0x3a/0x50
[ 60.300210][ T6] kobject_uevent_net_broadcast+0x3a1/0x590
[ 60.306039][ T6] kobject_uevent_env+0x525/0x700
[ 60.311260][ T6] kobject_synth_uevent+0x4eb/0xae0
[ 60.316565][ T6] uevent_store+0x25/0x60
[ 60.320740][ T6] dev_attr_store+0x5c/0x80
[ 60.325342][ T6] page last free stack trace:
[ 60.329842][ T6] free_unref_page_prepare+0x7c8/0x7d0
[ 60.335247][ T6] free_unref_page+0xe8/0x750
[ 60.339930][ T6] __free_pages+0x61/0xf0
[ 60.344164][ T6] free_pages+0x7c/0x90
[ 60.348154][ T6] pgd_free+0x17d/0x190
[ 60.352334][ T6] __mmdrop+0xb0/0x410
[ 60.356354][ T6] finish_task_switch+0x2cd/0x7b0
[ 60.361289][ T6] __schedule+0xcd4/0x1590
[ 60.365625][ T6] schedule+0x11f/0x1e0
[ 60.369791][ T6] do_nanosleep+0x181/0x6a0
[ 60.374655][ T6] hrtimer_nanosleep+0x1c5/0x3f0
[ 60.380402][ T6] common_nsleep+0x91/0xb0
[ 60.384809][ T6] __se_sys_clock_nanosleep+0x323/0x3b0
[ 60.390278][ T6] __x64_sys_clock_nanosleep+0x9b/0xb0
[ 60.395755][ T6] x64_sys_call+0x609/0x9a0
[ 60.400353][ T6] do_syscall_64+0x3b/0xb0
[ 60.404606][ T6]
[ 60.406781][ T6] Memory state around the buggy address:
[ 60.412622][ T6] ffff88812af69f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 60.421293][ T6] ffff88812af69f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 60.429381][ T6] >ffff88812af6a000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 60.437692][ T6] ^
[ 60.441677][ T6] ffff88812af6a080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fc
[ 60.449576][ T6] ffff88812af6a100: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
[ 60.457612][ T6] ==================================================================
[ 60.472799][ T490] FAULT_INJECTION: forcing a failure.
[ 60.472799][ T490] name failslab, interval 1, probability 0, space 0, times 0
[ 60.485925][ T490] CPU: 1 PID: 490 Comm: syz.0.20 Tainted: G B 5.15.156-syzkaller-1070798-g29d153aabd54 #0
[ 60.497043][ T490] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024
[ 60.506972][ T490] Call Trace:
[ 60.510053][ T490]
[ 60.513017][ T490] dump_stack_lvl+0x151/0x1c0
[ 60.517622][ T490] ? io_uring_drop_tctx_refs+0x190/0x190
[ 60.523261][ T490] dump_stack+0x15/0x20
[ 60.527279][ T490] should_fail+0x3c6/0x510
[ 60.531636][ T490] __should_failslab+0xa4/0xe0
[ 60.536464][ T490] should_failslab+0x9/0x20
[ 60.540890][ T490] slab_pre_alloc_hook+0x37/0xd0
[ 60.545665][ T490] kmem_cache_alloc_trace+0x48/0x210
[ 60.550783][ T490] ? sk_psock_skb_ingress_self+0x60/0x330
[ 60.556367][ T490] ? migrate_disable+0x190/0x190
[ 60.561159][ T490] sk_psock_skb_ingress_self+0x60/0x330
[ 60.566669][ T490] sk_psock_verdict_recv+0x66d/0x840
[ 60.571793][ T490] unix_read_sock+0x132/0x370
[ 60.576771][ T490] ? sk_psock_skb_redirect+0x440/0x440
[ 60.582297][ T490] ? unix_stream_splice_actor+0x120/0x120
[ 60.588120][ T490] ? _raw_spin_lock_irqsave+0xf9/0x210
[ 60.593868][ T490] ? unix_stream_splice_actor+0x120/0x120
[ 60.599853][ T490] sk_psock_verdict_data_ready+0x147/0x1a0
[ 60.606440][ T490] ? sk_psock_start_verdict+0xc0/0xc0
[ 60.612386][ T490] ? _raw_spin_lock+0xa4/0x1b0
[ 60.617146][ T490] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 60.622883][ T490] ? skb_queue_tail+0xfb/0x120
[ 60.627582][ T490] unix_dgram_sendmsg+0x15fa/0x2090
[ 60.632783][ T490] ? unix_dgram_poll+0x710/0x710
[ 60.637747][ T490] ? kasan_set_track+0x5d/0x70
[ 60.642609][ T490] ? kasan_set_track+0x4b/0x70
[ 60.647206][ T490] ? security_socket_sendmsg+0x82/0xb0
[ 60.652719][ T490] ? unix_dgram_poll+0x710/0x710
[ 60.657861][ T490] ____sys_sendmsg+0x59e/0x8f0
[ 60.662710][ T490] ? __sys_sendmsg_sock+0x40/0x40
[ 60.667652][ T490] ? import_iovec+0xe5/0x120
[ 60.672163][ T490] ___sys_sendmsg+0x252/0x2e0
[ 60.676773][ T490] ? __sys_sendmsg+0x260/0x260
[ 60.681550][ T490] ? __fdget+0x1bc/0x240
[ 60.685797][ T490] __se_sys_sendmsg+0x19a/0x260
[ 60.690704][ T490] ? __x64_sys_sendmsg+0x90/0x90
[ 60.695516][ T490] ? ksys_write+0x260/0x2c0
[ 60.700033][ T490] ? debug_smp_processor_id+0x17/0x20
[ 60.705324][ T490] ? fpregs_assert_state_consistent+0xb6/0xe0
[ 60.711687][ T490] __x64_sys_sendmsg+0x7b/0x90
[ 60.716292][ T490] x64_sys_call+0x16a/0x9a0
[ 60.720824][ T490] do_syscall_64+0x3b/0xb0
[ 60.725301][ T490] ? clear_bhb_loop+0x35/0x90
[ 60.730268][ T490] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 60.736288][ T490] RIP: 0033:0x7f98bf2f19f9
[ 60.740627][ T490] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 60.762799][ T490] RSP: 002b:00007f98bed79038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 60.772469][ T490] RAX: ffffffffffffffda RBX: 00007f98bf47ff80 RCX: 00007f98bf2f19f9
[ 60.783011][ T490] RDX: 0000000000000000 RSI: 0000000020000500 RDI: 0000000000000004
[ 60.793728][ T490] RBP: 00007f98bed79090 R08: 0000000000000000 R09: 0000000000000000
[ 60.805058][ T490] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 60.815032][ T490] R13: 0000000000000000 R14: 00007f98bf47ff80 R15: 00007ffec901b9d8
[ 60.824138][ T490]
[ 60.837584][ T354] ==================================================================
[ 60.847632][ T354] BUG: KASAN: double-free or invalid-free in kmem_cache_free+0x116/0x2e0
[ 60.858122][ T354]
[ 60.860530][ T354] CPU: 1 PID: 354 Comm: kworker/1:3 Tainted: G B 5.15.156-syzkaller-1070798-g29d153aabd54 #0
[ 60.873146][ T354] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024
[ 60.887146][ T354] Workqueue: events bpf_map_free_deferred
[ 60.895157][ T354] Call Trace:
[ 60.899234][ T354]
[ 60.902336][ T354] dump_stack_lvl+0x151/0x1c0
[ 60.907153][ T354] ? io_uring_drop_tctx_refs+0x190/0x190
[ 60.913083][ T354] ? panic+0x760/0x760
[ 60.917314][ T354] ? kasan_set_free_info+0x23/0x40
[ 60.922829][ T354] ? ____kasan_slab_free+0x126/0x160
[ 60.928305][ T354] ? kmem_cache_free+0x116/0x2e0
[ 60.933620][ T354] print_address_description+0x87/0x3b0
[ 60.939532][ T354] ? worker_thread+0xad5/0x12a0
[ 60.944309][ T354] ? kthread+0x421/0x510
[ 60.948773][ T354] ? kmem_cache_free+0x116/0x2e0
[ 60.954740][ T354] ? kmem_cache_free+0x116/0x2e0
[ 60.961126][ T354] kasan_report_invalid_free+0x6b/0xa0
[ 60.966709][ T354] ____kasan_slab_free+0x13e/0x160
[ 60.972874][ T354] __kasan_slab_free+0x11/0x20
[ 60.978539][ T354] slab_free_freelist_hook+0xbd/0x190
[ 60.984471][ T354] ? kfree_skbmem+0x104/0x170
[ 60.989610][ T354] kmem_cache_free+0x116/0x2e0
[ 60.994389][ T354] kfree_skbmem+0x104/0x170
[ 60.998844][ T354] consume_skb+0xb4/0x250
[ 61.004054][ T354] __sk_msg_free+0x2dd/0x370
[ 61.009419][ T354] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 61.015899][ T354] sk_psock_stop+0x44c/0x4d0
[ 61.021267][ T354] sk_psock_drop+0x219/0x310
[ 61.025904][ T354] sock_map_unref+0x48f/0x4d0
[ 61.030897][ T354] sock_map_free+0x137/0x2b0
[ 61.035782][ T354] bpf_map_free_deferred+0x10d/0x1e0
[ 61.041591][ T354] process_one_work+0x6bb/0xc10
[ 61.046600][ T354] worker_thread+0xad5/0x12a0
[ 61.052031][ T354] ? _raw_spin_lock+0x1b0/0x1b0
[ 61.057660][ T354] kthread+0x421/0x510
[ 61.062669][ T354] ? worker_clr_flags+0x180/0x180
[ 61.067697][ T354] ? kthread_blkcg+0xd0/0xd0
[ 61.074157][ T354] ret_from_fork+0x1f/0x30
[ 61.078653][ T354]
[ 61.081785][ T354]
[ 61.084031][ T354] Allocated by task 490:
[ 61.088311][ T354] __kasan_slab_alloc+0xb1/0xe0
[ 61.093567][ T354] slab_post_alloc_hook+0x53/0x2c0
[ 61.098742][ T354] kmem_cache_alloc+0xf5/0x200
[ 61.103703][ T354] skb_clone+0x1d1/0x360
[ 61.107909][ T354] sk_psock_verdict_recv+0x53/0x840
[ 61.113335][ T354] unix_read_sock+0x132/0x370
[ 61.118049][ T354] sk_psock_verdict_data_ready+0x147/0x1a0
[ 61.124391][ T354] unix_dgram_sendmsg+0x15fa/0x2090
[ 61.130374][ T354] ____sys_sendmsg+0x59e/0x8f0
[ 61.135534][ T354] ___sys_sendmsg+0x252/0x2e0
[ 61.141470][ T354] __se_sys_sendmsg+0x19a/0x260
[ 61.147405][ T354] __x64_sys_sendmsg+0x7b/0x90
[ 61.158526][ T354] x64_sys_call+0x16a/0x9a0
[ 61.164279][ T354] do_syscall_64+0x3b/0xb0
[ 61.168880][ T354] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 61.175329][ T354]
[ 61.177980][ T354] Freed by task 20:
[ 61.181878][ T354] kasan_set_track+0x4b/0x70
[ 61.186987][ T354] kasan_set_free_info+0x23/0x40
[ 61.191694][ T354] ____kasan_slab_free+0x126/0x160
[ 61.196989][ T354] __kasan_slab_free+0x11/0x20
[ 61.201768][ T354] slab_free_freelist_hook+0xbd/0x190
[ 61.207063][ T354] kmem_cache_free+0x116/0x2e0
[ 61.211933][ T354] kfree_skbmem+0x104/0x170
[ 61.216390][ T354] kfree_skb+0xc2/0x360
[ 61.220359][ T354] sk_psock_backlog+0xc21/0xd90
[ 61.225319][ T354] process_one_work+0x6bb/0xc10
[ 61.230443][ T354] worker_thread+0xad5/0x12a0
[ 61.234933][ T354] kthread+0x421/0x510
[ 61.239106][ T354] ret_from_fork+0x1f/0x30
[ 61.243820][ T354]
[ 61.245972][ T354] The buggy address belongs to the object at ffff888115e78640
[ 61.245972][ T354] which belongs to the cache skbuff_head_cache of size 248
[ 61.260554][ T354] The buggy address is located 0 bytes inside of
[ 61.260554][ T354] 248-byte region [ffff888115e78640, ffff888115e78738)
[ 61.273847][ T354] The buggy address belongs to the page:
[ 61.279411][ T354] page:ffffea0004579e00 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x115e78
[ 61.289729][ T354] flags: 0x4000000000000200(slab|zone=1)
[ 61.295310][ T354] raw: 4000000000000200 0000000000000000 dead000000000122 ffff8881081b3800
[ 61.304075][ T354] raw: 0000000000000000 00000000000c000c 00000001ffffffff 0000000000000000
[ 61.312823][ T354] page dumped because: kasan: bad access detected
[ 61.319164][ T354] page_owner tracks the page as allocated
[ 61.324900][ T354] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x112cc0(GFP_USER|__GFP_NOWARN|__GFP_NORETRY), pid 90, ts 59767293878, free_ts 59491250960
[ 61.341574][ T354] post_alloc_hook+0x1a3/0x1b0
[ 61.346241][ T354] prep_new_page+0x1b/0x110
[ 61.351190][ T354] get_page_from_freelist+0x3550/0x35d0
[ 61.357010][ T354] __alloc_pages+0x27e/0x8f0
[ 61.361536][ T354] new_slab+0x9a/0x4e0
[ 61.365416][ T354] ___slab_alloc+0x39e/0x830
[ 61.370297][ T354] __slab_alloc+0x4a/0x90
[ 61.374901][ T354] kmem_cache_alloc+0x134/0x200
[ 61.379721][ T354] __alloc_skb+0xbe/0x550
[ 61.384046][ T354] alloc_skb_with_frags+0xa6/0x680
[ 61.388987][ T354] sock_alloc_send_pskb+0x915/0xa50
[ 61.394020][ T354] unix_dgram_sendmsg+0x6fd/0x2090
[ 61.398969][ T354] __sys_sendto+0x564/0x720
[ 61.403392][ T354] __x64_sys_sendto+0xe5/0x100
[ 61.408081][ T354] x64_sys_call+0x15c/0x9a0
[ 61.412422][ T354] do_syscall_64+0x3b/0xb0
[ 61.416765][ T354] page last free stack trace:
[ 61.421543][ T354] free_unref_page_prepare+0x7c8/0x7d0
[ 61.427550][ T354] free_unref_page+0xe8/0x750
[ 61.432392][ T354] __free_pages+0x61/0xf0
[ 61.436658][ T354] __free_slab+0xec/0x1d0
[ 61.441017][ T354] __unfreeze_partials+0x165/0x1a0
[ 61.446085][ T354] put_cpu_partial+0xc4/0x120
[ 61.450883][ T354] __slab_free+0x1c8/0x290
[ 61.455481][ T354] ___cache_free+0x109/0x120
[ 61.459905][ T354] qlink_free+0x4d/0x90
[ 61.464497][ T354] qlist_free_all+0x44/0xb0
[ 61.468838][ T354] kasan_quarantine_reduce+0x15a/0x180
[ 61.474131][ T354] __kasan_slab_alloc+0x2f/0xe0
[ 61.478819][ T354] slab_post_alloc_hook+0x53/0x2c0
[ 61.483767][ T354] kmem_cache_alloc+0xf5/0x200
[ 61.488647][ T354] sock_alloc_inode+0x1b/0xb0
[ 61.493609][ T354] new_inode_pseudo+0x64/0x220
[ 61.498284][ T354]
[ 61.500514][ T354] Memory state around the buggy address:
[ 61.506056][ T354] ffff888115e78500: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 61.514166][ T354] ffff888115e78580: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fc
[ 61.522146][ T354] >ffff888115e78600: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
[ 61.530321][ T354] ^
[ 61.537429][ T354] ffff888115e78680: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 61.545686][ T354] ffff888115e78700: fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc fc
[ 61.553796][ T354] ==================================================================
[ 61.600139][ T495] FAULT_INJECTION: forcing a failure.
[ 61.600139][ T495] name failslab, interval 1, probability 0, space 0, times 0
[ 61.616108][ T495] CPU: 0 PID: 495 Comm: syz.0.21 Tainted: G B 5.15.156-syzkaller-1070798-g29d153aabd54 #0
[ 61.629585][ T495] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024
[ 61.641073][ T495] Call Trace:
[ 61.644455][ T495]
[ 61.647901][ T495] dump_stack_lvl+0x151/0x1c0
[ 61.652549][ T495] ? io_uring_drop_tctx_refs+0x190/0x190
[ 61.658357][ T495] dump_stack+0x15/0x20
[ 61.662530][ T495] should_fail+0x3c6/0x510
[ 61.666797][ T495] __should_failslab+0xa4/0xe0
[ 61.671971][ T495] should_failslab+0x9/0x20
[ 61.676395][ T495] slab_pre_alloc_hook+0x37/0xd0
[ 61.681922][ T495] kmem_cache_alloc_trace+0x48/0x210
[ 61.688033][ T495] ? sk_psock_skb_ingress_self+0x60/0x330
[ 61.693667][ T495] ? migrate_disable+0x190/0x190
[ 61.698438][ T495] sk_psock_skb_ingress_self+0x60/0x330
[ 61.703959][ T495] sk_psock_verdict_recv+0x66d/0x840
[ 61.709148][ T495] unix_read_sock+0x132/0x370
[ 61.713666][ T495] ? sk_psock_skb_redirect+0x440/0x440
[ 61.719213][ T495] ? unix_stream_splice_actor+0x120/0x120
[ 61.725519][ T495] ? _raw_spin_lock_irqsave+0xf9/0x210
[ 61.731311][ T495] ? unix_stream_splice_actor+0x120/0x120
[ 61.737368][ T495] sk_psock_verdict_data_ready+0x147/0x1a0
[ 61.743208][ T495] ? sk_psock_start_verdict+0xc0/0xc0
[ 61.748402][ T495] ? _raw_spin_lock+0xa4/0x1b0
[ 61.753189][ T495] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 61.759585][ T495] ? skb_queue_tail+0xfb/0x120
[ 61.764391][ T495] unix_dgram_sendmsg+0x15fa/0x2090
[ 61.769946][ T495] ? unix_dgram_poll+0x710/0x710
[ 61.775332][ T495] ? kasan_set_track+0x5d/0x70
[ 61.781870][ T495] ? kasan_set_track+0x4b/0x70
[ 61.790612][ T495] ? security_socket_sendmsg+0x82/0xb0
[ 61.800720][ T495] ? unix_dgram_poll+0x710/0x710
[ 61.807860][ T495] ____sys_sendmsg+0x59e/0x8f0
[ 61.815399][ T495] ? __sys_sendmsg_sock+0x40/0x40
[ 61.822723][ T495] ? import_iovec+0xe5/0x120
[ 61.829251][ T495] ___sys_sendmsg+0x252/0x2e0
[ 61.835197][ T495] ? __sys_sendmsg+0x260/0x260
[ 61.841734][ T495] ? __fdget+0x1bc/0x240
[ 61.847195][ T495] __se_sys_sendmsg+0x19a/0x260
[ 61.852970][ T495] ? __x64_sys_sendmsg+0x90/0x90
[ 61.859062][ T495] ? ksys_write+0x260/0x2c0
[ 61.865066][ T495] ? debug_smp_processor_id+0x17/0x20
[ 61.871985][ T495] ? fpregs_assert_state_consistent+0xb6/0xe0
[ 61.879842][ T495] __x64_sys_sendmsg+0x7b/0x90
[ 61.884824][ T495] x64_sys_call+0x16a/0x9a0
[ 61.890208][ T495] do_syscall_64+0x3b/0xb0
[ 61.894609][ T495] ? clear_bhb_loop+0x35/0x90
[ 61.899120][ T495] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 61.905075][ T495] RIP: 0033:0x7f98bf2f19f9
[ 61.910217][ T495] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 61.932965][ T495] RSP: 002b:00007f98bed79038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 61.941555][ T495] RAX: ffffffffffffffda RBX: 00007f98bf47ff80 RCX: 00007f98bf2f19f9
[ 61.950027][ T495] RDX: 0000000000000000 RSI: 0000000020000500 RDI: 0000000000000004
[ 61.958340][ T495] RBP: 00007f98bed79090 R08: 0000000000000000 R09: 0000000000000000
[ 61.966313][ T495] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 61.974389][ T495] R13: 0000000000000000 R14: 00007f98bf47ff80 R15: 00007ffec901b9d8
[ 61.983537][ T495]
[ 61.988016][ T494] ==================================================================
[ 61.996369][ T494] BUG: KASAN: double-free or invalid-free in kmem_cache_free+0x116/0x2e0
[ 62.004873][ T494]
[ 62.007041][ T494] CPU: 1 PID: 494 Comm: syz.0.21 Tainted: G B 5.15.156-syzkaller-1070798-g29d153aabd54 #0
[ 62.019267][ T494] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024
[ 62.029746][ T494] Call Trace:
[ 62.033082][ T494]
[ 62.035835][ T494] dump_stack_lvl+0x151/0x1c0
[ 62.040691][ T494] ? io_uring_drop_tctx_refs+0x190/0x190
[ 62.046381][ T494] ? __wake_up_klogd+0xd5/0x110
[ 62.051238][ T494] ? panic+0x760/0x760
[ 62.055490][ T494] ? kmem_cache_free+0x116/0x2e0
[ 62.060709][ T494] print_address_description+0x87/0x3b0
[ 62.066185][ T494] ? kmem_cache_free+0x116/0x2e0
[ 62.071043][ T494] ? kmem_cache_free+0x116/0x2e0
[ 62.075803][ T494] kasan_report_invalid_free+0x6b/0xa0
[ 62.081094][ T494] ____kasan_slab_free+0x13e/0x160
[ 62.086315][ T494] __kasan_slab_free+0x11/0x20
[ 62.090934][ T494] slab_free_freelist_hook+0xbd/0x190
[ 62.096110][ T494] ? kfree_skbmem+0x104/0x170
[ 62.100806][ T494] kmem_cache_free+0x116/0x2e0
[ 62.105573][ T494] kfree_skbmem+0x104/0x170
[ 62.110132][ T494] consume_skb+0xb4/0x250
[ 62.114380][ T494] __sk_msg_free+0x2dd/0x370
[ 62.118895][ T494] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 62.124827][ T494] sk_psock_stop+0x44c/0x4d0
[ 62.129488][ T494] ? unix_peer_get+0xe0/0xe0
[ 62.134191][ T494] sock_map_close+0x2b9/0x4c0
[ 62.138824][ T494] ? sock_map_remove_links+0x650/0x650
[ 62.144623][ T494] ? rwsem_mark_wake+0x770/0x770
[ 62.149676][ T494] ? security_file_free+0xc6/0xe0
[ 62.155352][ T494] unix_release+0x82/0xc0
[ 62.159655][ T494] sock_close+0xdf/0x270
[ 62.164088][ T494] ? sock_mmap+0xa0/0xa0
[ 62.168264][ T494] __fput+0x3fe/0x910
[ 62.172314][ T494] ____fput+0x15/0x20
[ 62.176303][ T494] task_work_run+0x129/0x190
[ 62.180879][ T494] exit_to_user_mode_loop+0xc4/0xe0
[ 62.185948][ T494] exit_to_user_mode_prepare+0x5a/0xa0
[ 62.192231][ T494] syscall_exit_to_user_mode+0x26/0x160
[ 62.197882][ T494] do_syscall_64+0x47/0xb0
[ 62.202193][ T494] ? clear_bhb_loop+0x35/0x90
[ 62.206716][ T494] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 62.212613][ T494] RIP: 0033:0x7f98bf2f19f9
[ 62.216956][ T494] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 62.236886][ T494] RSP: 002b:00007ffec901bb38 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4
[ 62.245267][ T494] RAX: 0000000000000000 RBX: 000000000000f082 RCX: 00007f98bf2f19f9
[ 62.253255][ T494] RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003
[ 62.261073][ T494] RBP: 00007ffec901bc10 R08: 0000000000000001 R09: 00007ffec901be1f
[ 62.268866][ T494] R10: 00007f98bf17a000 R11: 0000000000000246 R12: 0000000000000032
[ 62.277362][ T494] R13: 00007ffec901bc30 R14: 00007ffec901bc50 R15: ffffffffffffffff
[ 62.285538][ T494]
[ 62.288480][ T494]
[ 62.290730][ T494] Allocated by task 495:
[ 62.294988][ T494] __kasan_slab_alloc+0xb1/0xe0
[ 62.299850][ T494] slab_post_alloc_hook+0x53/0x2c0
[ 62.304873][ T494] kmem_cache_alloc+0xf5/0x200
[ 62.309573][ T494] skb_clone+0x1d1/0x360
[ 62.313681][ T494] sk_psock_verdict_recv+0x53/0x840
[ 62.318918][ T494] unix_read_sock+0x132/0x370
[ 62.323824][ T494] sk_psock_verdict_data_ready+0x147/0x1a0
[ 62.329433][ T494] unix_dgram_sendmsg+0x15fa/0x2090
[ 62.334481][ T494] ____sys_sendmsg+0x59e/0x8f0
[ 62.339183][ T494] ___sys_sendmsg+0x252/0x2e0
[ 62.343757][ T494] __se_sys_sendmsg+0x19a/0x260
[ 62.348638][ T494] __x64_sys_sendmsg+0x7b/0x90
[ 62.353605][ T494] x64_sys_call+0x16a/0x9a0
[ 62.357923][ T494] do_syscall_64+0x3b/0xb0
[ 62.362653][ T494] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 62.368916][ T494]
[ 62.371045][ T494] Freed by task 39:
[ 62.374742][ T494] kasan_set_track+0x4b/0x70
[ 62.379243][ T494] kasan_set_free_info+0x23/0x40
[ 62.384199][ T494] ____kasan_slab_free+0x126/0x160
[ 62.389147][ T494] __kasan_slab_free+0x11/0x20
[ 62.394059][ T494] slab_free_freelist_hook+0xbd/0x190
[ 62.399274][ T494] kmem_cache_free+0x116/0x2e0
[ 62.403954][ T494] kfree_skbmem+0x104/0x170
[ 62.408484][ T494] kfree_skb+0xc2/0x360
[ 62.412483][ T494] sk_psock_backlog+0xc21/0xd90
[ 62.417179][ T494] process_one_work+0x6bb/0xc10
[ 62.422117][ T494] worker_thread+0xad5/0x12a0
[ 62.426761][ T494] kthread+0x421/0x510
[ 62.430806][ T494] ret_from_fork+0x1f/0x30
[ 62.435623][ T494]
[ 62.437861][ T494] The buggy address belongs to the object at ffff88812af14280
[ 62.437861][ T494] which belongs to the cache skbuff_head_cache of size 248
[ 62.452529][ T494] The buggy address is located 0 bytes inside of
[ 62.452529][ T494] 248-byte region [ffff88812af14280, ffff88812af14378)
[ 62.465631][ T494] The buggy address belongs to the page:
[ 62.471187][ T494] page:ffffea0004abc500 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x12af14
[ 62.481308][ T494] flags: 0x4000000000000200(slab|zone=1)
[ 62.486720][ T494] raw: 4000000000000200 0000000000000000 dead000000000122 ffff8881081b3800
[ 62.495224][ T494] raw: 0000000000000000 00000000000c000c 00000001ffffffff 0000000000000000
[ 62.503854][ T494] page dumped because: kasan: bad access detected
[ 62.510085][ T494] page_owner tracks the page as allocated
[ 62.515767][ T494] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x112cc0(GFP_USER|__GFP_NOWARN|__GFP_NORETRY), pid 8, ts 61594740182, free_ts 61569658817
[ 62.531654][ T494] post_alloc_hook+0x1a3/0x1b0
[ 62.536250][ T494] prep_new_page+0x1b/0x110
[ 62.540751][ T494] get_page_from_freelist+0x3550/0x35d0
[ 62.546172][ T494] __alloc_pages+0x27e/0x8f0
[ 62.550621][ T494] new_slab+0x9a/0x4e0
[ 62.554506][ T494] ___slab_alloc+0x39e/0x830
[ 62.559294][ T494] __slab_alloc+0x4a/0x90
[ 62.563778][ T494] kmem_cache_alloc+0x134/0x200
[ 62.568514][ T494] __alloc_skb+0xbe/0x550
[ 62.572727][ T494] inet6_netconf_notify_devconf+0xdd/0x190
[ 62.578476][ T494] addrconf_ifdown+0x17cd/0x1ae0
[ 62.583813][ T494] addrconf_notify+0x37d/0xdd0
[ 62.588614][ T494] raw_notifier_call_chain+0x8c/0xf0
[ 62.594074][ T494] unregister_netdevice_many+0xe0a/0x17c0
[ 62.599622][ T494] ip6gre_exit_batch_net+0x5b2/0x600
[ 62.604919][ T494] cleanup_net+0x6ce/0xc00
[ 62.609262][ T494] page last free stack trace:
[ 62.614312][ T494] free_unref_page_prepare+0x7c8/0x7d0
[ 62.620147][ T494] free_unref_page+0xe8/0x750
[ 62.625377][ T494] __free_pages+0x61/0xf0
[ 62.630023][ T494] __vunmap+0x7bc/0x8f0
[ 62.634231][ T494] free_work+0x5b/0x80
[ 62.638129][ T494] process_one_work+0x6bb/0xc10
[ 62.643024][ T494] worker_thread+0xad5/0x12a0
[ 62.647619][ T494] kthread+0x421/0x510
[ 62.652300][ T494] ret_from_fork+0x1f/0x30
[ 62.657003][ T494]
[ 62.659384][ T494] Memory state around the buggy address:
[ 62.665067][ T494] ffff88812af14180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 62.673564][ T494] ffff88812af14200: fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc fc
[ 62.682044][ T494] >ffff88812af14280: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 62.690726][ T494] ^
[ 62.694798][ T494] ffff88812af14300: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fc
[ 62.702767][ T494] ffff88812af14380: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
[ 62.711268][ T494] ==================================================================
[ 62.731513][ T498] FAULT_INJECTION: forcing a failure.
[ 62.731513][ T498] name failslab, interval 1, probability 0, space 0, times 0
[ 62.744686][ T498] CPU: 0 PID: 498 Comm: syz.0.22 Tainted: G B 5.15.156-syzkaller-1070798-g29d153aabd54 #0
[ 62.756067][ T498] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024
[ 62.767385][ T498] Call Trace:
[ 62.770845][ T498]
[ 62.774808][ T498] dump_stack_lvl+0x151/0x1c0
[ 62.780177][ T498] ? io_uring_drop_tctx_refs+0x190/0x190
[ 62.786984][ T498] dump_stack+0x15/0x20
[ 62.791623][ T498] should_fail+0x3c6/0x510
[ 62.796961][ T498] __should_failslab+0xa4/0xe0
[ 62.801631][ T498] should_failslab+0x9/0x20
[ 62.806243][ T498] slab_pre_alloc_hook+0x37/0xd0
[ 62.811324][ T498] kmem_cache_alloc_trace+0x48/0x210
[ 62.816765][ T498] ? sk_psock_skb_ingress_self+0x60/0x330
[ 62.822858][ T498] ? migrate_disable+0x190/0x190
[ 62.828000][ T498] sk_psock_skb_ingress_self+0x60/0x330
[ 62.834296][ T498] sk_psock_verdict_recv+0x66d/0x840
[ 62.840280][ T498] unix_read_sock+0x132/0x370
[ 62.844917][ T498] ? sk_psock_skb_redirect+0x440/0x440
[ 62.850491][ T498] ? unix_stream_splice_actor+0x120/0x120
[ 62.856131][ T498] ? _raw_spin_lock_irqsave+0xf9/0x210
[ 62.861420][ T498] ? unix_stream_splice_actor+0x120/0x120
[ 62.867361][ T498] sk_psock_verdict_data_ready+0x147/0x1a0
[ 62.873170][ T498] ? sk_psock_start_verdict+0xc0/0xc0
[ 62.878993][ T498] ? _raw_spin_lock+0xa4/0x1b0
[ 62.883825][ T498] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 62.889667][ T498] ? skb_queue_tail+0xfb/0x120
[ 62.894275][ T498] unix_dgram_sendmsg+0x15fa/0x2090
[ 62.899301][ T498] ? unix_dgram_poll+0x710/0x710
[ 62.904164][ T498] ? kasan_set_track+0x5d/0x70
[ 62.908753][ T498] ? kasan_set_track+0x4b/0x70
[ 62.913445][ T498] ? security_socket_sendmsg+0x82/0xb0
[ 62.919304][ T498] ? unix_dgram_poll+0x710/0x710
[ 62.924242][ T498] ____sys_sendmsg+0x59e/0x8f0
[ 62.928929][ T498] ? __sys_sendmsg_sock+0x40/0x40
[ 62.934085][ T498] ? import_iovec+0xe5/0x120
[ 62.939023][ T498] ___sys_sendmsg+0x252/0x2e0
[ 62.943537][ T498] ? __sys_sendmsg+0x260/0x260
[ 62.948411][ T498] ? __fdget+0x1bc/0x240
[ 62.952471][ T498] __se_sys_sendmsg+0x19a/0x260
[ 62.957433][ T498] ? __x64_sys_sendmsg+0x90/0x90
[ 62.962662][ T498] ? ksys_write+0x260/0x2c0
[ 62.966969][ T498] ? debug_smp_processor_id+0x17/0x20
[ 62.972352][ T498] ? fpregs_assert_state_consistent+0xb6/0xe0
[ 62.978598][ T498] __x64_sys_sendmsg+0x7b/0x90
[ 62.983204][ T498] x64_sys_call+0x16a/0x9a0
[ 62.987546][ T498] do_syscall_64+0x3b/0xb0
[ 62.991876][ T498] ? clear_bhb_loop+0x35/0x90
[ 62.996505][ T498] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 63.002213][ T498] RIP: 0033:0x7f98bf2f19f9
[ 63.006546][ T498] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 63.026353][ T498] RSP: 002b:00007f98bed79038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 63.034794][ T498] RAX: ffffffffffffffda RBX: 00007f98bf47ff80 RCX: 00007f98bf2f19f9
[ 63.042581][ T498] RDX: 0000000000000000 RSI: 0000000020000500 RDI: 0000000000000004
[ 63.050831][ T498] RBP: 00007f98bed79090 R08: 0000000000000000 R09: 0000000000000000
[ 63.058735][ T498] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 63.066615][ T498] R13: 0000000000000000 R14: 00007f98bf47ff80 R15: 00007ffec901b9d8
[ 63.074607][ T498]
[ 63.081278][ T6] ==================================================================
[ 63.089514][ T6] BUG: KASAN: double-free or invalid-free in kmem_cache_free+0x116/0x2e0
[ 63.098185][ T6]
[ 63.100451][ T6] CPU: 0 PID: 6 Comm: kworker/0:0 Tainted: G B 5.15.156-syzkaller-1070798-g29d153aabd54 #0
[ 63.111827][ T6] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024
[ 63.122357][ T6] Workqueue: events bpf_map_free_deferred
[ 63.128575][ T6] Call Trace:
[ 63.131708][ T6]
[ 63.134559][ T6] dump_stack_lvl+0x151/0x1c0
[ 63.139196][ T6] ? io_uring_drop_tctx_refs+0x190/0x190
[ 63.144820][ T6] ? panic+0x760/0x760
[ 63.149063][ T6] ? kasan_set_free_info+0x23/0x40
[ 63.154531][ T6] ? ____kasan_slab_free+0x126/0x160
[ 63.159837][ T6] ? kmem_cache_free+0x116/0x2e0
[ 63.164676][ T6] print_address_description+0x87/0x3b0
[ 63.170058][ T6] ? worker_thread+0xad5/0x12a0
[ 63.174851][ T6] ? kthread+0x421/0x510
[ 63.179086][ T6] ? kmem_cache_free+0x116/0x2e0
[ 63.183973][ T6] ? kmem_cache_free+0x116/0x2e0
[ 63.188918][ T6] kasan_report_invalid_free+0x6b/0xa0
[ 63.194399][ T6] ____kasan_slab_free+0x13e/0x160
[ 63.199426][ T6] __kasan_slab_free+0x11/0x20
[ 63.204022][ T6] slab_free_freelist_hook+0xbd/0x190
[ 63.209229][ T6] ? kfree_skbmem+0x104/0x170
[ 63.213767][ T6] kmem_cache_free+0x116/0x2e0
[ 63.218351][ T6] kfree_skbmem+0x104/0x170
[ 63.222687][ T6] consume_skb+0xb4/0x250
[ 63.226935][ T6] __sk_msg_free+0x2dd/0x370
[ 63.231450][ T6] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 63.237112][ T6] sk_psock_stop+0x44c/0x4d0
[ 63.241713][ T6] sk_psock_drop+0x219/0x310
[ 63.246213][ T6] sock_map_unref+0x48f/0x4d0
[ 63.251099][ T6] sock_map_free+0x137/0x2b0
[ 63.255508][ T6] bpf_map_free_deferred+0x10d/0x1e0
[ 63.260856][ T6] process_one_work+0x6bb/0xc10
[ 63.265630][ T6] worker_thread+0xad5/0x12a0
[ 63.270215][ T6] kthread+0x421/0x510
[ 63.274567][ T6] ? worker_clr_flags+0x180/0x180
[ 63.279591][ T6] ? kthread_blkcg+0xd0/0xd0
[ 63.284279][ T6] ret_from_fork+0x1f/0x30
[ 63.288557][ T6]
[ 63.291407][ T6]
[ 63.293656][ T6] Allocated by task 498:
[ 63.297854][ T6] __kasan_slab_alloc+0xb1/0xe0
[ 63.302598][ T6] slab_post_alloc_hook+0x53/0x2c0
[ 63.307914][ T6] kmem_cache_alloc+0xf5/0x200
[ 63.313129][ T6] skb_clone+0x1d1/0x360
[ 63.317562][ T6] sk_psock_verdict_recv+0x53/0x840
[ 63.322607][ T6] unix_read_sock+0x132/0x370
[ 63.327297][ T6] sk_psock_verdict_data_ready+0x147/0x1a0
[ 63.333499][ T6] unix_dgram_sendmsg+0x15fa/0x2090
[ 63.338618][ T6] ____sys_sendmsg+0x59e/0x8f0
[ 63.343735][ T6] ___sys_sendmsg+0x252/0x2e0
[ 63.348601][ T6] __se_sys_sendmsg+0x19a/0x260
[ 63.353459][ T6] __x64_sys_sendmsg+0x7b/0x90
[ 63.358083][ T6] x64_sys_call+0x16a/0x9a0
[ 63.362574][ T6] do_syscall_64+0x3b/0xb0
[ 63.366825][ T6] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 63.372556][ T6]
[ 63.374727][ T6] Freed by task 6:
[ 63.378283][ T6] kasan_set_track+0x4b/0x70
[ 63.382709][ T6] kasan_set_free_info+0x23/0x40
[ 63.387484][ T6] ____kasan_slab_free+0x126/0x160
[ 63.392519][ T6] __kasan_slab_free+0x11/0x20
[ 63.397121][ T6] slab_free_freelist_hook+0xbd/0x190
[ 63.402706][ T6] kmem_cache_free+0x116/0x2e0
[ 63.407287][ T6] kfree_skbmem+0x104/0x170
[ 63.411722][ T6] kfree_skb+0xc2/0x360
[ 63.415755][ T6] sk_psock_backlog+0xc21/0xd90
[ 63.420502][ T6] process_one_work+0x6bb/0xc10
[ 63.425175][ T6] worker_thread+0xad5/0x12a0
[ 63.429693][ T6] kthread+0x421/0x510
[ 63.433593][ T6] ret_from_fork+0x1f/0x30
[ 63.437896][ T6]
[ 63.440019][ T6] The buggy address belongs to the object at ffff888115fe5640
[ 63.440019][ T6] which belongs to the cache skbuff_head_cache of size 248
[ 63.454626][ T6] The buggy address is located 0 bytes inside of
[ 63.454626][ T6] 248-byte region [ffff888115fe5640, ffff888115fe5738)
[ 63.467723][ T6] The buggy address belongs to the page:
[ 63.473479][ T6] page:ffffea000457f940 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x115fe5
[ 63.483641][ T6] flags: 0x4000000000000200(slab|zone=1)
[ 63.489291][ T6] raw: 4000000000000200 0000000000000000 dead000000000122 ffff8881081b3800
[ 63.497800][ T6] raw: 0000000000000000 00000000000c000c 00000001ffffffff 0000000000000000
[ 63.506197][ T6] page dumped because: kasan: bad access detected
[ 63.512718][ T6] page_owner tracks the page as allocated
[ 63.518268][ T6] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x112cc0(GFP_USER|__GFP_NOWARN|__GFP_NORETRY), pid 417, ts 62728871107, free_ts 62725386420
[ 63.533992][ T6] post_alloc_hook+0x1a3/0x1b0
[ 63.538677][ T6] prep_new_page+0x1b/0x110
[ 63.543118][ T6] get_page_from_freelist+0x3550/0x35d0
[ 63.548671][ T6] __alloc_pages+0x27e/0x8f0
[ 63.553531][ T6] new_slab+0x9a/0x4e0
[ 63.557833][ T6] ___slab_alloc+0x39e/0x830
[ 63.562749][ T6] __slab_alloc+0x4a/0x90
[ 63.567256][ T6] kmem_cache_alloc+0x134/0x200
[ 63.573870][ T6] __alloc_skb+0xbe/0x550
[ 63.578659][ T6] alloc_skb_with_frags+0xa6/0x680
[ 63.583982][ T6] sock_alloc_send_pskb+0x915/0xa50
[ 63.589094][ T6] unix_dgram_sendmsg+0x6fd/0x2090
[ 63.594652][ T6] sock_write_iter+0x39b/0x530
[ 63.599506][ T6] vfs_write+0xd5d/0x1110
[ 63.604103][ T6] ksys_write+0x199/0x2c0
[ 63.608867][ T6] __x64_sys_write+0x7b/0x90
[ 63.614217][ T6] page last free stack trace:
[ 63.619419][ T6] free_unref_page_prepare+0x7c8/0x7d0
[ 63.625842][ T6] free_unref_page+0xe8/0x750
[ 63.631740][ T6] __free_pages+0x61/0xf0
[ 63.636782][ T6] __free_slab+0xec/0x1d0
[ 63.641550][ T6] __unfreeze_partials+0x165/0x1a0
[ 63.646749][ T6] put_cpu_partial+0xc4/0x120
[ 63.652085][ T6] __slab_free+0x1c8/0x290
[ 63.657035][ T6] ___cache_free+0x109/0x120
[ 63.661648][ T6] qlink_free+0x4d/0x90
[ 63.665892][ T6] qlist_free_all+0x44/0xb0
[ 63.670487][ T6] kasan_quarantine_reduce+0x15a/0x180
[ 63.676068][ T6] __kasan_slab_alloc+0x2f/0xe0
[ 63.680831][ T6] slab_post_alloc_hook+0x53/0x2c0
[ 63.686464][ T6] kmem_cache_alloc+0xf5/0x200
[ 63.691891][ T6] getname_flags+0xba/0x520
[ 63.696492][ T6] user_path_at_empty+0x2d/0x1a0
[ 63.701876][ T6]
[ 63.704139][ T6] Memory state around the buggy address:
[ 63.709935][ T6] ffff888115fe5500: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 63.718742][ T6] ffff888115fe5580: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fc
[ 63.727261][ T6] >ffff888115fe5600: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
[ 63.735411][ T6] ^
[ 63.741753][ T6] ffff888115fe5680: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 63.750345][ T6] ffff888115fe5700: fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc fc
[ 63.758246][ T6] ==================================================================
[ 63.784500][ T501] FAULT_INJECTION: forcing a failure.
[ 63.784500][ T501] name failslab, interval 1, probability 0, space 0, times 0
[ 63.799048][ T501] CPU: 1 PID: 501 Comm: syz.0.23 Tainted: G B 5.15.156-syzkaller-1070798-g29d153aabd54 #0
[ 63.811495][ T501] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024
[ 63.823260][ T501] Call Trace:
[ 63.826795][ T501]
[ 63.830028][ T501] dump_stack_lvl+0x151/0x1c0
[ 63.835077][ T501] ? io_uring_drop_tctx_refs+0x190/0x190
[ 63.841748][ T501] dump_stack+0x15/0x20
[ 63.846124][ T501] should_fail+0x3c6/0x510
[ 63.850653][ T501] __should_failslab+0xa4/0xe0
[ 63.855551][ T501] should_failslab+0x9/0x20
[ 63.860389][ T501] slab_pre_alloc_hook+0x37/0xd0
[ 63.865531][ T501] kmem_cache_alloc_trace+0x48/0x210
[ 63.871155][ T501] ? sk_psock_skb_ingress_self+0x60/0x330
[ 63.877226][ T501] ? migrate_disable+0x190/0x190
[ 63.882721][ T501] sk_psock_skb_ingress_self+0x60/0x330
[ 63.888111][ T501] sk_psock_verdict_recv+0x66d/0x840
[ 63.893234][ T501] unix_read_sock+0x132/0x370
[ 63.898012][ T501] ? sk_psock_skb_redirect+0x440/0x440
[ 63.903507][ T501] ? unix_stream_splice_actor+0x120/0x120
[ 63.909027][ T501] ? _raw_spin_lock_irqsave+0xf9/0x210
[ 63.914332][ T501] ? unix_stream_splice_actor+0x120/0x120
[ 63.920124][ T501] sk_psock_verdict_data_ready+0x147/0x1a0
[ 63.926155][ T501] ? sk_psock_start_verdict+0xc0/0xc0
[ 63.932833][ T501] ? _raw_spin_lock+0xa4/0x1b0
[ 63.937618][ T501] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 63.944460][ T501] ? skb_queue_tail+0xfb/0x120
[ 63.949117][ T501] unix_dgram_sendmsg+0x15fa/0x2090
[ 63.954355][ T501] ? unix_dgram_poll+0x710/0x710
[ 63.959302][ T501] ? kasan_set_track+0x5d/0x70
[ 63.963989][ T501] ? kasan_set_track+0x4b/0x70
[ 63.968670][ T501] ? security_socket_sendmsg+0x82/0xb0
[ 63.974325][ T501] ? unix_dgram_poll+0x710/0x710
[ 63.979628][ T501] ____sys_sendmsg+0x59e/0x8f0
[ 63.984377][ T501] ? __sys_sendmsg_sock+0x40/0x40
[ 63.989225][ T501] ? import_iovec+0xe5/0x120
[ 63.993832][ T501] ___sys_sendmsg+0x252/0x2e0
[ 63.998419][ T501] ? __sys_sendmsg+0x260/0x260
[ 64.003154][ T501] ? __fdget+0x1bc/0x240
[ 64.007556][ T501] __se_sys_sendmsg+0x19a/0x260
[ 64.012245][ T501] ? __x64_sys_sendmsg+0x90/0x90
[ 64.017281][ T501] ? ksys_write+0x260/0x2c0
[ 64.021893][ T501] ? debug_smp_processor_id+0x17/0x20
[ 64.027634][ T501] ? fpregs_assert_state_consistent+0xb6/0xe0
[ 64.033789][ T501] __x64_sys_sendmsg+0x7b/0x90
[ 64.038404][ T501] x64_sys_call+0x16a/0x9a0
[ 64.042778][ T501] do_syscall_64+0x3b/0xb0
[ 64.047583][ T501] ? clear_bhb_loop+0x35/0x90
[ 64.052473][ T501] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 64.058276][ T501] RIP: 0033:0x7f98bf2f19f9
[ 64.062919][ T501] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 64.083738][ T501] RSP: 002b:00007f98bed79038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 64.092398][ T501] RAX: ffffffffffffffda RBX: 00007f98bf47ff80 RCX: 00007f98bf2f19f9
[ 64.102207][ T501] RDX: 0000000000000000 RSI: 0000000020000500 RDI: 0000000000000004
[ 64.110234][ T501] RBP: 00007f98bed79090 R08: 0000000000000000 R09: 0000000000000000
[ 64.118802][ T501] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 64.127202][ T501] R13: 0000000000000000 R14: 00007f98bf47ff80 R15: 00007ffec901b9d8
[ 64.135755][ T501]
[ 64.141732][ T6] ==================================================================
[ 64.149816][ T6] BUG: KASAN: double-free or invalid-free in kmem_cache_free+0x116/0x2e0
[ 64.158562][ T6]
[ 64.160829][ T6] CPU: 0 PID: 6 Comm: kworker/0:0 Tainted: G B 5.15.156-syzkaller-1070798-g29d153aabd54 #0
[ 64.172334][ T6] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024
[ 64.182507][ T6] Workqueue: events bpf_map_free_deferred
[ 64.188301][ T6] Call Trace:
[ 64.191718][ T6]
[ 64.194650][ T6] dump_stack_lvl+0x151/0x1c0
[ 64.199510][ T6] ? io_uring_drop_tctx_refs+0x190/0x190
[ 64.205408][ T6] ? panic+0x760/0x760
[ 64.209587][ T6] ? kasan_set_free_info+0x23/0x40
[ 64.214658][ T6] ? ____kasan_slab_free+0x126/0x160
[ 64.220094][ T6] ? kmem_cache_free+0x116/0x2e0
[ 64.225130][ T6] print_address_description+0x87/0x3b0
[ 64.230897][ T6] ? worker_thread+0xad5/0x12a0
[ 64.235676][ T6] ? kthread+0x421/0x510
[ 64.239756][ T6] ? kmem_cache_free+0x116/0x2e0
[ 64.244876][ T6] ? kmem_cache_free+0x116/0x2e0
[ 64.249925][ T6] kasan_report_invalid_free+0x6b/0xa0
[ 64.255294][ T6] ____kasan_slab_free+0x13e/0x160
[ 64.260250][ T6] __kasan_slab_free+0x11/0x20
[ 64.264837][ T6] slab_free_freelist_hook+0xbd/0x190
[ 64.270250][ T6] ? kfree_skbmem+0x104/0x170
[ 64.275583][ T6] kmem_cache_free+0x116/0x2e0
[ 64.280256][ T6] kfree_skbmem+0x104/0x170
[ 64.284576][ T6] consume_skb+0xb4/0x250
[ 64.289036][ T6] __sk_msg_free+0x2dd/0x370
[ 64.293425][ T6] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 64.299253][ T6] sk_psock_stop+0x44c/0x4d0
[ 64.304195][ T6] sk_psock_drop+0x219/0x310
[ 64.308988][ T6] sock_map_unref+0x48f/0x4d0
[ 64.313490][ T6] sock_map_free+0x137/0x2b0
[ 64.317981][ T6] bpf_map_free_deferred+0x10d/0x1e0
[ 64.323468][ T6] process_one_work+0x6bb/0xc10
[ 64.328506][ T6] worker_thread+0xad5/0x12a0
[ 64.333269][ T6] kthread+0x421/0x510
[ 64.337262][ T6] ? worker_clr_flags+0x180/0x180
[ 64.342210][ T6] ? kthread_blkcg+0xd0/0xd0
[ 64.346859][ T6] ret_from_fork+0x1f/0x30
[ 64.351554][ T6]
[ 64.354878][ T6]
[ 64.357489][ T6] Allocated by task 501:
[ 64.361771][ T6] __kasan_slab_alloc+0xb1/0xe0
[ 64.366615][ T6] slab_post_alloc_hook+0x53/0x2c0
[ 64.371667][ T6] kmem_cache_alloc+0xf5/0x200
[ 64.376265][ T6] skb_clone+0x1d1/0x360
[ 64.380467][ T6] sk_psock_verdict_recv+0x53/0x840
[ 64.385577][ T6] unix_read_sock+0x132/0x370
[ 64.390264][ T6] sk_psock_verdict_data_ready+0x147/0x1a0
[ 64.395915][ T6] unix_dgram_sendmsg+0x15fa/0x2090
[ 64.400954][ T6] ____sys_sendmsg+0x59e/0x8f0
[ 64.405636][ T6] ___sys_sendmsg+0x252/0x2e0