Warning: Permanently added '10.128.0.37' (ED25519) to the list of known hosts.
[ 36.501528][ T30] audit: type=1400 audit(1705640515.080:66): avc: denied { execmem } for pid=297 comm="syz-executor141" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[ 36.522658][ T30] audit: type=1400 audit(1705640515.100:67): avc: denied { mounton } for pid=297 comm="syz-executor141" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1
[ 36.548049][ T30] audit: type=1400 audit(1705640515.100:68): avc: denied { mount } for pid=297 comm="syz-executor141" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1
[ 36.572145][ T30] audit: type=1400 audit(1705640515.100:69): avc: denied { integrity } for pid=297 comm="syz-executor141" lockdown_reason="debugfs access" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=lockdown permissive=1
[ 36.606414][ T298] SELinux: Context root:object_r:swapfile_t is not valid (left unmapped).
[ 36.615967][ T30] audit: type=1400 audit(1705640515.200:70): avc: denied { relabelto } for pid=298 comm="mkswap" name="swap-file" dev="sda1" ino=1926 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
Setting up swapspace version 1, size = 127995904 bytes
[ 36.641935][ T30] audit: type=1400 audit(1705640515.200:71): avc: denied { write } for pid=298 comm="mkswap" path="/root/swap-file" dev="sda1" ino=1926 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[ 36.675057][ T30] audit: type=1400 audit(1705640515.260:72): avc: denied { read } for pid=297 comm="syz-executor141" name="swap-file" dev="sda1" ino=1926 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[ 36.676305][ T297] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k
[ 36.700768][ T30] audit: type=1400 audit(1705640515.260:73): avc: denied { open } for pid=297 comm="syz-executor141" path="/root/swap-file" dev="sda1" ino=1926 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
executing program
[ 36.739153][ T30] audit: type=1400 audit(1705640515.320:74): avc: denied { mounton } for pid=299 comm="syz-executor141" path="/sys/fs/fuse/connections" dev="fusectl" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=dir permissive=1
[ 36.763905][ T30] audit: type=1400 audit(1705640515.340:75): avc: denied { mount } for pid=299 comm="syz-executor141" name="/" dev="fusectl" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=filesystem permissive=1
[ 37.482169][ T299] FAULT_INJECTION: forcing a failure.
[ 37.482169][ T299] name failslab, interval 1, probability 0, space 0, times 1
[ 37.494950][ T299] CPU: 0 PID: 299 Comm: syz-executor141 Not tainted 5.15.147-syzkaller-00327-g1c3a1f32bcbd #0
[ 37.505177][ T299] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023
[ 37.515066][ T299] Call Trace:
[ 37.518188][ T299]
[ 37.520965][ T299] dump_stack_lvl+0x151/0x1b7
[ 37.525481][ T299] ? io_uring_drop_tctx_refs+0x190/0x190
[ 37.530955][ T299] dump_stack+0x15/0x17
[ 37.534942][ T299] should_fail+0x3c6/0x510
[ 37.539201][ T299] __should_failslab+0xa4/0xe0
[ 37.543795][ T299] should_failslab+0x9/0x20
[ 37.548155][ T299] slab_pre_alloc_hook+0x37/0xd0
[ 37.552916][ T299] kmem_cache_alloc_trace+0x48/0x210
[ 37.558202][ T299] ? sk_psock_skb_ingress_self+0x60/0x330
[ 37.563761][ T299] ? migrate_disable+0x190/0x190
[ 37.568535][ T299] sk_psock_skb_ingress_self+0x60/0x330
[ 37.573931][ T299] sk_psock_verdict_recv+0x66d/0x840
[ 37.579052][ T299] unix_read_sock+0x132/0x370
[ 37.583742][ T299] ? sk_psock_skb_redirect+0x440/0x440
[ 37.589025][ T299] ? unix_stream_splice_actor+0x120/0x120
[ 37.594817][ T299] ? _raw_spin_lock_irqsave+0xf9/0x210
[ 37.600116][ T299] ? unix_stream_splice_actor+0x120/0x120
[ 37.605928][ T299] sk_psock_verdict_data_ready+0x147/0x1a0
[ 37.611578][ T299] ? sk_psock_start_verdict+0xc0/0xc0
[ 37.616985][ T299] ? _raw_spin_lock+0xa4/0x1b0
[ 37.621846][ T299] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 37.627484][ T299] ? skb_queue_tail+0xfb/0x120
[ 37.632093][ T299] unix_dgram_sendmsg+0x15fa/0x2090
[ 37.637261][ T299] ? _raw_spin_unlock+0x4d/0x70
[ 37.642051][ T299] ? unix_dgram_poll+0x710/0x710
[ 37.646829][ T299] ? security_socket_sendmsg+0x82/0xb0
[ 37.652112][ T299] ? unix_dgram_poll+0x710/0x710
[ 37.656884][ T299] ____sys_sendmsg+0x59e/0x8f0
[ 37.661498][ T299] ? __sys_sendmsg_sock+0x40/0x40
[ 37.666350][ T299] ? kasan_set_track+0x5d/0x70
[ 37.670967][ T299] ? import_iovec+0xe5/0x120
[ 37.675461][ T299] ___sys_sendmsg+0x252/0x2e0
[ 37.680003][ T299] ? __sys_sendmsg+0x260/0x260
[ 37.684577][ T299] ? do_handle_mm_fault+0x1949/0x2330
[ 37.689788][ T299] ? __kasan_check_write+0x14/0x20
[ 37.694733][ T299] ? proc_fail_nth_write+0x20b/0x290
[ 37.699859][ T299] ? __kasan_check_read+0x11/0x20
[ 37.704732][ T299] ? __fdget+0x179/0x240
[ 37.708964][ T299] __sys_sendmmsg+0x2bf/0x530
[ 37.713484][ T299] ? __ia32_sys_sendmsg+0x90/0x90
[ 37.718371][ T299] ? debug_smp_processor_id+0x17/0x20
[ 37.723565][ T299] ? fpregs_assert_state_consistent+0xb6/0xe0
[ 37.729562][ T299] __x64_sys_sendmmsg+0xa0/0xb0
[ 37.734249][ T299] do_syscall_64+0x3d/0xb0
[ 37.738499][ T299] entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 37.745250][ T299] RIP: 0033:0x7fe4f7928959
[ 37.752420][ T299] Code: d8 5b c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 37.781791][ T299] RSP: 002b:00007ffd684f9e38 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 37.793195][ T299] RAX: ffffffffffffffda RBX: 00007ffd684f9e40 RCX: 00007fe4f7928959
[ 37.803405][ T299] RDX: 0000000000000001 RSI: 0000000020001680 RDI: 0000000000000003
[ 37.811932][ T299] RBP: 0000000000000001 R08: 00007ffd684f9bd7 R09: 00000010684f0037
[ 37.820568][ T299] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd684f9e90
[ 37.832261][ T299] R13: 00007ffd684f9eb0 R14: 00007ffd684f9e88 R15: 00007fe4f7977032
[ 37.841077][ T299]
[ 37.896019][ T299] ==================================================================
[ 37.904304][ T299] BUG: KASAN: use-after-free in consume_skb+0x3c/0x250
[ 37.911399][ T299] Read of size 4 at addr ffff88811cf220ec by task syz-executor141/299
[ 37.919513][ T299]
[ 37.921670][ T299] CPU: 0 PID: 299 Comm: syz-executor141 Not tainted 5.15.147-syzkaller-00327-g1c3a1f32bcbd #0
[ 37.932069][ T299] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023
[ 37.942257][ T299] Call Trace:
[ 37.945370][ T299]
[ 37.948281][ T299] dump_stack_lvl+0x151/0x1b7
[ 37.953109][ T299] ? io_uring_drop_tctx_refs+0x190/0x190
[ 37.958923][ T299] ? panic+0x751/0x751
[ 37.962950][ T299] print_address_description+0x87/0x3b0
[ 37.968310][ T299] ? rcu_report_exp_cpu_mult+0x26c/0x290
[ 37.973787][ T299] kasan_report+0x179/0x1c0
[ 37.978469][ T299] ? consume_skb+0x3c/0x250
[ 37.983000][ T299] ? consume_skb+0x3c/0x250
[ 37.987465][ T299] kasan_check_range+0x293/0x2a0
[ 37.992247][ T299] __kasan_check_read+0x11/0x20
[ 37.996927][ T299] consume_skb+0x3c/0x250
[ 38.001219][ T299] __sk_msg_free+0x2dd/0x370
[ 38.005641][ T299] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 38.011279][ T299] sk_psock_stop+0x44c/0x4d0
[ 38.015861][ T299] ? unix_peer_get+0xe0/0xe0
[ 38.020607][ T299] sock_map_close+0x2b9/0x4c0
[ 38.025118][ T299] ? sock_map_remove_links+0x570/0x570
[ 38.030499][ T299] ? rwsem_mark_wake+0x6b0/0x6b0
[ 38.035265][ T299] ? security_file_free+0xc6/0xe0
[ 38.040195][ T299] unix_release+0x82/0xc0
[ 38.044622][ T299] sock_close+0xdf/0x270
[ 38.048654][ T299] ? sock_mmap+0xa0/0xa0
[ 38.052830][ T299] __fput+0x3fe/0x910
[ 38.056651][ T299] ____fput+0x15/0x20
[ 38.060577][ T299] task_work_run+0x129/0x190
[ 38.065067][ T299] do_exit+0xc48/0x2ca0
[ 38.069061][ T299] ? put_task_struct+0x80/0x80
[ 38.073754][ T299] ? exc_page_fault+0x47a/0x830
[ 38.078444][ T299] do_group_exit+0x141/0x310
[ 38.082867][ T299] __x64_sys_exit_group+0x3f/0x40
[ 38.087719][ T299] do_syscall_64+0x3d/0xb0
[ 38.092183][ T299] entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 38.098056][ T299] RIP: 0033:0x7fe4f7925ec9
[ 38.102530][ T299] Code: Unable to access opcode bytes at RIP 0x7fe4f7925e9f.
[ 38.111298][ T299] RSP: 002b:00007ffd684f9e08 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
[ 38.119640][ T299] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007fe4f7925ec9
[ 38.127560][ T299] RDX: 000000000000003c RSI: 00000000000000e7 RDI: 0000000000000001
[ 38.135506][ T299] RBP: 00007fe4f79a9390 R08: ffffffffffffffb8 R09: 00000010684f0037
[ 38.143479][ T299] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fe4f79a9390
[ 38.151472][ T299] R13: 0000000000000000 R14: 00007fe4f79aae60 R15: 00007fe4f78f6740
[ 38.159334][ T299]
[ 38.162147][ T299]
[ 38.164315][ T299] Allocated by task 299:
[ 38.168393][ T299] __kasan_slab_alloc+0xb1/0xe0
[ 38.173082][ T299] slab_post_alloc_hook+0x53/0x2c0
[ 38.178252][ T299] kmem_cache_alloc+0xf5/0x200
[ 38.182846][ T299] skb_clone+0x1d1/0x360
[ 38.186927][ T299] sk_psock_verdict_recv+0x53/0x840
[ 38.191959][ T299] unix_read_sock+0x132/0x370
[ 38.196494][ T299] sk_psock_verdict_data_ready+0x147/0x1a0
[ 38.202120][ T299] unix_dgram_sendmsg+0x15fa/0x2090
[ 38.207275][ T299] ____sys_sendmsg+0x59e/0x8f0
[ 38.211866][ T299] ___sys_sendmsg+0x252/0x2e0
[ 38.216381][ T299] __sys_sendmmsg+0x2bf/0x530
[ 38.220891][ T299] __x64_sys_sendmmsg+0xa0/0xb0
[ 38.225575][ T299] do_syscall_64+0x3d/0xb0
[ 38.229829][ T299] entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 38.235568][ T299]
[ 38.237731][ T299] Freed by task 20:
[ 38.241396][ T299] kasan_set_track+0x4b/0x70
[ 38.245801][ T299] kasan_set_free_info+0x23/0x40
[ 38.250690][ T299] ____kasan_slab_free+0x126/0x160
[ 38.255687][ T299] __kasan_slab_free+0x11/0x20
[ 38.260230][ T299] slab_free_freelist_hook+0xbd/0x190
[ 38.265443][ T299] kmem_cache_free+0x116/0x2e0
[ 38.270045][ T299] kfree_skbmem+0x104/0x170
[ 38.274473][ T299] kfree_skb+0xc2/0x360
[ 38.278617][ T299] sk_psock_backlog+0xc21/0xd90
[ 38.283298][ T299] process_one_work+0x6bb/0xc10
[ 38.288085][ T299] worker_thread+0xad5/0x12a0
[ 38.292591][ T299] kthread+0x421/0x510
[ 38.296498][ T299] ret_from_fork+0x1f/0x30
[ 38.300753][ T299]
[ 38.302918][ T299] The buggy address belongs to the object at ffff88811cf22000
[ 38.302918][ T299] which belongs to the cache skbuff_head_cache of size 248
[ 38.317529][ T299] The buggy address is located 236 bytes inside of
[ 38.317529][ T299] 248-byte region [ffff88811cf22000, ffff88811cf220f8)
[ 38.330835][ T299] The buggy address belongs to the page:
[ 38.336412][ T299] page:ffffea000473c880 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x11cf22
[ 38.346474][ T299] flags: 0x4000000000000200(slab|zone=1)
[ 38.351957][ T299] raw: 4000000000000200 0000000000000000 dead000000000122 ffff8881003fec00
[ 38.360411][ T299] raw: 0000000000000000 00000000000c000c 00000001ffffffff 0000000000000000
[ 38.368782][ T299] page dumped because: kasan: bad access detected
[ 38.375025][ T299] page_owner tracks the page as allocated
[ 38.380679][ T299] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x12cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY), pid 20, ts 36844734042, free_ts 18756012831
[ 38.396402][ T299] post_alloc_hook+0x1a3/0x1b0
[ 38.400980][ T299] prep_new_page+0x1b/0x110
[ 38.405318][ T299] get_page_from_freelist+0x3550/0x35d0
[ 38.410698][ T299] __alloc_pages+0x27e/0x8f0
[ 38.415135][ T299] new_slab+0x9a/0x4e0
[ 38.419034][ T299] ___slab_alloc+0x39e/0x830
[ 38.423458][ T299] __slab_alloc+0x4a/0x90
[ 38.427862][ T299] kmem_cache_alloc+0x134/0x200
[ 38.432513][ T299] __alloc_skb+0xbe/0x550
[ 38.436894][ T299] alloc_skb_with_frags+0xa6/0x680
[ 38.441843][ T299] sock_alloc_send_pskb+0x915/0xa50
[ 38.446871][ T299] sock_alloc_send_skb+0x32/0x40
[ 38.451780][ T299] mld_newpack+0x1b4/0xa20
[ 38.456020][ T299] add_grec+0xdc8/0x13a0
[ 38.460065][ T299] mld_ifc_work+0x72e/0xbb0
[ 38.464413][ T299] process_one_work+0x6bb/0xc10
[ 38.469294][ T299] page last free stack trace:
[ 38.473814][ T299] free_unref_page_prepare+0x7c8/0x7d0
[ 38.479113][ T299] free_unref_page+0xe8/0x750
[ 38.483697][ T299] __put_page+0xb0/0xe0
[ 38.487700][ T299] anon_pipe_buf_release+0x187/0x200
[ 38.492822][ T299] pipe_read+0x5a6/0x1040
[ 38.496976][ T299] vfs_read+0xa7e/0xd40
[ 38.501083][ T299] ksys_read+0x199/0x2c0
[ 38.505177][ T299] __x64_sys_read+0x7b/0x90
[ 38.509500][ T299] do_syscall_64+0x3d/0xb0
[ 38.513759][ T299] entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 38.519489][ T299]
[ 38.521649][ T299] Memory state around the buggy address:
[ 38.527284][ T299] ffff88811cf21f80: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc
[ 38.535155][ T299] ffff88811cf22000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 38.543062][ T299] >ffff88811cf22080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fc
[ 38.550948][ T299] ^
[ 38.558243][ T299] ffff88811cf22100: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
[ 38.566240][ T299] ffff88811cf22180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 38.574363][ T299] ==================================================================
[ 38.582364][ T299] Disabling lock debugging due to kernel taint
[ 38.588418][ T299] ==================================================================
[ 38.596603][ T299] BUG: KASAN: double-free or invalid-free in kmem_cache_free+0x116/0x2e0
[ 38.604851][ T299]
[ 38.607107][ T299] CPU: 0 PID: 299 Comm: syz-executor141 Tainted: G B 5.15.147-syzkaller-00327-g1c3a1f32bcbd #0
[ 38.618647][ T299] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023
[ 38.628634][ T299] Call Trace:
[ 38.631754][ T299]
[ 38.634538][ T299] dump_stack_lvl+0x151/0x1b7
[ 38.639041][ T299] ? io_uring_drop_tctx_refs+0x190/0x190
[ 38.644528][ T299] ? __wake_up_klogd+0xd5/0x110
[ 38.649284][ T299] ? panic+0x751/0x751
[ 38.653192][ T299] ? kmem_cache_free+0x116/0x2e0
[ 38.657964][ T299] print_address_description+0x87/0x3b0
[ 38.663345][ T299] ? asm_sysvec_apic_timer_interrupt+0x1b/0x20
[ 38.669340][ T299] ? kmem_cache_free+0x116/0x2e0
[ 38.674113][ T299] ? kmem_cache_free+0x116/0x2e0
[ 38.678978][ T299] kasan_report_invalid_free+0x6b/0xa0
[ 38.684274][ T299] ____kasan_slab_free+0x13e/0x160
[ 38.689215][ T299] __kasan_slab_free+0x11/0x20
[ 38.693817][ T299] slab_free_freelist_hook+0xbd/0x190
[ 38.699110][ T299] ? kfree_skbmem+0x104/0x170
[ 38.703620][ T299] kmem_cache_free+0x116/0x2e0
[ 38.708224][ T299] kfree_skbmem+0x104/0x170
[ 38.712583][ T299] consume_skb+0xb4/0x250
[ 38.716728][ T299] __sk_msg_free+0x2dd/0x370
[ 38.721283][ T299] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 38.727109][ T299] sk_psock_stop+0x44c/0x4d0
[ 38.731545][ T299] ? unix_peer_get+0xe0/0xe0
[ 38.736003][ T299] sock_map_close+0x2b9/0x4c0
[ 38.740474][ T299] ? sock_map_remove_links+0x570/0x570
[ 38.745766][ T299] ? rwsem_mark_wake+0x6b0/0x6b0
[ 38.750628][ T299] ? security_file_free+0xc6/0xe0
[ 38.755513][ T299] unix_release+0x82/0xc0
[ 38.759658][ T299] sock_close+0xdf/0x270
[ 38.763739][ T299] ? sock_mmap+0xa0/0xa0
[ 38.767812][ T299] __fput+0x3fe/0x910
[ 38.771641][ T299] ____fput+0x15/0x20
[ 38.775458][ T299] task_work_run+0x129/0x190
[ 38.779889][ T299] do_exit+0xc48/0x2ca0
[ 38.783890][ T299] ? put_task_struct+0x80/0x80
[ 38.788475][ T299] ? exc_page_fault+0x47a/0x830
[ 38.793180][ T299] do_group_exit+0x141/0x310
[ 38.797593][ T299] __x64_sys_exit_group+0x3f/0x40
[ 38.802455][ T299] do_syscall_64+0x3d/0xb0
[ 38.806699][ T299] entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 38.812430][ T299] RIP: 0033:0x7fe4f7925ec9
[ 38.816683][ T299] Code: Unable to access opcode bytes at RIP 0x7fe4f7925e9f.
[ 38.824027][ T299] RSP: 002b:00007ffd684f9e08 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
[ 38.832377][ T299] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007fe4f7925ec9
[ 38.840182][ T299] RDX: 000000000000003c RSI: 00000000000000e7 RDI: 0000000000000001
[ 38.848031][ T299] RBP: 00007fe4f79a9390 R08: ffffffffffffffb8 R09: 00000010684f0037
[ 38.855807][ T299] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fe4f79a9390
[ 38.863621][ T299] R13: 0000000000000000 R14: 00007fe4f79aae60 R15: 00007fe4f78f6740
[ 38.871446][ T299]
[ 38.874294][ T299]
[ 38.876467][ T299] Allocated by task 299:
[ 38.880548][ T299] __kasan_slab_alloc+0xb1/0xe0
[ 38.885232][ T299] slab_post_alloc_hook+0x53/0x2c0
[ 38.890177][ T299] kmem_cache_alloc+0xf5/0x200
[ 38.895477][ T299] skb_clone+0x1d1/0x360
[ 38.899560][ T299] sk_psock_verdict_recv+0x53/0x840
[ 38.904594][ T299] unix_read_sock+0x132/0x370
[ 38.909102][ T299] sk_psock_verdict_data_ready+0x147/0x1a0
[ 38.914746][ T299] unix_dgram_sendmsg+0x15fa/0x2090
[ 38.919783][ T299] ____sys_sendmsg+0x59e/0x8f0
[ 38.924384][ T299] ___sys_sendmsg+0x252/0x2e0
[ 38.928891][ T299] __sys_sendmmsg+0x2bf/0x530
[ 38.933536][ T299] __x64_sys_sendmmsg+0xa0/0xb0
[ 38.938245][ T299] do_syscall_64+0x3d/0xb0
[ 38.942469][ T299] entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 38.948195][ T299]
[ 38.950382][ T299] Freed by task 20:
[ 38.954036][ T299] kasan_set_track+0x4b/0x70
[ 38.958438][ T299] kasan_set_free_info+0x23/0x40
[ 38.963213][ T299] ____kasan_slab_free+0x126/0x160
[ 38.968166][ T299] __kasan_slab_free+0x11/0x20
[ 38.972762][ T299] slab_free_freelist_hook+0xbd/0x190
[ 38.977973][ T299] kmem_cache_free+0x116/0x2e0
[ 38.982570][ T299] kfree_skbmem+0x104/0x170
[ 38.986909][ T299] kfree_skb+0xc2/0x360
[ 38.990921][ T299] sk_psock_backlog+0xc21/0xd90
[ 38.995684][ T299] process_one_work+0x6bb/0xc10
[ 39.000498][ T299] worker_thread+0xad5/0x12a0
[ 39.005002][ T299] kthread+0x421/0x510
[ 39.008906][ T299] ret_from_fork+0x1f/0x30
[ 39.013188][ T299]
[ 39.015334][ T299] The buggy address belongs to the object at ffff88811cf22000
[ 39.015334][ T299] which belongs to the cache skbuff_head_cache of size 248
[ 39.029745][ T299] The buggy address is located 0 bytes inside of
[ 39.029745][ T299] 248-byte region [ffff88811cf22000, ffff88811cf220f8)
[ 39.042675][ T299] The buggy address belongs to the page:
[ 39.048146][ T299] page:ffffea000473c880 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x11cf22
[ 39.058381][ T299] flags: 0x4000000000000200(slab|zone=1)
[ 39.063813][ T299] raw: 4000000000000200 0000000000000000 dead000000000122 ffff8881003fec00
[ 39.072231][ T299] raw: 0000000000000000 00000000000c000c 00000001ffffffff 0000000000000000
[ 39.080637][ T299] page dumped because: kasan: bad access detected
[ 39.086981][ T299] page_owner tracks the page as allocated
[ 39.092533][ T299] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x12cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY), pid 20, ts 36844734042, free_ts 18756012831
[ 39.108723][ T299] post_alloc_hook+0x1a3/0x1b0
[ 39.113638][ T299] prep_new_page+0x1b/0x110
[ 39.117982][ T299] get_page_from_freelist+0x3550/0x35d0
[ 39.123357][ T299] __alloc_pages+0x27e/0x8f0
[ 39.127776][ T299] new_slab+0x9a/0x4e0
[ 39.131695][ T299] ___slab_alloc+0x39e/0x830
[ 39.136126][ T299] __slab_alloc+0x4a/0x90
[ 39.140295][ T299] kmem_cache_alloc+0x134/0x200
[ 39.144961][ T299] __alloc_skb+0xbe/0x550
[ 39.149144][ T299] alloc_skb_with_frags+0xa6/0x680
[ 39.154097][ T299] sock_alloc_send_pskb+0x915/0xa50
[ 39.159118][ T299] sock_alloc_send_skb+0x32/0x40
[ 39.163891][ T299] mld_newpack+0x1b4/0xa20
[ 39.168144][ T299] add_grec+0xdc8/0x13a0
[ 39.172218][ T299] mld_ifc_work+0x72e/0xbb0
[ 39.176559][ T299] process_one_work+0x6bb/0xc10
[ 39.181250][ T299] page last free stack trace:
[ 39.185756][ T299] free_unref_page_prepare+0x7c8/0x7d0
[ 39.191052][ T299] free_unref_page+0xe8/0x750
[ 39.195574][ T299] __put_page+0xb0/0xe0
[ 39.199589][ T299] anon_pipe_buf_release+0x187/0x200
[ 39.204691][ T299] pipe_read+0x5a6/0x1040
[ 39.208856][ T299] vfs_read+0xa7e/0xd40
[ 39.212854][ T299] ksys_read+0x199/0x2c0
[ 39.217033][ T299] __x64_sys_read+0x7b/0x90
[ 39.221371][ T299] do_syscall_64+0x3d/0xb0
[ 39.225624][ T299] entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 39.231356][ T299]
[ 39.233790][ T299] Memory state around the buggy address:
[ 39.239464][ T299] ffff88811cf21f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 39.247358][ T299] ffff88811cf21f80: fa fb fb fb fc