Starting Network Time Synchronization...
[�[0;32m OK �[0m] Started Network Time Synchronization.
[�[0;32m OK �[0m] Started Raise network interfaces.
[�[0;32m OK �[0m] Reached target Network.
Starting Permit User Sessions...
Starting OpenBSD Secure Shell server...
[�[0;32m OK �[0m] Started Permit User Sessions.
[�[0;32m OK �[0m] Started OpenBSD Secure Shell server.
[ 11.741887][ C1] random: crng init done
[ 11.742797][ C1] random: 7 urandom warning(s) missed due to ratelimiting
Warning: Permanently added '10.128.0.172' (ECDSA) to the list of known hosts.
2020/08/29 07:58:50 parsed 1 programs
2020/08/29 07:58:50 executed programs: 0
[�[0m�[0;31m* �[0m] A start job is running for dev-ttyS0.device (8s / 1min 30s)
�[K[�[0;1;31m*�[0m�[0;31m* �[0m] A start job is running for dev-ttyS0.device (9s / 1min 30s)
�[K[�[0;31m*�[0;1;31m*�[0m�[0;31m* �[0m] A start job is running for dev-ttyS0.device (10s / 1min 30s)
�[K[ �[0;31m*�[0;1;31m*�[0m�[0;31m* �[0m] A start job is running for dev-ttyS0.device (10s / 1min 30s)
�[K[ �[0;31m*�[0;1;31m*�[0m�[0;31m* �[0m] A start job is running for dev-ttyS0.device (11s / 1min 30s)
�[K[ �[0;31m*�[0;1;31m*�[0m�[0;31m*�[0m] A start job is running for dev-ttyS0.device (11s / 1min 30s)[ 18.313412][ T22] audit: type=1400 audit(1598687930.798:8): avc: denied { execmem } for pid=357 comm="syz-executor.0" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1
[ 18.333172][ T358] cgroup1: Unknown subsys name 'perf_event'
[ 18.340099][ T358] cgroup1: Unknown subsys name 'net_cls'
�[K[ �[0;31m*�[0;1;31m*�[0m] A start job is running for dev-ttyS0.device (12s / 1min 30s)
�[K[ �[0;31m*�[0m] A start job is running for dev-ttyS0.device (12s / 1min 30s)[ 19.279632][ T824] ==================================================================
[ 19.287719][ T824] BUG: KASAN: use-after-free in ex_handler_refcount+0x14b/0x170
[ 19.295337][ T824] Write of size 4 at addr ffff8881cb655f80 by task syz-executor.0/824
[ 19.303450][ T824]
[ 19.305773][ T824] CPU: 1 PID: 824 Comm: syz-executor.0 Not tainted 5.4.61-syzkaller-00823-g34364883b1f7 #0
[ 19.315822][ T824] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 19.325855][ T824] Call Trace:
[ 19.329137][ T824] dump_stack+0x14a/0x1ce
[ 19.333564][ T824] ? show_regs_print_info+0x12/0x12
[ 19.338748][ T824] ? printk+0xd2/0x114
[ 19.342809][ T824] print_address_description+0x93/0x620
[ 19.348332][ T824] ? devkmsg_release+0x11c/0x11c
[ 19.353265][ T824] ? __start___ex_table+0x47d0/0xa590
[ 19.358619][ T824] ? bsearch+0x9b/0xc0
[ 19.362666][ T824] ? csum_partial_copy_generic+0xa2e/0x3ed0
[ 19.368538][ T824] __kasan_report+0x16d/0x1e0
[ 19.373210][ T824] ? ex_handler_refcount+0x14b/0x170
[ 19.378469][ T824] ? __start___ex_table+0x47d0/0xa590
[ 19.383829][ T824] ? __start___ex_table+0x47d0/0xa590
[ 19.389169][ T824] kasan_report+0x36/0x60
[ 19.393495][ T824] ex_handler_refcount+0x14b/0x170
[ 19.398586][ T824] ? ex_handler_fault+0xa0/0xa0
[ 19.403412][ T824] ? __start___ex_table+0x47d8/0xa590
[ 19.408766][ T824] fixup_exception+0x92/0xd0
[ 19.413324][ T824] do_trap+0x148/0x340
[ 19.417373][ T824] ? notify_die+0x1e1/0x2a0
[ 19.421847][ T824] ? csum_partial_copy_generic+0xa2e/0x3ed0
[ 19.427708][ T824] ? csum_partial_copy_generic+0xa2e/0x3ed0
[ 19.433579][ T824] do_invalid_op+0xfb/0x110
[ 19.438055][ T824] ? csum_partial_copy_generic+0xa2e/0x3ed0
[ 19.443941][ T824] invalid_op+0x1e/0x30
[ 19.448075][ T824] RIP: 0010:csum_partial_copy_generic+0xa2e/0x3ed0
[ 19.454544][ T824] Code: 0f 0b 49 8d 0f 0f 0b 49 8d 4d f4 0f 0b 48 8d 4d 00 0f 0b 49 8d 0e 0f 0b 49 8d 0e 0f 0b 49 8d 0f 0f 0b 48 8d 08 0f 0b 49 8d 0f <0f> 0b 49 8d 8c 24 b0 00 00 00 0f 0b 48 8d 8b 94 00 00 00 0f 0b 48
[ 19.474144][ T824] RSP: 0018:ffff8881c95b7e38 EFLAGS: 00010296
[ 19.480187][ T824] RAX: d671d67de4fcf700 RBX: ffff8881c9a56988 RCX: ffff8881cb655f80
[ 19.488150][ T824] RDX: dffffc0000000000 RSI: 0000000000000000 RDI: ffff8881cb655f88
[ 19.496105][ T824] RBP: dffffc0000000000 R08: 0000000000000010 R09: ffff8881c95b7d80
[ 19.504056][ T824] R10: ffffed10396cabf2 R11: 0000000000000000 R12: ffff8881c9a568c0
[ 19.512011][ T824] R13: 1ffff1103b2fdbca R14: 00000000000e0003 R15: ffff8881cb655f80
[ 19.519966][ T824] ? eventfd_release+0x4f/0xe0
[ 19.524742][ T824] ? eventfd_poll+0x100/0x100
[ 19.529396][ T824] __fput+0x27d/0x6c0
[ 19.533354][ T824] task_work_run+0x176/0x1a0
[ 19.537923][ T824] prepare_exit_to_usermode+0x286/0x2e0
[ 19.543508][ T824] entry_SYSCALL_64_after_hwframe+0x44/0xa9
[ 19.549376][ T824] RIP: 0033:0x45d5b9
[ 19.553265][ T824] Code: 5d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 2b b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[ 19.572845][ T824] RSP: 002b:00007f459f6f8c78 EFLAGS: 00000246 ORIG_RAX: 00000000000000e9
[ 19.581250][ T824] RAX: 0000000000000000 RBX: 0000000000002ac0 RCX: 000000000045d5b9
[ 19.589369][ T824] RDX: 0000000000000005 RSI: 0000000000000001 RDI: 0000000000000006
[ 19.597317][ T824] RBP: 000000000118cf88 R08: 0000000000000000 R09: 0000000000000000
[ 19.605270][ T824] R10: 0000000020000040 R11: 0000000000000246 R12: 000000000118cf4c
[ 19.613218][ T824] R13: 00007ffc1374f10f R14: 00007f459f6f99c0 R15: 000000000118cf4c
[ 19.621176][ T824]
[ 19.623488][ T824] Allocated by task 824:
[ 19.627715][ T824] __kasan_kmalloc+0x12c/0x1c0
[ 19.632473][ T824] kmem_cache_alloc_trace+0xc3/0x280
[ 19.637738][ T824] do_eventfd+0x81/0x250
[ 19.641950][ T824] __x64_sys_eventfd2+0x56/0x60
[ 19.646779][ T824] do_syscall_64+0xcb/0x150
[ 19.651249][ T824] entry_SYSCALL_64_after_hwframe+0x44/0xa9
[ 19.657101][ T824]
[ 19.659399][ T824] Freed by task 823:
[ 19.663280][ T824] __kasan_slab_free+0x181/0x230
[ 19.668184][ T824] slab_free_freelist_hook+0xd0/0x150
[ 19.673529][ T824] kfree+0x12b/0x600
[ 19.677414][ T824] eventfd_release+0xbb/0xe0
[ 19.681975][ T824] __fput+0x27d/0x6c0
[ 19.685933][ T824] task_work_run+0x176/0x1a0
[ 19.690491][ T824] prepare_exit_to_usermode+0x286/0x2e0
[ 19.696010][ T824] entry_SYSCALL_64_after_hwframe+0x44/0xa9
[ 19.701958][ T824]
[ 19.704262][ T824] The buggy address belongs to the object at ffff8881cb655f80
[ 19.704262][ T824] which belongs to the cache kmalloc-64 of size 64
[ 19.718117][ T824] The buggy address is located 0 bytes inside of
[ 19.718117][ T824] 64-byte region [ffff8881cb655f80, ffff8881cb655fc0)
[ 19.731094][ T824] The buggy address belongs to the page:
[ 19.736699][ T824] page:ffffea00072d9540 refcount:1 mapcount:0 mapping:ffff8881da803180 index:0x0
[ 19.745768][ T824] flags: 0x8000000000000200(slab)
[ 19.750772][ T824] raw: 8000000000000200 dead000000000100 dead000000000122 ffff8881da803180
[ 19.759318][ T824] raw: 0000000000000000 0000000080200020 00000001ffffffff 0000000000000000
[ 19.767960][ T824] page dumped because: kasan: bad access detected
[ 19.774347][ T824]
[ 19.776639][ T824] Memory state around the buggy address:
[ 19.782235][ T824] ffff8881cb655e80: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[ 19.790260][ T824] ffff8881cb655f00: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[ 19.798296][ T824] >ffff8881cb655f80: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[ 19.806354][ T824] ^
[ 19.810432][ T824] ffff8881cb656000: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 19.818667][ T824] ffff8881cb656080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 19.826701][ T824] ==================================================================
[ 19.834733][ T824] Disabling lock debugging due to kernel taint
�[K[ �[0;31m[ 19.842821][ T824] ==================================================================
*�[0;1;31m*�[0m][ 19.851460][ T824] BUG: KASAN: double-free or invalid-free in kmem_cache_free+0xac/0x600
[ 19.862275][ T824]
[ 19.864663][ T824] CPU: 1 PID: 824 Comm: syz-executor.0 Tainted: G B 5.4.61-syzkaller-00823-g34364883b1f7 #0
[ 19.876028][ T824] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
A start job is [ 19.886092][ T824] Call Trace:
[ 19.890787][ T824] dump_stack+0x14a/0x1ce
running for dev-[ 19.895118][ T824] ? show_regs_print_info+0x12/0x12
[ 19.901713][ T824] ? printk+0xd2/0x114
[ 19.905776][ T824] ? kmem_cache_free+0xac/0x600
ttyS0.device (13[ 19.910650][ T824] ? kmem_cache_free+0xac/0x600
[ 19.916864][ T824] print_address_description+0x93/0x620
s / 1min 30s)[ 19.922398][ T824] ? is_mmconf_reserved+0x420/0x420
[ 19.928702][ T824] ? kmem_cache_free+0xac/0x600
[ 19.933536][ T824] ? kmem_cache_free+0xac/0x600
[ 19.938364][ T824] kasan_report_invalid_free+0x54/0xc0
[ 19.943789][ T824] __kasan_slab_free+0x102/0x230
[ 19.948695][ T824] ? schedule_preempt_disabled+0x20/0x20
[ 19.954307][ T824] ? devkmsg_release+0x11c/0x11c
[ 19.959229][ T824] ? apic_timer_interrupt+0xa/0x20
[ 19.964309][ T824] ? ___preempt_schedule+0x16/0x20
[ 19.969411][ T824] ? _raw_spin_unlock_irqrestore+0x20/0x30
[ 19.975190][ T824] ? __kasan_report+0x1c6/0x1e0
[ 19.980043][ T824] ? ex_handler_refcount+0x14b/0x170
[ 19.985305][ T824] ? __start___ex_table+0x47d0/0xa590
[ 19.990663][ T824] ? __start___ex_table+0x47d0/0xa590
[ 19.996009][ T824] ? kasan_report+0x36/0x60
[ 20.000519][ T824] ? kasan_report+0x36/0x60
[ 20.005003][ T824] ? check_memory_region+0x2b5/0x2f0
[ 20.010260][ T824] slab_free_freelist_hook+0xd0/0x150
[ 20.015602][ T824] ? dput+0x2e1/0x5e0
[ 20.019552][ T824] kmem_cache_free+0xac/0x600
[ 20.024197][ T824] ? kasan_report+0x36/0x60
[ 20.028676][ T824] dput+0x2e1/0x5e0
[ 20.032459][ T824] __fput+0x46b/0x6c0
[ 20.036411][ T824] task_work_run+0x176/0x1a0
[ 20.040972][ T824] prepare_exit_to_usermode+0x286/0x2e0
[ 20.046486][ T824] entry_SYSCALL_64_after_hwframe+0x44/0xa9
[ 20.052480][ T824] RIP: 0033:0x45d5b9
[ 20.056347][ T824] Code: 5d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 2b b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[ 20.075961][ T824] RSP: 002b:00007f459f6f8c78 EFLAGS: 00000246 ORIG_RAX: 00000000000000e9
[ 20.084362][ T824] RAX: 0000000000000000 RBX: 0000000000002ac0 RCX: 000000000045d5b9
[ 20.092327][ T824] RDX: 0000000000000005 RSI: 0000000000000001 RDI: 0000000000000006
[ 20.100288][ T824] RBP: 000000000118cf88 R08: 0000000000000000 R09: 0000000000000000
[ 20.108239][ T824] R10: 0000000020000040 R11: 0000000000000246 R12: 000000000118cf4c
[ 20.116188][ T824] R13: 00007ffc1374f10f R14: 00007f459f6f99c0 R15: 000000000118cf4c
[ 20.124169][ T824]
[ 20.126513][ T824] Allocated by task 824:
[ 20.130730][ T824] __kasan_kmalloc+0x12c/0x1c0
[ 20.135505][ T824] kmem_cache_alloc+0x1d5/0x260
[ 20.140352][ T824] __d_alloc+0x2a/0x6b0
[ 20.144478][ T824] d_alloc_pseudo+0x19/0x70
[ 20.148956][ T824] alloc_file_pseudo+0x15b/0x340
[ 20.153905][ T824] anon_inode_getfile+0xa7/0x170
[ 20.158812][ T824] anon_inode_getfd+0x3e/0x80
[ 20.163456][ T824] do_eventfd+0x16b/0x250
[ 20.167778][ T824] __x64_sys_eventfd2+0x56/0x60
[ 20.172628][ T824] do_syscall_64+0xcb/0x150
[ 20.177101][ T824] entry_SYSCALL_64_after_hwframe+0x44/0xa9
[ 20.182967][ T824]
[ 20.185265][ T824] Freed by task 823:
[ 20.189134][ T824] __kasan_slab_free+0x181/0x230
[ 20.194220][ T824] slab_free_freelist_hook+0xd0/0x150
[ 20.199573][ T824] kmem_cache_free+0xac/0x600
[ 20.204230][ T824] dput+0x2e1/0x5e0
[ 20.208005][ T824] __fput+0x46b/0x6c0
[ 20.211952][ T824] task_work_run+0x176/0x1a0
[ 20.216552][ T824] prepare_exit_to_usermode+0x286/0x2e0
[ 20.222086][ T824] entry_SYSCALL_64_after_hwframe+0x44/0xa9
[ 20.227940][ T824]
[ 20.230239][ T824] The buggy address belongs to the object at ffff8881d3a52770
[ 20.230239][ T824] which belongs to the cache dentry of size 208
[ 20.243835][ T824] The buggy address is located 0 bytes inside of
[ 20.243835][ T824] 208-byte region [ffff8881d3a52770, ffff8881d3a52840)
[ 20.256907][ T824] The buggy address belongs to the page:
[ 20.262538][ T824] page:ffffea00074e9480 refcount:1 mapcount:0 mapping:ffff8881da8ef900 index:0x0
[ 20.271713][ T824] flags: 0x8000000000000200(slab)
[ 20.276708][ T824] raw: 8000000000000200 dead000000000100 dead000000000122 ffff8881da8ef900
[ 20.285261][ T824] raw: 0000000000000000 00000000800f000f 00000001ffffffff 0000000000000000
[ 20.293820][ T824] page dumped because: kasan: bad access detected
[ 20.300206][ T824]
[ 20.302506][ T824] Memory state around the buggy address:
[ 20.308121][ T824] ffff8881d3a52600: 00 00 00 00 fc fc fc fc fc fc fc fc 00 00 00 00
[ 20.316154][ T824] ffff8881d3a52680: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 20.324201][ T824] >ffff8881d3a52700: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fb fb
[ 20.332230][ T824] ^
[ 20.339927][ T824] ffff8881d3a52780: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 20.348317][ T824] ffff8881d3a52800: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[ 20.356354][ T824] ==================================================================
[ 20.432440][ C1] ==================================================================
[ 20.440541][ C1] BUG: KASAN: double-free or invalid-free in kfree+0x12b/0x600
[ 20.448269][ C1]
[ 20.450598][ C1] CPU: 1 PID: 144 Comm: systemd-udevd Tainted: G B 5.4.61-syzkaller-00823-g34364883b1f7 #0
[ 20.461852][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 20.472011][ C1] Call Trace:
[ 20.475297][ C1]
[ 20.478154][ C1] dump_stack+0x14a/0x1ce
[ 20.482498][ C1] ? arch_stack_walk+0xd8/0x120
[ 20.487345][ C1] ? show_regs_print_info+0x12/0x12
[ 20.492710][ C1] ? printk+0xd2/0x114
[ 20.496775][ C1] ? kfree+0x12b/0x600
[ 20.500842][ C1] ? kfree+0x12b/0x600
[ 20.504909][ C1] print_address_description+0x93/0x620
[ 20.510449][ C1] ? devkmsg_release+0x11c/0x11c
[ 20.515412][ C1] ? __kasan_slab_free+0x1f2/0x230
[ 20.520517][ C1] ? kfree+0x12b/0x600
[ 20.524585][ C1] ? kfree+0x12b/0x600
[ 20.524593][ C1] kasan_report_invalid_free+0x54/0xc0
[ 20.524599][ C1] __kasan_slab_free+0x102/0x230
[ 20.524612][ C1] ? __kasan_slab_free+0x181/0x230
[ 20.544097][ C1] ? slab_free_freelist_hook+0xd0/0x150
[ 20.549660][ C1] ? kmem_cache_free+0xac/0x600
[ 20.554523][ C1] ? rcu_core+0xbc0/0x1330
[ 20.558935][ C1] ? __do_softirq+0x2d5/0x725
[ 20.563601][ C1] ? irq_exit+0x16d/0x180
[ 20.567919][ C1] ? smp_apic_timer_interrupt+0x281/0x3f0
[ 20.573627][ C1] ? apic_timer_interrupt+0xf/0x20
[ 20.578726][ C1] ? memset_erms+0xb/0x10
[ 20.583053][ C1] ? unwind_next_frame+0x131f/0x2330
[ 20.588338][ C1] ? arch_stack_walk+0xf4/0x120
[ 20.593348][ C1] ? stack_trace_save+0x123/0x1f0
[ 20.598406][ C1] ? __kasan_slab_free+0x181/0x230
[ 20.603515][ C1] ? slab_free_freelist_hook+0xd0/0x150
[ 20.609056][ C1] ? kmem_cache_free+0xac/0x600
[ 20.613904][ C1] ? filename_lookup+0x509/0x6e0
[ 20.618863][ C1] ? __se_sys_newlstat+0xe4/0x8b0
[ 20.623882][ C1] ? do_syscall_64+0xcb/0x150
�[K[ �[0;31m*[ 20.629338][ C1] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9
[ 20.636781][ C1] slab_free_freelist_hook+0xd0/0x150
�[0;1;31m*�[0m�[[ 20.642150][ C1] ? rcu_core+0xb64/0x1330
[ 20.647933][ C1] kfree+0x12b/0x600
0;31m*�[0m] A st[ 20.651825][ C1] rcu_core+0xb64/0x1330
[ 20.657482][ C1] ? rebalance_domains+0x703/0x800
art job is runni[ 20.662615][ C1] ? rcu_cpu_kthread_park+0x70/0x70
[ 20.669208][ C1] ? kick_ilb+0x1e0/0x1e0
ng for dev-ttyS0[ 20.673540][ C1] ? run_rebalance_domains+0x16b/0x240
[ 20.680378][ C1] __do_softirq+0x2d5/0x725
.device (14s / 1[ 20.684886][ C1] ? __irqentry_text_end+0x1fc47b/0x1fc47b
[ 20.692058][ C1] ? hrtimer_init+0x340/0x340
min 30s)[ 20.696733][ C1] irq_exit+0x16d/0x180
[ 20.701565][ C1] smp_apic_timer_interrupt+0x281/0x3f0
[ 20.707108][ C1] apic_timer_interrupt+0xf/0x20
[ 20.712033][ C1]
[ 20.714990][ C1] RIP: 0010:memset_erms+0xb/0x10
[ 20.719916][ C1] Code: 03 40 0f b6 f6 48 b8 01 01 01 01 01 01 01 01 48 0f af c6 f3 48 ab 89 d1 f3 aa 4c 89 c8 c3 90 49 89 f9 40 88 f0 48 89 d1 f3 aa <4c> 89 c8 c3 90 49 89 fa 40 0f b6 ce 48 b8 01 01 01 01 01 01 01 01
[ 20.739538][ C1] RSP: 0018:ffff8881d10ef498 EFLAGS: 00000256 ORIG_RAX: ffffffffffffff13
[ 20.748052][ C1] RAX: dffffc0000000000 RBX: ffff8881d10ef678 RCX: 0000000000000000
[ 20.756015][ C1] RDX: 0000000000000010 RSI: 0000000000000000 RDI: ffff8881d10ef6a0
[ 20.763969][ C1] RBP: ffff8881d10ef630 R08: dffffc0000000000 R09: ffff8881d10ef690
[ 20.771919][ C1] R10: ffffed103a21ded4 R11: 0000000000000000 R12: ffff8881d10ef640
[ 20.779884][ C1] R13: 1ffffffff0a093c8 R14: ffff8881d10ef690 R15: ffffffff85049e3e
[ 20.787864][ C1] unwind_next_frame+0x131f/0x2330
[ 20.792995][ C1] ? stack_trace_save+0x123/0x1f0
[ 20.798019][ C1] ? unwind_get_return_address_ptr+0x130/0x130
[ 20.804163][ C1] ? unwind_next_frame+0x2330/0x2330
[ 20.809441][ C1] ? __kasan_slab_free+0x181/0x230
[ 20.814574][ C1] ? stack_trace_save+0x123/0x1f0
[ 20.819585][ C1] ? stack_trace_save+0x1f0/0x1f0
[ 20.824586][ C1] arch_stack_walk+0xf4/0x120
[ 20.829248][ C1] ? __kasan_slab_free+0x181/0x230
[ 20.834355][ C1] stack_trace_save+0x123/0x1f0
[ 20.839209][ C1] ? lockref_get_or_lock+0x340/0x340
[ 20.844492][ C1] ? stack_trace_snprint+0x150/0x150
[ 20.849770][ C1] ? lookup_fast+0x214/0xfd0
[ 20.854360][ C1] ? __rcu_read_lock+0x50/0x50
[ 20.859114][ C1] __kasan_slab_free+0x181/0x230
[ 20.864061][ C1] slab_free_freelist_hook+0xd0/0x150
[ 20.869433][ C1] ? filename_lookup+0x509/0x6e0
[ 20.874349][ C1] kmem_cache_free+0xac/0x600
[ 20.879046][ C1] filename_lookup+0x509/0x6e0
[ 20.883806][ C1] ? hashlen_string+0x120/0x120
[ 20.888651][ C1] ? getname_flags+0x20d/0x610
[ 20.893435][ C1] __se_sys_newlstat+0xe4/0x8b0
[ 20.898296][ C1] ? __x64_sys_newlstat+0x60/0x60
[ 20.903323][ C1] ? __secure_computing+0x1b6/0x250
[ 20.908536][ C1] do_syscall_64+0xcb/0x150
[ 20.913034][ C1] entry_SYSCALL_64_after_hwframe+0x44/0xa9
[ 20.918913][ C1] RIP: 0033:0x7f04d016b335
[ 20.923322][ C1] Code: 69 db 2b 00 64 c7 00 16 00 00 00 b8 ff ff ff ff c3 0f 1f 40 00 83 ff 01 48 89 f0 77 30 48 89 c7 48 89 d6 b8 06 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 03 f3 c3 90 48 8b 15 31 db 2b 00 f7 d8 64 89
[ 20.942940][ C1] RSP: 002b:00007fffad2a2a58 EFLAGS: 00000246 ORIG_RAX: 0000000000000006
[ 20.951366][ C1] RAX: ffffffffffffffda RBX: 0000560bc64928e0 RCX: 00007f04d016b335
[ 20.959353][ C1] RDX: 00007fffad2a2a90 RSI: 00007fffad2a2a90 RDI: 0000560bc64918e0
[ 20.967336][ C1] RBP: 00007fffad2a2b50 R08: 00007f04d042a208 R09: 0000000000001010
[ 20.975320][ C1] R10: 0000000000000020 R11: 0000000000000246 R12: 0000560bc64918e0
[ 20.983282][ C1] R13: 0000560bc64918fa R14: 0000560bc6499e65 R15: 0000560bc6499e6a
[ 20.991262][ C1]
[ 20.993571][ C1] Allocated by task 824:
[ 20.997830][ C1] __kasan_kmalloc+0x12c/0x1c0
[ 21.002581][ C1] kmem_cache_alloc+0x1d5/0x260
[ 21.007441][ C1] __alloc_file+0x26/0x390
[ 21.011844][ C1] alloc_empty_file+0xa9/0x1b0
[ 21.016597][ C1] alloc_file+0x58/0x4b0
[ 21.020829][ C1] alloc_file_pseudo+0x28c/0x340
[ 21.025757][ C1] anon_inode_getfile+0xa7/0x170
[ 21.030684][ C1] anon_inode_getfd+0x3e/0x80
[ 21.035348][ C1] do_eventfd+0x16b/0x250
[ 21.039677][ C1] __x64_sys_eventfd2+0x56/0x60
[ 21.044520][ C1] do_syscall_64+0xcb/0x150
[ 21.049012][ C1] entry_SYSCALL_64_after_hwframe+0x44/0xa9
[ 21.054925][ C1]
[ 21.057255][ C1] Freed by task 829:
[ 21.061140][ C1] __kasan_slab_free+0x181/0x230
[ 21.066073][ C1] slab_free_freelist_hook+0xd0/0x150
[ 21.071440][ C1] kmem_cache_free+0xac/0x600
[ 21.076108][ C1] rcu_core+0xbc0/0x1330
[ 21.080334][ C1] __do_softirq+0x2d5/0x725
[ 21.084805][ C1]
[ 21.087128][ C1] The buggy address belongs to the object at ffff8881c9a568c0
[ 21.087128][ C1] which belongs to the cache filp of size 256
[ 21.100562][ C1] The buggy address is located 0 bytes inside of
[ 21.100562][ C1] 256-byte region [ffff8881c9a568c0, ffff8881c9a569c0)
[ 21.113641][ C1] The buggy address belongs to the page:
[ 21.119298][ C1] page:ffffea0007269580 refcount:1 mapcount:0 mapping:ffff8881da8ee780 index:0x0
[ 21.128384][ C1] flags: 0x8000000000000200(slab)
[ 21.133403][ C1] raw: 8000000000000200 dead000000000100 dead000000000122 ffff8881da8ee780
[ 21.141969][ C1] raw: 0000000000000000 00000000000c000c 00000001ffffffff 0000000000000000
[ 21.150532][ C1] page dumped because: kasan: bad access detected
[ 21.156929][ C1]
[ 21.159246][ C1] Memory state around the buggy address:
[ 21.164873][ C1] ffff8881c9a56780: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 21.172951][ C1] ffff8881c9a56800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 21.181003][ C1] >ffff8881c9a56880: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb
[ 21.189047][ C1] ^
[ 21.195187][ C1] ffff8881c9a56900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 21.203238][ C1] ffff8881c9a56980: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[ 21.211285][ C1] ==================================================================
[ 21.219366][ C1] ==================================================================
[ 21.227424][ C1] BUG: KASAN: double-free or invalid-free in kfree+0x12b/0x600
[ 21.234948][ C1]
[ 21.237272][ C1] CPU: 1 PID: 144 Comm: systemd-udevd Tainted: G B 5.4.61-syzkaller-00823-g34364883b1f7 #0
[ 21.248702][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 21.258764][ C1] Call Trace:
[ 21.262037][ C1]
[ 21.264914][ C1] dump_stack+0x14a/0x1ce
[ 21.269239][ C1] ? show_regs_print_info+0x12/0x12
[ 21.274433][ C1] ? printk+0xd2/0x114
[ 21.278491][ C1] ? kfree+0x12b/0x600
[ 21.282563][ C1] ? kfree+0x12b/0x600
[ 21.286626][ C1] print_address_description+0x93/0x620
[ 21.292162][ C1] ? devkmsg_release+0x11c/0x11c
[ 21.297101][ C1] ? kfree+0x12b/0x600
[ 21.297108][ C1] ? kfree+0x12b/0x600
[ 21.297116][ C1] kasan_report_invalid_free+0x54/0xc0
[ 21.297124][ C1] __kasan_slab_free+0x102/0x230
[ 21.297130][ C1] ? __kasan_slab_free+0x181/0x230
[ 21.297137][ C1] ? slab_free_freelist_hook+0xd0/0x150
[ 21.297143][ C1] ? kmem_cache_free+0xac/0x600
[ 21.297151][ C1] ? rcu_core+0xbc0/0x1330
[ 21.297166][ C1] ? __do_softirq+0x2d5/0x725
[ 21.340172][ C1] ? irq_exit+0x16d/0x180
[ 21.344499][ C1] ? smp_apic_timer_interrupt+0x281/0x3f0
[ 21.350234][ C1] ? apic_timer_interrupt+0xf/0x20
[ 21.355347][ C1] ? memset_erms+0xb/0x10
[ 21.359762][ C1] ? unwind_next_frame+0x131f/0x2330
[ 21.365041][ C1] ? arch_stack_walk+0xf4/0x120
[ 21.369882][ C1] ? stack_trace_save+0x123/0x1f0
[ 21.374892][ C1] ? __kasan_slab_free+0x181/0x230
[ 21.379999][ C1] ? slab_free_freelist_hook+0xd0/0x150
[ 21.385536][ C1] ? kmem_cache_free+0xac/0x600
[ 21.390382][ C1] ? filename_lookup+0x509/0x6e0
[ 21.395376][ C1] ? __se_sys_newlstat+0xe4/0x8b0
[ 21.400393][ C1] ? do_syscall_64+0xcb/0x150
[ 21.405060][ C1] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9
[ 21.411122][ C1] slab_free_freelist_hook+0xd0/0x150
�[K[ �[0;31m*�[ 21.416512][ C1] ? rcu_core+0xb64/0x1330
[ 21.422302][ C1] kfree+0x12b/0x600
[0;1;31m*�[0m�[0[ 21.426187][ C1] rcu_core+0xb64/0x1330
[ 21.431807][ C1] ? rebalance_domains+0x703/0x800
;31m* �[0m] A st[ 21.436911][ C1] ? rcu_cpu_kthread_park+0x70/0x70
art job is runni[ 21.443479][ C1] ? kick_ilb+0x1e0/0x1e0
[ 21.449181][ C1] ? run_rebalance_domains+0x16b/0x240
ng for dev-ttyS0[ 21.454635][ C1] __do_softirq+0x2d5/0x725
[ 21.460515][ C1] ? __irqentry_text_end+0x1fc47b/0x1fc47b
.device (15s / 1[ 21.466351][ C1] ? hrtimer_init+0x340/0x340
[ 21.472396][ C1] irq_exit+0x16d/0x180
min 30s)[ 21.476561][ C1] smp_apic_timer_interrupt+0x281/0x3f0
[ 21.482774][ C1] apic_timer_interrupt+0xf/0x20
[ 21.487695][ C1]
[ 21.490641][ C1] RIP: 0010:memset_erms+0xb/0x10
[ 21.495569][ C1] Code: 03 40 0f b6 f6 48 b8 01 01 01 01 01 01 01 01 48 0f af c6 f3 48 ab 89 d1 f3 aa 4c 89 c8 c3 90 49 89 f9 40 88 f0 48 89 d1 f3 aa <4c> 89 c8 c3 90 49 89 fa 40 0f b6 ce 48 b8 01 01 01 01 01 01 01 01
[ 21.515170][ C1] RSP: 0018:ffff8881d10ef498 EFLAGS: 00000256 ORIG_RAX: ffffffffffffff13
[ 21.523574][ C1] RAX: dffffc0000000000 RBX: ffff8881d10ef678 RCX: 0000000000000000
[ 21.531560][ C1] RDX: 0000000000000010 RSI: 0000000000000000 RDI: ffff8881d10ef6a0
[ 21.539535][ C1] RBP: ffff8881d10ef630 R08: dffffc0000000000 R09: ffff8881d10ef690
[ 21.547537][ C1] R10: ffffed103a21ded4 R11: 0000000000000000 R12: ffff8881d10ef640
[ 21.555501][ C1] R13: 1ffffffff0a093c8 R14: ffff8881d10ef690 R15: ffffffff85049e3e
[ 21.563502][ C1] unwind_next_frame+0x131f/0x2330
[ 21.568635][ C1] ? stack_trace_save+0x123/0x1f0
[ 21.573664][ C1] ? unwind_get_return_address_ptr+0x130/0x130
[ 21.579813][ C1] ? unwind_next_frame+0x2330/0x2330
[ 21.585092][ C1] ? __kasan_slab_free+0x181/0x230
[ 21.590195][ C1] ? stack_trace_save+0x123/0x1f0
[ 21.595211][ C1] ? stack_trace_save+0x1f0/0x1f0
[ 21.600249][ C1] arch_stack_walk+0xf4/0x120
[ 21.604918][ C1] ? __kasan_slab_free+0x181/0x230
[ 21.610015][ C1] stack_trace_save+0x123/0x1f0
[ 21.614851][ C1] ? lockref_get_or_lock+0x340/0x340
[ 21.620129][ C1] ? stack_trace_snprint+0x150/0x150
[ 21.625410][ C1] ? lookup_fast+0x214/0xfd0
[ 21.629996][ C1] ? __rcu_read_lock+0x50/0x50
[ 21.634753][ C1] __kasan_slab_free+0x181/0x230
[ 21.639714][ C1] slab_free_freelist_hook+0xd0/0x150
[ 21.645106][ C1] ? filename_lookup+0x509/0x6e0
[ 21.650031][ C1] kmem_cache_free+0xac/0x600
[ 21.654690][ C1] filename_lookup+0x509/0x6e0
[ 21.659435][ C1] ? hashlen_string+0x120/0x120
[ 21.664305][ C1] ? getname_flags+0x20d/0x610
[ 21.669064][ C1] __se_sys_newlstat+0xe4/0x8b0
[ 21.673904][ C1] ? __x64_sys_newlstat+0x60/0x60
[ 21.678924][ C1] ? __secure_computing+0x1b6/0x250
[ 21.684124][ C1] do_syscall_64+0xcb/0x150
[ 21.688644][ C1] entry_SYSCALL_64_after_hwframe+0x44/0xa9
[ 21.695049][ C1] RIP: 0033:0x7f04d016b335
[ 21.699459][ C1] Code: 69 db 2b 00 64 c7 00 16 00 00 00 b8 ff ff ff ff c3 0f 1f 40 00 83 ff 01 48 89 f0 77 30 48 89 c7 48 89 d6 b8 06 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 03 f3 c3 90 48 8b 15 31 db 2b 00 f7 d8 64 89
[ 21.719450][ C1] RSP: 002b:00007fffad2a2a58 EFLAGS: 00000246 ORIG_RAX: 0000000000000006
[ 21.727856][ C1] RAX: ffffffffffffffda RBX: 0000560bc64928e0 RCX: 00007f04d016b335
[ 21.735821][ C1] RDX: 00007fffad2a2a90 RSI: 00007fffad2a2a90 RDI: 0000560bc64918e0
[ 21.743788][ C1] RBP: 00007fffad2a2b50 R08: 00007f04d042a208 R09: 0000000000001010
[ 21.751766][ C1] R10: 0000000000000020 R11: 0000000000000246 R12: 0000560bc64918e0
[ 21.759731][ C1] R13: 0000560bc64918fa R14: 0000560bc6499e65 R15: 0000560bc6499e6a
[ 21.767720][ C1]
[ 21.770069][ C1] Allocated by task 823:
[ 21.774303][ C1] __kasan_kmalloc+0x12c/0x1c0
[ 21.779060][ C1] kmem_cache_alloc+0x1d5/0x260
[ 21.783898][ C1] alloc_pid+0x48/0x7c0
[ 21.788033][ C1] copy_process+0x24c4/0x5110
[ 21.792701][ C1] _do_fork+0x196/0x920
[ 21.797019][ C1] __x64_sys_clone+0x25e/0x2c0
[ 21.801773][ C1] do_syscall_64+0xcb/0x150
[ 21.806266][ C1] entry_SYSCALL_64_after_hwframe+0x44/0xa9
[ 21.812133][ C1]
[ 21.814444][ C1] Freed by task 829:
[ 21.818310][ C1] __kasan_slab_free+0x181/0x230
[ 21.823224][ C1] slab_free_freelist_hook+0xd0/0x150
[ 21.828567][ C1] kmem_cache_free+0xac/0x600
[ 21.833220][ C1] delayed_put_pid+0xb6/0xe0
[ 21.837800][ C1] rcu_core+0xbc0/0x1330
[ 21.842031][ C1] __do_softirq+0x2d5/0x725
[ 21.846599][ C1]
[ 21.848902][ C1] The buggy address belongs to the object at ffff8881c9a5be40
[ 21.848902][ C1] which belongs to the cache pid_2 of size 112
[ 21.862413][ C1] The buggy address is located 0 bytes inside of
[ 21.862413][ C1] 112-byte region [ffff8881c9a5be40, ffff8881c9a5beb0)
[ 21.875529][ C1] The buggy address belongs to the page:
[ 21.881151][ C1] page:ffffea00072696c0 refcount:1 mapcount:0 mapping:ffff8881da1f6280 index:0x0
[ 21.890238][ C1] flags: 0x8000000000000200(slab)
[ 21.895258][ C1] raw: 8000000000000200 dead000000000100 dead000000000122 ffff8881da1f6280
[ 21.903830][ C1] raw: 0000000000000000 0000000000150015 00000001ffffffff 0000000000000000
[ 21.912389][ C1] page dumped because: kasan: bad access detected
[ 21.918784][ C1]
[ 21.921095][ C1] Memory state around the buggy address:
[ 21.926706][ C1] ffff8881c9a5bd00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc
[ 21.934757][ C1] ffff8881c9a5bd80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc fc
[ 21.942898][ C1] >ffff8881c9a5be00: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb
[ 21.950938][ C1] ^
[ 21.957093][ C1] ffff8881c9a5be80: fb fb fb fb fb fb fc fc fc fc fc fc fc fc fc fc
[ 21.965144][ C1] ffff8881c9a5bf00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc fc
[ 21.973213][ C1] ==================================================================
[ 21.981304][ C1] ==================================================================
[ 21.989372][ C1] BUG: KASAN: double-free or invalid-free in kfree+0x12b/0x600
[ 21.996920][ C1]
[ 21.999245][ C1] CPU: 1 PID: 144 Comm: systemd-udevd Tainted: G B 5.4.61-syzkaller-00823-g34364883b1f7 #0
[ 22.010503][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 22.020551][ C1] Call Trace:
[ 22.023874][ C1]
[ 22.026759][ C1] dump_stack+0x14a/0x1ce
[ 22.031263][ C1] ? show_regs_print_info+0x12/0x12
[ 22.036458][ C1] ? printk+0xd2/0x114
[ 22.040518][ C1] ? kfree+0x12b/0x600
[ 22.044571][ C1] ? kfree+0x12b/0x600
[ 22.048671][ C1] print_address_description+0x93/0x620
[ 22.054211][ C1] ? devkmsg_release+0x11c/0x11c
[ 22.059148][ C1] ? kfree+0x12b/0x600
[ 22.063233][ C1] ? kfree+0x12b/0x600
[ 22.067295][ C1] kasan_report_invalid_free+0x54/0xc0
[ 22.072755][ C1] __kasan_slab_free+0x102/0x230
[ 22.072764][ C1] ? __kasan_slab_free+0x181/0x230
[ 22.072772][ C1] ? slab_free_freelist_hook+0xd0/0x150
[ 22.072780][ C1] ? kmem_cache_free+0xac/0x600
[ 22.072788][ C1] ? rcu_core+0xbc0/0x1330
[ 22.072797][ C1] ? __do_softirq+0x2d5/0x725
[ 22.072804][ C1] ? irq_exit+0x16d/0x180
[ 22.072811][ C1] ? smp_apic_timer_interrupt+0x281/0x3f0
[ 22.072818][ C1] ? apic_timer_interrupt+0xf/0x20
[ 22.072825][ C1] ? memset_erms+0xb/0x10
[ 22.072834][ C1] ? unwind_next_frame+0x131f/0x2330
[ 22.072842][ C1] ? arch_stack_walk+0xf4/0x120
[ 22.072850][ C1] ? stack_trace_save+0x123/0x1f0
[ 22.072856][ C1] ? __kasan_slab_free+0x181/0x230
�[K[ 22.072863][ C1] ? slab_free_freelist_hook+0xd0/0x150
[ 22.072869][ C1] ? kmem_cache_free+0xac/0x600
[ 22.072875][ C1] ? filename_lookup+0x509/0x6e0
[ 22.072882][ C1] ? __se_sys_newlstat+0xe4/0x8b0
[ 22.072889][ C1] ? do_syscall_64+0xcb/0x150
[ 22.072896][ C1] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9
[ 22.072910][ C1] slab_free_freelist_hook+0xd0/0x150
[ 22.072918][ C1] ? rcu_core+0xb64/0x1330
[ 22.072924][ C1] kfree+0x12b/0x600
[[ 22.072933][ C1] rcu_core+0xb64/0x1330
[ 22.072943][ C1] ? rebalance_domains+0x703/0x800
[ 22.072950][ C1] ? rcu_cpu_kthread_park+0x70/0x70
[ 22.072958][ C1] ? kick_ilb+0x1e0/0x1e0
[ 22.072976][ C1] ? run_rebalance_domains+0x16b/0x240
[ 22.072984][ C1] __do_softirq+0x2d5/0x725
[ 22.072993][ C1] ? __irqentry_text_end+0x1fc47b/0x1fc47b
�[0;31m*�[0;1;3[ 22.073001][ C1] ? hrtimer_init+0x340/0x340
[ 22.073008][ C1] irq_exit+0x16d/0x180
[ 22.073016][ C1] smp_apic_timer_interrupt+0x281/0x3f0
[ 22.073023][ C1] apic_timer_interrupt+0xf/0x20
[ 22.073027][ C1]
[ 22.073036][ C1] RIP: 0010:memset_erms+0xb/0x10
[ 22.073044][ C1] Code: 03 40 0f b6 f6 48 b8 01 01 01 01 01 01 01 01 48 0f af c6 f3 48 ab 89 d1 f3 aa 4c 89 c8 c3 90 49 89 f9 40 88 f0 48 89 d1 f3 aa <4c> 89 c8 c3 90 49 89 fa 40 0f b6 ce 48 b8 01 01 01 01 01 01 01 01
[ 22.073049][ C1] RSP: 0018:ffff8881d10ef498 EFLAGS: 00000256 ORIG_RAX: ffffffffffffff13
[ 22.073057][ C1] RAX: dffffc0000000000 RBX: ffff8881d10ef678 RCX: 0000000000000000
[ 22.073062][ C1] RDX: 0000000000000010 RSI: 0000000000000000 RDI: ffff8881d10ef6a0
[ 22.073067][ C1] RBP: ffff8881d10ef630 R08: dffffc0000000000 R09: ffff8881d10ef690
[ 22.073071][ C1] R10: ffffed103a21ded4 R11: 0000000000000000 R12: ffff8881d10ef640
[ 22.073076][ C1] R13: 1ffffffff0a093c8 R14: ffff8881d10ef690 R15: ffffffff85049e3e
1m*�[0m�[0;31m* [ 22.073086][ C1] unwind_next_frame+0x131f/0x2330
[ 22.073095][ C1] ? stack_trace_save+0x123/0x1f0
[ 22.073103][ C1] ? unwind_get_return_address_ptr+0x130/0x130
[ 22.073111][ C1] ? unwind_next_frame+0x2330/0x2330
[ 22.073118][ C1] ? __kasan_slab_free+0x181/0x230
�[0m] A start j[ 22.073125][ C1] ? stack_trace_save+0x123/0x1f0
[ 22.073132][ C1] ? stack_trace_save+0x1f0/0x1f0
[ 22.073138][ C1] arch_stack_walk+0xf4/0x120
[ 22.073145][ C1] ? __kasan_slab_free+0x181/0x230
[ 22.073152][ C1] stack_trace_save+0x123/0x1f0
ob is running fo[ 22.073161][ C1] ? lockref_get_or_lock+0x340/0x340
[ 22.073168][ C1] ? stack_trace_snprint+0x150/0x150
[ 22.073175][ C1] ? lookup_fast+0x214/0xfd0
r dev-ttyS0.devi[ 22.073183][ C1] ? __rcu_read_lock+0x50/0x50
[ 22.073190][ C1] __kasan_slab_free+0x181/0x230
[ 22.073206][ C1] slab_free_freelist_hook+0xd0/0x150
[ 22.073212][ C1] ? filename_lookup+0x509/0x6e0
ce (16s / 1min 3[ 22.073218][ C1] kmem_cache_free+0xac/0x600
[ 22.073226][ C1] filename_lookup+0x509/0x6e0
[ 22.073233][ C1] ? hashlen_string+0x120/0x120
[ 22.073244][ C1] ? getname_flags+0x20d/0x610
[ 22.073253][ C1] __se_sys_newlstat+0xe4/0x8b0
0s)[ 22.073261][ C1] ? __x64_sys_newlstat+0x60/0x60
[ 22.073271][ C1] ? __secure_computing+0x1b6/0x250
[ 22.073283][ C1] do_syscall_64+0xcb/0x150
[ 22.073291][ C1] entry_SYSCALL_64_after_hwframe+0x44/0xa9
[ 22.073297][ C1] RIP: 0033:0x7f04d016b335
[ 22.073305][ C1] Code: 69 db 2b 00 64 c7 00 16 00 00 00 b8 ff ff ff ff c3 0f 1f 40 00 83 ff 01 48 89 f0 77 30 48 89 c7 48 89 d6 b8 06 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 03 f3 c3 90 48 8b 15 31 db 2b 00 f7 d8 64 89
[ 22.073309][ C1] RSP: 002b:00007fffad2a2a58 EFLAGS: 00000246 ORIG_RAX: 0000000000000006
[ 22.073317][ C1] RAX: ffffffffffffffda RBX: 0000560bc64928e0 RCX: 00007f04d016b335
[ 22.073321][ C1] RDX: 00007fffad2a2a90 RSI: 00007fffad2a2a90 RDI: 0000560bc64918e0
[ 22.073326][ C1] RBP: 00007fffad2a2b50 R08: 00007f04d042a208 R09: 0000000000001010
[ 22.073331][ C1] R10: 0000000000000020 R11: 0000000000000246 R12: 0000560bc64918e0
[ 22.073336][ C1] R13: 0000560bc64918fa R14: 0000560bc6499e65 R15: 0000560bc6499e6a
[ 22.073340][ C1]
[ 22.073345][ C1] Allocated by task 823:
[ 22.073352][ C1] __kasan_kmalloc+0x12c/0x1c0
[ 22.073358][ C1] kmem_cache_alloc+0x1d5/0x260
[ 22.073365][ C1] copy_process+0x5a4/0x5110
[ 22.073370][ C1] _do_fork+0x196/0x920
[ 22.073376][ C1] __x64_sys_clone+0x25e/0x2c0
[ 22.073382][ C1] do_syscall_64+0xcb/0x150
[ 22.073389][ C1] entry_SYSCALL_64_after_hwframe+0x44/0xa9
[ 22.073390][ C1]
[ 22.073393][ C1] Freed by task 829:
[ 22.073399][ C1] __kasan_slab_free+0x181/0x230
[ 22.073406][ C1] slab_free_freelist_hook+0xd0/0x150
[ 22.073412][ C1] kmem_cache_free+0xac/0x600
[ 22.073419][ C1] rcu_core+0xbc0/0x1330
[ 22.073425][ C1] __do_softirq+0x2d5/0x725
[ 22.073426][ C1]
[ 22.073433][ C1] The buggy address belongs to the object at ffff8881c90bec80
[ 22.073433][ C1] which belongs to the cache task_struct of size 3840
[ 22.073440][ C1] The buggy address is located 0 bytes inside of
[ 22.073440][ C1] 3840-byte region [ffff8881c90bec80, ffff8881c90bfb80)
[ 22.073442][ C1] The buggy address belongs to the page:
[ 22.073451][ C1] page:ffffea0007242e00 refcount:1 mapcount:0 mapping:ffff8881da8e3680 index:0x0 compound_mapcount: 0
[ 22.073457][ C1] flags: 0x8000000000010200(slab|head)
[ 22.073468][ C1] raw: 8000000000010200 dead000000000100 dead000000000122 ffff8881da8e3680
[ 22.073477][ C1] raw: 0000000000000000 0000000000080008 00000001ffffffff 0000000000000000
[ 22.073479][ C1] page dumped because: kasan: bad access detected
[ 22.073481][ C1]
[ 22.073483][ C1] Memory state around the buggy address:
[ 22.073489][ C1] ffff8881c90beb80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 22.073494][ C1] ffff8881c90bec00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 22.073500][ C1] >ffff8881c90bec80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 22.073502][ C1] ^
[ 22.073507][ C1] ffff8881c90bed00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 22.073512][ C1] ffff8881c90bed80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 22.073515][ C1] ==================================================================
[ 22.073559][ C1] ==================================================================
[ 22.073568][ C1] BUG: KASAN: double-free or invalid-free in kfree+0x12b/0x600
[ 22.073570][ C1]
[ 22.073579][ C1] CPU: 1 PID: 144 Comm: systemd-udevd Tainted: G B 5.4.61-syzkaller-00823-g34364883b1f7 #0
[ 22.073583][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 22.073585][ C1] Call Trace:
[ 22.073588][ C1]
[ 22.073597][ C1] dump_stack+0x14a/0x1ce
[ 22.073606][ C1] ? show_regs_print_info+0x12/0x12
[ 22.073613][ C1] ? printk+0xd2/0x114
[ 22.073620][ C1] ? kfree+0x12b/0x600
[ 22.073627][ C1] ? kfree+0x12b/0x600
[ 22.073634][ C1] print_address_description+0x93/0x620
[ 22.073640][ C1] ? devkmsg_release+0x11c/0x11c
[ 22.073648][ C1] ? kfree+0x12b/0x600
[ 22.073654][ C1] ? kfree+0x12b/0x600
[ 22.073661][ C1] kasan_report_invalid_free+0x54/0xc0
[ 22.073668][ C1] __kasan_slab_free+0x102/0x230
[ 22.073674][ C1] ? __kasan_slab_free+0x181/0x230
[ 22.073681][ C1] ? slab_free_freelist_hook+0xd0/0x150
[ 22.073688][ C1] ? kmem_cache_free+0xac/0x600
[ 22.073694][ C1] ? rcu_core+0xbc0/0x1330
[ 22.073701][ C1] ? __do_softirq+0x2d5/0x725
[ 22.073707][ C1] ? irq_exit+0x16d/0x180
[ 22.073714][ C1] ? smp_apic_timer_interrupt+0x281/0x3f0
[ 22.073721][ C1] ? apic_timer_interrupt+0xf/0x20
[ 22.073727][ C1] ? memset_erms+0xb/0x10
[ 22.073734][ C1] ? unwind_next_frame+0x131f/0x2330
[ 22.073741][ C1] ? arch_stack_walk+0xf4/0x120
[ 22.073748][ C1] ? stack_trace_save+0x123/0x1f0
[ 22.073754][ C1] ? __kasan_slab_free+0x181/0x230
[ 22.073761][ C1] ? slab_free_freelist_hook+0xd0/0x150
[ 22.073768][ C1] ? kmem_cache_free+0xac/0x600
[ 22.073774][ C1] ? filename_lookup+0x509/0x6e0
[ 22.073781][ C1] ? __se_sys_newlstat+0xe4/0x8b0
[ 22.073787][ C1] ? do_syscall_64+0xcb/0x150
[ 22.073794][ C1] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9
[ 22.073808][ C1] slab_free_freelist_hook+0xd0/0x150
[ 22.073816][ C1] ? rcu_core+0xb64/0x1330
[ 22.073822][ C1] kfree+0x12b/0x600
[ 22.073831][ C1] rcu_core+0xb64/0x1330
[ 22.073840][ C1] ? rebalance_domains+0x703/0x800
[ 22.073848][ C1] ? rcu_cpu_kthread_park+0x70/0x70
[ 22.073856][ C1] ? kick_ilb+0x1e0/0x1e0
[ 22.073865][ C1] ? run_rebalance_domains+0x16b/0x240
[ 22.073872][ C1] __do_softirq+0x2d5/0x725
[ 22.073882][ C1] ? __irqentry_text_end+0x1fc47b/0x1fc47b
[ 22.073888][ C1] ? hrtimer_init+0x340/0x340
[ 22.073895][ C1] irq_exit+0x16d/0x180
[ 22.073902][ C1] smp_apic_timer_interrupt+0x281/0x3f0
[ 22.073910][ C1] apic_timer_interrupt+0xf/0x20
[ 22.073912][ C1]
[ 22.073920][ C1] RIP: 0010:memset_erms+0xb/0x10
[ 22.073927][ C1] Code: 03 40 0f b6 f6 48 b8 01 01 01 01 01 01 01 01 48 0f af c6 f3 48 ab 89 d1 f3 aa 4c 89 c8 c3 90 49 89 f9 40 88 f0 48 89 d1 f3 aa <4c> 89 c8 c3 90 49 89 fa 40 0f b6 ce 48 b8 01 01 01 01 01 01 01 01
[ 22.073932][ C1] RSP: 0018:ffff8881d10ef498 EFLAGS: 00000256 ORIG_RAX: ffffffffffffff13
[ 22.073938][ C1] RAX: dffffc0000000000 RBX: ffff8881d10ef678 RCX: 0000000000000000
[ 22.073942][ C1] RDX: 0000000000000010 RSI: 0000000000000000 RDI: ffff8881d10ef6a0
[ 22.073947][ C1] RBP: ffff8881d10ef630 R08: dffffc0000000000 R09: ffff8881d10ef690
[ 22.073951][ C1] R10: ffffed103a21ded4 R11: 0000000000000000 R12: ffff8881d10ef640
[ 22.073956][ C1] R13: 1ffffffff0a093c8 R14: ffff8881d10ef690 R15: ffffffff85049e3e
[ 22.073975][ C1] unwind_next_frame+0x131f/0x2330
[ 22.073984][ C1] ? stack_trace_save+0x123/0x1f0
[ 22.073993][ C1] ? unwind_get_return_address_ptr+0x130/0x130
[ 22.074000][ C1] ? unwind_next_frame+0x2330/0x2330
[ 22.074007][ C1] ? __kasan_slab_free+0x181/0x230
[ 22.074014][ C1] ? stack_trace_save+0x123/0x1f0
[ 22.074021][ C1] ? stack_trace_save+0x1f0/0x1f0
[ 22.074028][ C1] arch_stack_walk+0xf4/0x120
[ 22.074036][ C1] ? __kasan_slab_free+0x181/0x230
[ 22.074043][ C1] stack_trace_save+0x123/0x1f0
[ 22.074050][ C1] ? lockref_get_or_lock+0x340/0x340
[ 22.074057][ C1] ? stack_trace_snprint+0x150/0x150
[ 22.074064][ C1] ? lookup_fast+0x214/0xfd0
[ 22.074072][ C1] ? __rcu_read_lock+0x50/0x50
[ 22.074080][ C1] __kasan_slab_free+0x181/0x230
[ 22.074096][ C1] slab_free_freelist_hook+0xd0/0x150
[ 22.074103][ C1] ? filename_lookup+0x509/0x6e0
[ 22.074110][ C1] kmem_cache_free+0xac/0x600
[ 22.074118][ C1] filename_lookup+0x509/0x6e0
[ 22.074126][ C1] ? hashlen_string+0x120/0x120
[ 22.074136][ C1] ? getname_flags+0x20d/0x610
[ 22.074145][ C1] __se_sys_newlstat+0xe4/0x8b0
[ 22.074152][ C1] ? __x64_sys_newlstat+0x60/0x60
[ 22.074161][ C1] ? __secure_computing+0x1b6/0x250
[ 22.074172][ C1] do_syscall_64+0xcb/0x150
[ 22.074179][ C1] entry_SYSCALL_64_after_hwframe+0x44/0xa9
[ 22.074185][ C1] RIP: 0033:0x7f04d016b335
[ 22.074191][ C1] Code: 69 db 2b 00 64 c7 00 16 00 00 00 b8 ff ff ff ff c3 0f 1f 40 00 83 ff 01 48 89 f0 77 30 48 89 c7 48 89 d6 b8 06 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 03 f3 c3 90 48 8b 15 31 db 2b 00 f7 d8 64 89
[ 22.074195][ C1] RSP: 002b:00007fffad2a2a58 EFLAGS: 00000246 ORIG_RAX: 0000000000000006
[ 22.074202][ C1] RAX: ffffffffffffffda RBX: 0000560bc64928e0 RCX: 00007f04d016b335
[ 22.074206][ C1] RDX: 00007fffad2a2a90 RSI: 00007fffad2a2a90 RDI: 0000560bc64918e0
[ 22.074211][ C1] RBP: 00007fffad2a2b50 R08: 00007f04d042a208 R09: 0000000000001010
[ 22.074215][ C1] R10: 0000000000000020 R11: 0000000000000246 R12: 0000560bc64918e0
[ 22.074219][ C1] R13: 0000560bc64918fa R14: 0000560bc6499e65 R15: 0000560bc6499e6a
[ 22.074222][ C1]
[ 22.074225][ C1] Allocated by task 144:
[ 22.074232][ C1] __kasan_kmalloc+0x12c/0x1c0
[ 22.074238][ C1] kmem_cache_alloc+0x1d5/0x260
[ 22.074243][ C1] __alloc_file+0x26/0x390
2020/08/29 07:58:55 executed programs: 398
[ 22.074248][ C1] alloc_empty_file+0xa9/0x1b0
[ 22.074253][ C1] path_openat+0x11e/0x3d10
[ 22.074259][ C1] do_filp_open+0x20d/0x440
[ 22.074266][ C1] do_sys_open+0x387/0x7d0
[ 22.074271][ C1] do_syscall_64+0xcb/0x150
[ 22.074277][ C1] entry_SYSCALL_64_after_hwframe+0x44/0xa9
[ 22.074279][ C1]
[ 22.074282][ C1] Freed by task 829:
[ 22.074287][ C1] __kasan_slab_free+0x181/0x230
[ 22.074293][ C1] slab_free_freelist_hook+0xd0/0x150
[ 22.074299][ C1] kmem_cache_free+0xac/0x600
[ 22.074305][ C1] rcu_core+0xbc0/0x1330
[ 22.074317][ C1] __do_softirq+0x2d5/0x725
[ 23.353008][ C1]
[ 23.353017][ C1] The buggy address belongs to the object at ffff8881c9a56500
[ 23.353017][ C1] which belongs to the cache filp of size 256
[ 23.353031][ C1] The buggy address is located 0 bytes inside of
[ 23.353031][ C1] 256-byte region [ffff8881c9a56500, ffff8881c9a56600)
[ 23.381873][ C1] The buggy address belongs to the page:
[ 23.387522][ C1] page:ffffea0007269580 refcount:1 mapcount:0 mapping:ffff8881da8ee780 index:0x0
[ 23.396620][ C1] flags: 0x8000000000000200(slab)
[ 23.401702][ C1] raw: 8000000000000200 dead000000000100 dead000000000122 ffff8881da8ee780
[ 23.410296][ C1] raw: 0000000000000000 00000000000c000c 00000001ffffffff 0000000000000000
[ 23.418871][ C1] page dumped because: kasan: bad access detected
[ 23.425302][ C1]
[ 23.427641][ C1] Memory state around the buggy address:
[ 23.433291][ C1] ffff8881c9a56400: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 23.441367][ C1] ffff8881c9a56480: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[ 23.449443][ C1] >ffff8881c9a56500: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 23.457495][ C1] ^
[ 23.461565][ C1] ffff8881c9a56580: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 23.469630][ C1] ffff8881c9a56600: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb
[ 23.477692][ C1] ==================================================================
�[K[�[0;31m*�[0[ 23.485787][ C1] ==================================================================
[ 23.495229][ C1] BUG: KASAN: double-free or invalid-free in kfree+0x12b/0x600
[ 23.502801][ C1]
;1;31m*�[0m�[0;3[ 23.505161][ C1] CPU: 1 PID: 144 Comm: systemd-udevd Tainted: G B 5.4.61-syzkaller-00823-g34364883b1f7 #0
[ 23.517802][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 23.527853][ C1] Call Trace:
1m* �[0m] A st[ 23.531131][ C1]
[ 23.535390][ C1] dump_stack+0x14a/0x1ce
art job is runni[ 23.539746][ C1] ? show_regs_print_info+0x12/0x12
[ 23.546394][ C1] ? printk+0xd2/0x114
ng for dev-ttyS0[ 23.550476][ C1] ? kfree+0x12b/0x600
[ 23.555916][ C1] ? kfree+0x12b/0x600
.device (17s / 1[ 23.559979][ C1] print_address_description+0x93/0x620
[ 23.566896][ C1] ? devkmsg_release+0x11c/0x11c
min 30s)[ 23.572354][ C1] ? kfree+0x12b/0x600
[ 23.577106][ C1] ? kfree+0x12b/0x600
[ 23.581162][ C1] kasan_report_invalid_free+0x54/0xc0
[ 23.586615][ C1] __kasan_slab_free+0x102/0x230
[ 23.591553][ C1] ? __kasan_slab_free+0x181/0x230
[ 23.596681][ C1] ? slab_free_freelist_hook+0xd0/0x150
[ 23.602221][ C1] ? kmem_cache_free+0xac/0x600
[ 23.607064][ C1] ? rcu_core+0xbc0/0x1330
[ 23.611508][ C1] ? __do_softirq+0x2d5/0x725
[ 23.616182][ C1] ? irq_exit+0x16d/0x180
[ 23.620507][ C1] ? smp_apic_timer_interrupt+0x281/0x3f0
[ 23.626236][ C1] ? apic_timer_interrupt+0xf/0x20
[ 23.631437][ C1] ? memset_erms+0xb/0x10
[ 23.635783][ C1] ? unwind_next_frame+0x131f/0x2330
[ 23.641053][ C1] ? arch_stack_walk+0xf4/0x120
[ 23.645896][ C1] ? stack_trace_save+0x123/0x1f0
[ 23.650916][ C1] ? __kasan_slab_free+0x181/0x230
[ 23.656048][ C1] ? slab_free_freelist_hook+0xd0/0x150
[ 23.661586][ C1] ? kmem_cache_free+0xac/0x600
[ 23.666437][ C1] ? filename_lookup+0x509/0x6e0
[ 23.671390][ C1] ? __se_sys_newlstat+0xe4/0x8b0
[ 23.676415][ C1] ? do_syscall_64+0xcb/0x150
[ 23.681092][ C1] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9
[ 23.687156][ C1] slab_free_freelist_hook+0xd0/0x150
[ 23.692523][ C1] ? rcu_core+0xb64/0x1330
[ 23.696929][ C1] kfree+0x12b/0x600
[ 23.700819][ C1] rcu_core+0xb64/0x1330
[ 23.705054][ C1] ? rebalance_domains+0x703/0x800
[ 23.710158][ C1] ? rcu_cpu_kthread_park+0x70/0x70
[ 23.715784][ C1] ? kick_ilb+0x1e0/0x1e0
[ 23.720107][ C1] ? run_rebalance_domains+0x16b/0x240
[ 23.731116][ C1] __do_softirq+0x2d5/0x725
[ 23.735638][ C1] ? __irqentry_text_end+0x1fc47b/0x1fc47b
[ 23.741461][ C1] ? hrtimer_init+0x340/0x340
[ 23.746134][ C1] irq_exit+0x16d/0x180
[ 23.750290][ C1] smp_apic_timer_interrupt+0x281/0x3f0
[ 23.755827][ C1] apic_timer_interrupt+0xf/0x20
[ 23.760748][ C1]
[ 23.763689][ C1] RIP: 0010:memset_erms+0xb/0x10
[ 23.768615][ C1] Code: 03 40 0f b6 f6 48 b8 01 01 01 01 01 01 01 01 48 0f af c6 f3 48 ab 89 d1 f3 aa 4c 89 c8 c3 90 49 89 f9 40 88 f0 48 89 d1 f3 aa <4c> 89 c8 c3 90 49 89 fa 40 0f b6 ce 48 b8 01 01 01 01 01 01 01 01
[ 23.788223][ C1] RSP: 0018:ffff8881d10ef498 EFLAGS: 00000256 ORIG_RAX: ffffffffffffff13
[ 23.796624][ C1] RAX: dffffc0000000000 RBX: ffff8881d10ef678 RCX: 0000000000000000
[ 23.804591][ C1] RDX: 0000000000000010 RSI: 0000000000000000 RDI: ffff8881d10ef6a0
[ 23.812582][ C1] RBP: ffff8881d10ef630 R08: dffffc0000000000 R09: ffff8881d10ef690
[ 23.820552][ C1] R10: ffffed103a21ded4 R11: 0000000000000000 R12: ffff8881d10ef640
[ 23.828531][ C1] R13: 1ffffffff0a093c8 R14: ffff8881d10ef690 R15: ffffffff85049e3e
[ 23.836531][ C1] unwind_next_frame+0x131f/0x2330
[ 23.841665][ C1] ? stack_trace_save+0x123/0x1f0
[ 23.846702][ C1] ? unwind_get_return_address_ptr+0x130/0x130
[ 23.852853][ C1] ? unwind_next_frame+0x2330/0x2330
[ 23.858226][ C1] ? __kasan_slab_free+0x181/0x230
[ 23.863342][ C1] ? stack_trace_save+0x123/0x1f0
[ 23.868355][ C1] ? stack_trace_save+0x1f0/0x1f0
[ 23.873389][ C1] arch_stack_walk+0xf4/0x120
[ 23.878071][ C1] ? __kasan_slab_free+0x181/0x230
[ 23.883185][ C1] stack_trace_save+0x123/0x1f0
[ 23.888066][ C1] ? lockref_get_or_lock+0x340/0x340
[ 23.893373][ C1] ? stack_trace_snprint+0x150/0x150
[ 23.898657][ C1] ? lookup_fast+0x214/0xfd0
[ 23.903252][ C1] ? __rcu_read_lock+0x50/0x50
[ 23.908019][ C1] __kasan_slab_free+0x181/0x230
[ 23.912967][ C1] slab_free_freelist_hook+0xd0/0x150
[ 23.918352][ C1] ? filename_lookup+0x509/0x6e0
[ 23.923437][ C1] kmem_cache_free+0xac/0x600
[ 23.928326][ C1] filename_lookup+0x509/0x6e0
[ 23.933087][ C1] ? hashlen_string+0x120/0x120
[ 23.937935][ C1] ? getname_flags+0x20d/0x610
[ 23.942697][ C1] __se_sys_newlstat+0xe4/0x8b0
[ 23.947550][ C1] ? __x64_sys_newlstat+0x60/0x60
[ 23.952582][ C1] ? __secure_computing+0x1b6/0x250
[ 23.957783][ C1] do_syscall_64+0xcb/0x150
[ 23.962312][ C1] entry_SYSCALL_64_after_hwframe+0x44/0xa9
[ 23.968293][ C1] RIP: 0033:0x7f04d016b335
[ 23.972698][ C1] Code: 69 db 2b 00 64 c7 00 16 00 00 00 b8 ff ff ff ff c3 0f 1f 40 00 83 ff 01 48 89 f0 77 30 48 89 c7 48 89 d6 b8 06 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 03 f3 c3 90 48 8b 15 31 db 2b 00 f7 d8 64 89
[ 23.992295][ C1] RSP: 002b:00007fffad2a2a58 EFLAGS: 00000246 ORIG_RAX: 0000000000000006
[ 24.000808][ C1] RAX: ffffffffffffffda RBX: 0000560bc64928e0 RCX: 00007f04d016b335
[ 24.008776][ C1] RDX: 00007fffad2a2a90 RSI: 00007fffad2a2a90 RDI: 0000560bc64918e0
[ 24.016791][ C1] RBP: 00007fffad2a2b50 R08: 00007f04d042a208 R09: 0000000000001010
[ 24.024747][ C1] R10: 0000000000000020 R11: 0000000000000246 R12: 0000560bc64918e0
[ 24.032739][ C1] R13: 0000560bc64918fa R14: 0000560bc6499e65 R15: 0000560bc6499e6a
[ 24.040794][ C1]
[ 24.043137][ C1] Allocated by task 144:
[ 24.047375][ C1] __kasan_kmalloc+0x12c/0x1c0
[ 24.052137][ C1] kmem_cache_alloc+0x1d5/0x260
[ 24.057359][ C1] __alloc_file+0x26/0x390
[ 24.061770][ C1] alloc_empty_file+0xa9/0x1b0
[ 24.066525][ C1] path_openat+0x11e/0x3d10
[ 24.071024][ C1] do_filp_open+0x20d/0x440
[ 24.075533][ C1] do_sys_open+0x387/0x7d0
[ 24.079967][ C1] do_syscall_64+0xcb/0x150
[ 24.084463][ C1] entry_SYSCALL_64_after_hwframe+0x44/0xa9
[ 24.090336][ C1]
[ 24.092646][ C1] Freed by task 829:
[ 24.096536][ C1] __kasan_slab_free+0x181/0x230
[ 24.101469][ C1] slab_free_freelist_hook+0xd0/0x150
[ 24.106838][ C1] kmem_cache_free+0xac/0x600
[ 24.111513][ C1] rcu_core+0xbc0/0x1330
[ 24.115783][ C1] __do_softirq+0x2d5/0x725
[ 24.120295][ C1]
[ 24.122617][ C1] The buggy address belongs to the object at ffff8881c9a56c80
[ 24.122617][ C1] which belongs to the cache filp of size 256
[ 24.136057][ C1] The buggy address is located 0 bytes inside of
[ 24.136057][ C1] 256-byte region [ffff8881c9a56c80, ffff8881c9a56d80)
[ 24.149148][ C1] The buggy address belongs to the page:
[ 24.154776][ C1] page:ffffea0007269580 refcount:1 mapcount:0 mapping:ffff8881da8ee780 index:0x0
[ 24.163884][ C1] flags: 0x8000000000000200(slab)
[ 24.168902][ C1] raw: 8000000000000200 dead000000000100 dead000000000122 ffff8881da8ee780
[ 24.168911][ C1] raw: 0000000000000000 00000000000c000c 00000001ffffffff 0000000000000000
[ 24.168914][ C1] page dumped because: kasan: bad access detected
** 259 printk messages dropped **
[ 24.179345][ C1] ==================================================================
[ 24.179351][ C1] BUG: KASAN: double-free or invalid-free in kfree+0x12b/0x600
[ 24.179352][ C1]
[ 24.179359][ C1] CPU: 1 PID: 16 Comm: ksoftirqd/1 Tainted: G B 5.4.61-syzkaller-00823-g34364883b1f7 #0
[ 24.179362][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 24.179364][ C1] Call Trace:
[ 24.179372][ C1] dump_stack+0x14a/0x1ce
[ 24.179381][ C1] ? show_regs_print_info+0x12/0x12
[ 24.179388][ C1] ? printk+0xd2/0x114
[ 24.179395][ C1] ? kfree+0x12b/0x600
[ 24.179401][ C1] ? kfree+0x12b/0x600
[ 24.179408][ C1] print_address_description+0x93/0x620
[ 24.179413][ C1] ? devkmsg_release+0x11c/0x11c
[ 24.179420][ C1] ? kfree+0x12b/0x600
[ 24.179425][ C1] ? kfree+0x12b/0x600
[ 24.179431][ C1] ? kfree+0x12b/0x600
[ 24.179437][ C1] kasan_report_invalid_free+0x54/0xc0
[ 24.179444][ C1] __kasan_slab_free+0x102/0x230
[ 24.179450][ C1] ? check_preempt_wakeup+0x797/0xd60
[ 24.179457][ C1] ? ttwu_do_wakeup+0x154/0x5b0
[ 24.179464][ C1] ? _raw_spin_unlock+0x5/0x20
[ 24.179470][ C1] ? ttwu_queue+0x2f9/0x480
[ 24.179489][ C1] ? psi_ttwu_dequeue+0x320/0x320
[ 24.179496][ C1] ? try_to_wake_up+0xbf8/0xd90
[ 24.179502][ C1] ? _raw_spin_lock_irqsave+0xfc/0x1e0
[ 24.179510][ C1] slab_free_freelist_hook+0xd0/0x150
[ 24.179517][ C1] ? rcu_core+0xb64/0x1330
[ 24.179523][ C1] kfree+0x12b/0x600
[ 24.179531][ C1] rcu_core+0xb64/0x1330
[ 24.179538][ C1] ? rebalance_domains+0x703/0x800
[ 24.179545][ C1] ? rcu_cpu_kthread_park+0x70/0x70
[ 24.179552][ C1] ? kick_ilb+0x1e0/0x1e0
[ 24.179559][ C1] ? _raw_spin_unlock_irq+0x5/0x20
[ 24.179566][ C1] ? run_rebalance_domains+0x16b/0x240
[ 24.179573][ C1] __do_softirq+0x2d5/0x725
[ 24.179582][ C1] ? __irqentry_text_end+0x1fc47b/0x1fc47b
[ 24.179590][ C1] ? ksoftirqd_should_run+0x10/0x10
[ 24.179596][ C1] run_ksoftirqd+0x13/0x20
[ 24.179603][ C1] smpboot_thread_fn+0x502/0x890
[ 24.179613][ C1] ? cpu_report_death+0x110/0x110
[ 24.179619][ C1] ? schedule+0x13b/0x1d0
[ 24.179626][ C1] ? __kthread_parkme+0x176/0x1b0
[ 24.179633][ C1] kthread+0x317/0x340
[ 24.179640][ C1] ? cpu_report_death+0x110/0x110
[ 24.179648][ C1] ? kthread_destroy_worker+0x280/0x280
[ 24.179654][ C1] ret_from_fork+0x1f/0x30
[ 24.179658][ C1]
[ 24.179662][ C1] Allocated by task 144:
[ 24.179667][ C1] __kasan_kmalloc+0x12c/0x1c0
[ 24.179674][ C1] kmem_cache_alloc+0x1d5/0x260
[ 24.179679][ C1] __alloc_file+0x26/0x390
[ 24.179685][ C1] alloc_empty_file+0xa9/0x1b0
[ 24.179691][ C1] path_openat+0x11e/0x3d10
[ 24.179696][ C1] do_filp_open+0x20d/0x440
[ 24.179702][ C1] do_sys_open+0x387/0x7d0
[ 24.179708][ C1] do_syscall_64+0xcb/0x150
[ 24.179714][ C1] entry_SYSCALL_64_after_hwframe+0x44/0xa9
[ 24.179716][ C1]
[ 24.179719][ C1] Freed by task 829:
[ 24.179724][ C1] __kasan_slab_free+0x181/0x230
[ 24.179731][ C1] slab_free_freelist_hook+0xd0/0x150
[ 24.179737][ C1] kmem_cache_free+0xac/0x600
[ 24.179743][ C1] rcu_core+0xbc0/0x1330
[ 24.179749][ C1] __do_softirq+0x2d5/0x725
[ 24.179750][ C1]
[ 24.179756][ C1] The buggy address belongs to the object at ffff8881cf7aac80
[ 24.179756][ C1] which belongs to the cache filp of size 256
[ 24.179763][ C1] The buggy address is located 0 bytes inside of
[ 24.179763][ C1] 256-byte region [ffff8881cf7aac80, ffff8881cf7aad80)
[ 24.179765][ C1] The buggy address belongs to the page:
[ 24.179772][ C1] page:ffffea00073dea80 refcount:1 mapcount:0 mapping:ffff8881da8ee780 index:0x0
[ 24.179776][ C1] flags: 0x8000000000000200(slab)
[ 24.179785][ C1] raw: 8000000000000200 dead000000000100 dead000000000122 ffff8881da8ee780
[ 24.179793][ C1] raw: 0000000000000000 00000000000c000c 00000001ffffffff 0000000000000000
[ 24.179795][ C1] page dumped because: kasan: bad access detected
[ 24.179797][ C1]
[ 24.179799][ C1] Memory state around the buggy address:
[ 24.179804][ C1] ffff8881cf7aab80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 24.179809][ C1] ffff8881cf7aac00: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[ 24.179814][ C1] >ffff8881cf7aac80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 24.179816][ C1] ^
[ 24.179821][ C1] ffff8881cf7aad00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 24.179826][ C1] ffff8881cf7aad80: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb
[ 24.179828][ C1] ==================================================================
[ 24.179831][ C1] ==================================================================
[ 24.179838][ C1] BUG: KASAN: double-free or invalid-free in kfree+0x12b/0x600
[ 24.179839][ C1]
[ 24.179846][ C1] CPU: 1 PID: 16 Comm: ksoftirqd/1 Tainted: G B 5.4.61-syzkaller-00823-g34364883b1f7 #0
[ 24.179849][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 24.179851][ C1] Call Trace:
[ 24.179859][ C1] dump_stack+0x14a/0x1ce
[ 24.179867][ C1] ? show_regs_print_info+0x12/0x12
[ 24.179874][ C1] ? printk+0xd2/0x114
[ 24.179880][ C1] ? kfree+0x12b/0x600
[ 24.179886][ C1] ? kfree+0x12b/0x600
[ 24.179892][ C1] print_address_description+0x93/0x620
[ 24.179898][ C1] ? devkmsg_release+0x11c/0x11c
[ 24.179905][ C1] ? kfree+0x12b/0x600
[ 24.179911][ C1] ? kfree+0x12b/0x600
[ 24.179917][ C1] ? kfree+0x12b/0x600
[ 24.179922][ C1] kasan_report_invalid_free+0x54/0xc0
[ 24.179928][ C1] __kasan_slab_free+0x102/0x230
[ 24.179933][ C1] ? check_preempt_wakeup+0x797/0xd60
[ 24.179939][ C1] ? ttwu_do_wakeup+0x154/0x5b0
[ 24.179945][ C1] ? _raw_spin_unlock+0x5/0x20
[ 24.179950][ C1] ? ttwu_queue+0x2f9/0x480
[ 24.179957][ C1] ? psi_ttwu_dequeue+0x320/0x320
[ 24.179965][ C1] ? try_to_wake_up+0xbf8/0xd90
[ 24.179972][ C1] ? _raw_spin_lock_irqsave+0xfc/0x1e0
[ 24.179979][ C1] slab_free_freelist_hook+0xd0/0x150
[ 24.179986][ C1] ? rcu_core+0xb64/0x1330
[ 24.179991][ C1] kfree+0x12b/0x600
[ 24.179999][ C1] rcu_core+0xb64/0x1330
[ 24.180007][ C1] ? rebalance_domains+0x703/0x800
[ 24.180013][ C1] ? rcu_cpu_kthread_park+0x70/0x70
[ 24.180020][ C1] ? kick_ilb+0x1e0/0x1e0
[ 24.180026][ C1] ? _raw_spin_unlock_irq+0x5/0x20
[ 24.180033][ C1] ? run_rebalance_domains+0x16b/0x240
[ 24.180040][ C1] __do_softirq+0x2d5/0x725
[ 24.180050][ C1] ? __irqentry_text_end+0x1fc47b/0x1fc47b
[ 24.180057][ C1] ? ksoftirqd_should_run+0x10/0x10
[ 24.180064][ C1] run_ksoftirqd+0x13/0x20
[ 24.180070][ C1] smpboot_thread_fn+0x502/0x890
[ 24.180078][ C1] ? cpu_report_death+0x110/0x110
[ 24.180085][ C1] ? schedule+0x13b/0x1d0
[ 24.180092][ C1] ? __kthread_parkme+0x176/0x1b0
[ 24.180098][ C1] kthread+0x317/0x340
[ 24.180105][ C1] ? cpu_report_death+0x110/0x110
[ 24.180111][ C1] ? kthread_destroy_worker+0x280/0x280
[ 24.180118][ C1] ret_from_fork+0x1f/0x30
[ 24.180122][ C1]
[ 24.180125][ C1] Allocated by task 144:
[ 24.180131][ C1] __kasan_kmalloc+0x12c/0x1c0
[ 24.180137][ C1] kmem_cache_alloc+0x1d5/0x260
[ 24.180142][ C1] __d_alloc+0x2a/0x6b0
[ 24.180148][ C1] d_alloc_parallel+0xf3/0x1440
[ 24.180153][ C1] __lookup_slow+0x169/0x490
[ 24.180158][ C1] walk_component+0x3ee/0x970
[ 24.180163][ C1] path_lookupat+0x211/0xa60
[ 24.180168][ C1] filename_lookup+0x254/0x6e0
[ 24.180173][ C1] do_faccessat+0x306/0x800
[ 24.180179][ C1] do_syscall_64+0xcb/0x150
[ 24.180185][ C1] entry_SYSCALL_64_after_hwframe+0x44/0xa9
[ 24.180187][ C1]
[ 24.180189][ C1] Freed by task 829:
[ 24.180195][ C1] __kasan_slab_free+0x181/0x230
[ 24.180201][ C1] slab_free_freelist_hook+0xd0/0x150
[ 24.180207][ C1] kmem_cache_free+0xac/0x600
[ 24.180213][ C1] rcu_core+0xbc0/0x1330
[ 24.180219][ C1] __do_softirq+0x2d5/0x725
[ 24.180221][ C1]
[ 24.180226][ C1] The buggy address belongs to the object at ffff8881d3a51110
[ 24.180226][ C1] which belongs to the cache dentry of size 208
[ 24.180232][ C1] The buggy address is located 0 bytes inside of
[ 24.180232][ C1] 208-byte region [ffff8881d3a51110, ffff8881d3a511e0)
[ 24.180234][ C1] The buggy address belongs to the page:
[ 24.180239][ C1] page:ffffea00074e9440 refcount:1 mapcount:0 mapping:ffff8881da8ef900 index:0x0
[ 24.180243][ C1] flags: 0x8000000000000200(slab)
[ 24.180252][ C1] raw: 8000000000000200 dead000000000100 dead000000000122 ffff8881da8ef900
[ 24.180260][ C1] raw: 0000000000000000 00000000000f000f 00000001ffffffff 0000000000000000
[ 24.180262][ C1] page dumped because: kasan: bad access detected
[ 24.180263][ C1]
[ 24.180265][ C1] Memory state around the buggy address:
[ 24.180271][ C1] ffff8881d3a51000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 24.180275][ C1] ffff8881d3a51080: 00 00 00 00 00 00 00 00 00 00 fc fc fc fc fc fc
[ 24.180280][ C1] >ffff8881d3a51100: fc fc fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 24.180282][ C1] ^
[ 24.180287][ C1] ffff8881d3a51180: fb fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc
[ 24.180292][ C1] ffff8881d3a51200: fc fc fc fc fb fb fb fb fb fb fb fb fb fb fb fb
[ 24.180294][ C1] ==================================================================
[ 24.180297][ C1] ==================================================================
[ 24.180304][ C1] BUG: KASAN: double-free or invalid-free in kfree+0x12b/0x600
[ 24.180305][ C1]
[ 24.180314][ C1] CPU: 1 PID: 16 Comm: ksoftirqd/1 Tainted: G B 5.4.61-syzkaller-00823-g34364883b1f7 #0
[ 24.180317][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 24.180319][ C1] Call Trace:
[ 24.180328][ C1] dump_stack+0x14a/0x1ce
[ 24.180335][ C1] ? show_regs_print_info+0x12/0x12
[ 24.180341][ C1] ? printk+0xd2/0x114
[ 24.180347][ C1] ? kfree+0x12b/0x600
[ 24.180352][ C1] ? kfree+0x12b/0x600
[ 24.180359][ C1] print_address_description+0x93/0x620
[ 24.180365][ C1] ? devkmsg_release+0x11c/0x11c
[ 24.180373][ C1] ? kfree+0x12b/0x600
[ 24.180379][ C1] ? kfree+0x12b/0x600
[ 24.180385][ C1] ? kfree+0x12b/0x600
[ 24.180391][ C1] kasan_report_invalid_free+0x54/0xc0
[ 24.180398][ C1] __kasan_slab_free+0x102/0x230
[ 24.180404][ C1] ? check_preempt_wakeup+0x797/0xd60
[ 24.180410][ C1] ? ttwu_do_wakeup+0x154/0x5b0
[ 24.180416][ C1] ? _raw_spin_unlock+0x5/0x20
[ 24.180422][ C1] ? ttwu_queue+0x2f9/0x480
[ 24.180430][ C1] ? psi_ttwu_dequeue+0x320/0x320
[ 24.180438][ C1] ? try_to_wake_up+0xbf8/0xd90
[ 24.180445][ C1] ? _raw_spin_lock_irqsave+0xfc/0x1e0
[ 24.180453][ C1] slab_free_freelist_hook+0xd0/0x150
[ 24.180461][ C1] ? rcu_core+0xb64/0x1330
[ 24.180467][ C1] kfree+0x12b/0x600
[ 24.180487][ C1] rcu_core+0xb64/0x1330
[ 24.180497][ C1] ? rebalance_domains+0x703/0x800
[ 24.180505][ C1] ? rcu_cpu_kthread_park+0x70/0x70
[ 24.180512][ C1] ? kick_ilb+0x1e0/0x1e0
[ 24.180519][ C1] ? _raw_spin_unlock_irq+0x5/0x20
[ 24.180526][ C1] ? run_rebalance_domains+0x16b/0x240
[ 24.180533][ C1] __do_softirq+0x2d5/0x725
[ 24.180541][ C1] ? __irqentry_text_end+0x1fc47b/0x1fc47b
[ 24.180547][ C1] ? ksoftirqd_should_run+0x10/0x10
[ 24.180554][ C1] run_ksoftirqd+0x13/0x20
[ 24.180561][ C1] smpboot_thread_fn+0x502/0x890
[ 24.180569][ C1] ? cpu_report_death+0x110/0x110
[ 24.180575][ C1] ? schedule+0x13b/0x1d0
[ 24.180581][ C1] ? __kthread_parkme+0x176/0x1b0
[ 24.180588][ C1] kthread+0x317/0x340
[ 24.180595][ C1] ? cpu_report_death+0x110/0x110
[ 24.180602][ C1] ? kthread_destroy_worker+0x280/0x280
[ 24.180608][ C1] ret_from_fork+0x1f/0x30
[ 24.180612][ C1]
[ 24.180615][ C1] Allocated by task 144:
[ 24.180622][ C1] __kasan_kmalloc+0x12c/0x1c0
[ 24.180628][ C1] kmem_cache_alloc+0x1d5/0x260
[ 24.180634][ C1] __d_alloc+0x2a/0x6b0
[ 24.180641][ C1] d_alloc_parallel+0xf3/0x1440
[ 24.180646][ C1] __lookup_slow+0x169/0x490
[ 24.180652][ C1] walk_component+0x3ee/0x970
[ 24.180657][ C1] path_lookupat+0x211/0xa60
[ 24.180662][ C1] filename_lookup+0x254/0x6e0
[ 24.180668][ C1] do_faccessat+0x306/0x800
[ 24.180674][ C1] do_syscall_64+0xcb/0x150
[ 24.180680][ C1] entry_SYSCALL_64_after_hwframe+0x44/0xa9
[ 24.180681][ C1]
[ 24.180685][ C1] Freed by task 829:
[ 24.180690][ C1] __kasan_slab_free+0x181/0x230
[ 24.180697][ C1] slab_free_freelist_hook+0xd0/0x150
[ 24.180703][ C1] kmem_cache_free+0xac/0x600
[ 24.180710][ C1] rcu_core+0xbc0/0x1330
[ 24.180716][ C1] __do_softirq+0x2d5/0x725
[ 24.180717][ C1]
[ 24.180723][ C1] The buggy address belongs to the object at ffff8881d3a51cc0
[ 24.180723][ C1] which belongs to the cache dentry of size 208
[ 24.180730][ C1] The buggy address is located 0 bytes inside of
[ 24.180730][ C1] 208-byte region [ffff8881d3a51cc0, ffff8881d3a51d90)
[ 24.180732][ C1] The buggy address belongs to the page:
[ 24.180738][ C1] page:ffffea00074e9440 refcount:1 mapcount:0 mapping:ffff8881da8ef900 index:0x0
[ 24.180743][ C1] flags: 0x8000000000000200(slab)
[ 24.180752][ C1] raw: 8000000000000200 dead000000000100 dead000000000122 ffff8881da8ef900
[ 24.180760][ C1] raw: 0000000000000000 00000000000f000f 00000001ffffffff 0000000000000000
[ 24.180763][ C1] page dumped because: kasan: bad access detected
[ 24.180764][ C1]
[ 24.180767][ C1] Memory state around the buggy address:
[ 24.180772][ C1] ffff8881d3a51b80: fc fc fc fc fc fc fb fb fb fb fb fb fb fb fb fb
[ 24.180777][ C1] ffff8881d3a51c00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 24.180782][ C1] >ffff8881d3a51c80: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb
[ 24.180785][ C1] ^
[ 24.180790][ C1] ffff8881d3a51d00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 24.180795][ C1] ffff8881d3a51d80: fb fb fc fc fc fc fc fc fc fc fb fb fb fb fb fb
[ 24.180798][ C1] ==================================================================
[ 24.180801][ C1] ==================================================================
[ 24.180808][ C1] BUG: KASAN: double-free or invalid-free in kfree+0x12b/0x600
[ 24.180810][ C1]
[ 24.180818][ C1] CPU: 1 PID: 16 Comm: ksoftirqd/1 Tainted: G B 5.4.61-syzkaller-00823-g34364883b1f7 #0
[ 24.180821][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 24.180823][ C1] Call Trace:
[ 24.180832][ C1] dump_stack+0x14a/0x1ce
[ 24.180841][ C1] ? show_regs_print_info+0x12/0x12
[ 24.180847][ C1] ? printk+0xd2/0x114
[ 24.180854][ C1] ? kfree+0x12b/0x600
[ 24.180861][ C1] ? kfree+0x12b/0x600
[ 24.180867][ C1] print_address_description+0x93/0x620
[ 24.180873][ C1] ? devkmsg_release+0x11c/0x11c
[ 24.180881][ C1] ? kfree+0x12b/0x600
[ 24.180888][ C1] ? kfree+0x12b/0x600
[ 24.180894][ C1] ? kfree+0x12b/0x600
[ 24.180901][ C1] kasan_report_invalid_free+0x54/0xc0
[ 24.180908][ C1] __kasan_slab_free+0x102/0x230
[ 24.180914][ C1] ? check_preempt_wakeup+0x797/0xd60
[ 24.180923][ C1] ? ttwu_do_wakeup+0x154/0x5b0
[ 24.180930][ C1] ? _raw_spin_unlock+0x5/0x20
[ 24.180937][ C1] ? ttwu_queue+0x2f9/0x480
[ 24.180945][ C1] ? psi_ttwu_dequeue+0x320/0x320
[ 24.180953][ C1] ? try_to_wake_up+0xbf8/0xd90
[ 24.180960][ C1] ? _raw_spin_lock_irqsave+0xfc/0x1e0
[ 24.180968][ C1] slab_free_freelist_hook+0xd0/0x150
[ 24.180976][ C1] ? rcu_core+0xb64/0x1330
[ 24.180981][ C1] kfree+0x12b/0x600
[ 24.180989][ C1] rcu_core+0xb64/0x1330
[ 24.180998][ C1] ? rebalance_domains+0x703/0x800
[ 24.181005][ C1] ? rcu_cpu_kthread_park+0x70/0x70
[ 24.181012][ C1] ? kick_ilb+0x1e0/0x1e0
[ 24.181019][ C1] ? _raw_spin_unlock_irq+0x5/0x20
[ 24.181027][ C1] ? run_rebalance_domains+0x16b/0x240
[ 24.181035][ C1] __do_softirq+0x2d5/0x725
[ 24.181043][ C1] ? __irqentry_text_end+0x1fc47b/0x1fc47b
[ 24.181051][ C1] ? ksoftirqd_should_run+0x10/0x10
[ 24.181057][ C1] run_ksoftirqd+0x13/0x20
[ 24.181064][ C1] smpboot_thread_fn+0x502/0x890
[ 24.181074][ C1] ? cpu_report_death+0x110/0x110
[ 24.181081][ C1] ? schedule+0x13b/0x1d0
[ 24.181088][ C1] ? __kthread_parkme+0x176/0x1b0
[ 24.181095][ C1] kthread+0x317/0x340
[ 24.181102][ C1] ? cpu_report_death+0x110/0x110
[ 24.181108][ C1] ? kthread_destroy_worker+0x280/0x280
[ 24.181114][ C1] ret_from_fork+0x1f/0x30
[ 24.181119][ C1]
[ 24.181122][ C1] Allocated by task 144:
[ 24.181128][ C1] __kasan_kmalloc+0x12c/0x1c0
[ 24.181135][ C1] kmem_cache_alloc+0x1d5/0x260
[ 24.181140][ C1] __d_alloc+0x2a/0x6b0
[ 24.181147][ C1] d_alloc_parallel+0xf3/0x1440
[ 24.181152][ C1] __lookup_slow+0x169/0x490
[ 24.181158][ C1] walk_component+0x3ee/0x970
[ 24.181163][ C1] path_lookupat+0x211/0xa60
[ 24.181167][ C1] filename_lookup+0x254/0x6e0
[ 24.181172][ C1] do_faccessat+0x306/0x800
[ 24.181178][ C1] do_syscall_64+0xcb/0x150
[ 24.181185][ C1] entry_SYSCALL_64_after_hwframe+0x44/0xa9
[ 24.181186][ C1]
[ 24.181189][ C1] Freed by task 829:
[ 24.181194][ C1] __kasan_slab_free+0x181/0x230
[ 24.181200][ C1] slab_free_freelist_hook+0xd0/0x150
[ 24.181205][ C1] kmem_cache_free+0xac/0x600
[ 24.181210][ C1] rcu_core+0xbc0/0x1330
[ 24.181215][ C1] __do_softirq+0x2d5/0x725
[ 24.181217][ C1]
[ 24.181222][ C1] The buggy address belongs to the object at ffff8881d3a51770
[ 24.181222][ C1] which belongs to the cache dentry of size 208
[ 24.181230][ C1] The buggy address is located 0 bytes inside of
[ 24.181230][ C1] 208-byte region [ffff8881d3a51770, ffff8881d3a51840)
[ 24.181232][ C1] The buggy address belongs to the page:
[ 24.181239][ C1] page:ffffea00074e9440 refcount:1 mapcount:0 mapping:ffff8881da8ef900 index:0x0
[ 24.181243][ C1] flags: 0x8000000000000200(slab)
[ 24.181252][ C1] raw: 8000000000000200 dead000000000100 dead000000000122 ffff8881da8ef900
[ 24.181261][ C1] raw: 0000000000000000 00000000000f000f 00000001ffffffff 0000000000000000
[ 24.181263][ C1] page dumped because: kasan: bad access detected
[ 24.181265][ C1]
[ 24.181266][ C1] Memory state around the buggy address:
[ 24.181271][ C1] ffff8881d3a51600: fb fb fb fb fc fc fc fc fc fc fc fc 00 00 00 00
[ 24.181276][ C1] ffff8881d3a51680: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 24.181281][ C1] >ffff8881d3a51700: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fb fb
[ 24.181284][ C1] ^
[ 24.181290][ C1] ffff8881d3a51780: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 24.181295][ C1] ffff8881d3a51800: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[ 24.181297][ C1] ==================================================================
[ 24.181301][ C1] ==================================================================
[ 24.181308][ C1] BUG: KASAN: double-free or invalid-free in kfree+0x12b/0x600
[ 24.181309][ C1]
[ 24.181318][ C1] CPU: 1 PID: 16 Comm: ksoftirqd/1 Tainted: G B 5.4.61-syzkaller-00823-g34364883b1f7 #0
[ 24.181321][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 24.181323][ C1] Call Trace:
[ 24.181332][ C1] dump_stack+0x14a/0x1ce
[ 24.181340][ C1] ? show_regs_print_info+0x12/0x12
[ 24.181347][ C1] ? printk+0xd2/0x114
[ 24.181354][ C1] ? kfree+0x12b/0x600
[ 24.181360][ C1] ? kfree+0x12b/0x600
[ 24.181366][ C1] print_address_description+0x93/0x620
[ 24.181373][ C1] ? devkmsg_release+0x11c/0x11c
[ 24.181380][ C1] ? kfree+0x12b/0x600
[ 24.181385][ C1] ? kfree+0x12b/0x600
[ 24.181391][ C1] ? kfree+0x12b/0x600
[ 24.181398][ C1] kasan_report_invalid_free+0x54/0xc0
[ 24.181405][ C1] __kasan_slab_free+0x102/0x230
[ 24.181412][ C1] ? check_preempt_wakeup+0x797/0xd60
[ 24.181420][ C1] ? ttwu_do_wakeup+0x154/0x5b0
[ 24.181427][ C1] ? _raw_spin_unlock+0x5/0x20
[ 24.181434][ C1] ? ttwu_queue+0x2f9/0x480
[ 24.181442][ C1] ? psi_ttwu_dequeue+0x320/0x320
[ 24.181450][ C1] ? try_to_wake_up+0xbf8/0xd90
[ 24.181457][ C1] ? _raw_spin_lock_irqsave+0xfc/0x1e0
[ 24.181465][ C1] slab_free_freelist_hook+0xd0/0x150
[ 24.181473][ C1] ? rcu_core+0xb64/0x1330
[ 24.181490][ C1] kfree+0x12b/0x600
[ 24.181499][ C1] rcu_core+0xb64/0x1330
[ 24.181508][ C1] ? rebalance_domains+0x703/0x800
[ 24.181515][ C1] ? rcu_cpu_kthread_park+0x70/0x70
[ 24.181523][ C1] ? kick_ilb+0x1e0/0x1e0
[ 24.181530][ C1] ? _raw_spin_unlock_irq+0x5/0x20
[ 24.181537][ C1] ? run_rebalance_domains+0x16b/0x240
[ 24.181544][ C1] __do_softirq+0x2d5/0x725
[ 24.181553][ C1] ? __irqentry_text_end+0x1fc47b/0x1fc47b
[ 24.181561][ C1] ? ksoftirqd_should_run+0x10/0x10
[ 24.181567][ C1] run_ksoftirqd+0x13/0x20
[ 24.181575][ C1] smpboot_thread_fn+0x502/0x890
[ 24.181584][ C1] ? cpu_report_death+0x110/0x110
[ 24.181591][ C1] ? schedule+0x13b/0x1d0
[ 24.181599][ C1] ? __kthread_parkme+0x176/0x1b0
[ 24.181606][ C1] kthread+0x317/0x340
[ 24.181613][ C1] ? cpu_report_death+0x110/0x110
[ 24.181620][ C1] ? kthread_destroy_worker+0x280/0x280
[ 24.181627][ C1] ret_from_fork+0x1f/0x30
[ 24.181631][ C1]
[ 24.181635][ C1] Allocated by task 144:
[ 24.181640][ C1] __kasan_kmalloc+0x12c/0x1c0
[ 24.181646][ C1] kmem_cache_alloc+0x1d5/0x260
[ 24.181651][ C1] __alloc_file+0x26/0x390
[ 24.181657][ C1] alloc_empty_file+0xa9/0x1b0
[ 24.181662][ C1] path_openat+0x11e/0x3d10
[ 24.181667][ C1] do_filp_open+0x20d/0x440
[ 24.181672][ C1] do_sys_open+0x387/0x7d0
[ 24.181677][ C1] do_syscall_64+0xcb/0x150
[ 24.181683][ C1] entry_SYSCALL_64_after_hwframe+0x44/0xa9
[ 24.181684][ C1]
[ 24.181686][ C1] Freed by task 829:
[ 24.181691][ C1] __kasan_slab_free+0x181/0x230
[ 24.181697][ C1] slab_free_freelist_hook+0xd0/0x150
[ 24.181702][ C1] kmem_cache_free+0xac/0x600
[ 24.181708][ C1] rcu_core+0xbc0/0x1330
[ 24.181713][ C1] __do_softirq+0x2d5/0x725
[ 24.181714][ C1]
[ 24.181719][ C1] The buggy address belongs to the object at ffff8881cf7c3280
[ 24.181719][ C1] which belongs to the cache filp of size 256
[ 24.181725][ C1] The buggy address is located 0 bytes inside of
[ 24.181725][ C1] 256-byte region [ffff8881cf7c3280, ffff8881cf7c3380)
[ 24.181727][ C1] The buggy address belongs to the page:
[ 24.181732][ C1] page:ffffea00073df0c0 refcount:1 mapcount:0 mapping:ffff8881da8ee780 index:0x0
[ 24.181736][ C1] flags: 0x8000000000000200(slab)
[ 24.181743][ C1] raw: 8000000000000200 ffffea00073a9d80 0000000600000002 ffff8881da8ee780
[ 24.181749][ C1] raw: 0000000000000000 00000000000c000c 00000001ffffffff 0000000000000000
[ 24.181751][ C1] page dumped because: kasan: bad access detected
[ 24.181753][ C1]
[ 24.181754][ C1] Memory state around the buggy address:
[ 24.181759][ C1] ffff8881cf7c3180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 24.181763][ C1] ffff8881cf7c3200: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[ 24.181767][ C1] >ffff8881cf7c3280: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 24.181769][ C1] ^
[ 24.181773][ C1] ffff8881cf7c3300: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 24.181777][ C1] ffff8881cf7c3380: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb
[ 24.181779][ C1] ==================================================================
[ 24.181782][ C1] ==================================================================
[ 24.181788][ C1] BUG: KASAN: double-free or invalid-free in kfree+0x12b/0x600
[ 24.181789][ C1]
[ 24.181796][ C1] CPU: 1 PID: 16 Comm: ksoftirqd/1 Tainted: G B 5.4.61-syzkaller-00823-g34364883b1f7 #0
[ 24.181799][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 24.181802][ C1] Call Trace:
[ 24.181810][ C1] dump_stack+0x14a/0x1ce
[ 24.181818][ C1] ? show_regs_print_info+0x12/0x12
[ 24.181823][ C1] ? printk+0xd2/0x114
[ 24.181830][ C1] ? kfree+0x12b/0x600
[ 24.181835][ C1] ? kfree+0x12b/0x600
[ 24.181841][ C1] print_address_description+0x93/0x620
[ 24.181846][ C1] ? devkmsg_release+0x11c/0x11c
[ 24.181853][ C1] ? kfree+0x12b/0x600
[ 24.181858][ C1] ? kfree+0x12b/0x600
[ 24.181864][ C1] ? kfree+0x12b/0x600
[ 24.181870][ C1] kasan_report_invalid_free+0x54/0xc0
[ 24.181877][ C1] __kasan_slab_free+0x102/0x230
[ 24.181883][ C1] ? check_preempt_wakeup+0x797/0xd60
[ 24.181889][ C1] ? ttwu_do_wakeup+0x154/0x5b0
[ 24.181896][ C1] ? _raw_spin_unlock+0x5/0x20
[ 24.181902][ C1] ? ttwu_queue+0x2f9/0x480
[ 24.181909][ C1] ? psi_ttwu_dequeue+0x320/0x320
[ 24.181917][ C1] ? try_to_wake_up+0xbf8/0xd90
[ 24.181924][ C1] ? _raw_spin_lock_irqsave+0xfc/0x1e0
[ 24.181931][ C1] slab_free_freelist_hook+0xd0/0x150
[ 24.181939][ C1] ? rcu_core+0xb64/0x1330
[ 24.181944][ C1] kfree+0x12b/0x600
[ 24.181952][ C1] rcu_core+0xb64/0x1330
[ 24.181961][ C1] ? rebalance_domains+0x703/0x800
[ 24.181969][ C1] ? rcu_cpu_kthread_park+0x70/0x70
[ 24.181975][ C1] ? kick_ilb+0x1e0/0x1e0
[ 24.181981][ C1] ? _raw_spin_unlock_irq+0x5/0x20
[ 24.181996][ C1] ? run_rebalance_domains+0x16b/0x240
[ 24.182003][ C1] __do_softirq+0x2d5/0x725
[ 24.182012][ C1] ? __irqentry_text_end+0x1fc47b/0x1fc47b
[ 24.182018][ C1] ? ksoftirqd_should_run+0x10/0x10
[ 24.182025][ C1] run_ksoftirqd+0x13/0x20
[ 24.182032][ C1] smpboot_thread_fn+0x502/0x890
[ 24.182041][ C1] ? cpu_report_death+0x110/0x110
[ 24.182048][ C1] ? schedule+0x13b/0x1d0
[ 24.182055][ C1] ? __kthread_parkme+0x176/0x1b0
[ 24.182062][ C1] kthread+0x317/0x340
[ 24.182069][ C1] ? cpu_report_death+0x110/0x110
[ 24.182075][ C1] ? kthread_destroy_worker+0x280/0x280
[ 24.182081][ C1] ret_from_fork+0x1f/0x30
[ 24.182084][ C1]
[ 24.182088][ C1] Allocated by task 144:
[ 24.182094][ C1] __kasan_kmalloc+0x12c/0x1c0
[ 24.182100][ C1] kmem_cache_alloc+0x1d5/0x260
[ 24.182106][ C1] __d_alloc+0x2a/0x6b0
[ 24.182112][ C1] d_alloc_parallel+0xf3/0x1440
[ 24.182117][ C1] __lookup_slow+0x169/0x490
[ 24.182122][ C1] walk_component+0x3ee/0x970
[ 24.182127][ C1] path_lookupat+0x211/0xa60
[ 24.182133][ C1] filename_lookup+0x254/0x6e0
[ 24.182139][ C1] do_faccessat+0x306/0x800
[ 24.182144][ C1] do_syscall_64+0xcb/0x150
[ 24.182151][ C1] entry_SYSCALL_64_after_hwframe+0x44/0xa9
[ 24.182152][ C1]
[ 24.182155][ C1] Freed by task 829:
[ 24.182161][ C1] __kasan_slab_free+0x181/0x230
[ 24.182168][ C1] slab_free_freelist_hook+0xd0/0x150
[ 24.182174][ C1] kmem_cache_free+0xac/0x600
[ 24.182180][ C1] rcu_core+0xbc0/0x1330
[ 24.182187][ C1] __do_softirq+0x2d5/0x725
[ 24.182188][ C1]
[ 24.182194][ C1] The buggy address belongs to the object at ffff8881d3a51dd0
[ 24.182194][ C1] which belongs to the cache dentry of size 208
[ 24.182200][ C1] The buggy address is located 0 bytes inside of
[ 24.182200][ C1] 208-byte region [ffff8881d3a51dd0, ffff8881d3a51ea0)
[ 24.182203][ C1] The buggy address belongs to the page:
[ 24.182210][ C1] page:ffffea00074e9440 refcount:1 mapcount:0 mapping:ffff8881da8ef900 index:0x0
[ 24.182214][ C1] flags: 0x8000000000000200(slab)
[ 24.182223][ C1] raw: 8000000000000200 dead000000000100 dead000000000122 ffff8881da8ef900
[ 24.182231][ C1] raw: 0000000000000000 00000000000f000f 00000001ffffffff 0000000000000000
[ 24.182235][ C1] page dumped because: kasan: bad access detected
[ 24.182236][ C1]
[ 24.182238][ C1] Memory state around the buggy address:
[ 24.182243][ C1] ffff8881d3a51c80: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb
[ 24.182249][ C1] ffff8881d3a51d00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 24.182254][ C1] >ffff8881d3a51d80: fb fb fc fc fc fc fc fc fc fc fb fb fb fb fb fb
[ 24.182257][ C1] ^
[ 24.182262][ C1] ffff8881d3a51e00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 24.182266][ C1] ffff8881d3a51e80: fb fb fb fb fc fc fc fc fc fc fc fc fb fb fb fb
[ 24.182269][ C1] ==================================================================
[ 24.182272][ C1] ==================================================================
[ 24.182279][ C1] BUG: KASAN: double-free or invalid-free in kfree+0x12b/0x600
[ 24.182280][ C1]
[ 24.182287][ C1] CPU: 1 PID: 16 Comm: ksoftirqd/1 Tainted: G B 5.4.61-syzkaller-00823-g34364883b1f7 #0
[ 24.182290][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 24.182292][ C1] Call Trace:
[ 24.182300][ C1] dump_stack+0x14a/0x1ce
[ 24.182308][ C1] ? show_regs_print_info+0x12/0x12
[ 24.182313][ C1] ? printk+0xd2/0x114
[ 24.182319][ C1] ? kfree+0x12b/0x600
[ 24.182324][ C1] ? kfree+0x12b/0x600
[ 24.182330][ C1] print_address_description+0x93/0x620
[ 24.182336][ C1] ? devkmsg_release+0x11c/0x11c
[ 24.182342][ C1] ? kfree+0x12b/0x600
[ 24.182348][ C1] ? kfree+0x12b/0x600
[ 24.182354][ C1] ? kfree+0x12b/0x600
[ 24.182360][ C1] kasan_report_invalid_free+0x54/0xc0
[ 24.182367][ C1] __kasan_slab_free+0x102/0x230
[ 24.182372][ C1] ? check_preempt_wakeup+0x797/0xd60
[ 24.182379][ C1] ? ttwu_do_wakeup+0x154/0x5b0
[ 24.182386][ C1] ? _raw_spin_unlock+0x5/0x20
[ 24.182391][ C1] ? ttwu_queue+0x2f9/0x480
[ 24.182399][ C1] ? psi_ttwu_dequeue+0x320/0x320
[ 24.182406][ C1] ? try_to_wake_up+0xbf8/0xd90
[ 24.182413][ C1] ? _raw_spin_lock_irqsave+0xfc/0x1e0
[ 24.182420][ C1] slab_free_freelist_hook+0xd0/0x150
[ 24.182427][ C1] ? rcu_core+0xb64/0x1330
[ 24.182432][ C1] kfree+0x12b/0x600
[ 24.182441][ C1] rcu_core+0xb64/0x1330
[ 24.182448][ C1] ? rebalance_domains+0x703/0x800
[ 24.182456][ C1] ? rcu_cpu_kthread_park+0x70/0x70
[ 24.182463][ C1] ? kick_ilb+0x1e0/0x1e0
[ 24.182470][ C1] ? _raw_spin_unlock_irq+0x5/0x20
[ 24.182485][ C1] ? run_rebalance_domains+0x16b/0x240
[ 24.182500][ C1] __do_softirq+0x2d5/0x725
[ 24.182509][ C1] ? __irqentry_text_end+0x1fc47b/0x1fc47b
[ 24.182517][ C1] ? ksoftirqd_should_run+0x10/0x10
[ 24.182523][ C1] run_ksoftirqd+0x13/0x20
[ 24.182530][ C1] smpboot_thread_fn+0x502/0x890
[ 24.182539][ C1] ? cpu_report_death+0x110/0x110
[ 24.182546][ C1] ? schedule+0x13b/0x1d0
[ 24.182553][ C1] ? __kthread_parkme+0x176/0x1b0
[ 24.182560][ C1] kthread+0x317/0x340
[ 24.182567][ C1] ? cpu_report_death+0x110/0x110
[ 24.182574][ C1] ? kthread_destroy_worker+0x280/0x280
[ 24.182581][ C1] ret_from_fork+0x1f/0x30
[ 24.182585][ C1]
[ 24.182589][ C1] Allocated by task 144:
[ 24.182595][ C1] __kasan_kmalloc+0x12c/0x1c0
[ 24.182602][ C1] kmem_cache_alloc+0x1d5/0x260
[ 24.182607][ C1] __alloc_file+0x26/0x390
[ 24.182613][ C1] alloc_empty_file+0xa9/0x1b0
[ 24.182619][ C1] path_openat+0x11e/0x3d10
[ 24.182624][ C1] do_filp_open+0x20d/0x440
[ 24.182631][ C1] do_sys_open+0x387/0x7d0
[ 24.182637][ C1] do_syscall_64+0xcb/0x150
[ 24.182643][ C1] entry_SYSCALL_64_after_hwframe+0x44/0xa9
[ 24.182644][ C1]
[ 24.182648][ C1] Freed by task 829:
[ 24.182654][ C1] __kasan_slab_free+0x181/0x230
[ 24.182660][ C1] slab_free_freelist_hook+0xd0/0x150
[ 24.182666][ C1] kmem_cache_free+0xac/0x600
[ 24.182672][ C1] rcu_core+0xbc0/0x1330
[ 24.182680][ C1] __do_softirq+0x2d5/0x725
[ 24.182681][ C1]
[ 24.182687][ C1] The buggy address belongs to the object at ffff8881cf7c3b40
[ 24.182687][ C1] which belongs to the cache filp of size 256
[ 24.182694][ C1] The buggy address is located 0 bytes inside of
[ 24.182694][ C1] 256-byte region [ffff8881cf7c3b40, ffff8881cf7c3c40)
[ 24.182702][ C1] The buggy address belongs to the page:
[ 24.182709][ C1] page:ffffea00073df0c0 refcount:1 mapcount:0 mapping:ffff8881da8ee780 index:0x0
[ 24.182713][ C1] flags: 0x8000000000000200(slab)
[ 24.182721][ C1] raw: 8000000000000200 ffffea00073a9d80 0000000600000002 ffff8881da8ee780
[ 24.182728][ C1] raw: 0000000000000000 00000000000c000c 00000001ffffffff 0000000000000000
[ 24.182730][ C1] page dumped because: kasan: bad access detected
[ 24.182731][ C1]
[ 24.182733][ C1] Memory state around the buggy address:
[ 24.182737][ C1] ffff8881cf7c3a00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 24.182742][ C1] ffff8881cf7c3a80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 24.182746][ C1] >ffff8881cf7c3b00: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb
[ 24.182749][ C1] ^
[ 24.182753][ C1] ffff8881cf7c3b80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 24.182757][ C1] ffff8881cf7c3c00: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[ 24.182759][ C1] ==================================================================
[ 24.182768][ C1] ==================================================================
[ 24.182775][ C1] BUG: KASAN: double-free or invalid-free in kfree+0x12b/0x600
[ 24.182776][ C1]
[ 24.182783][ C1] CPU: 1 PID: 16 Comm: ksoftirqd/1 Tainted: G B 5.4.61-syzkaller-00823-g34364883b1f7 #0
[ 24.182786][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 24.182788][ C1] Call Trace:
[ 24.182796][ C1] dump_stack+0x14a/0x1ce
[ 24.182803][ C1] ? show_regs_print_info+0x12/0x12
[ 24.182809][ C1] ? printk+0xd2/0x114
[ 24.182815][ C1] ? kfree+0x12b/0x600
[ 24.182820][ C1] ? kfree+0x12b/0x600
[ 24.182825][ C1] print_address_description+0x93/0x620
[ 24.182830][ C1] ? devkmsg_release+0x11c/0x11c
[ 24.182837][ C1] ? kfree+0x12b/0x600
[ 24.182842][ C1] ? kfree+0x12b/0x600
[ 24.182848][ C1] ? kfree+0x12b/0x600
[ 24.182853][ C1] kasan_report_invalid_free+0x54/0xc0
[ 24.182859][ C1] __kasan_slab_free+0x102/0x230
[ 24.182865][ C1] ? check_preempt_wakeup+0x797/0xd60
[ 24.182873][ C1] ? ttwu_do_wakeup+0x154/0x5b0
[ 24.182880][ C1] ? _raw_spin_unlock+0x5/0x20
[ 24.182886][ C1] ? ttwu_queue+0x2f9/0x480
[ 24.182894][ C1] ? psi_ttwu_dequeue+0x320/0x320
[ 24.182901][ C1] ? rcu_accelerate_cbs+0x49/0x340
[ 24.182910][ C1] ? __note_gp_changes+0xe9/0x560
[ 24.182918][ C1] slab_free_freelist_hook+0xd0/0x150
[ 24.182925][ C1] ? rcu_core+0xb64/0x1330
[ 24.182932][ C1] kfree+0x12b/0x600
[ 24.182941][ C1] rcu_core+0xb64/0x1330
[ 24.182950][ C1] ? rebalance_domains+0x703/0x800
[ 24.182957][ C1] ? rcu_cpu_kthread_park+0x70/0x70
[ 24.182965][ C1] ? kick_ilb+0x1e0/0x1e0
[ 24.182973][ C1] ? rcu_rnp_online_cpus+0x30/0x30
[ 24.182979][ C1] ? _raw_spin_unlock_irq+0x5/0x20
[ 24.182985][ C1] ? run_rebalance_domains+0x16b/0x240
[ 24.182993][ C1] __do_softirq+0x2d5/0x725
[ 24.183002][ C1] ? __irqentry_text_end+0x1fc47b/0x1fc47b
[ 24.183009][ C1] ? ksoftirqd_should_run+0x10/0x10
[ 24.183016][ C1] run_ksoftirqd+0x13/0x20
[ 24.183023][ C1] smpboot_thread_fn+0x502/0x890
[ 24.183032][ C1] ? cpu_report_death+0x110/0x110
[ 24.183038][ C1] ? schedule+0x13b/0x1d0
[ 24.183046][ C1] ? __kthread_parkme+0x176/0x1b0
[ 24.183053][ C1] kthread+0x317/0x340
[ 24.183060][ C1] ? cpu_report_death+0x110/0x110
[ 24.183074][ C1] ? kthread_destroy_worker+0x280/0x280
[ 24.183080][ C1] ret_from_fork+0x1f/0x30
[ 24.183084][ C1]
[ 24.183088][ C1] Allocated by task 144:
[ 24.183094][ C1] __kasan_kmalloc+0x12c/0x1c0
[ 24.183100][ C1] kmem_cache_alloc+0x1d5/0x260
[ 24.183106][ C1] __alloc_file+0x26/0x390
[ 24.183112][ C1] alloc_empty_file+0xa9/0x1b0
[ 24.183117][ C1] path_openat+0x11e/0x3d10
[ 24.183123][ C1] do_filp_open+0x20d/0x440
[ 24.183129][ C1] do_sys_open+0x387/0x7d0
[ 24.183134][ C1] do_syscall_64+0xcb/0x150
[ 24.183141][ C1] entry_SYSCALL_64_after_hwframe+0x44/0xa9
[ 24.183142][ C1]
[ 24.183145][ C1] Freed by task 829:
[ 24.183151][ C1] __kasan_slab_free+0x181/0x230
[ 24.183158][ C1] slab_free_freelist_hook+0xd0/0x150
[ 24.183164][ C1] kmem_cache_free+0xac/0x600
[ 24.183170][ C1] rcu_core+0xbc0/0x1330
[ 24.183177][ C1] __do_softirq+0x2d5/0x725
[ 24.183178][ C1]
[ 24.183184][ C1] The buggy address belongs to the object at ffff8881cf7aadc0
[ 24.183184][ C1] which belongs to the cache filp of size 256
[ 24.183191][ C1] The buggy address is located 0 bytes inside of
[ 24.183191][ C1] 256-byte region [ffff8881cf7aadc0, ffff8881cf7aaec0)
[ 24.183193][ C1] The buggy address belongs to the page:
[ 24.183200][ C1] page:ffffea00073dea80 refcount:1 mapcount:0 mapping:ffff8881da8ee780 index:0x0
[ 24.183204][ C1] flags: 0x8000000000000200(slab)
[ 24.183214][ C1] raw: 8000000000000200 dead000000000100 dead000000000122 ffff8881da8ee780
[ 24.183222][ C1] raw: 0000000000000000 00000000000c000c 00000001ffffffff 0000000000000000
[ 24.183225][ C1] page dumped because: kasan: bad access detected
[ 24.183226][ C1]
[ 24.183228][ C1] Memory state around the buggy address:
[ 24.183233][ C1] ffff8881cf7aac80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 24.183238][ C1] ffff8881cf7aad00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 24.183244][ C1] >ffff8881cf7aad80: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb
[ 24.183247][ C1] ^
[ 24.183252][ C1] ffff8881cf7aae00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 24.183262][ C1] ffff8881cf7aae80: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[ 24.183265][ C1] ==================================================================
[ 24.183268][ C1] ==================================================================
[ 24.183276][ C1] BUG: KASAN: double-free or invalid-free in kfree+0x12b/0x600
[ 24.183277][ C1]
[ 24.183285][ C1] CPU: 1 PID: 16 Comm: ksoftirqd/1 Tainted: G B 5.4.61-syzkaller-00823-g34364883b1f7 #0
[ 24.183288][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 24.183290][ C1] Call Trace:
[ 24.183299][ C1] dump_stack+0x14a/0x1ce
[ 24.183307][ C1] ? show_regs_print_info+0x12/0x12
[ 24.183314][ C1] ? printk+0xd2/0x114
[ 24.183321][ C1] ? kfree+0x12b/0x600
[ 24.183327][ C1] ? kfree+0x12b/0x600
[ 24.183334][ C1] print_address_description+0x93/0x620
[ 24.183340][ C1] ? devkmsg_release+0x11c/0x11c
[ 24.183348][ C1] ? kfree+0x12b/0x600
[ 24.183354][ C1] ? kfree+0x12b/0x600
[ 24.183361][ C1] ? kfree+0x12b/0x600
[ 24.183368][ C1] kasan_report_invalid_free+0x54/0xc0
[ 24.183374][ C1] __kasan_slab_free+0x102/0x230
[ 24.183381][ C1] ? check_preempt_wakeup+0x797/0xd60
[ 24.183389][ C1] ? ttwu_do_wakeup+0x154/0x5b0
[ 24.183397][ C1] ? _raw_spin_unlock+0x5/0x20
[ 24.183403][ C1] ? ttwu_queue+0x2f9/0x480
[ 24.183412][ C1] ? psi_ttwu_dequeue+0x320/0x320
[ 24.183419][ C1] ? rcu_accelerate_cbs+0x49/0x340
[ 24.183427][ C1] ? __note_gp_changes+0xe9/0x560
[ 24.183434][ C1] slab_free_freelist_hook+0xd0/0x150
[ 24.183442][ C1] ? rcu_core+0xb64/0x1330
[ 24.183448][ C1] kfree+0x12b/0x600
[ 24.183456][ C1] rcu_core+0xb64/0x1330
[ 24.183465][ C1] ? rebalance_domains+0x703/0x800
[ 24.183472][ C1] ? rcu_cpu_kthread_park+0x70/0x70
[ 24.183489][ C1] ? kick_ilb+0x1e0/0x1e0
[ 24.183496][ C1] ? rcu_rnp_online_cpus+0x30/0x30
[ 24.183509][ C1] ? _raw_spin_unlock_irq+0x5/0x20
[ 24.183516][ C1] ? run_rebalance_domains+0x16b/0x240
[ 24.183523][ C1] __do_softirq+0x2d5/0x725
[ 24.183532][ C1] ? __irqentry_text_end+0x1fc47b/0x1fc47b
[ 24.183539][ C1] ? ksoftirqd_should_run+0x10/0x10
[ 24.183546][ C1] run_ksoftirqd+0x13/0x20
[ 24.183553][ C1] smpboot_thread_fn+0x502/0x890
[ 24.183563][ C1] ? cpu_report_death+0x110/0x110
[ 24.183570][ C1] ? schedule+0x13b/0x1d0
[ 24.183577][ C1] ? __kthread_parkme+0x176/0x1b0
[ 24.183584][ C1] kthread+0x317/0x340
[ 24.183591][ C1] ? cpu_report_death+0x110/0x110
[ 24.183598][ C1] ? kthread_destroy_worker+0x280/0x280
[ 24.183604][ C1] ret_from_fork+0x1f/0x30
[ 24.183609][ C1]
[ 24.183612][ C1] Allocated by task 144:
[ 24.183619][ C1] __kasan_kmalloc+0x12c/0x1c0
[ 24.183625][ C1] kmem_cache_alloc+0x1d5/0x260
[ 24.183631][ C1] __alloc_file+0x26/0x390
[ 24.183637][ C1] alloc_empty_file+0xa9/0x1b0
[ 24.183642][ C1] path_openat+0x11e/0x3d10
[ 24.183648][ C1] do_filp_open+0x20d/0x440
[ 24.183654][ C1] do_sys_open+0x387/0x7d0
[ 24.183660][ C1] do_syscall_64+0xcb/0x150
[ 24.183666][ C1] entry_SYSCALL_64_after_hwframe+0x44/0xa9
[ 24.183667][ C1]
[ 24.183671][ C1] Freed by task 829:
[ 24.183676][ C1] __kasan_slab_free+0x181/0x230
[ 24.183683][ C1] slab_free_freelist_hook+0xd0/0x150
[ 24.183690][ C1] kmem_cache_free+0xac/0x600
[ 24.183696][ C1] rcu_core+0xbc0/0x1330
[ 24.183708][ C1] __do_softirq+0x2d5/0x725
[ 24.183710][ C1]
[ 24.183716][ C1] The buggy address belongs to the object at ffff8881cf7aa780
[ 24.183716][ C1] which belongs to the cache filp of size 256
[ 24.183722][ C1] The buggy address is located 0 bytes inside of
[ 24.183722][ C1] 256-byte region [ffff8881cf7aa780, ffff8881cf7aa880)
[ 24.183725][ C1] The buggy address belongs to the page:
[ 24.183731][ C1] page:ffffea00073dea80 refcount:1 mapcount:0 mapping:ffff8881da8ee780 index:0x0
[ 24.183736][ C1] flags: 0x8000000000000200(slab)
[ 24.183745][ C1] raw: 8000000000000200 dead000000000100 dead000000000122 ffff8881da8ee780
[ 24.183754][ C1] raw: 0000000000000000 00000000000c000c 00000001ffffffff 0000000000000000
[ 24.183756][ C1] page dumped because: kasan: bad access detected
[ 24.183758][ C1]
[ 24.183760][ C1] Memory state around the buggy address:
[ 24.183765][ C1] ffff8881cf7aa680: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 24.183770][ C1] ffff8881cf7aa700: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[ 24.183775][ C1] >ffff8881cf7aa780: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 24.183777][ C1] ^
[ 24.183783][ C1] ffff8881cf7aa800: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 24.183788][ C1] ffff8881cf7aa880: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb
[ 24.183791][ C1] ==================================================================
[ 24.183794][ C1] ==================================================================
[ 24.183801][ C1] BUG: KASAN: double-free or invalid-free in kfree+0x12b/0x600
[ 24.183802][ C1]
[ 24.183811][ C1] CPU: 1 PID: 16 Comm: ksoftirqd/1 Tainted: G B 5.4.61-syzkaller-00823-g34364883b1f7 #0
[ 24.183814][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 24.183816][ C1] Call Trace:
[ 24.183825][ C1] dump_stack+0x14a/0x1ce
[ 24.183834][ C1] ? show_regs_print_info+0x12/0x12
[ 24.183840][ C1] ? printk+0xd2/0x114
[ 24.183847][ C1] ? kfree+0x12b/0x600
[ 24.183854][ C1] ? kfree+0x12b/0x600
[ 24.183860][ C1] print_address_description+0x93/0x620
[ 24.183866][ C1] ? devkmsg_release+0x11c/0x11c
[ 24.183874][ C1] ? kfree+0x12b/0x600
[ 24.183881][ C1] ? kfree+0x12b/0x600
[ 24.183887][ C1] ? kfree+0x12b/0x600
[ 24.183900][ C1] kasan_report_invalid_free+0x54/0xc0
[ 24.183907][ C1] __kasan_slab_free+0x102/0x230
[ 24.183914][ C1] ? check_preempt_wakeup+0x797/0xd60
[ 24.183922][ C1] ? ttwu_do_wakeup+0x154/0x5b0
[ 24.183929][ C1] ? _raw_spin_unlock+0x5/0x20
[ 24.183936][ C1] ? ttwu_queue+0x2f9/0x480
[ 24.183943][ C1] ? psi_ttwu_dequeue+0x320/0x320
[ 24.183951][ C1] ? rcu_accelerate_cbs+0x49/0x340
[ 24.183959][ C1] ? __note_gp_changes+0xe9/0x560
[ 24.183968][ C1] slab_free_freelist_hook+0xd0/0x150
[ 24.183976][ C1] ? rcu_core+0xb64/0x1330
[ 24.183981][ C1] kfree+0x12b/0x600
[ 24.183990][ C1] rcu_core+0xb64/0x1330
[ 24.183999][ C1] ? rebalance_domains+0x703/0x800
[ 24.184006][ C1] ? rcu_cpu_kthread_park+0x70/0x70
[ 24.184014][ C1] ? kick_ilb+0x1e0/0x1e0
[ 24.184022][ C1] ? rcu_rnp_online_cpus+0x30/0x30
[ 24.184028][ C1] ? _raw_spin_unlock_irq+0x5/0x20
[ 24.184036][ C1] ? run_rebalance_domains+0x16b/0x240
[ 24.184043][ C1] __do_softirq+0x2d5/0x725
[ 24.184053][ C1] ? __irqentry_text_end+0x1fc47b/0x1fc47b
[ 24.184060][ C1] ? ksoftirqd_should_run+0x10/0x10
[ 24.184066][ C1] run_ksoftirqd+0x13/0x20
[ 24.184074][ C1] smpboot_thread_fn+0x502/0x890
[ 24.184083][ C1] ? cpu_report_death+0x110/0x110
[ 24.184090][ C1] ? schedule+0x13b/0x1d0
[ 24.184103][ C1] ? __kthread_parkme+0x176/0x1b0
[ 24.184110][ C1] kthread+0x317/0x340
[ 24.184117][ C1] ? cpu_report_death+0x110/0x110
[ 24.184124][ C1] ? kthread_destroy_worker+0x280/0x280
[ 24.184131][ C1] ret_from_fork+0x1f/0x30
[ 24.184135][ C1]
[ 24.184138][ C1] Allocated by task 144:
[ 24.184144][ C1] __kasan_kmalloc+0x12c/0x1c0
[ 24.184151][ C1] kmem_cache_alloc+0x1d5/0x260
[ 24.184157][ C1] __d_alloc+0x2a/0x6b0
[ 24.184164][ C1] d_alloc_parallel+0xf3/0x1440
[ 24.184170][ C1] __lookup_slow+0x169/0x490
[ 24.184176][ C1] walk_component+0x3ee/0x970
[ 24.184181][ C1] path_lookupat+0x211/0xa60
[ 24.184187][ C1] filename_lookup+0x254/0x6e0
[ 24.184192][ C1] do_faccessat+0x306/0x800
[ 24.184198][ C1] do_syscall_64+0xcb/0x150
[ 24.184205][ C1] entry_SYSCALL_64_after_hwframe+0x44/0xa9
[ 24.184206][ C1]
[ 24.184210][ C1] Freed by task 829:
[ 24.184216][ C1] __kasan_slab_free+0x181/0x230
[ 24.184223][ C1] slab_free_freelist_hook+0xd0/0x150
[ 24.184229][ C1] kmem_cache_free+0xac/0x600
[ 24.184235][ C1] rcu_core+0xbc0/0x1330
[ 24.184242][ C1] __do_softirq+0x2d5/0x725
[ 24.184243][ C1]
[ 24.184249][ C1] The buggy address belongs to the object at ffff8881d3a51bb0
[ 24.184249][ C1] which belongs to the cache dentry of size 208
[ 24.184255][ C1] The buggy address is located 0 bytes inside of
[ 24.184255][ C1] 208-byte region [ffff8881d3a51bb0, ffff8881d3a51c80)
[ 24.184257][ C1] The buggy address belongs to the page:
[ 24.184263][ C1] page:ffffea00074e9440 refcount:1 mapcount:0 mapping:ffff8881da8ef900 index:0x0
[ 24.184267][ C1] flags: 0x8000000000000200(slab)
[ 24.184276][ C1] raw: 8000000000000200 dead000000000100 dead000000000122 ffff8881da8ef900
[ 24.184285][ C1] raw: 0000000000000000 00000000000f000f 00000001ffffffff 0000000000000000
[ 24.184287][ C1] page dumped because: kasan: bad access detected
[ 24.184289][ C1]
[ 24.184291][ C1] Memory state around the buggy address:
[ 24.184303][ C1] ffff8881d3a51a80: fc fc fc fc fb fb fb fb fb fb fb fb fb fb fb fb
[ 24.184308][ C1] ffff8881d3a51b00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fc fc
[ 24.184313][ C1] >ffff8881d3a51b80: fc fc fc fc fc fc fb fb fb fb fb fb fb fb fb fb
[ 24.184315][ C1] ^
[ 24.184320][ C1] ffff8881d3a51c00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 24.184325][ C1] ffff8881d3a51c80: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb
[ 24.184328][ C1] ==================================================================
[ 24.184331][ C1] ==================================================================
[ 24.184339][ C1] BUG: KASAN: double-free or invalid-free in kfree+0x12b/0x600
[ 24.184340][ C1]
[ 24.184348][ C1] CPU: 1 PID: 16 Comm: ksoftirqd/1 Tainted: G B 5.4.61-syzkaller-00823-g34364883b1f7 #0
[ 24.184351][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 24.184354][ C1] Call Trace:
[ 24.184362][ C1] dump_stack+0x14a/0x1ce
[ 24.184371][ C1] ? show_regs_print_info+0x12/0x12
[ 24.184377][ C1] ? printk+0xd2/0x114
[ 24.184384][ C1] ? kfree+0x12b/0x600
[ 24.184391][ C1] ? kfree+0x12b/0x600
[ 24.184397][ C1] print_address_description+0x93/0x620
[ 24.184403][ C1] ? devkmsg_release+0x11c/0x11c
[ 24.184412][ C1] ? kfree+0x12b/0x600
[ 24.184418][ C1] ? kfree+0x12b/0x600
[ 24.184424][ C1] ? kfree+0x12b/0x600
[ 24.184431][ C1] kasan_report_invalid_free+0x54/0xc0
[ 24.184438][ C1] __kasan_slab_free+0x102/0x230
[ 24.184445][ C1] ? check_preempt_wakeup+0x797/0xd60
[ 24.184453][ C1] ? ttwu_do_wakeup+0x154/0x5b0
[ 24.184460][ C1] ? _raw_spin_unlock+0x5/0x20
[ 24.184466][ C1] ? ttwu_queue+0x2f9/0x480
[ 24.184475][ C1] ? psi_ttwu_dequeue+0x320/0x320
[ 24.184496][ C1] ? rcu_accelerate_cbs+0x49/0x340
[ 24.184505][ C1] ? __note_gp_changes+0xe9/0x560
[ 24.184512][ C1] slab_free_freelist_hook+0xd0/0x150
[ 24.184519][ C1] ? rcu_core+0xb64/0x1330
[ 24.184525][ C1] kfree+0x12b/0x600
[ 24.184534][ C1] rcu_core+0xb64/0x1330
[ 24.184542][ C1] ? rebalance_domains+0x703/0x800
[ 24.184550][ C1] ? rcu_cpu_kthread_park+0x70/0x70
[ 24.184557][ C1] ? kick_ilb+0x1e0/0x1e0
[ 24.184564][ C1] ? rcu_rnp_online_cpus+0x30/0x30
[ 24.184571][ C1] ? _raw_spin_unlock_irq+0x5/0x20
[ 24.184578][ C1] ? run_rebalance_domains+0x16b/0x240
[ 24.184586][ C1] __do_softirq+0x2d5/0x725
[ 24.184594][ C1] ? __irqentry_text_end+0x1fc47b/0x1fc47b
[ 24.184602][ C1] ? ksoftirqd_should_run+0x10/0x10
[ 24.184608][ C1] run_ksoftirqd+0x13/0x20
[ 24.184615][ C1] smpboot_thread_fn+0x502/0x890
[ 24.184625][ C1] ? cpu_report_death+0x110/0x110
[ 24.184631][ C1] ? schedule+0x13b/0x1d0
[ 24.184639][ C1] ? __kthread_parkme+0x176/0x1b0
[ 24.184647][ C1] kthread+0x317/0x340
[ 24.184654][ C1] ? cpu_report_death+0x110/0x110
[ 24.184661][ C1] ? kthread_destroy_worker+0x280/0x280
[ 24.184668][ C1] ret_from_fork+0x1f/0x30
[ 24.184672][ C1]
[ 24.184676][ C1] Allocated by task 144:
[ 24.184682][ C1] __kasan_kmalloc+0x12c/0x1c0
[ 24.184688][ C1] kmem_cache_alloc+0x1d5/0x260
[ 24.184694][ C1] __d_alloc+0x2a/0x6b0
[ 24.184700][ C1] d_alloc_parallel+0xf3/0x1440
[ 24.184706][ C1] __lookup_slow+0x169/0x490
[ 24.184712][ C1] walk_component+0x3ee/0x970
[ 24.184718][ C1] path_lookupat+0x211/0xa60
[ 24.184723][ C1] filename_lookup+0x254/0x6e0
[ 24.184735][ C1] do_faccessat+0x306/0x800
[ 24.184741][ C1] do_syscall_64+0xcb/0x150
[ 24.184747][ C1] entry_SYSCALL_64_after_hwframe+0x44/0xa9
[ 24.184749][ C1]
[ 24.184751][ C1] Freed by task 829:
[ 24.184757][ C1] __kasan_slab_free+0x181/0x230
[ 24.184764][ C1] slab_free_freelist_hook+0xd0/0x150
[ 24.184770][ C1] kmem_cache_free+0xac/0x600
[ 24.184777][ C1] rcu_core+0xbc0/0x1330
[ 24.184783][ C1] __do_softirq+0x2d5/0x725
[ 24.184785][ C1]
[ 24.184790][ C1] The buggy address belongs to the object at ffff8881d3a51990
[ 24.184790][ C1] which belongs to the cache dentry of size 208
[ 24.184797][ C1] The buggy address is located 0 bytes inside of
[ 24.184797][ C1] 208-byte region [ffff8881d3a51990, ffff8881d3a51a60)
[ 24.184799][ C1] The buggy address belongs to the page:
[ 24.184806][ C1] page:ffffea00074e9440 refcount:1 mapcount:0 mapping:ffff8881da8ef900 index:0x0
[ 24.184810][ C1] flags: 0x8000000000000200(slab)
[ 24.184820][ C1] raw: 8000000000000200 dead000000000100 dead000000000122 ffff8881da8ef900
[ 24.184828][ C1] raw: 0000000000000000 00000000000f000f 00000001ffffffff 0000000000000000
[ 24.184830][ C1] page dumped because: kasan: bad access detected
[ 24.184832][ C1]
[ 24.184834][ C1] Memory state around the buggy address:
[ 24.184839][ C1] ffff8881d3a51880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 24.184845][ C1] ffff8881d3a51900: fb fb fb fb fb fb fb fb fb fb fc fc fc fc fc fc
[ 24.184850][ C1] >ffff8881d3a51980: fc fc fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 24.184852][ C1] ^
[ 24.184857][ C1] ffff8881d3a51a00: fb fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc
[ 24.184862][ C1] ffff8881d3a51a80: fc fc fc fc fb fb fb fb fb fb fb fb fb fb fb fb
[ 24.184865][ C1] ==================================================================
[ 24.184868][ C1] ==================================================================
[ 24.184876][ C1] BUG: KASAN: double-free or invalid-free in kfree+0x12b/0x600
[ 24.184877][ C1]
[ 24.184885][ C1] CPU: 1 PID: 16 Comm: ksoftirqd/1 Tainted: G B 5.4.61-syzkaller-00823-g34364883b1f7 #0
[ 24.184888][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 24.184890][ C1] Call Trace:
[ 24.184899][ C1] dump_stack+0x14a/0x1ce
[ 24.184908][ C1] ? show_regs_print_info+0x12/0x12
[ 24.184914][ C1] ? printk+0xd2/0x114
[ 24.184927][ C1] ? kfree+0x12b/0x600
[ 24.184933][ C1] ? kfree+0x12b/0x600
[ 24.184940][ C1] print_address_description+0x93/0x620
[ 24.184946][ C1] ? devkmsg_release+0x11c/0x11c
[ 24.184953][ C1] ? kfree+0x12b/0x600
[ 24.184959][ C1] ? kfree+0x12b/0x600
[ 24.184965][ C1] ? kfree+0x12b/0x600
[ 24.184972][ C1] kasan_report_invalid_free+0x54/0xc0
[ 24.184979][ C1] __kasan_slab_free+0x102/0x230