Warning: Permanently added '10.128.0.101' (ED25519) to the list of known hosts. executing program [ 36.378332][ T6166] FAULT_INJECTION: forcing a failure. [ 36.378332][ T6166] name failslab, interval 1, probability 0, space 0, times 1 [ 36.381791][ T6166] CPU: 0 PID: 6166 Comm: syz-executor329 Tainted: G B 6.8.0-rc5-syzkaller-g9abbc24128bc #0 [ 36.384838][ T6166] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 36.387502][ T6166] Call trace: [ 36.388343][ T6166] dump_backtrace+0x1b8/0x1e4 [ 36.389594][ T6166] show_stack+0x2c/0x3c [ 36.390669][ T6166] dump_stack_lvl+0xd0/0x124 [ 36.391894][ T6166] dump_stack+0x1c/0x28 [ 36.393053][ T6166] should_fail_ex+0x3b0/0x50c [ 36.394299][ T6166] __should_failslab+0xc8/0x128 [ 36.395619][ T6166] should_failslab+0x10/0x28 [ 36.396873][ T6166] kmem_cache_alloc_node+0x88/0x4c0 [ 36.398244][ T6166] __alloc_skb+0x19c/0x3d8 [ 36.399439][ T6166] kcm_sendmsg+0x6c4/0x2124 [ 36.400662][ T6166] sock_sendmsg+0x220/0x2c0 [ 36.401873][ T6166] splice_to_socket+0x7cc/0xd58 [ 36.403247][ T6166] direct_splice_actor+0xec/0x1d8 [ 36.404598][ T6166] splice_direct_to_actor+0x438/0xa0c [ 36.406096][ T6166] do_splice_direct+0x1e4/0x304 [ 36.407440][ T6166] do_sendfile+0x460/0xb3c [ 36.408637][ T6166] __arm64_sys_sendfile64+0x160/0x3b4 [ 36.410117][ T6166] invoke_syscall+0x98/0x2b8 [ 36.411384][ T6166] el0_svc_common+0x130/0x23c [ 36.412664][ T6166] do_el0_svc+0x48/0x58 [ 36.413784][ T6166] el0_svc+0x54/0x168 [ 36.414878][ T6166] el0t_64_sync_handler+0x84/0xfc [ 36.416261][ T6166] el0t_64_sync+0x190/0x194 [ 36.453077][ T6167] ================================================================== [ 36.455286][ T6167] BUG: KASAN: slab-use-after-free in kcm_release+0x170/0x4c8 [ 36.457294][ T6167] Read of size 8 at addr ffff0000ced0fc80 by task syz-executor329/6167 [ 36.459410][ T6167] [ 36.460022][ T6167] CPU: 1 PID: 6167 Comm: syz-executor329 Tainted: G B 6.8.0-rc5-syzkaller-g9abbc24128bc #0 [ 36.463142][ T6167] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 36.465804][ T6167] Call trace: [ 36.466685][ T6167] dump_backtrace+0x1b8/0x1e4 [ 36.467960][ T6167] show_stack+0x2c/0x3c [ 36.469076][ T6167] dump_stack_lvl+0xd0/0x124 [ 36.470369][ T6167] print_report+0x178/0x518 [ 36.471609][ T6167] kasan_report+0xd8/0x138 [ 36.472786][ T6167] __asan_report_load8_noabort+0x20/0x2c [ 36.474318][ T6167] kcm_release+0x170/0x4c8 [ 36.475493][ T6167] sock_close+0xa4/0x1e8 [ 36.476604][ T6167] __fput+0x30c/0x738 [ 36.477675][ T6167] ____fput+0x20/0x30 [ 36.478745][ T6167] task_work_run+0x230/0x2e0 [ 36.479929][ T6167] do_exit+0x618/0x1f64 [ 36.481069][ T6167] do_group_exit+0x194/0x22c [ 36.482309][ T6167] get_signal+0x1500/0x15ec [ 36.483486][ T6167] do_signal+0x23c/0x3b44 [ 36.484671][ T6167] do_notify_resume+0x74/0x1f4 [ 36.485967][ T6167] el0_svc+0xac/0x168 [ 36.487037][ T6167] el0t_64_sync_handler+0x84/0xfc [ 36.488375][ T6167] el0t_64_sync+0x190/0x194 [ 36.489597][ T6167] [ 36.490202][ T6167] Allocated by task 6166: [ 36.491414][ T6167] kasan_save_track+0x40/0x78 [ 36.492633][ T6167] kasan_save_alloc_info+0x70/0x84 [ 36.493931][ T6167] __kasan_slab_alloc+0x74/0x8c [ 36.495267][ T6167] kmem_cache_alloc_node+0x204/0x4c0 [ 36.496705][ T6167] __alloc_skb+0x19c/0x3d8 [ 36.497901][ T6167] kcm_sendmsg+0x1d3c/0x2124 [ 36.499130][ T6167] sock_sendmsg+0x220/0x2c0 [ 36.500438][ T6167] splice_to_socket+0x7cc/0xd58 [ 36.501758][ T6167] direct_splice_actor+0xec/0x1d8 [ 36.503098][ T6167] splice_direct_to_actor+0x438/0xa0c [ 36.504519][ T6167] do_splice_direct+0x1e4/0x304 [ 36.505824][ T6167] do_sendfile+0x460/0xb3c [ 36.507056][ T6167] __arm64_sys_sendfile64+0x160/0x3b4 [ 36.508600][ T6167] invoke_syscall+0x98/0x2b8 [ 36.509876][ T6167] el0_svc_common+0x130/0x23c [ 36.511161][ T6167] do_el0_svc+0x48/0x58 [ 36.512319][ T6167] el0_svc+0x54/0x168 [ 36.513406][ T6167] el0t_64_sync_handler+0x84/0xfc [ 36.514732][ T6167] el0t_64_sync+0x190/0x194 [ 36.515962][ T6167] [ 36.516598][ T6167] Freed by task 6167: [ 36.517655][ T6167] kasan_save_track+0x40/0x78 [ 36.518922][ T6167] kasan_save_free_info+0x5c/0x74 [ 36.520297][ T6167] poison_slab_object+0x124/0x18c [ 36.521656][ T6167] __kasan_slab_free+0x3c/0x78 [ 36.523014][ T6167] kmem_cache_free+0x15c/0x3d4 [ 36.524284][ T6167] kfree_skbmem+0x10c/0x19c [ 36.525435][ T6167] kfree_skb_reason+0x240/0x6f4 [ 36.526758][ T6167] kcm_release+0x104/0x4c8 [ 36.527971][ T6167] sock_close+0xa4/0x1e8 [ 36.529184][ T6167] __fput+0x30c/0x738 [ 36.530247][ T6167] ____fput+0x20/0x30 [ 36.531307][ T6167] task_work_run+0x230/0x2e0 [ 36.532554][ T6167] do_exit+0x618/0x1f64 [ 36.533665][ T6167] do_group_exit+0x194/0x22c [ 36.534966][ T6167] get_signal+0x1500/0x15ec [ 36.536195][ T6167] do_signal+0x23c/0x3b44 [ 36.537437][ T6167] do_notify_resume+0x74/0x1f4 [ 36.538725][ T6167] el0_svc+0xac/0x168 [ 36.539794][ T6167] el0t_64_sync_handler+0x84/0xfc [ 36.541144][ T6167] el0t_64_sync+0x190/0x194 [ 36.542345][ T6167] [ 36.542975][ T6167] The buggy address belongs to the object at ffff0000ced0fc80 [ 36.542975][ T6167] which belongs to the cache skbuff_head_cache of size 240 [ 36.547104][ T6167] The buggy address is located 0 bytes inside of [ 36.547104][ T6167] freed 240-byte region [ffff0000ced0fc80, ffff0000ced0fd70) [ 36.550866][ T6167] [ 36.551459][ T6167] The buggy address belongs to the physical page: [ 36.553152][ T6167] page:00000000d35f4ae4 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10ed0f [ 36.555962][ T6167] flags: 0x5ffc00000000800(slab|node=0|zone=2|lastcpupid=0x7ff) [ 36.558006][ T6167] page_type: 0xffffffff() [ 36.559191][ T6167] raw: 05ffc00000000800 ffff0000c1cbf640 fffffdffc3423100 dead000000000004 [ 36.561566][ T6167] raw: 0000000000000000 00000000000c000c 00000001ffffffff 0000000000000000 [ 36.563883][ T6167] page dumped because: kasan: bad access detected [ 36.565700][ T6167] [ 36.566302][ T6167] Memory state around the buggy address: [ 36.567844][ T6167] ffff0000ced0fb80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 36.570011][ T6167] ffff0000ced0fc00: fb fb fb fb fb fb fc fc fc fc fc fc fc fc fc fc [ 36.572178][ T6167] >ffff0000ced0fc80: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 36.574331][ T6167] ^ [ 36.575443][ T6167] ffff0000ced0fd00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fc fc [ 36.577591][ T6167] ffff0000ced0fd80: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb [ 36.579797][ T6167] ================================================================== [ 36.582126][ T6167] Unable to handle kernel paging request at virtual address dfff800000000001 [ 36.584484][ T6167] KASAN: null-ptr-deref in range [0x0000000000000008-0x000000000000000f] [ 36.586770][ T6167] Mem abort info: [ 36.587766][ T6167] ESR = 0x0000000096000005 [ 36.588952][ T6167] EC = 0x25: DABT (current EL), IL = 32 bits [ 36.590690][ T6167] SET = 0, FnV = 0 [ 36.591685][ T6167] EA = 0, S1PTW = 0 [ 36.592790][ T6167] FSC = 0x05: level 1 translation fault [ 36.594327][ T6167] Data abort info: [ 36.595332][ T6167] ISV = 0, ISS = 0x00000005, ISS2 = 0x00000000 [ 36.596957][ T6167] CM = 0, WnR = 0, TnD = 0, TagAccess = 0 [ 36.598532][ T6167] GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0 [ 36.600100][ T6167] [dfff800000000001] address between user and kernel address ranges [ 36.602383][ T6167] Internal error: Oops: 0000000096000005 [#1] PREEMPT SMP [ 36.604292][ T6167] Modules linked in: [ 36.605310][ T6167] CPU: 1 PID: 6167 Comm: syz-executor329 Tainted: G B 6.8.0-rc5-syzkaller-g9abbc24128bc #0 [ 36.608389][ T6167] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 36.611108][ T6167] pstate: 40400005 (nZcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 36.613244][ T6167] pc : kcm_release+0x1a4/0x4c8 [ 36.614508][ T6167] lr : kcm_release+0x1a0/0x4c8 [ 36.615842][ T6167] sp : ffff800097a775e0 [ 36.616999][ T6167] x29: ffff800097a77600 x28: 1fffe0001b4b0051 x27: 1fffe0001b4b0053 [ 36.619158][ T6167] x26: dfff800000000000 x25: 0000000000000008 x24: 02a800ec00001817 [ 36.621340][ T6167] x23: ffff0000ced0fc80 x22: ffff0000da580298 x21: ffff0000da580288 [ 36.623580][ T6167] x20: ffff0000da580000 x19: 0000000000000000 x18: 1fffe00036804796 [ 36.625720][ T6167] x17: ffff80008ec8d000 x16: ffff80008ac97900 x15: ffff600019da1f90 [ 36.627884][ T6167] x14: 1fffe00019da1f90 x13: 00000000000000fa x12: fffffffffffffffe [ 36.630087][ T6167] x11: ffff600019da1f90 x10: 1fffe00019da1f91 x9 : ffff800093475840 [ 36.632267][ T6167] x8 : 0000000000000001 x7 : 0000000000000000 x6 : ffff800080297af0 [ 36.634473][ T6167] x5 : 0000000000000000 x4 : 0000000000000000 x3 : 0000000000000010 [ 36.636692][ T6167] x2 : 0000000000000000 x1 : 0000000000000000 x0 : ffff0000ced0fc80 [ 36.638962][ T6167] Call trace: [ 36.639853][ T6167] kcm_release+0x1a4/0x4c8 [ 36.641022][ T6167] sock_close+0xa4/0x1e8 [ 36.642153][ T6167] __fput+0x30c/0x738 [ 36.643239][ T6167] ____fput+0x20/0x30 [ 36.644309][ T6167] task_work_run+0x230/0x2e0 [ 36.645546][ T6167] do_exit+0x618/0x1f64 [ 36.646688][ T6167] do_group_exit+0x194/0x22c [ 36.647929][ T6167] get_signal+0x1500/0x15ec [ 36.649104][ T6167] do_signal+0x23c/0x3b44 [ 36.650272][ T6167] do_notify_resume+0x74/0x1f4 [ 36.651600][ T6167] el0_svc+0xac/0x168 [ 36.652630][ T6167] el0t_64_sync_handler+0x84/0xfc [ 36.653948][ T6167] el0t_64_sync+0x190/0x194 [ 36.655173][ T6167] Code: f94006f8 91002279 9776b98f d343ff28 (387a6908) [ 36.657044][ T6167] ---[ end trace 0000000000000000 ]--- [ 36.973288][ T6167] Kernel panic - not syncing: Oops: Fatal exception [ 36.975084][ T6167] SMP: stopping secondary CPUs [ 36.976430][ T6167] Kernel Offset: disabled [ 36.977621][ T6167] CPU features: 0x0,00000040,e004004a,21017203 [ 36.979244][ T6167] Memory Limit: none [ 37.297344][ T6167] Rebooting in 86400 seconds..