Warning: Permanently added '10.128.0.233' (ED25519) to the list of known hosts.
2024/02/20 22:18:19 ignoring optional flag "sandboxArg"="0"
2024/02/20 22:18:19 parsed 1 programs
[ 38.703097][ T30] audit: type=1400 audit(1708467499.210:157): avc: denied { mounton } for pid=338 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1
[ 38.727756][ T30] audit: type=1400 audit(1708467499.210:158): avc: denied { mount } for pid=338 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1
2024/02/20 22:18:19 executed programs: 0
[ 38.759974][ T30] audit: type=1400 audit(1708467499.270:159): avc: denied { unlink } for pid=338 comm="syz-executor" name="swap-file" dev="sda1" ino=1929 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[ 38.790945][ T338] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k
[ 38.833536][ T344] bridge0: port 1(bridge_slave_0) entered blocking state
[ 38.840539][ T344] bridge0: port 1(bridge_slave_0) entered disabled state
[ 38.847613][ T344] device bridge_slave_0 entered promiscuous mode
[ 38.854316][ T344] bridge0: port 2(bridge_slave_1) entered blocking state
[ 38.861277][ T344] bridge0: port 2(bridge_slave_1) entered disabled state
[ 38.868322][ T344] device bridge_slave_1 entered promiscuous mode
[ 38.900722][ T30] audit: type=1400 audit(1708467499.410:160): avc: denied { write } for pid=344 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[ 38.921403][ T30] audit: type=1400 audit(1708467499.430:161): avc: denied { read } for pid=344 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[ 38.923238][ T344] bridge0: port 2(bridge_slave_1) entered blocking state
[ 38.948465][ T344] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 38.955598][ T344] bridge0: port 1(bridge_slave_0) entered blocking state
[ 38.962362][ T344] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 38.978395][ T299] bridge0: port 1(bridge_slave_0) entered disabled state
[ 38.985990][ T299] bridge0: port 2(bridge_slave_1) entered disabled state
[ 38.993454][ T299] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[ 39.000718][ T299] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 39.009390][ T59] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 39.017369][ T59] bridge0: port 1(bridge_slave_0) entered blocking state
[ 39.024142][ T59] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 39.039634][ T299] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 39.047538][ T299] bridge0: port 2(bridge_slave_1) entered blocking state
[ 39.054314][ T299] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 39.061591][ T299] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 39.070097][ T299] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 39.079930][ T59] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 39.090418][ T344] device veth0_vlan entered promiscuous mode
[ 39.099115][ T59] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 39.106796][ T59] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[ 39.114221][ T59] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[ 39.121881][ T59] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 39.130814][ T344] device veth1_macvtap entered promiscuous mode
[ 39.139125][ T301] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 39.150015][ T299] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[ 39.161798][ T30] audit: type=1400 audit(1708467499.670:162): avc: denied { mounton } for pid=344 comm="syz-executor.0" path="/dev/binderfs" dev="devtmpfs" ino=362 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:device_t tclass=dir permissive=1
[ 39.189687][ T30] audit: type=1400 audit(1708467499.700:163): avc: denied { prog_load } for pid=348 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1
[ 39.209065][ T30] audit: type=1400 audit(1708467499.700:164): avc: denied { bpf } for pid=348 comm="syz-executor.0" capability=39 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1
[ 39.229811][ T30] audit: type=1400 audit(1708467499.700:165): avc: denied { perfmon } for pid=348 comm="syz-executor.0" capability=38 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1
[ 39.230846][ T349] FAULT_INJECTION: forcing a failure.
[ 39.230846][ T349] name failslab, interval 1, probability 0, space 0, times 1
[ 39.251202][ T30] audit: type=1400 audit(1708467499.740:166): avc: denied { prog_run } for pid=348 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1
[ 39.263505][ T349] CPU: 0 PID: 349 Comm: syz-executor.0 Not tainted 5.15.148-syzkaller-1069047-g993bed180178 #0
[ 39.292645][ T349] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[ 39.302549][ T349] Call Trace:
[ 39.305672][ T349]
[ 39.308439][ T349] dump_stack_lvl+0x151/0x1b7
[ 39.312955][ T349] ? io_uring_drop_tctx_refs+0x190/0x190
[ 39.318422][ T349] dump_stack+0x15/0x17
[ 39.322416][ T349] should_fail+0x3c6/0x510
[ 39.326862][ T349] __should_failslab+0xa4/0xe0
[ 39.331613][ T349] should_failslab+0x9/0x20
[ 39.336041][ T349] slab_pre_alloc_hook+0x37/0xd0
[ 39.340824][ T349] kmem_cache_alloc_trace+0x48/0x210
[ 39.345934][ T349] ? sk_psock_skb_ingress_self+0x60/0x330
[ 39.351575][ T349] ? migrate_disable+0x190/0x190
[ 39.356406][ T349] sk_psock_skb_ingress_self+0x60/0x330
[ 39.362006][ T349] sk_psock_verdict_recv+0x66d/0x840
[ 39.367112][ T349] unix_read_sock+0x132/0x370
[ 39.371625][ T349] ? sk_psock_skb_redirect+0x440/0x440
[ 39.377013][ T349] ? unix_stream_splice_actor+0x120/0x120
[ 39.382560][ T349] ? _raw_spin_lock_irqsave+0xf9/0x210
[ 39.387853][ T349] ? unix_stream_splice_actor+0x120/0x120
[ 39.393410][ T349] sk_psock_verdict_data_ready+0x147/0x1a0
[ 39.399162][ T349] ? sk_psock_start_verdict+0xc0/0xc0
[ 39.404370][ T349] ? _raw_spin_lock+0xa4/0x1b0
[ 39.408969][ T349] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 39.414617][ T349] ? skb_queue_tail+0xfb/0x120
[ 39.419212][ T349] unix_dgram_sendmsg+0x15fa/0x2090
[ 39.424255][ T349] ? unix_dgram_poll+0x710/0x710
[ 39.429016][ T349] ? _raw_spin_trylock+0xcd/0x1a0
[ 39.433889][ T349] ? security_socket_sendmsg+0x82/0xb0
[ 39.439172][ T349] ? unix_dgram_poll+0x710/0x710
[ 39.443949][ T349] ____sys_sendmsg+0x59e/0x8f0
[ 39.448549][ T349] ? __sys_sendmsg_sock+0x40/0x40
[ 39.453409][ T349] ? import_iovec+0xe5/0x120
[ 39.457834][ T349] ___sys_sendmsg+0x252/0x2e0
[ 39.462364][ T349] ? __sys_sendmsg+0x260/0x260
[ 39.466946][ T349] ? do_handle_mm_fault+0x1949/0x2330
[ 39.472169][ T349] ? __kasan_check_write+0x14/0x20
[ 39.477103][ T349] ? proc_fail_nth_write+0x20b/0x290
[ 39.482226][ T349] ? __fdget+0x1bc/0x240
[ 39.486486][ T349] __sys_sendmmsg+0x2bf/0x530
[ 39.490996][ T349] ? __ia32_sys_sendmsg+0x90/0x90
[ 39.495953][ T349] ? mutex_unlock+0xb2/0x260
[ 39.500379][ T349] ? __kasan_check_write+0x14/0x20
[ 39.505315][ T349] ? debug_smp_processor_id+0x17/0x20
[ 39.510518][ T349] ? fpregs_assert_state_consistent+0xb6/0xe0
[ 39.516508][ T349] __x64_sys_sendmmsg+0xa0/0xb0
[ 39.521455][ T349] do_syscall_64+0x3d/0xb0
[ 39.525710][ T349] entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 39.531697][ T349] RIP: 0033:0x7f9a2b64fae9
[ 39.535968][ T349] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[ 39.555480][ T349] RSP: 002b:00007f9a2b1d20c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 39.563728][ T349] RAX: ffffffffffffffda RBX: 00007f9a2b76ef80 RCX: 00007f9a2b64fae9
[ 39.571720][ T349] RDX: 0000000000000001 RSI: 00000000200063c0 RDI: 0000000000000003
[ 39.579520][ T349] RBP: 00007f9a2b1d2120 R08: 0000000000000000 R09: 0000000000000000
[ 39.587335][ T349] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 39.595336][ T349] R13: 000000000000000b R14: 00007f9a2b76ef80 R15: 00007ffe318b0678
[ 39.603225][ T349]
[ 39.608437][ T348] ==================================================================
[ 39.616556][ T348] BUG: KASAN: use-after-free in consume_skb+0x3c/0x250
[ 39.623240][ T348] Read of size 4 at addr ffff88811ecc3aec by task syz-executor.0/348
[ 39.631318][ T348]
[ 39.633482][ T348] CPU: 0 PID: 348 Comm: syz-executor.0 Not tainted 5.15.148-syzkaller-1069047-g993bed180178 #0
[ 39.643824][ T348] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[ 39.653718][ T348] Call Trace:
[ 39.656840][ T348]
[ 39.659619][ T348] dump_stack_lvl+0x151/0x1b7
[ 39.664153][ T348] ? io_uring_drop_tctx_refs+0x190/0x190
[ 39.669601][ T348] ? panic+0x751/0x751
[ 39.673506][ T348] print_address_description+0x87/0x3b0
[ 39.678892][ T348] kasan_report+0x179/0x1c0
[ 39.683227][ T348] ? consume_skb+0x3c/0x250
[ 39.687654][ T348] ? consume_skb+0x3c/0x250
[ 39.692098][ T348] kasan_check_range+0x293/0x2a0
[ 39.697036][ T348] __kasan_check_read+0x11/0x20
[ 39.701809][ T348] consume_skb+0x3c/0x250
[ 39.705965][ T348] __sk_msg_free+0x2dd/0x370
[ 39.710397][ T348] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 39.716033][ T348] sk_psock_stop+0x44c/0x4d0
[ 39.720471][ T348] ? unix_peer_get+0xe0/0xe0
[ 39.724889][ T348] sock_map_close+0x2b9/0x4c0
[ 39.729486][ T348] ? sock_map_remove_links+0x570/0x570
[ 39.734779][ T348] ? rwsem_mark_wake+0x6b0/0x6b0
[ 39.739555][ T348] unix_release+0x82/0xc0
[ 39.743720][ T348] sock_close+0xdf/0x270
[ 39.747802][ T348] ? sock_mmap+0xa0/0xa0
[ 39.751896][ T348] __fput+0x3fe/0x910
[ 39.755700][ T348] ____fput+0x15/0x20
[ 39.759604][ T348] task_work_run+0x129/0x190
[ 39.764031][ T348] exit_to_user_mode_loop+0xc4/0xe0
[ 39.769161][ T348] exit_to_user_mode_prepare+0x5a/0xa0
[ 39.774446][ T348] syscall_exit_to_user_mode+0x26/0x160
[ 39.779924][ T348] do_syscall_64+0x49/0xb0
[ 39.784253][ T348] entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 39.789988][ T348] RIP: 0033:0x7f9a2b64e9da
[ 39.794503][ T348] Code: 48 3d 00 f0 ff ff 77 48 c3 0f 1f 80 00 00 00 00 48 83 ec 18 89 7c 24 0c e8 03 7f 02 00 8b 7c 24 0c 89 c2 b8 03 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 36 89 d7 89 44 24 0c e8 63 7f 02 00 8b 44 24
[ 39.814211][ T348] RSP: 002b:00007ffe318b0740 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[ 39.822443][ T348] RAX: 0000000000000000 RBX: 0000000000000004 RCX: 00007f9a2b64e9da
[ 39.830357][ T348] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003
[ 39.838152][ T348] RBP: 00007f9a2b770980 R08: 0000001b31360000 R09: 00007ffe3190c0b0
[ 39.846075][ T348] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000009c42
[ 39.853863][ T348] R13: ffffffffffffffff R14: 00007f9a2b1d3000 R15: 0000000000009901
[ 39.862562][ T348]
[ 39.865417][ T348]
[ 39.867769][ T348] Allocated by task 349:
[ 39.871838][ T348] __kasan_slab_alloc+0xb1/0xe0
[ 39.876532][ T348] slab_post_alloc_hook+0x53/0x2c0
[ 39.881471][ T348] kmem_cache_alloc+0xf5/0x200
[ 39.886416][ T348] skb_clone+0x1d1/0x360
[ 39.890508][ T348] sk_psock_verdict_recv+0x53/0x840
[ 39.895795][ T348] unix_read_sock+0x132/0x370
[ 39.900311][ T348] sk_psock_verdict_data_ready+0x147/0x1a0
[ 39.905948][ T348] unix_dgram_sendmsg+0x15fa/0x2090
[ 39.910984][ T348] ____sys_sendmsg+0x59e/0x8f0
[ 39.915582][ T348] ___sys_sendmsg+0x252/0x2e0
[ 39.920092][ T348] __sys_sendmmsg+0x2bf/0x530
[ 39.924605][ T348] __x64_sys_sendmmsg+0xa0/0xb0
[ 39.929293][ T348] do_syscall_64+0x3d/0xb0
[ 39.933544][ T348] entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 39.939362][ T348]
[ 39.941530][ T348] Freed by task 301:
[ 39.945265][ T348] kasan_set_track+0x4b/0x70
[ 39.949774][ T348] kasan_set_free_info+0x23/0x40
[ 39.954550][ T348] ____kasan_slab_free+0x126/0x160
[ 39.959683][ T348] __kasan_slab_free+0x11/0x20
[ 39.964454][ T348] slab_free_freelist_hook+0xbd/0x190
[ 39.969875][ T348] kmem_cache_free+0x116/0x2e0
[ 39.974434][ T348] kfree_skbmem+0x104/0x170
[ 39.978779][ T348] kfree_skb+0xc2/0x360
[ 39.982765][ T348] sk_psock_backlog+0xc21/0xd90
[ 39.987457][ T348] process_one_work+0x6bb/0xc10
[ 39.992142][ T348] worker_thread+0xad5/0x12a0
[ 39.996653][ T348] kthread+0x421/0x510
[ 40.000557][ T348] ret_from_fork+0x1f/0x30
[ 40.004809][ T348]
[ 40.006980][ T348] The buggy address belongs to the object at ffff88811ecc3a00
[ 40.006980][ T348] which belongs to the cache skbuff_head_cache of size 248
[ 40.021739][ T348] The buggy address is located 236 bytes inside of
[ 40.021739][ T348] 248-byte region [ffff88811ecc3a00, ffff88811ecc3af8)
[ 40.035150][ T348] The buggy address belongs to the page:
[ 40.040895][ T348] page:ffffea00047b30c0 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x11ecc3
[ 40.051041][ T348] flags: 0x4000000000000200(slab|zone=1)
[ 40.056515][ T348] raw: 4000000000000200 0000000000000000 dead000000000122 ffff888100351680
[ 40.065157][ T348] raw: 0000000000000000 00000000000c000c 00000001ffffffff 0000000000000000
[ 40.073519][ T348] page dumped because: kasan: bad access detected
[ 40.079860][ T348] page_owner tracks the page as allocated
[ 40.085505][ T348] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x112a20(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_HARDWALL), pid 349, ts 39230060366, free_ts 39209352346
[ 40.102875][ T348] post_alloc_hook+0x1a3/0x1b0
[ 40.107480][ T348] prep_new_page+0x1b/0x110
[ 40.111814][ T348] get_page_from_freelist+0x3550/0x35d0
[ 40.117201][ T348] __alloc_pages+0x27e/0x8f0
[ 40.121619][ T348] new_slab+0x9a/0x4e0
[ 40.125707][ T348] ___slab_alloc+0x39e/0x830
[ 40.130304][ T348] __slab_alloc+0x4a/0x90
[ 40.134466][ T348] kmem_cache_alloc+0x134/0x200
[ 40.139152][ T348] __alloc_skb+0xbe/0x550
[ 40.143437][ T348] audit_log_start+0x456/0xa80
[ 40.148129][ T348] common_lsm_audit+0xd8/0x18b0
[ 40.152901][ T348] slow_avc_audit+0x26c/0x3c0
[ 40.157592][ T348] avc_has_perm+0x1f5/0x260
[ 40.161935][ T348] selinux_bpf_map+0xd7/0x110
[ 40.166446][ T348] security_bpf_map+0x6b/0xa0
[ 40.170951][ T348] bpf_map_new_fd+0x2e/0x80
[ 40.175404][ T348] page last free stack trace:
[ 40.179891][ T348] free_unref_page_prepare+0x7c8/0x7d0
[ 40.185193][ T348] free_unref_page+0xe8/0x750
[ 40.189700][ T348] __free_pages+0x61/0xf0
[ 40.193863][ T348] free_pages+0x7c/0x90
[ 40.198206][ T348] kasan_depopulate_vmalloc_pte+0x6a/0x90
[ 40.203863][ T348] __apply_to_page_range+0x8dd/0xbe0
[ 40.209923][ T348] apply_to_existing_page_range+0x38/0x50
[ 40.215476][ T348] kasan_release_vmalloc+0x9a/0xb0
[ 40.220526][ T348] __purge_vmap_area_lazy+0x154a/0x1690
[ 40.225916][ T348] _vm_unmap_aliases+0x339/0x3b0
[ 40.230675][ T348] vm_unmap_aliases+0x19/0x20
[ 40.235188][ T348] change_page_attr_set_clr+0x308/0x1050
[ 40.240742][ T348] set_memory_ro+0xa1/0xe0
[ 40.244996][ T348] bpf_int_jit_compile+0xbf42/0xc6d0
[ 40.250117][ T348] bpf_prog_select_runtime+0x706/0x9e0
[ 40.255616][ T348] bpf_prog_load+0x1315/0x1b50
[ 40.260238][ T348]
[ 40.262383][ T348] Memory state around the buggy address:
[ 40.267855][ T348] ffff88811ecc3980: fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc fc
[ 40.275753][ T348] ffff88811ecc3a00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 40.284044][ T348] >ffff88811ecc3a80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fc
[ 40.292040][ T348] ^
[ 40.299656][ T348] ffff88811ecc3b00: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
[ 40.307614][ T348] ffff88811ecc3b80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 40.315460][ T348] ==================================================================
[ 40.323346][ T348] Disabling lock debugging due to kernel taint
[ 40.329487][ T348] ==================================================================
[ 40.337697][ T348] BUG: KASAN: double-free or invalid-free in kmem_cache_free+0x116/0x2e0
[ 40.345953][ T348]
[ 40.348112][ T348] CPU: 0 PID: 348 Comm: syz-executor.0 Tainted: G B 5.15.148-syzkaller-1069047-g993bed180178 #0
[ 40.359751][ T348] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[ 40.369646][ T348] Call Trace:
[ 40.372779][ T348]
[ 40.375550][ T348] dump_stack_lvl+0x151/0x1b7
[ 40.380059][ T348] ? io_uring_drop_tctx_refs+0x190/0x190
[ 40.385526][ T348] ? __wake_up_klogd+0xd5/0x110
[ 40.390230][ T348] ? panic+0x751/0x751
[ 40.394119][ T348] ? kmem_cache_free+0x116/0x2e0
[ 40.398981][ T348] print_address_description+0x87/0x3b0
[ 40.404400][ T348] ? asm_sysvec_apic_timer_interrupt+0x1b/0x20
[ 40.410416][ T348] ? kmem_cache_free+0x116/0x2e0
[ 40.415130][ T348] ? kmem_cache_free+0x116/0x2e0
[ 40.419897][ T348] kasan_report_invalid_free+0x6b/0xa0
[ 40.425191][ T348] ____kasan_slab_free+0x13e/0x160
[ 40.430236][ T348] __kasan_slab_free+0x11/0x20
[ 40.434826][ T348] slab_free_freelist_hook+0xbd/0x190
[ 40.440041][ T348] ? kfree_skbmem+0x104/0x170
[ 40.444644][ T348] kmem_cache_free+0x116/0x2e0
[ 40.449236][ T348] kfree_skbmem+0x104/0x170
[ 40.453660][ T348] consume_skb+0xb4/0x250
[ 40.457825][ T348] __sk_msg_free+0x2dd/0x370
[ 40.462250][ T348] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 40.468069][ T348] sk_psock_stop+0x44c/0x4d0
[ 40.472583][ T348] ? unix_peer_get+0xe0/0xe0
[ 40.477020][ T348] sock_map_close+0x2b9/0x4c0
[ 40.481521][ T348] ? sock_map_remove_links+0x570/0x570
[ 40.486814][ T348] ? rwsem_mark_wake+0x6b0/0x6b0
[ 40.491590][ T348] unix_release+0x82/0xc0
[ 40.495757][ T348] sock_close+0xdf/0x270
[ 40.499841][ T348] ? sock_mmap+0xa0/0xa0
[ 40.503920][ T348] __fput+0x3fe/0x910
[ 40.507735][ T348] ____fput+0x15/0x20
[ 40.511555][ T348] task_work_run+0x129/0x190
[ 40.515976][ T348] exit_to_user_mode_loop+0xc4/0xe0
[ 40.521014][ T348] exit_to_user_mode_prepare+0x5a/0xa0
[ 40.526404][ T348] syscall_exit_to_user_mode+0x26/0x160
[ 40.532100][ T348] do_syscall_64+0x49/0xb0
[ 40.536358][ T348] entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 40.542091][ T348] RIP: 0033:0x7f9a2b64e9da
[ 40.546329][ T348] Code: 48 3d 00 f0 ff ff 77 48 c3 0f 1f 80 00 00 00 00 48 83 ec 18 89 7c 24 0c e8 03 7f 02 00 8b 7c 24 0c 89 c2 b8 03 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 36 89 d7 89 44 24 0c e8 63 7f 02 00 8b 44 24
[ 40.565858][ T348] RSP: 002b:00007ffe318b0740 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[ 40.574105][ T348] RAX: 0000000000000000 RBX: 0000000000000004 RCX: 00007f9a2b64e9da
[ 40.582174][ T348] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003
[ 40.589996][ T348] RBP: 00007f9a2b770980 R08: 0000001b31360000 R09: 00007ffe3190c0b0
[ 40.597797][ T348] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000009c42
[ 40.605610][ T348] R13: ffffffffffffffff R14: 00007f9a2b1d3000 R15: 0000000000009901
[ 40.613509][ T348]
[ 40.616374][ T348]
[ 40.618541][ T348] Allocated by task 349:
[ 40.622619][ T348] __kasan_slab_alloc+0xb1/0xe0
[ 40.627309][ T348] slab_post_alloc_hook+0x53/0x2c0
[ 40.632285][ T348] kmem_cache_alloc+0xf5/0x200
[ 40.636942][ T348] skb_clone+0x1d1/0x360
[ 40.641028][ T348] sk_psock_verdict_recv+0x53/0x840
[ 40.646338][ T348] unix_read_sock+0x132/0x370
[ 40.650885][ T348] sk_psock_verdict_data_ready+0x147/0x1a0
[ 40.656666][ T348] unix_dgram_sendmsg+0x15fa/0x2090
[ 40.661797][ T348] ____sys_sendmsg+0x59e/0x8f0
[ 40.666488][ T348] ___sys_sendmsg+0x252/0x2e0
[ 40.671085][ T348] __sys_sendmmsg+0x2bf/0x530
[ 40.675598][ T348] __x64_sys_sendmmsg+0xa0/0xb0
[ 40.680287][ T348] do_syscall_64+0x3d/0xb0
[ 40.684551][ T348] entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 40.690381][ T348]
[ 40.692530][ T348] Freed by task 301:
[ 40.696264][ T348] kasan_set_track+0x4b/0x70
[ 40.700777][ T348] kasan_set_free_info+0x23/0x40
[ 40.705554][ T348] ____kasan_slab_free+0x126/0x160
[ 40.710499][ T348] __kasan_slab_free+0x11/0x20
[ 40.715191][ T348] slab_free_freelist_hook+0xbd/0x190
[ 40.720400][ T348] kmem_cache_free+0x116/0x2e0
[ 40.725087][ T348] kfree_skbmem+0x104/0x170
[ 40.729611][ T348] kfree_skb+0xc2/0x360
[ 40.733592][ T348] sk_psock_backlog+0xc21/0xd90
[ 40.738290][ T348] process_one_work+0x6bb/0xc10
[ 40.742971][ T348] worker_thread+0xad5/0x12a0
[ 40.747491][ T348] kthread+0x421/0x510
[ 40.751399][ T348] ret_from_fork+0x1f/0x30
[ 40.755725][ T348]
[ 40.758058][ T348] The buggy address belongs to the object at ffff88811ecc3a00
[ 40.758058][ T348] which belongs to the cache skbuff_head_cache of size 248
[ 40.772457][ T348] The buggy address is located 0 bytes inside of
[ 40.772457][ T348] 248-byte region [ffff88811ecc3a00, ffff88811ecc3af8)
[ 40.786265][ T348] The buggy address belongs to the page:
[ 40.791820][ T348] page:ffffea00047b30c0 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x11ecc3
[ 40.801885][ T348] flags: 0x4000000000000200(slab|zone=1)
[ 40.807358][ T348] raw: 4000000000000200 0000000000000000 dead000000000122 ffff888100351680
[ 40.815872][ T348] raw: 0000000000000000 00000000000c000c 00000001ffffffff 0000000000000000
[ 40.824453][ T348] page dumped because: kasan: bad access detected
[ 40.830701][ T348] page_owner tracks the page as allocated
[ 40.836271][ T348] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x112a20(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_HARDWALL), pid 349, ts 39230060366, free_ts 39209352346
[ 40.853627][ T348] post_alloc_hook+0x1a3/0x1b0
[ 40.858211][ T348] prep_new_page+0x1b/0x110
[ 40.862553][ T348] get_page_from_freelist+0x3550/0x35d0
[ 40.867934][ T348] __alloc_pages+0x27e/0x8f0
[ 40.872549][ T348] new_slab+0x9a/0x4e0
[ 40.876462][ T348] ___slab_alloc+0x39e/0x830
[ 40.880959][ T348] __slab_alloc+0x4a/0x90
[ 40.885119][ T348] kmem_cache_alloc+0x134/0x200
[ 40.890017][ T348] __alloc_skb+0xbe/0x550
[ 40.894231][ T348] audit_log_start+0x456/0xa80
[ 40.898844][ T348] common_lsm_audit+0xd8/0x18b0
[ 40.903627][ T348] slow_avc_audit+0x26c/0x3c0
[ 40.908209][ T348] avc_has_perm+0x1f5/0x260
[ 40.912671][ T348] selinux_bpf_map+0xd7/0x110
[ 40.917181][ T348] security_bpf_map+0x6b/0xa0
[ 40.921703][ T348] bpf_map_new_fd+0x2e/0x80
[ 40.926142][ T348] page last free stack trace:
[ 40.930724][ T348] free_unref_page_prepare+0x7c8/0x7d0
[ 40.936014][ T348] free_unref_page+0xe8/0x750
[ 40.940616][ T348] __free_pages+0x61/0xf0
[ 40.944794][ T348] free_pages+0x7c/0x90
[ 40.948772][ T348] kasan_depopulate_vmalloc_pte+0x6a/0x90
[ 40.954417][ T348] __apply_to_page_range+0x8dd/0xbe0
[ 40.959637][ T348] apply_to_existing_page_range+0x38/0x50
[ 40.965441][ T348] kasan_release_vmalloc+0x9a/0xb0
[ 40.970476][ T348] __purge_vmap_area_lazy+0x154a/0x1690
[ 40.975855][ T348] _vm_unmap_aliases+0x339/0x3b0
[ 40.980626][ T348] vm_unmap_aliases+0x19/0x20
[ 40.985150][ T348] change_page_attr_set_clr+0x308/0x1050
[ 40.990696][ T348] set_memory_ro+0xa1/0xe0
[ 40.994958][ T348] bpf_int_jit_compile+0xbf42/0xc6d0
[ 41.000068][ T348] bpf_prog_select_runtime+0x706/0x9e0
[ 41.005450][ T348] bpf_prog_load+0x1315/0x1b50
[ 41.010146][ T348]
[ 41.012700][ T348] Memory state around the buggy address:
[ 41.018173][ T348] ffff88811ecc3900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 41.026480][ T348] ffff88811ecc3980: fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc fc
[ 41.034373][ T348] >ffff88811ecc3a00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 41.042255][ T348] ^
[ 41.046169][ T348] ffff88811ecc3a80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fc
[ 41.054063][ T348] ffff88811ecc3b00: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
[ 41.061957][ T348] ==================================================================
[ 41.080354][ T353] FAULT_INJECTION: forcing a failure.
[ 41.080354][ T353] name failslab, interval 1, probability 0, space 0, times 0
[ 41.092812][ T353] CPU: 0 PID: 353 Comm: syz-executor.0 Tainted: G B 5.15.148-syzkaller-1069047-g993bed180178 #0
[ 41.104469][ T353] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[ 41.114797][ T353] Call Trace:
[ 41.117921][ T353]
[ 41.120703][ T353] dump_stack_lvl+0x151/0x1b7
[ 41.125211][ T353] ? io_uring_drop_tctx_refs+0x190/0x190
[ 41.130768][ T353] dump_stack+0x15/0x17
[ 41.135030][ T353] should_fail+0x3c6/0x510
[ 41.139272][ T353] __should_failslab+0xa4/0xe0
[ 41.143872][ T353] should_failslab+0x9/0x20
[ 41.148213][ T353] slab_pre_alloc_hook+0x37/0xd0
[ 41.152993][ T353] kmem_cache_alloc_trace+0x48/0x210
[ 41.158194][ T353] ? sk_psock_skb_ingress_self+0x60/0x330
[ 41.163796][ T353] ? migrate_disable+0x190/0x190
[ 41.168523][ T353] sk_psock_skb_ingress_self+0x60/0x330
[ 41.173913][ T353] sk_psock_verdict_recv+0x66d/0x840
[ 41.179024][ T353] unix_read_sock+0x132/0x370
[ 41.183538][ T353] ? sk_psock_skb_redirect+0x440/0x440
[ 41.188928][ T353] ? unix_stream_splice_actor+0x120/0x120
[ 41.194483][ T353] ? _raw_spin_lock_irqsave+0xf9/0x210
[ 41.200082][ T353] ? unix_stream_splice_actor+0x120/0x120
[ 41.205718][ T353] sk_psock_verdict_data_ready+0x147/0x1a0
[ 41.211538][ T353] ? sk_psock_start_verdict+0xc0/0xc0
[ 41.216745][ T353] ? _raw_spin_lock+0xa4/0x1b0
[ 41.221347][ T353] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 41.226978][ T353] ? skb_queue_tail+0xfb/0x120
[ 41.231581][ T353] unix_dgram_sendmsg+0x15fa/0x2090
[ 41.236792][ T353] ? unix_dgram_poll+0x710/0x710
[ 41.241828][ T353] ? _raw_spin_trylock+0xcd/0x1a0
[ 41.246790][ T353] ? security_socket_sendmsg+0x82/0xb0
[ 41.252073][ T353] ? unix_dgram_poll+0x710/0x710
[ 41.256930][ T353] ____sys_sendmsg+0x59e/0x8f0
[ 41.261629][ T353] ? __sys_sendmsg_sock+0x40/0x40
[ 41.266480][ T353] ? import_iovec+0xe5/0x120
[ 41.270905][ T353] ___sys_sendmsg+0x252/0x2e0
[ 41.275507][ T353] ? __sys_sendmsg+0x260/0x260
[ 41.280112][ T353] ? do_handle_mm_fault+0x1949/0x2330
[ 41.285347][ T353] ? __kasan_check_write+0x14/0x20
[ 41.290264][ T353] ? proc_fail_nth_write+0x20b/0x290
[ 41.295383][ T353] ? __fdget+0x1bc/0x240
[ 41.299460][ T353] __sys_sendmmsg+0x2bf/0x530
[ 41.303979][ T353] ? __ia32_sys_sendmsg+0x90/0x90
[ 41.308840][ T353] ? mutex_unlock+0xb2/0x260
[ 41.313442][ T353] ? __kasan_check_write+0x14/0x20
[ 41.318823][ T353] ? debug_smp_processor_id+0x17/0x20
[ 41.324113][ T353] ? fpregs_assert_state_consistent+0xb6/0xe0
[ 41.330013][ T353] __x64_sys_sendmmsg+0xa0/0xb0
[ 41.334931][ T353] do_syscall_64+0x3d/0xb0
[ 41.339156][ T353] entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 41.345028][ T353] RIP: 0033:0x7f9a2b64fae9
[ 41.349282][ T353] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[ 41.368813][ T353] RSP: 002b:00007f9a2b1d20c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 41.377142][ T353] RAX: ffffffffffffffda RBX: 00007f9a2b76ef80 RCX: 00007f9a2b64fae9
[ 41.385050][ T353] RDX: 0000000000000001 RSI: 00000000200063c0 RDI: 0000000000000003
[ 41.393123][ T353] RBP: 00007f9a2b1d2120 R08: 0000000000000000 R09: 0000000000000000
[ 41.401021][ T353] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 41.408833][ T353] R13: 000000000000000b R14: 00007f9a2b76ef80 R15: 00007ffe318b0678
[ 41.416648][ T353]
[ 41.421746][ T352] ==================================================================
[ 41.429702][ T352] BUG: KASAN: double-free or invalid-free in kmem_cache_free+0x116/0x2e0
[ 41.437952][ T352]
[ 41.440114][ T352] CPU: 0 PID: 352 Comm: syz-executor.0 Tainted: G B 5.15.148-syzkaller-1069047-g993bed180178 #0
[ 41.451759][ T352] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[ 41.461823][ T352] Call Trace:
[ 41.464952][ T352]
[ 41.467727][ T352] dump_stack_lvl+0x151/0x1b7
[ 41.472323][ T352] ? io_uring_drop_tctx_refs+0x190/0x190
[ 41.477797][ T352] ? __wake_up_klogd+0xd5/0x110
[ 41.482741][ T352] ? panic+0x751/0x751
[ 41.486648][ T352] ? kmem_cache_free+0x116/0x2e0
[ 41.491418][ T352] print_address_description+0x87/0x3b0
[ 41.496798][ T352] ? kmem_cache_free+0x116/0x2e0
[ 41.501572][ T352] ? kmem_cache_free+0x116/0x2e0
[ 41.506433][ T352] kasan_report_invalid_free+0x6b/0xa0
[ 41.511735][ T352] ____kasan_slab_free+0x13e/0x160
[ 41.516675][ T352] __kasan_slab_free+0x11/0x20
[ 41.521287][ T352] slab_free_freelist_hook+0xbd/0x190
[ 41.526485][ T352] ? kfree_skbmem+0x104/0x170
[ 41.530995][ T352] kmem_cache_free+0x116/0x2e0
[ 41.535600][ T352] kfree_skbmem+0x104/0x170
[ 41.540121][ T352] consume_skb+0xb4/0x250
[ 41.544382][ T352] __sk_msg_free+0x2dd/0x370
[ 41.549096][ T352] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 41.554796][ T352] sk_psock_stop+0x44c/0x4d0
[ 41.559221][ T352] ? unix_peer_get+0xe0/0xe0
[ 41.563742][ T352] sock_map_close+0x2b9/0x4c0
[ 41.568247][ T352] ? sock_map_remove_links+0x570/0x570
[ 41.573627][ T352] ? rwsem_mark_wake+0x6b0/0x6b0
[ 41.578401][ T352] unix_release+0x82/0xc0
[ 41.582566][ T352] sock_close+0xdf/0x270
[ 41.586740][ T352] ? sock_mmap+0xa0/0xa0
[ 41.590839][ T352] __fput+0x3fe/0x910
[ 41.594630][ T352] ____fput+0x15/0x20
[ 41.598536][ T352] task_work_run+0x129/0x190
[ 41.602966][ T352] exit_to_user_mode_loop+0xc4/0xe0
[ 41.608000][ T352] exit_to_user_mode_prepare+0x5a/0xa0
[ 41.613385][ T352] syscall_exit_to_user_mode+0x26/0x160
[ 41.618761][ T352] do_syscall_64+0x49/0xb0
[ 41.623014][ T352] entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 41.628740][ T352] RIP: 0033:0x7f9a2b64e9da
[ 41.633122][ T352] Code: 48 3d 00 f0 ff ff 77 48 c3 0f 1f 80 00 00 00 00 48 83 ec 18 89 7c 24 0c e8 03 7f 02 00 8b 7c 24 0c 89 c2 b8 03 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 36 89 d7 89 44 24 0c e8 63 7f 02 00 8b 44 24
[ 41.652736][ T352] RSP: 002b:00007ffe318b0740 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[ 41.661057][ T352] RAX: 0000000000000000 RBX: 0000000000000004 RCX: 00007f9a2b64e9da
[ 41.668957][ T352] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003
[ 41.676854][ T352] RBP: 00007f9a2b770980 R08: 0000001b31360000 R09: 00007ffe3190c0b0
[ 41.684753][ T352] R10: 0000000000000000 R11: 0000000000000293 R12: 000000000000a3a5
[ 41.692562][ T352] R13: ffffffffffffffff R14: 00007f9a2b1d3000 R15: 000000000000a064
[ 41.700379][ T352]
[ 41.703326][ T352]
[ 41.705496][ T352] Allocated by task 353:
[ 41.709576][ T352] __kasan_slab_alloc+0xb1/0xe0
[ 41.714419][ T352] slab_post_alloc_hook+0x53/0x2c0
[ 41.719390][ T352] kmem_cache_alloc+0xf5/0x200
[ 41.724157][ T352] skb_clone+0x1d1/0x360
[ 41.728338][ T352] sk_psock_verdict_recv+0x53/0x840
[ 41.734141][ T352] unix_read_sock+0x132/0x370
[ 41.738658][ T352] sk_psock_verdict_data_ready+0x147/0x1a0
[ 41.744295][ T352] unix_dgram_sendmsg+0x15fa/0x2090
[ 41.749410][ T352] ____sys_sendmsg+0x59e/0x8f0
[ 41.754018][ T352] ___sys_sendmsg+0x252/0x2e0
[ 41.758534][ T352] __sys_sendmmsg+0x2bf/0x530
[ 41.763038][ T352] __x64_sys_sendmmsg+0xa0/0xb0
[ 41.767733][ T352] do_syscall_64+0x3d/0xb0
[ 41.771978][ T352] entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 41.777799][ T352]
[ 41.780054][ T352] Freed by task 299:
[ 41.784013][ T352] kasan_set_track+0x4b/0x70
[ 41.788448][ T352] kasan_set_free_info+0x23/0x40
[ 41.793217][ T352] ____kasan_slab_free+0x126/0x160
[ 41.798336][ T352] __kasan_slab_free+0x11/0x20
[ 41.802938][ T352] slab_free_freelist_hook+0xbd/0x190
[ 41.808408][ T352] kmem_cache_free+0x116/0x2e0
[ 41.813010][ T352] kfree_skbmem+0x104/0x170
[ 41.817345][ T352] kfree_skb+0xc2/0x360
[ 41.821604][ T352] sk_psock_backlog+0xc21/0xd90
[ 41.826287][ T352] process_one_work+0x6bb/0xc10
[ 41.831069][ T352] worker_thread+0xad5/0x12a0
[ 41.835746][ T352] kthread+0x421/0x510
[ 41.839789][ T352] ret_from_fork+0x1f/0x30
[ 41.844045][ T352]
[ 41.846209][ T352] The buggy address belongs to the object at ffff88811eef1000
[ 41.846209][ T352] which belongs to the cache skbuff_head_cache of size 248
[ 41.860972][ T352] The buggy address is located 0 bytes inside of
[ 41.860972][ T352] 248-byte region [ffff88811eef1000, ffff88811eef10f8)
[ 41.873993][ T352] The buggy address belongs to the page:
[ 41.880320][ T352] page:ffffea00047bbc40 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x11eef1
[ 41.890384][ T352] flags: 0x4000000000000200(slab|zone=1)
[ 41.895862][ T352] raw: 4000000000000200 0000000000000000 dead000000000122 ffff888100351680
[ 41.904296][ T352] raw: 0000000000000000 00000000000c000c 00000001ffffffff 0000000000000000
[ 41.912701][ T352] page dumped because: kasan: bad access detected
[ 41.918940][ T352] page_owner tracks the page as allocated
[ 41.924585][ T352] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x112a20(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_HARDWALL), pid 301, ts 41074203041, free_ts 39209307722
[ 41.941776][ T352] post_alloc_hook+0x1a3/0x1b0
[ 41.946370][ T352] prep_new_page+0x1b/0x110
[ 41.951141][ T352] get_page_from_freelist+0x3550/0x35d0
[ 41.956542][ T352] __alloc_pages+0x27e/0x8f0
[ 41.960948][ T352] new_slab+0x9a/0x4e0
[ 41.964966][ T352] ___slab_alloc+0x39e/0x830
[ 41.969421][ T352] __slab_alloc+0x4a/0x90
[ 41.973648][ T352] kmem_cache_alloc+0x134/0x200
[ 41.978339][ T352] __alloc_skb+0xbe/0x550
[ 41.982498][ T352] __ipv6_ifa_notify+0x2e1/0x11c0
[ 41.987356][ T352] addrconf_dad_completed+0x177/0xd80
[ 41.992564][ T352] addrconf_dad_work+0xdc1/0x1710
[ 41.997431][ T352] process_one_work+0x6bb/0xc10
[ 42.002461][ T352] worker_thread+0xad5/0x12a0
[ 42.006971][ T352] kthread+0x421/0x510
[ 42.010963][ T352] ret_from_fork+0x1f/0x30
[ 42.015221][ T352] page last free stack trace:
[ 42.019731][ T352] free_unref_page_prepare+0x7c8/0x7d0
[ 42.025031][ T352] free_unref_page+0xe8/0x750
[ 42.029764][ T352] __free_pages+0x61/0xf0
[ 42.033927][ T352] free_pages+0x7c/0x90
[ 42.037912][ T352] kasan_depopulate_vmalloc_pte+0x6a/0x90
[ 42.044191][ T352] __apply_to_page_range+0x8dd/0xbe0
[ 42.049454][ T352] apply_to_existing_page_range+0x38/0x50
[ 42.055009][ T352] kasan_release_vmalloc+0x9a/0xb0
[ 42.060043][ T352] __purge_vmap_area_lazy+0x154a/0x1690
[ 42.065423][ T352] _vm_unmap_aliases+0x339/0x3b0
[ 42.070209][ T352] vm_unmap_aliases+0x19/0x20
[ 42.074717][ T352] change_page_attr_set_clr+0x308/0x1050
[ 42.080182][ T352] set_memory_ro+0xa1/0xe0
[ 42.084432][ T352] bpf_int_jit_compile+0xbf42/0xc6d0
[ 42.089728][ T352] bpf_prog_select_runtime+0x706/0x9e0
[ 42.095028][ T352] bpf_prog_load+0x1315/0x1b50
[ 42.100000][ T352]
[ 42.102157][ T352] Memory state around the buggy address:
[ 42.107637][ T352] ffff88811eef0f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 42.115531][ T352] ffff88811eef0f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 42.123425][ T352] >ffff88811eef1000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 42.131322][ T352] ^
[ 42.135228][ T352] ffff88811eef1080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fc
[ 42.143310][ T352] ffff88811eef1100: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
[ 42.151198][ T352] ==================================================================
[ 42.169839][ T356] FAULT_INJECTION: forcing a failure.
[ 42.169839][ T356] name failslab, interval 1, probability 0, space 0, times 0
[ 42.182320][ T356] CPU: 1 PID: 356 Comm: syz-executor.0 Tainted: G B 5.15.148-syzkaller-1069047-g993bed180178 #0
[ 42.194164][ T356] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[ 42.204058][ T356] Call Trace:
[ 42.207179][ T356]
[ 42.209975][ T356] dump_stack_lvl+0x151/0x1b7
[ 42.214479][ T356] ? io_uring_drop_tctx_refs+0x190/0x190
[ 42.219939][ T356] dump_stack+0x15/0x17
[ 42.223948][ T356] should_fail+0x3c6/0x510
[ 42.228272][ T356] __should_failslab+0xa4/0xe0
[ 42.232871][ T356] should_failslab+0x9/0x20
[ 42.237211][ T356] slab_pre_alloc_hook+0x37/0xd0
[ 42.241986][ T356] kmem_cache_alloc_trace+0x48/0x210
[ 42.247104][ T356] ? sk_psock_skb_ingress_self+0x60/0x330
[ 42.252834][ T356] ? migrate_disable+0x190/0x190
[ 42.257692][ T356] sk_psock_skb_ingress_self+0x60/0x330
[ 42.263088][ T356] sk_psock_verdict_recv+0x66d/0x840
[ 42.268201][ T356] unix_read_sock+0x132/0x370
[ 42.272821][ T356] ? sk_psock_skb_redirect+0x440/0x440
[ 42.278089][ T356] ? unix_stream_splice_actor+0x120/0x120
[ 42.283800][ T356] ? _raw_spin_lock_irqsave+0xf9/0x210
[ 42.289030][ T356] ? unix_stream_splice_actor+0x120/0x120
[ 42.294590][ T356] sk_psock_verdict_data_ready+0x147/0x1a0
[ 42.300223][ T356] ? sk_psock_start_verdict+0xc0/0xc0
[ 42.305437][ T356] ? _raw_spin_lock+0xa4/0x1b0
[ 42.310032][ T356] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 42.315676][ T356] ? skb_queue_tail+0xfb/0x120
[ 42.320277][ T356] unix_dgram_sendmsg+0x15fa/0x2090
[ 42.325309][ T356] ? unix_dgram_poll+0x710/0x710
[ 42.330113][ T356] ? _raw_spin_trylock+0xcd/0x1a0
[ 42.334951][ T356] ? security_socket_sendmsg+0x82/0xb0
[ 42.340239][ T356] ? unix_dgram_poll+0x710/0x710
[ 42.345096][ T356] ____sys_sendmsg+0x59e/0x8f0
[ 42.349702][ T356] ? __sys_sendmsg_sock+0x40/0x40
[ 42.354556][ T356] ? import_iovec+0xe5/0x120
[ 42.358985][ T356] ___sys_sendmsg+0x252/0x2e0
[ 42.363554][ T356] ? __sys_sendmsg+0x260/0x260
[ 42.368106][ T356] ? do_handle_mm_fault+0x1949/0x2330
[ 42.373306][ T356] ? __kasan_check_write+0x14/0x20
[ 42.378255][ T356] ? proc_fail_nth_write+0x20b/0x290
[ 42.383554][ T356] ? __fdget+0x1bc/0x240
[ 42.387623][ T356] __sys_sendmmsg+0x2bf/0x530
[ 42.392141][ T356] ? __ia32_sys_sendmsg+0x90/0x90
[ 42.396996][ T356] ? mutex_unlock+0xb2/0x260
[ 42.401957][ T356] ? __kasan_check_write+0x14/0x20
[ 42.406892][ T356] ? debug_smp_processor_id+0x17/0x20
[ 42.412210][ T356] ? fpregs_assert_state_consistent+0xb6/0xe0
[ 42.418088][ T356] __x64_sys_sendmmsg+0xa0/0xb0
[ 42.422776][ T356] do_syscall_64+0x3d/0xb0
[ 42.427028][ T356] entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 42.432758][ T356] RIP: 0033:0x7f9a2b64fae9
[ 42.437011][ T356] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[ 42.456452][ T356] RSP: 002b:00007f9a2b1d20c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 42.464868][ T356] RAX: ffffffffffffffda RBX: 00007f9a2b76ef80 RCX: 00007f9a2b64fae9
[ 42.472692][ T356] RDX: 0000000000000001 RSI: 00000000200063c0 RDI: 0000000000000003
[ 42.480666][ T356] RBP: 00007f9a2b1d2120 R08: 0000000000000000 R09: 0000000000000000
[ 42.488485][ T356] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 42.496382][ T356] R13: 000000000000000b R14: 00007f9a2b76ef80 R15: 00007ffe318b0678
[ 42.504192][ T356]
[ 42.508635][ T355] ==================================================================
[ 42.516669][ T355] BUG: KASAN: double-free or invalid-free in kmem_cache_free+0x116/0x2e0
[ 42.524834][ T355]
[ 42.527005][ T355] CPU: 0 PID: 355 Comm: syz-executor.0 Tainted: G B 5.15.148-syzkaller-1069047-g993bed180178 #0
[ 42.538548][ T355] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[ 42.548791][ T355] Call Trace:
[ 42.551914][ T355]
[ 42.554698][ T355] dump_stack_lvl+0x151/0x1b7
[ 42.559206][ T355] ? io_uring_drop_tctx_refs+0x190/0x190
[ 42.564678][ T355] ? __wake_up_klogd+0xd5/0x110
[ 42.569359][ T355] ? panic+0x751/0x751
[ 42.573265][ T355] ? kmem_cache_free+0x116/0x2e0
[ 42.578129][ T355] print_address_description+0x87/0x3b0
[ 42.583508][ T355] ? kmem_cache_free+0x116/0x2e0
[ 42.588281][ T355] ? kmem_cache_free+0x116/0x2e0
[ 42.593056][ T355] kasan_report_invalid_free+0x6b/0xa0
[ 42.598361][ T355] ____kasan_slab_free+0x13e/0x160
[ 42.603298][ T355] __kasan_slab_free+0x11/0x20
[ 42.607936][ T355] slab_free_freelist_hook+0xbd/0x190
[ 42.613196][ T355] ? kfree_skbmem+0x104/0x170
[ 42.617706][ T355] kmem_cache_free+0x116/0x2e0
[ 42.622393][ T355] kfree_skbmem+0x104/0x170
[ 42.626732][ T355] consume_skb+0xb4/0x250
[ 42.630900][ T355] __sk_msg_free+0x2dd/0x370
[ 42.635325][ T355] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 42.641138][ T355] sk_psock_stop+0x44c/0x4d0
[ 42.645653][ T355] ? unix_peer_get+0xe0/0xe0
[ 42.650166][ T355] sock_map_close+0x2b9/0x4c0
[ 42.654679][ T355] ? sock_map_remove_links+0x570/0x570
[ 42.659975][ T355] ? rwsem_mark_wake+0x6b0/0x6b0
[ 42.664748][ T355] unix_release+0x82/0xc0
[ 42.669002][ T355] sock_close+0xdf/0x270
[ 42.673098][ T355] ? sock_mmap+0xa0/0xa0
[ 42.677184][ T355] __fput+0x3fe/0x910
[ 42.680989][ T355] ____fput+0x15/0x20
[ 42.684799][ T355] task_work_run+0x129/0x190
[ 42.689236][ T355] exit_to_user_mode_loop+0xc4/0xe0
[ 42.694265][ T355] exit_to_user_mode_prepare+0x5a/0xa0
[ 42.699761][ T355] syscall_exit_to_user_mode+0x26/0x160
[ 42.705137][ T355] do_syscall_64+0x49/0xb0
[ 42.709384][ T355] entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 42.715111][ T355] RIP: 0033:0x7f9a2b64e9da
[ 42.719363][ T355] Code: 48 3d 00 f0 ff ff 77 48 c3 0f 1f 80 00 00 00 00 48 83 ec 18 89 7c 24 0c e8 03 7f 02 00 8b 7c 24 0c 89 c2 b8 03 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 36 89 d7 89 44 24 0c e8 63 7f 02 00 8b 44 24
[ 42.738903][ T355] RSP: 002b:00007ffe318b0740 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[ 42.747236][ T355] RAX: 0000000000000000 RBX: 0000000000000004 RCX: 00007f9a2b64e9da
[ 42.755136][ T355] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003
[ 42.762935][ T355] RBP: 0000000000000032 R08: 0000001b31360000 R09: 00007f9a2b76ef8c
[ 42.770842][ T355] R10: 00007ffe318b0890 R11: 0000000000000293 R12: 00007f9a2b1d40d0
[ 42.779175][ T355] R13: ffffffffffffffff R14: 00007f9a2b1d3000 R15: 000000000000a4a5
[ 42.787020][ T355]
[ 42.789927][ T355]
[ 42.792093][ T355] Allocated by task 356:
[ 42.796188][ T355] __kasan_slab_alloc+0xb1/0xe0
[ 42.801208][ T355] slab_post_alloc_hook+0x53/0x2c0
[ 42.806243][ T355] kmem_cache_alloc+0xf5/0x200
[ 42.810841][ T355] skb_clone+0x1d1/0x360
[ 42.814921][ T355] sk_psock_verdict_recv+0x53/0x840
[ 42.819956][ T355] unix_read_sock+0x132/0x370
[ 42.824469][ T355] sk_psock_verdict_data_ready+0x147/0x1a0
[ 42.830199][ T355] unix_dgram_sendmsg+0x15fa/0x2090
[ 42.835257][ T355] ____sys_sendmsg+0x59e/0x8f0
[ 42.839835][ T355] ___sys_sendmsg+0x252/0x2e0
[ 42.844344][ T355] __sys_sendmmsg+0x2bf/0x530
[ 42.848857][ T355] __x64_sys_sendmmsg+0xa0/0xb0
[ 42.853555][ T355] do_syscall_64+0x3d/0xb0
[ 42.858085][ T355] entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 42.863964][ T355]
[ 42.866306][ T355] Freed by task 299:
[ 42.870037][ T355] kasan_set_track+0x4b/0x70
[ 42.874460][ T355] kasan_set_free_info+0x23/0x40
[ 42.879237][ T355] ____kasan_slab_free+0x126/0x160
[ 42.884193][ T355] __kasan_slab_free+0x11/0x20
[ 42.888871][ T355] slab_free_freelist_hook+0xbd/0x190
[ 42.894084][ T355] kmem_cache_free+0x116/0x2e0
[ 42.898679][ T355] kfree_skbmem+0x104/0x170
[ 42.903017][ T355] kfree_skb+0xc2/0x360
[ 42.907124][ T355] sk_psock_backlog+0xc21/0xd90
[ 42.911783][ T355] process_one_work+0x6bb/0xc10
[ 42.916480][ T355] worker_thread+0xad5/0x12a0
[ 42.920990][ T355] kthread+0x421/0x510
[ 42.924930][ T355] ret_from_fork+0x1f/0x30
[ 42.929171][ T355]
[ 42.931495][ T355] The buggy address belongs to the object at ffff88811ea87000
[ 42.931495][ T355] which belongs to the cache skbuff_head_cache of size 248
[ 42.945893][ T355] The buggy address is located 0 bytes inside of
[ 42.945893][ T355] 248-byte region [ffff88811ea87000, ffff88811ea870f8)
[ 42.958835][ T355] The buggy address belongs to the page:
[ 42.964563][ T355] page:ffffea00047aa1c0 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x11ea87
[ 42.975419][ T355] flags: 0x4000000000000200(slab|zone=1)
[ 42.980878][ T355] raw: 4000000000000200 0000000000000000 dead000000000122 ffff888100351680
[ 42.989380][ T355] raw: 0000000000000000 00000000000c000c 00000001ffffffff 0000000000000000
[ 42.997796][ T355] page dumped because: kasan: bad access detected
[ 43.004048][ T355] page_owner tracks the page as allocated
[ 43.009598][ T355] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x112cc0(GFP_USER|__GFP_NOWARN|__GFP_NORETRY), pid 89, ts 42163914451, free_ts 38693367317
[ 43.025313][ T355] post_alloc_hook+0x1a3/0x1b0
[ 43.029910][ T355] prep_new_page+0x1b/0x110
[ 43.034345][ T355] get_page_from_freelist+0x3550/0x35d0
[ 43.039732][ T355] __alloc_pages+0x27e/0x8f0
[ 43.044240][ T355] new_slab+0x9a/0x4e0
[ 43.048146][ T355] ___slab_alloc+0x39e/0x830
[ 43.052580][ T355] __slab_alloc+0x4a/0x90
[ 43.056739][ T355] kmem_cache_alloc+0x134/0x200
[ 43.061427][ T355] __alloc_skb+0xbe/0x550
[ 43.065591][ T355] alloc_skb_with_frags+0xa6/0x680
[ 43.070538][ T355] sock_alloc_send_pskb+0x915/0xa50
[ 43.075571][ T355] unix_dgram_sendmsg+0x6fd/0x2090
[ 43.080521][ T355] __sys_sendto+0x564/0x720
[ 43.084860][ T355] __x64_sys_sendto+0xe5/0x100
[ 43.089634][ T355] do_syscall_64+0x3d/0xb0
[ 43.093971][ T355] entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 43.099702][ T355] page last free stack trace:
[ 43.104223][ T355] free_unref_page_prepare+0x7c8/0x7d0
[ 43.109518][ T355] free_unref_page+0xe8/0x750
[ 43.114021][ T355] __free_pages+0x61/0xf0
[ 43.118187][ T355] __vunmap+0x7bc/0x8f0
[ 43.122183][ T355] vfree+0x7f/0xb0
[ 43.125750][ T355] kcov_mmap+0x93/0x130
[ 43.129737][ T355] mmap_region+0x138d/0x1b60
[ 43.134163][ T355] do_mmap+0x776/0xe50
[ 43.138065][ T355] vm_mmap_pgoff+0x1dd/0x450
[ 43.142497][ T355] ksys_mmap_pgoff+0x15d/0x1e0
[ 43.147092][ T355] __x64_sys_mmap+0x103/0x120
[ 43.151617][ T355] do_syscall_64+0x3d/0xb0
[ 43.155857][ T355] entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 43.161683][ T355]
[ 43.163843][ T355] Memory state around the buggy address:
[ 43.169573][ T355] ffff88811ea86f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 43.177563][ T355] ffff88811ea86f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 43.185889][ T355] >ffff88811ea87000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 43.193785][ T355] ^
[ 43.197695][ T355] ffff88811ea87080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fc
[ 43.205592][ T355] ffff88811ea87100: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
[ 43.213532][ T355] ==================================================================
[ 43.229759][ T359] FAULT_INJECTION: forcing a failure.
[ 43.229759][ T359] name failslab, interval 1, probability 0, space 0, times 0
[ 43.242263][ T359] CPU: 1 PID: 359 Comm: syz-executor.0 Tainted: G B 5.15.148-syzkaller-1069047-g993bed180178 #0
[ 43.253779][ T359] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[ 43.263673][ T359] Call Trace:
[ 43.266796][ T359]
[ 43.269580][ T359] dump_stack_lvl+0x151/0x1b7
[ 43.274088][ T359] ? io_uring_drop_tctx_refs+0x190/0x190
[ 43.279647][ T359] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 43.285320][ T359] ? __skb_try_recv_datagram+0x495/0x6a0
[ 43.290761][ T359] dump_stack+0x15/0x17
[ 43.294753][ T359] should_fail+0x3c6/0x510
[ 43.299026][ T359] __should_failslab+0xa4/0xe0
[ 43.303596][ T359] ? skb_clone+0x1d1/0x360
[ 43.307851][ T359] should_failslab+0x9/0x20
[ 43.312190][ T359] slab_pre_alloc_hook+0x37/0xd0
[ 43.317138][ T359] ? skb_clone+0x1d1/0x360
[ 43.321486][ T359] kmem_cache_alloc+0x44/0x200
[ 43.326088][ T359] skb_clone+0x1d1/0x360
[ 43.330205][ T359] sk_psock_verdict_recv+0x53/0x840
[ 43.335459][ T359] ? avc_has_perm_noaudit+0x430/0x430
[ 43.340763][ T359] ? mntput_no_expire+0xfc/0x6b0
[ 43.345532][ T359] unix_read_sock+0x132/0x370
[ 43.350127][ T359] ? sk_psock_skb_redirect+0x440/0x440
[ 43.355420][ T359] ? unix_stream_splice_actor+0x120/0x120
[ 43.361063][ T359] ? _raw_spin_lock_irqsave+0xf9/0x210
[ 43.366472][ T359] ? unix_stream_splice_actor+0x120/0x120
[ 43.372114][ T359] sk_psock_verdict_data_ready+0x147/0x1a0
[ 43.377843][ T359] ? sk_psock_start_verdict+0xc0/0xc0
[ 43.383137][ T359] ? _raw_spin_lock+0xa4/0x1b0
[ 43.387846][ T359] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 43.393589][ T359] ? skb_queue_tail+0xfb/0x120
[ 43.398165][ T359] unix_dgram_sendmsg+0x15fa/0x2090
[ 43.403301][ T359] ? unix_dgram_poll+0x710/0x710
[ 43.408238][ T359] ? _raw_spin_trylock+0xcd/0x1a0
[ 43.413102][ T359] ? security_socket_sendmsg+0x82/0xb0
[ 43.418390][ T359] ? unix_dgram_poll+0x710/0x710
[ 43.423161][ T359] ____sys_sendmsg+0x59e/0x8f0
[ 43.427763][ T359] ? __sys_sendmsg_sock+0x40/0x40
[ 43.432622][ T359] ? import_iovec+0xe5/0x120
[ 43.437050][ T359] ___sys_sendmsg+0x252/0x2e0
[ 43.441571][ T359] ? __sys_sendmsg+0x260/0x260
[ 43.446171][ T359] ? do_handle_mm_fault+0x1949/0x2330
[ 43.451456][ T359] ? __kasan_check_write+0x14/0x20
[ 43.456585][ T359] ? proc_fail_nth_write+0x20b/0x290
[ 43.461978][ T359] ? __fdget+0x1bc/0x240
[ 43.466218][ T359] __sys_sendmmsg+0x2bf/0x530
[ 43.470732][ T359] ? __ia32_sys_sendmsg+0x90/0x90
[ 43.475746][ T359] ? mutex_unlock+0xb2/0x260
[ 43.480203][ T359] ? __kasan_check_write+0x14/0x20
[ 43.485142][ T359] ? debug_smp_processor_id+0x17/0x20
[ 43.490435][ T359] ? fpregs_assert_state_consistent+0xb6/0xe0
[ 43.496425][ T359] __x64_sys_sendmmsg+0xa0/0xb0
[ 43.501110][ T359] do_syscall_64+0x3d/0xb0
[ 43.505373][ T359] entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 43.511190][ T359] RIP: 0033:0x7f9a2b64fae9
[ 43.515605][ T359] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[ 43.535403][ T359] RSP: 002b:00007f9a2b1d20c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 43.543740][ T359] RAX: ffffffffffffffda RBX: 00007f9a2b76ef80 RCX: 00007f9a2b64fae9
[ 43.551643][ T359] RDX: 0000000000000001 RSI: 00000000200063c0 RDI: 0000000000000003
[ 43.559532][ T359] RBP: 00007f9a2b1d2120 R08: 0000000000000000 R09: 0000000000000000
[ 43.567515][ T359] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 43.575420][ T359] R13: 000000000000000b R14: 00007f9a2b76ef80 R15: 00007ffe318b0678
[ 43.583317][ T359]
[ 43.594376][ T362] FAULT_INJECTION: forcing a failure.
[ 43.594376][ T362] name fail_page_alloc, interval 1, probability 0, space 0, times 1
[ 43.607554][ T362] CPU: 1 PID: 362 Comm: syz-executor.0 Tainted: G B 5.15.148-syzkaller-1069047-g993bed180178 #0
[ 43.619168][ T362] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[ 43.629585][ T362] Call Trace:
[ 43.632711][ T362]
[ 43.635480][ T362] dump_stack_lvl+0x151/0x1b7
[ 43.639998][ T362] ? io_uring_drop_tctx_refs+0x190/0x190
[ 43.645463][ T362] dump_stack+0x15/0x17
[ 43.649453][ T362] should_fail+0x3c6/0x510
[ 43.653706][ T362] should_fail_alloc_page+0x5a/0x80
[ 43.658914][ T362] prepare_alloc_pages+0x15c/0x700
[ 43.664037][ T362] ? __alloc_pages_bulk+0xe40/0xe40
[ 43.669078][ T362] __alloc_pages+0x18c/0x8f0
[ 43.673493][ T362] ? prep_new_page+0x110/0x110
[ 43.678101][ T362] ? _raw_spin_lock_irqsave+0xf9/0x210
[ 43.683390][ T362] ? __skb_try_recv_from_queue+0x2b6/0x750
[ 43.689157][ T362] new_slab+0x9a/0x4e0
[ 43.693124][ T362] ___slab_alloc+0x39e/0x830
[ 43.697555][ T362] ? skb_clone+0x1d1/0x360
[ 43.701808][ T362] ? skb_clone+0x1d1/0x360
[ 43.706156][ T362] __slab_alloc+0x4a/0x90
[ 43.710401][ T362] ? skb_clone+0x1d1/0x360
[ 43.714635][ T362] kmem_cache_alloc+0x134/0x200
[ 43.719509][ T362] skb_clone+0x1d1/0x360
[ 43.723575][ T362] sk_psock_verdict_recv+0x53/0x840
[ 43.728610][ T362] ? avc_has_perm_noaudit+0x430/0x430
[ 43.733911][ T362] ? mntput_no_expire+0xfc/0x6b0
[ 43.738679][ T362] unix_read_sock+0x132/0x370
[ 43.743559][ T362] ? sk_psock_skb_redirect+0x440/0x440
[ 43.748859][ T362] ? unix_stream_splice_actor+0x120/0x120
[ 43.754407][ T362] ? _raw_spin_lock_irqsave+0xf9/0x210
[ 43.759704][ T362] ? unix_stream_splice_actor+0x120/0x120
[ 43.765568][ T362] sk_psock_verdict_data_ready+0x147/0x1a0
[ 43.771160][ T362] ? sk_psock_start_verdict+0xc0/0xc0
[ 43.776377][ T362] ? _raw_spin_lock+0xa4/0x1b0
[ 43.782010][ T362] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 43.787739][ T362] ? skb_queue_tail+0xfb/0x120
[ 43.792432][ T362] unix_dgram_sendmsg+0x15fa/0x2090
[ 43.797467][ T362] ? unix_dgram_poll+0x710/0x710
[ 43.802238][ T362] ? _raw_spin_trylock+0xcd/0x1a0
[ 43.807143][ T362] ? security_socket_sendmsg+0x82/0xb0
[ 43.812393][ T362] ? unix_dgram_poll+0x710/0x710
[ 43.817169][ T362] ____sys_sendmsg+0x59e/0x8f0
[ 43.821768][ T362] ? __sys_sendmsg_sock+0x40/0x40
[ 43.826648][ T362] ? import_iovec+0xe5/0x120
[ 43.831288][ T362] ___sys_sendmsg+0x252/0x2e0
[ 43.835904][ T362] ? __sys_sendmsg+0x260/0x260
[ 43.840502][ T362] ? do_handle_mm_fault+0x1949/0x2330
[ 43.845721][ T362] ? __kasan_check_write+0x14/0x20
[ 43.850659][ T362] ? proc_fail_nth_write+0x20b/0x290
[ 43.855778][ T362] ? __fdget+0x1bc/0x240
[ 43.859858][ T362] __sys_sendmmsg+0x2bf/0x530
[ 43.864459][ T362] ? __ia32_sys_sendmsg+0x90/0x90
[ 43.869411][ T362] ? mutex_unlock+0xb2/0x260
[ 43.873917][ T362] ? __kasan_check_write+0x14/0x20
[ 43.878865][ T362] ? debug_smp_processor_id+0x17/0x20
[ 43.884068][ T362] ? fpregs_assert_state_consistent+0xb6/0xe0
[ 43.890073][ T362] __x64_sys_sendmmsg+0xa0/0xb0
[ 43.894879][ T362] do_syscall_64+0x3d/0xb0
[ 43.899106][ T362] entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 43.905529][ T362] RIP: 0033:0x7f9a2b64fae9
[ 43.909870][ T362] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
2024/02/20 22:18:24 executed programs: 5
[ 43.929317][ T362] RSP: 002b:00007f9a2b1d20c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 43.937577][ T362] RAX: ffffffffffffffda RBX: 00007f9a2b76ef80 RCX: 00007f9a2b64fae9
[ 43.945365][ T362] RDX: 0000000000000001 RSI: 00000000200063c0 RDI: 0000000000000003
[ 43.953176][ T362] RBP: 00007f9a2b1d2120 R08: 0000000000000000 R09: 0000000000000000
[ 43.961102][ T362] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 43.968992][ T362] R13: 000000000000000b R14: 00007f9a2b76ef80 R15: 00007ffe318b0678
[ 43.976815][ T362]
[ 44.003188][ T364] FAULT_INJECTION: forcing a failure.
[ 44.003188][ T364] name failslab, interval 1, probability 0, space 0, times 0
[ 44.016420][ T364] CPU: 1 PID: 364 Comm: syz-executor.0 Tainted: G B 5.15.148-syzkaller-1069047-g993bed180178 #0
[ 44.028240][ T364] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[ 44.038315][ T364] Call Trace:
[ 44.041430][ T364]
[ 44.044216][ T364] dump_stack_lvl+0x151/0x1b7
[ 44.048908][ T364] ? io_uring_drop_tctx_refs+0x190/0x190
[ 44.054452][ T364] dump_stack+0x15/0x17
[ 44.058443][ T364] should_fail+0x3c6/0x510
[ 44.062697][ T364] __should_failslab+0xa4/0xe0
[ 44.067466][ T364] should_failslab+0x9/0x20
[ 44.071895][ T364] slab_pre_alloc_hook+0x37/0xd0
[ 44.076757][ T364] kmem_cache_alloc_trace+0x48/0x210
[ 44.081961][ T364] ? sk_psock_skb_ingress_self+0x60/0x330
[ 44.087699][ T364] ? migrate_disable+0x190/0x190
[ 44.093246][ T364] sk_psock_skb_ingress_self+0x60/0x330
[ 44.098630][ T364] sk_psock_verdict_recv+0x66d/0x840
[ 44.103753][ T364] unix_read_sock+0x132/0x370
[ 44.108264][ T364] ? sk_psock_skb_redirect+0x440/0x440
[ 44.113683][ T364] ? unix_stream_splice_actor+0x120/0x120
[ 44.119242][ T364] ? _raw_spin_lock_irqsave+0xf9/0x210
[ 44.124535][ T364] ? unix_stream_splice_actor+0x120/0x120
[ 44.130179][ T364] sk_psock_verdict_data_ready+0x147/0x1a0
[ 44.135819][ T364] ? sk_psock_start_verdict+0xc0/0xc0
[ 44.141026][ T364] ? _raw_spin_lock+0xa4/0x1b0
[ 44.145713][ T364] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 44.151356][ T364] ? skb_queue_tail+0xfb/0x120
[ 44.155952][ T364] unix_dgram_sendmsg+0x15fa/0x2090
[ 44.161337][ T364] ? unix_dgram_poll+0x710/0x710
[ 44.166196][ T364] ? _raw_spin_trylock+0xcd/0x1a0
[ 44.171151][ T364] ? security_socket_sendmsg+0x82/0xb0
[ 44.176449][ T364] ? unix_dgram_poll+0x710/0x710
[ 44.181308][ T364] ____sys_sendmsg+0x59e/0x8f0
[ 44.185999][ T364] ? __sys_sendmsg_sock+0x40/0x40
[ 44.190932][ T364] ? import_iovec+0xe5/0x120
[ 44.195359][ T364] ___sys_sendmsg+0x252/0x2e0
[ 44.199876][ T364] ? __sys_sendmsg+0x260/0x260
[ 44.204472][ T364] ? do_handle_mm_fault+0x1949/0x2330
[ 44.209681][ T364] ? __kasan_check_write+0x14/0x20
[ 44.214797][ T364] ? proc_fail_nth_write+0x20b/0x290
[ 44.219920][ T364] ? __fdget+0x1bc/0x240
[ 44.224010][ T364] __sys_sendmmsg+0x2bf/0x530
[ 44.228513][ T364] ? __ia32_sys_sendmsg+0x90/0x90
[ 44.233461][ T364] ? mutex_unlock+0xb2/0x260
[ 44.237975][ T364] ? __kasan_check_write+0x14/0x20
[ 44.243012][ T364] ? debug_smp_processor_id+0x17/0x20
[ 44.248301][ T364] ? fpregs_assert_state_consistent+0xb6/0xe0
[ 44.254380][ T364] __x64_sys_sendmmsg+0xa0/0xb0
[ 44.259067][ T364] do_syscall_64+0x3d/0xb0
[ 44.263404][ T364] entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 44.269134][ T364] RIP: 0033:0x7f9a2b64fae9
[ 44.273386][ T364] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[ 44.292834][ T364] RSP: 002b:00007f9a2b1d20c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 44.301189][ T364] RAX: ffffffffffffffda RBX: 00007f9a2b76ef80 RCX: 00007f9a2b64fae9
[ 44.308997][ T364] RDX: 0000000000000001 RSI: 00000000200063c0 RDI: 0000000000000003
[ 44.316811][ T364] RBP: 00007f9a2b1d2120 R08: 0000000000000000 R09: 0000000000000000
[ 44.324630][ T364] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 44.332700][ T364] R13: 000000000000000b R14: 00007f9a2b76ef80 R15: 00007ffe318b0678
[ 44.341210][ T364]
[ 44.346873][ T363] ==================================================================
[ 44.354841][ T363] BUG: KASAN: double-free or invalid-free in kmem_cache_free+0x116/0x2e0
[ 44.363079][ T363]
[ 44.365241][ T363] CPU: 0 PID: 363 Comm: syz-executor.0 Tainted: G B 5.15.148-syzkaller-1069047-g993bed180178 #0
[ 44.376872][ T363] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[ 44.386862][ T363] Call Trace:
[ 44.389978][ T363]
[ 44.392780][ T363] dump_stack_lvl+0x151/0x1b7
[ 44.397268][ T363] ? io_uring_drop_tctx_refs+0x190/0x190
[ 44.402741][ T363] ? __wake_up_klogd+0xd5/0x110
[ 44.407429][ T363] ? panic+0x751/0x751
[ 44.411340][ T363] ? kmem_cache_free+0x116/0x2e0
[ 44.416104][ T363] print_address_description+0x87/0x3b0
[ 44.421483][ T363] ? kmem_cache_free+0x116/0x2e0
[ 44.426260][ T363] ? kmem_cache_free+0x116/0x2e0
[ 44.431030][ T363] kasan_report_invalid_free+0x6b/0xa0
[ 44.436333][ T363] ____kasan_slab_free+0x13e/0x160
[ 44.441883][ T363] __kasan_slab_free+0x11/0x20
[ 44.446478][ T363] slab_free_freelist_hook+0xbd/0x190
[ 44.451862][ T363] ? kfree_skbmem+0x104/0x170
[ 44.456390][ T363] kmem_cache_free+0x116/0x2e0
[ 44.461074][ T363] kfree_skbmem+0x104/0x170
[ 44.465401][ T363] consume_skb+0xb4/0x250
[ 44.469581][ T363] __sk_msg_free+0x2dd/0x370
[ 44.474088][ T363] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 44.479730][ T363] sk_psock_stop+0x44c/0x4d0
[ 44.484248][ T363] ? unix_peer_get+0xe0/0xe0
[ 44.488669][ T363] sock_map_close+0x2b9/0x4c0
[ 44.493626][ T363] ? sock_map_remove_links+0x570/0x570
[ 44.498950][ T363] ? rwsem_mark_wake+0x6b0/0x6b0
[ 44.503696][ T363] unix_release+0x82/0xc0
[ 44.507893][ T363] sock_close+0xdf/0x270
[ 44.511976][ T363] ? sock_mmap+0xa0/0xa0
[ 44.516012][ T363] __fput+0x3fe/0x910
[ 44.519863][ T363] ____fput+0x15/0x20
[ 44.523648][ T363] task_work_run+0x129/0x190
[ 44.528163][ T363] exit_to_user_mode_loop+0xc4/0xe0
[ 44.533196][ T363] exit_to_user_mode_prepare+0x5a/0xa0
[ 44.538542][ T363] syscall_exit_to_user_mode+0x26/0x160
[ 44.543870][ T363] do_syscall_64+0x49/0xb0
[ 44.548124][ T363] entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 44.553855][ T363] RIP: 0033:0x7f9a2b64e9da
[ 44.558117][ T363] Code: 48 3d 00 f0 ff ff 77 48 c3 0f 1f 80 00 00 00 00 48 83 ec 18 89 7c 24 0c e8 03 7f 02 00 8b 7c 24 0c 89 c2 b8 03 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 36 89 d7 89 44 24 0c e8 63 7f 02 00 8b 44 24
[ 44.577554][ T363] RSP: 002b:00007ffe318b0740 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[ 44.585878][ T363] RAX: 0000000000000000 RBX: 0000000000000004 RCX: 00007f9a2b64e9da
[ 44.593775][ T363] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003
[ 44.601587][ T363] RBP: 00007f9a2b770980 R08: 0000001b31360000 R09: 00007ffe3190c0b0
[ 44.609405][ T363] R10: 0000000000000000 R11: 0000000000000293 R12: 000000000000af10
[ 44.617211][ T363] R13: ffffffffffffffff R14: 00007f9a2b1d3000 R15: 000000000000abcf
[ 44.625024][ T363]
[ 44.627888][ T363]
[ 44.630056][ T363] Allocated by task 364:
[ 44.634134][ T363] __kasan_slab_alloc+0xb1/0xe0
[ 44.638997][ T363] slab_post_alloc_hook+0x53/0x2c0
[ 44.643954][ T363] kmem_cache_alloc+0xf5/0x200
[ 44.648976][ T363] skb_clone+0x1d1/0x360
[ 44.653053][ T363] sk_psock_verdict_recv+0x53/0x840
[ 44.658176][ T363] unix_read_sock+0x132/0x370
[ 44.662695][ T363] sk_psock_verdict_data_ready+0x147/0x1a0
[ 44.668440][ T363] unix_dgram_sendmsg+0x15fa/0x2090
[ 44.673465][ T363] ____sys_sendmsg+0x59e/0x8f0
[ 44.678078][ T363] ___sys_sendmsg+0x252/0x2e0
[ 44.682580][ T363] __sys_sendmmsg+0x2bf/0x530
[ 44.687091][ T363] __x64_sys_sendmmsg+0xa0/0xb0
[ 44.691777][ T363] do_syscall_64+0x3d/0xb0
[ 44.696060][ T363] entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 44.701759][ T363]
[ 44.703929][ T363] Freed by task 59:
[ 44.707574][ T363] kasan_set_track+0x4b/0x70
[ 44.712000][ T363] kasan_set_free_info+0x23/0x40
[ 44.716860][ T363] ____kasan_slab_free+0x126/0x160
[ 44.721806][ T363] __kasan_slab_free+0x11/0x20
[ 44.726409][ T363] slab_free_freelist_hook+0xbd/0x190
[ 44.731616][ T363] kmem_cache_free+0x116/0x2e0
[ 44.736216][ T363] kfree_skbmem+0x104/0x170
[ 44.740555][ T363] kfree_skb+0xc2/0x360
[ 44.744553][ T363] sk_psock_backlog+0xc21/0xd90
[ 44.749234][ T363] process_one_work+0x6bb/0xc10
[ 44.754117][ T363] worker_thread+0xad5/0x12a0
[ 44.758619][ T363] kthread+0x421/0x510
[ 44.762531][ T363] ret_from_fork+0x1f/0x30
[ 44.766768][ T363]
[ 44.769033][ T363] The buggy address belongs to the object at ffff88811eca9780
[ 44.769033][ T363] which belongs to the cache skbuff_head_cache of size 248
[ 44.783962][ T363] The buggy address is located 0 bytes inside of
[ 44.783962][ T363] 248-byte region [ffff88811eca9780, ffff88811eca9878)
[ 44.796908][ T363] The buggy address belongs to the page:
[ 44.802877][ T363] page:ffffea00047b2a40 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x11eca9
[ 44.813032][ T363] flags: 0x4000000000000200(slab|zone=1)
[ 44.818604][ T363] raw: 4000000000000200 0000000000000000 dead000000000122 ffff888100351680
[ 44.827010][ T363] raw: 0000000000000000 00000000000c000c 00000001ffffffff 0000000000000000
[ 44.835517][ T363] page dumped because: kasan: bad access detected
[ 44.841775][ T363] page_owner tracks the page as allocated
[ 44.847316][ T363] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x100a20(GFP_ATOMIC|__GFP_HARDWALL), pid 362, ts 43982275223, free_ts 43589349742
[ 44.862174][ T363] post_alloc_hook+0x1a3/0x1b0
[ 44.866930][ T363] prep_new_page+0x1b/0x110
[ 44.871355][ T363] get_page_from_freelist+0x3550/0x35d0
[ 44.876735][ T363] __alloc_pages+0x27e/0x8f0
[ 44.881164][ T363] alloc_slab_page+0x1f/0x80
[ 44.885588][ T363] new_slab+0x397/0x4e0
[ 44.889581][ T363] ___slab_alloc+0x39e/0x830
[ 44.894007][ T363] __slab_alloc+0x4a/0x90
[ 44.898177][ T363] kmem_cache_alloc+0x134/0x200
[ 44.902861][ T363] skb_clone+0x1d1/0x360
[ 44.906940][ T363] sk_psock_verdict_recv+0x53/0x840
[ 44.911976][ T363] unix_read_sock+0x132/0x370
[ 44.916511][ T363] sk_psock_verdict_data_ready+0x147/0x1a0
[ 44.922132][ T363] unix_dgram_sendmsg+0x15fa/0x2090
[ 44.927174][ T363] ____sys_sendmsg+0x59e/0x8f0
[ 44.931768][ T363] ___sys_sendmsg+0x252/0x2e0
[ 44.936280][ T363] page last free stack trace:
[ 44.940993][ T363] free_unref_page_prepare+0x7c8/0x7d0
[ 44.946282][ T363] free_unref_page_list+0x14b/0xa60
[ 44.951317][ T363] release_pages+0x1310/0x1370
[ 44.955938][ T363] free_pages_and_swap_cache+0x8a/0xa0
[ 44.961297][ T363] tlb_finish_mmu+0x177/0x320
[ 44.965810][ T363] exit_mmap+0x3ef/0x6f0
[ 44.969891][ T363] __mmput+0x95/0x310
[ 44.973833][ T363] mmput+0x5b/0x170
[ 44.977447][ T363] do_exit+0xb9c/0x2ca0
[ 44.981442][ T363] do_group_exit+0x141/0x310
[ 44.985860][ T363] get_signal+0x7a3/0x1630
[ 44.990114][ T363] arch_do_signal_or_restart+0xbd/0x1680
[ 44.995579][ T363] exit_to_user_mode_loop+0xa0/0xe0
[ 45.000614][ T363] exit_to_user_mode_prepare+0x5a/0xa0
[ 45.005910][ T363] syscall_exit_to_user_mode+0x26/0x160
[ 45.011290][ T363] do_syscall_64+0x49/0xb0
[ 45.015718][ T363]
[ 45.017887][ T363] Memory state around the buggy address:
[ 45.023359][ T363] ffff88811eca9680: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 45.031265][ T363] ffff88811eca9700: fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc fc
[ 45.039153][ T363] >ffff88811eca9780: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 45.047135][ T363] ^
[ 45.051052][ T363] ffff88811eca9800: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fc
[ 45.059113][ T363] ffff88811eca9880: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
[ 45.067077][ T363] ==================================================================
[ 45.076374][ T30] kauditd_printk_skb: 2 callbacks suppressed
[ 45.076386][ T30] audit: type=1400 audit(1708467505.580:169): avc: denied { remove_name } for pid=82 comm="syslogd" name="messages" dev="tmpfs" ino=2 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[ 45.105545][ T30] audit: type=1400 audit(1708467505.580:170): avc: denied { rename } for pid=82 comm="syslogd" name="messages" dev="tmpfs" ino=2 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[ 45.127370][ T30] audit: type=1400 audit(1708467505.580:171): avc: denied { create } for pid=82 comm="syslogd" name="messages" scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[ 45.148505][ T367] FAULT_INJECTION: forcing a failure.
[ 45.148505][ T367] name failslab, interval 1, probability 0, space 0, times 0
[ 45.161090][ T367] CPU: 0 PID: 367 Comm: syz-executor.0 Tainted: G B 5.15.148-syzkaller-1069047-g993bed180178 #0
[ 45.172635][ T367] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[ 45.182867][ T367] Call Trace:
[ 45.185920][ T367]
[ 45.188700][ T367] dump_stack_lvl+0x151/0x1b7
[ 45.193210][ T367] ? io_uring_drop_tctx_refs+0x190/0x190
[ 45.198678][ T367] dump_stack+0x15/0x17
[ 45.202671][ T367] should_fail+0x3c6/0x510
[ 45.207011][ T367] __should_failslab+0xa4/0xe0
[ 45.211625][ T367] should_failslab+0x9/0x20
[ 45.215947][ T367] slab_pre_alloc_hook+0x37/0xd0
[ 45.220724][ T367] kmem_cache_alloc_trace+0x48/0x210
[ 45.225931][ T367] ? sk_psock_skb_ingress_self+0x60/0x330
[ 45.231486][ T367] ? migrate_disable+0x190/0x190
[ 45.236260][ T367] sk_psock_skb_ingress_self+0x60/0x330
[ 45.241728][ T367] sk_psock_verdict_recv+0x66d/0x840
[ 45.246945][ T367] unix_read_sock+0x132/0x370
[ 45.251536][ T367] ? sk_psock_skb_redirect+0x440/0x440
[ 45.256839][ T367] ? unix_stream_splice_actor+0x120/0x120
[ 45.262384][ T367] ? _raw_spin_lock_irqsave+0xf9/0x210
[ 45.267780][ T367] ? unix_stream_splice_actor+0x120/0x120
[ 45.273495][ T367] sk_psock_verdict_data_ready+0x147/0x1a0
[ 45.279147][ T367] ? sk_psock_start_verdict+0xc0/0xc0
[ 45.284448][ T367] ? _raw_spin_lock+0xa4/0x1b0
[ 45.289032][ T367] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 45.294753][ T367] ? skb_queue_tail+0xfb/0x120
[ 45.299378][ T367] unix_dgram_sendmsg+0x15fa/0x2090
[ 45.304393][ T367] ? unix_dgram_poll+0x710/0x710
[ 45.309163][ T367] ? _raw_spin_trylock+0xcd/0x1a0
[ 45.314037][ T367] ? security_socket_sendmsg+0x82/0xb0
[ 45.319328][ T367] ? unix_dgram_poll+0x710/0x710
[ 45.324445][ T367] ____sys_sendmsg+0x59e/0x8f0
[ 45.329042][ T367] ? __sys_sendmsg_sock+0x40/0x40
[ 45.333906][ T367] ? import_iovec+0xe5/0x120
[ 45.338416][ T367] ___sys_sendmsg+0x252/0x2e0
[ 45.343017][ T367] ? __sys_sendmsg+0x260/0x260
[ 45.347620][ T367] ? do_handle_mm_fault+0x1949/0x2330
[ 45.352824][ T367] ? __kasan_check_write+0x14/0x20
[ 45.357767][ T367] ? proc_fail_nth_write+0x20b/0x290
[ 45.362986][ T367] ? __fdget+0x1bc/0x240
[ 45.367491][ T367] __sys_sendmmsg+0x2bf/0x530
[ 45.372005][ T367] ? __ia32_sys_sendmsg+0x90/0x90
[ 45.376878][ T367] ? mutex_unlock+0xb2/0x260
[ 45.381298][ T367] ? __kasan_check_write+0x14/0x20
[ 45.386327][ T367] ? debug_smp_processor_id+0x17/0x20
[ 45.391535][ T367] ? fpregs_assert_state_consistent+0xb6/0xe0
[ 45.397447][ T367] __x64_sys_sendmmsg+0xa0/0xb0
[ 45.402123][ T367] do_syscall_64+0x3d/0xb0
[ 45.406389][ T367] entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 45.412111][ T367] RIP: 0033:0x7f9a2b64fae9
[ 45.416365][ T367] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[ 45.435807][ T367] RSP: 002b:00007f9a2b1d20c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 45.444134][ T367] RAX: ffffffffffffffda RBX: 00007f9a2b76ef80 RCX: 00007f9a2b64fae9
[ 45.451938][ T367] RDX: 0000000000000001 RSI: 00000000200063c0 RDI: 0000000000000003
[ 45.460184][ T367] RBP: 00007f9a2b1d2120 R08: 0000000000000000 R09: 0000000000000000
[ 45.468044][ T367] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 45.475809][ T367] R13: 000000000000000b R14: 00007f9a2b76ef80 R15: 00007ffe318b0678
[ 45.483622][ T367]
[ 45.489964][ T366] ==================================================================
[ 45.497915][ T366] BUG: KASAN: double-free or invalid-free in kmem_cache_free+0x116/0x2e0
[ 45.506169][ T366]
[ 45.508331][ T366] CPU: 0 PID: 366 Comm: syz-executor.0 Tainted: G B 5.15.148-syzkaller-1069047-g993bed180178 #0
[ 45.519872][ T366] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[ 45.529864][ T366] Call Trace:
[ 45.533001][ T366]
[ 45.535755][ T366] dump_stack_lvl+0x151/0x1b7
[ 45.540267][ T366] ? io_uring_drop_tctx_refs+0x190/0x190
[ 45.545739][ T366] ? __wake_up_klogd+0xd5/0x110
[ 45.550597][ T366] ? panic+0x751/0x751
[ 45.554509][ T366] ? kmem_cache_free+0x116/0x2e0
[ 45.559277][ T366] print_address_description+0x87/0x3b0
[ 45.564669][ T366] ? kmem_cache_free+0x116/0x2e0
[ 45.569432][ T366] ? kmem_cache_free+0x116/0x2e0
[ 45.574301][ T366] kasan_report_invalid_free+0x6b/0xa0
[ 45.579589][ T366] ____kasan_slab_free+0x13e/0x160
[ 45.584546][ T366] __kasan_slab_free+0x11/0x20
[ 45.589135][ T366] slab_free_freelist_hook+0xbd/0x190
[ 45.594344][ T366] ? kfree_skbmem+0x104/0x170
[ 45.598862][ T366] kmem_cache_free+0x116/0x2e0
[ 45.603552][ T366] kfree_skbmem+0x104/0x170
[ 45.607894][ T366] consume_skb+0xb4/0x250
[ 45.612048][ T366] __sk_msg_free+0x2dd/0x370
[ 45.616578][ T366] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 45.622211][ T366] sk_psock_stop+0x44c/0x4d0
[ 45.626649][ T366] ? unix_peer_get+0xe0/0xe0
[ 45.631160][ T366] sock_map_close+0x2b9/0x4c0
[ 45.635666][ T366] ? sock_map_remove_links+0x570/0x570
[ 45.640978][ T366] ? rwsem_mark_wake+0x6b0/0x6b0
[ 45.645819][ T366] unix_release+0x82/0xc0
[ 45.650505][ T366] sock_close+0xdf/0x270
[ 45.654588][ T366] ? sock_mmap+0xa0/0xa0
[ 45.658669][ T366] __fput+0x3fe/0x910
[ 45.662480][ T366] ____fput+0x15/0x20
[ 45.666300][ T366] task_work_run+0x129/0x190
[ 45.670727][ T366] exit_to_user_mode_loop+0xc4/0xe0
[ 45.675768][ T366] exit_to_user_mode_prepare+0x5a/0xa0
[ 45.681141][ T366] syscall_exit_to_user_mode+0x26/0x160
[ 45.686621][ T366] do_syscall_64+0x49/0xb0
[ 45.690957][ T366] entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 45.696714][ T366] RIP: 0033:0x7f9a2b64e9da
[ 45.700936][ T366] Code: 48 3d 00 f0 ff ff 77 48 c3 0f 1f 80 00 00 00 00 48 83 ec 18 89 7c 24 0c e8 03 7f 02 00 8b 7c 24 0c 89 c2 b8 03 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 36 89 d7 89 44 24 0c e8 63 7f 02 00 8b 44 24
[ 45.720556][ T366] RSP: 002b:00007ffe318b0740 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[ 45.728876][ T366] RAX: 0000000000000000 RBX: 0000000000000004 RCX: 00007f9a2b64e9da
[ 45.736697][ T366] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003
[ 45.744507][ T366] RBP: 00007f9a2b770980 R08: 0000001b31360000 R09: 00007ffe3190c0b0
[ 45.752575][ T366] R10: 0000000000000000 R11: 0000000000000293 R12: 000000000000b35f
[ 45.760578][ T366] R13: ffffffffffffffff R14: 00007f9a2b1d3000 R15: 000000000000b01e
[ 45.768380][ T366]
[ 45.771328][ T366]
[ 45.773587][ T366] Allocated by task 367:
[ 45.777750][ T366] __kasan_slab_alloc+0xb1/0xe0
[ 45.782440][ T366] slab_post_alloc_hook+0x53/0x2c0
[ 45.787386][ T366] kmem_cache_alloc+0xf5/0x200
[ 45.791985][ T366] skb_clone+0x1d1/0x360
[ 45.796100][ T366] sk_psock_verdict_recv+0x53/0x840
[ 45.801098][ T366] unix_read_sock+0x132/0x370
[ 45.805611][ T366] sk_psock_verdict_data_ready+0x147/0x1a0
[ 45.811253][ T366] unix_dgram_sendmsg+0x15fa/0x2090
[ 45.816374][ T366] ____sys_sendmsg+0x59e/0x8f0
[ 45.820981][ T366] ___sys_sendmsg+0x252/0x2e0
[ 45.825498][ T366] __sys_sendmmsg+0x2bf/0x530
[ 45.829999][ T366] __x64_sys_sendmmsg+0xa0/0xb0
[ 45.834691][ T366] do_syscall_64+0x3d/0xb0
[ 45.838937][ T366] entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 45.844761][ T366]
[ 45.846925][ T366] Freed by task 299:
[ 45.850661][ T366] kasan_set_track+0x4b/0x70
[ 45.855099][ T366] kasan_set_free_info+0x23/0x40
[ 45.859856][ T366] ____kasan_slab_free+0x126/0x160
[ 45.864805][ T366] __kasan_slab_free+0x11/0x20
[ 45.869407][ T366] slab_free_freelist_hook+0xbd/0x190
[ 45.874787][ T366] kmem_cache_free+0x116/0x2e0
[ 45.879389][ T366] kfree_skbmem+0x104/0x170
[ 45.883740][ T366] kfree_skb+0xc2/0x360
[ 45.887720][ T366] sk_psock_backlog+0xc21/0xd90
[ 45.892490][ T366] process_one_work+0x6bb/0xc10
[ 45.897185][ T366] worker_thread+0xad5/0x12a0
[ 45.901692][ T366] kthread+0x421/0x510
[ 45.905793][ T366] ret_from_fork+0x1f/0x30
[ 45.910047][ T366]
[ 45.912218][ T366] The buggy address belongs to the object at ffff88811eef9000
[ 45.912218][ T366] which belongs to the cache skbuff_head_cache of size 248
[ 45.927255][ T366] The buggy address is located 0 bytes inside of
[ 45.927255][ T366] 248-byte region [ffff88811eef9000, ffff88811eef90f8)
[ 45.940266][ T366] The buggy address belongs to the page:
[ 45.945811][ T366] page:ffffea00047bbe40 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x11eef9
[ 45.955963][ T366] flags: 0x4000000000000200(slab|zone=1)
[ 45.961443][ T366] raw: 4000000000000200 0000000000000000 dead000000000122 ffff888100351680
[ 45.969944][ T366] raw: 0000000000000000 00000000000c000c 00000001ffffffff 0000000000000000
[ 45.978525][ T366] page dumped because: kasan: bad access detected
[ 45.984787][ T366] page_owner tracks the page as allocated
[ 45.990333][ T366] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x112cc0(GFP_USER|__GFP_NOWARN|__GFP_NORETRY), pid 89, ts 45081726481, free_ts 39209232159
[ 46.006148][ T366] post_alloc_hook+0x1a3/0x1b0
[ 46.010915][ T366] prep_new_page+0x1b/0x110
[ 46.015591][ T366] get_page_from_freelist+0x3550/0x35d0
[ 46.021058][ T366] __alloc_pages+0x27e/0x8f0
[ 46.025483][ T366] new_slab+0x9a/0x4e0
[ 46.029394][ T366] ___slab_alloc+0x39e/0x830
[ 46.033912][ T366] __slab_alloc+0x4a/0x90
[ 46.038076][ T366] kmem_cache_alloc+0x134/0x200
[ 46.042761][ T366] __alloc_skb+0xbe/0x550
[ 46.046930][ T366] alloc_skb_with_frags+0xa6/0x680
[ 46.051876][ T366] sock_alloc_send_pskb+0x915/0xa50
[ 46.056909][ T366] unix_dgram_sendmsg+0x6fd/0x2090
[ 46.061857][ T366] __sys_sendto+0x564/0x720
[ 46.066198][ T366] __x64_sys_sendto+0xe5/0x100
[ 46.070796][ T366] do_syscall_64+0x3d/0xb0
[ 46.075138][ T366] entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 46.080875][ T366] page last free stack trace:
[ 46.085386][ T366] free_unref_page_prepare+0x7c8/0x7d0
[ 46.090674][ T366] free_unref_page+0xe8/0x750
[ 46.095189][ T366] __free_pages+0x61/0xf0
[ 46.099446][ T366] free_pages+0x7c/0x90
[ 46.103437][ T366] kasan_depopulate_vmalloc_pte+0x6a/0x90
[ 46.108987][ T366] __apply_to_page_range+0x8dd/0xbe0
[ 46.114108][ T366] apply_to_existing_page_range+0x38/0x50
[ 46.119667][ T366] kasan_release_vmalloc+0x9a/0xb0
[ 46.124611][ T366] __purge_vmap_area_lazy+0x154a/0x1690
[ 46.129990][ T366] _vm_unmap_aliases+0x339/0x3b0
[ 46.134764][ T366] vm_unmap_aliases+0x19/0x20
[ 46.139291][ T366] change_page_attr_set_clr+0x308/0x1050
[ 46.144744][ T366] set_memory_ro+0xa1/0xe0
[ 46.149030][ T366] bpf_int_jit_compile+0xbf42/0xc6d0
[ 46.154131][ T366] bpf_prog_select_runtime+0x706/0x9e0
[ 46.159526][ T366] bpf_prog_load+0x1315/0x1b50
[ 46.164191][ T366]
[ 46.166356][ T366] Memory state around the buggy address:
[ 46.171832][ T366] ffff88811eef8f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 46.179813][ T366] ffff88811eef8f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 46.187832][ T366] >ffff88811eef9000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 46.195897][ T366] ^
[ 46.199816][ T366] ffff88811eef9080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fc
[ 46.207707][ T366] ffff88811eef9100: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
[ 46.215683][ T366] ==================================================================
[ 46.232089][ T370] FAULT_INJECTION: forcing a failure.
[ 46.232089][ T370] name failslab, interval 1, probability 0, space 0, times 0
[ 46.244870][ T370] CPU: 1 PID: 370 Comm: syz-executor.0 Tainted: G B 5.15.148-syzkaller-1069047-g993bed180178 #0
[ 46.256566][ T370] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[ 46.266453][ T370] Call Trace:
[ 46.269575][ T370]
[ 46.272359][ T370] dump_stack_lvl+0x151/0x1b7
[ 46.276863][ T370] ? io_uring_drop_tctx_refs+0x190/0x190
[ 46.282515][ T370] dump_stack+0x15/0x17
[ 46.286599][ T370] should_fail+0x3c6/0x510
[ 46.290842][ T370] __should_failslab+0xa4/0xe0
[ 46.295526][ T370] should_failslab+0x9/0x20
[ 46.299873][ T370] slab_pre_alloc_hook+0x37/0xd0
[ 46.304648][ T370] kmem_cache_alloc_trace+0x48/0x210
[ 46.309852][ T370] ? sk_psock_skb_ingress_self+0x60/0x330
[ 46.315491][ T370] ? migrate_disable+0x190/0x190
[ 46.320262][ T370] sk_psock_skb_ingress_self+0x60/0x330
[ 46.325729][ T370] sk_psock_verdict_recv+0x66d/0x840
[ 46.330939][ T370] unix_read_sock+0x132/0x370
[ 46.335455][ T370] ? sk_psock_skb_redirect+0x440/0x440
[ 46.340829][ T370] ? unix_stream_splice_actor+0x120/0x120
[ 46.346556][ T370] ? _raw_spin_lock_irqsave+0xf9/0x210
[ 46.351851][ T370] ? unix_stream_splice_actor+0x120/0x120
[ 46.357504][ T370] sk_psock_verdict_data_ready+0x147/0x1a0
[ 46.363137][ T370] ? sk_psock_start_verdict+0xc0/0xc0
[ 46.368443][ T370] ? _raw_spin_lock+0xa4/0x1b0
[ 46.373040][ T370] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 46.378847][ T370] ? skb_queue_tail+0xfb/0x120
[ 46.383453][ T370] unix_dgram_sendmsg+0x15fa/0x2090
[ 46.388568][ T370] ? unix_dgram_poll+0x710/0x710
[ 46.393401][ T370] ? _raw_spin_trylock+0xcd/0x1a0
[ 46.398295][ T370] ? security_socket_sendmsg+0x82/0xb0
[ 46.403589][ T370] ? unix_dgram_poll+0x710/0x710
[ 46.408587][ T370] ____sys_sendmsg+0x59e/0x8f0
[ 46.413168][ T370] ? __sys_sendmsg_sock+0x40/0x40
[ 46.418044][ T370] ? import_iovec+0xe5/0x120
[ 46.422541][ T370] ___sys_sendmsg+0x252/0x2e0
[ 46.427053][ T370] ? __sys_sendmsg+0x260/0x260
[ 46.431655][ T370] ? do_handle_mm_fault+0x1949/0x2330
[ 46.436866][ T370] ? __kasan_check_write+0x14/0x20
[ 46.441809][ T370] ? proc_fail_nth_write+0x20b/0x290
[ 46.446932][ T370] ? __fdget+0x1bc/0x240
[ 46.451008][ T370] __sys_sendmmsg+0x2bf/0x530
[ 46.455523][ T370] ? __ia32_sys_sendmsg+0x90/0x90
[ 46.460481][ T370] ? mutex_unlock+0xb2/0x260
[ 46.465082][ T370] ? __kasan_check_write+0x14/0x20
[ 46.470112][ T370] ? debug_smp_processor_id+0x17/0x20
[ 46.475320][ T370] ? fpregs_assert_state_consistent+0xb6/0xe0
[ 46.481224][ T370] __x64_sys_sendmmsg+0xa0/0xb0
[ 46.485953][ T370] do_syscall_64+0x3d/0xb0
[ 46.490182][ T370] entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 46.495901][ T370] RIP: 0033:0x7f9a2b64fae9
[ 46.500142][ T370] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[ 46.519675][ T370] RSP: 002b:00007f9a2b1d20c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 46.528003][ T370] RAX: ffffffffffffffda RBX: 00007f9a2b76ef80 RCX: 00007f9a2b64fae9
[ 46.535822][ T370] RDX: 0000000000000001 RSI: 00000000200063c0 RDI: 0000000000000003
[ 46.543840][ T370] RBP: 00007f9a2b1d2120 R08: 0000000000000000 R09: 0000000000000000
[ 46.551614][ T370] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 46.559435][ T370] R13: 000000000000000b R14: 00007f9a2b76ef80 R15: 00007ffe318b0678
[ 46.567333][ T370]
[ 46.572200][ T369] ==================================================================
[ 46.580072][ T369] BUG: KASAN: double-free or invalid-free in kmem_cache_free+0x116/0x2e0
[ 46.588814][ T369]
[ 46.590983][ T369] CPU: 0 PID: 369 Comm: syz-executor.0 Tainted: G B 5.15.148-syzkaller-1069047-g993bed180178 #0
[ 46.602730][ T369] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[ 46.612671][ T369] Call Trace:
[ 46.615796][ T369]
[ 46.618575][ T369] dump_stack_lvl+0x151/0x1b7
[ 46.623084][ T369] ? io_uring_drop_tctx_refs+0x190/0x190
[ 46.628681][ T369] ? __wake_up_klogd+0xd5/0x110
[ 46.633325][ T369] ? panic+0x751/0x751
[ 46.637232][ T369] ? kmem_cache_free+0x116/0x2e0
[ 46.642004][ T369] print_address_description+0x87/0x3b0
[ 46.647398][ T369] ? kmem_cache_free+0x116/0x2e0
[ 46.652162][ T369] ? kmem_cache_free+0x116/0x2e0
[ 46.656943][ T369] kasan_report_invalid_free+0x6b/0xa0
[ 46.662242][ T369] ____kasan_slab_free+0x13e/0x160
[ 46.667612][ T369] __kasan_slab_free+0x11/0x20
[ 46.672196][ T369] slab_free_freelist_hook+0xbd/0x190
[ 46.677401][ T369] ? kfree_skbmem+0x104/0x170
[ 46.682000][ T369] kmem_cache_free+0x116/0x2e0
[ 46.686865][ T369] kfree_skbmem+0x104/0x170
[ 46.691200][ T369] consume_skb+0xb4/0x250
[ 46.695400][ T369] __sk_msg_free+0x2dd/0x370
[ 46.699811][ T369] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 46.705734][ T369] sk_psock_stop+0x44c/0x4d0
[ 46.710212][ T369] ? unix_peer_get+0xe0/0xe0
[ 46.714761][ T369] sock_map_close+0x2b9/0x4c0
[ 46.719379][ T369] ? sock_map_remove_links+0x570/0x570
[ 46.724741][ T369] ? rwsem_mark_wake+0x6b0/0x6b0
[ 46.729597][ T369] unix_release+0x82/0xc0
[ 46.733769][ T369] sock_close+0xdf/0x270
[ 46.737840][ T369] ? sock_mmap+0xa0/0xa0
[ 46.741929][ T369] __fput+0x3fe/0x910
[ 46.745754][ T369] ____fput+0x15/0x20
[ 46.749830][ T369] task_work_run+0x129/0x190
[ 46.754255][ T369] exit_to_user_mode_loop+0xc4/0xe0
[ 46.759376][ T369] exit_to_user_mode_prepare+0x5a/0xa0
[ 46.764687][ T369] syscall_exit_to_user_mode+0x26/0x160
[ 46.770222][ T369] do_syscall_64+0x49/0xb0
[ 46.774476][ T369] entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 46.780223][ T369] RIP: 0033:0x7f9a2b64e9da
[ 46.784661][ T369] Code: 48 3d 00 f0 ff ff 77 48 c3 0f 1f 80 00 00 00 00 48 83 ec 18 89 7c 24 0c e8 03 7f 02 00 8b 7c 24 0c 89 c2 b8 03 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 36 89 d7 89 44 24 0c e8 63 7f 02 00 8b 44 24
[ 46.804267][ T369] RSP: 002b:00007ffe318b0740 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[ 46.812765][ T369] RAX: 0000000000000000 RBX: 0000000000000004 RCX: 00007f9a2b64e9da
[ 46.820723][ T369] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003
[ 46.828661][ T369] RBP: 00007f9a2b770980 R08: 0000001b31360000 R09: 00007ffe3190c0b0
[ 46.836463][ T369] R10: 0000000000000000 R11: 0000000000000293 R12: 000000000000b7c4
[ 46.844276][ T369] R13: ffffffffffffffff R14: 00007f9a2b1d3000 R15: 000000000000b483
[ 46.852287][ T369]
[ 46.855255][ T369]
[ 46.857390][ T369] Allocated by task 370:
[ 46.861470][ T369] __kasan_slab_alloc+0xb1/0xe0
[ 46.866154][ T369] slab_post_alloc_hook+0x53/0x2c0
[ 46.871223][ T369] kmem_cache_alloc+0xf5/0x200
[ 46.875826][ T369] skb_clone+0x1d1/0x360
[ 46.879915][ T369] sk_psock_verdict_recv+0x53/0x840
[ 46.884935][ T369] unix_read_sock+0x132/0x370
[ 46.889447][ T369] sk_psock_verdict_data_ready+0x147/0x1a0
[ 46.895090][ T369] unix_dgram_sendmsg+0x15fa/0x2090
[ 46.900211][ T369] ____sys_sendmsg+0x59e/0x8f0
[ 46.904906][ T369] ___sys_sendmsg+0x252/0x2e0
[ 46.909413][ T369] __sys_sendmmsg+0x2bf/0x530
[ 46.914012][ T369] __x64_sys_sendmmsg+0xa0/0xb0
[ 46.918696][ T369] do_syscall_64+0x3d/0xb0
[ 46.923037][ T369] entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 46.928850][ T369]
[ 46.931018][ T369] Freed by task 39:
[ 46.934701][ T369] kasan_set_track+0x4b/0x70
[ 46.939096][ T369] kasan_set_free_info+0x23/0x40
[ 46.944082][ T369] ____kasan_slab_free+0x126/0x160
[ 46.949029][ T369] __kasan_slab_free+0x11/0x20
[ 46.953890][ T369] slab_free_freelist_hook+0xbd/0x190
[ 46.959269][ T369] kmem_cache_free+0x116/0x2e0
[ 46.963964][ T369] kfree_skbmem+0x104/0x170
[ 46.968391][ T369] kfree_skb+0xc2/0x360
[ 46.972374][ T369] sk_psock_backlog+0xc21/0xd90
[ 46.977059][ T369] process_one_work+0x6bb/0xc10
[ 46.981760][ T369] worker_thread+0xad5/0x12a0
[ 46.986260][ T369] kthread+0x421/0x510
[ 46.990171][ T369] ret_from_fork+0x1f/0x30
[ 46.994785][ T369]
[ 46.996948][ T369] The buggy address belongs to the object at ffff88811ea69140
[ 46.996948][ T369] which belongs to the cache skbuff_head_cache of size 248
[ 47.012026][ T369] The buggy address is located 0 bytes inside of
[ 47.012026][ T369] 248-byte region [ffff88811ea69140, ffff88811ea69238)
[ 47.025139][ T369] The buggy address belongs to the page:
[ 47.030682][ T369] page:ffffea00047a9a40 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x11ea69
[ 47.040970][ T369] flags: 0x4000000000000200(slab|zone=1)
[ 47.046408][ T369] raw: 4000000000000200 0000000000000000 dead000000000122 ffff888100351680
[ 47.054811][ T369] raw: 0000000000000000 00000000000c000c 00000001ffffffff 0000000000000000
[ 47.063332][ T369] page dumped because: kasan: bad access detected
[ 47.069560][ T369] page_owner tracks the page as allocated
[ 47.075113][ T369] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x112cc0(GFP_USER|__GFP_NOWARN|__GFP_NORETRY), pid 89, ts 46225216621, free_ts 45076304598
[ 47.090735][ T369] post_alloc_hook+0x1a3/0x1b0
[ 47.095334][ T369] prep_new_page+0x1b/0x110
[ 47.099675][ T369] get_page_from_freelist+0x3550/0x35d0
[ 47.105054][ T369] __alloc_pages+0x27e/0x8f0
[ 47.109625][ T369] new_slab+0x9a/0x4e0
[ 47.113606][ T369] ___slab_alloc+0x39e/0x830
[ 47.118285][ T369] __slab_alloc+0x4a/0x90
[ 47.122451][ T369] kmem_cache_alloc+0x134/0x200
[ 47.127140][ T369] __alloc_skb+0xbe/0x550
[ 47.131317][ T369] alloc_skb_with_frags+0xa6/0x680
[ 47.136252][ T369] sock_alloc_send_pskb+0x915/0xa50
[ 47.141287][ T369] unix_dgram_sendmsg+0x6fd/0x2090
[ 47.146234][ T369] __sys_sendto+0x564/0x720
[ 47.150683][ T369] __x64_sys_sendto+0xe5/0x100
[ 47.155262][ T369] do_syscall_64+0x3d/0xb0
[ 47.159724][ T369] entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 47.165429][ T369] page last free stack trace:
[ 47.169973][ T369] free_unref_page_prepare+0x7c8/0x7d0
[ 47.175234][ T369] free_unref_page_list+0x14b/0xa60
[ 47.180271][ T369] release_pages+0x1310/0x1370
[ 47.184870][ T369] free_pages_and_swap_cache+0x8a/0xa0
[ 47.190252][ T369] tlb_finish_mmu+0x177/0x320
[ 47.194764][ T369] exit_mmap+0x3ef/0x6f0
[ 47.198944][ T369] __mmput+0x95/0x310
[ 47.202760][ T369] mmput+0x5b/0x170
[ 47.206480][ T369] do_exit+0xb9c/0x2ca0
[ 47.210474][ T369] do_group_exit+0x141/0x310
[ 47.214900][ T369] __x64_sys_exit_group+0x3f/0x40
[ 47.219759][ T369] do_syscall_64+0x3d/0xb0
[ 47.224012][ T369] entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 47.229832][ T369]
[ 47.231999][ T369] Memory state around the buggy address:
[ 47.237555][ T369] ffff88811ea69000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 47.245540][ T369] ffff88811ea69080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fc
[ 47.253550][ T369] >ffff88811ea69100: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
[ 47.261528][ T369] ^
[ 47.267513][ T369] ffff88811ea69180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 47.275492][ T369] ffff88811ea69200: fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc fc
[ 47.283409][ T369] ==================================================================
[ 47.298746][ T373] FAULT_INJECTION: forcing a failure.
[ 47.298746][ T373] name failslab, interval 1, probability 0, space 0, times 0
[ 47.311298][ T373] CPU: 0 PID: 373 Comm: syz-executor.0 Tainted: G B 5.15.148-syzkaller-1069047-g993bed180178 #0
[ 47.322999][ T373] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[ 47.333433][ T373] Call Trace:
[ 47.336542][ T373]
[ 47.339319][ T373] dump_stack_lvl+0x151/0x1b7
[ 47.343831][ T373] ? io_uring_drop_tctx_refs+0x190/0x190
[ 47.349573][ T373] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 47.355208][ T373] ? __skb_try_recv_datagram+0x495/0x6a0
[ 47.360952][ T373] dump_stack+0x15/0x17
[ 47.365019][ T373] should_fail+0x3c6/0x510
[ 47.369259][ T373] __should_failslab+0xa4/0xe0
[ 47.373907][ T373] ? skb_clone+0x1d1/0x360
[ 47.378116][ T373] should_failslab+0x9/0x20
[ 47.382458][ T373] slab_pre_alloc_hook+0x37/0xd0
[ 47.387226][ T373] ? skb_clone+0x1d1/0x360
[ 47.391478][ T373] kmem_cache_alloc+0x44/0x200
[ 47.396182][ T373] skb_clone+0x1d1/0x360
[ 47.400250][ T373] sk_psock_verdict_recv+0x53/0x840
[ 47.405366][ T373] ? avc_has_perm_noaudit+0x430/0x430
[ 47.410573][ T373] ? mntput_no_expire+0xfc/0x6b0
[ 47.415365][ T373] unix_read_sock+0x132/0x370
[ 47.419865][ T373] ? sk_psock_skb_redirect+0x440/0x440
[ 47.425328][ T373] ? unix_stream_splice_actor+0x120/0x120
[ 47.430885][ T373] ? _raw_spin_lock_irqsave+0xf9/0x210
[ 47.436264][ T373] ? unix_stream_splice_actor+0x120/0x120
[ 47.441908][ T373] sk_psock_verdict_data_ready+0x147/0x1a0
[ 47.447549][ T373] ? sk_psock_start_verdict+0xc0/0xc0
[ 47.452762][ T373] ? _raw_spin_lock+0xa4/0x1b0
[ 47.457368][ T373] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 47.463262][ T373] ? skb_queue_tail+0xfb/0x120
[ 47.467872][ T373] unix_dgram_sendmsg+0x15fa/0x2090
[ 47.472922][ T373] ? unix_dgram_poll+0x710/0x710
[ 47.477763][ T373] ? _raw_spin_trylock+0xcd/0x1a0
[ 47.482701][ T373] ? security_socket_sendmsg+0x82/0xb0
[ 47.487995][ T373] ? unix_dgram_poll+0x710/0x710
[ 47.492785][ T373] ____sys_sendmsg+0x59e/0x8f0
[ 47.497654][ T373] ? __sys_sendmsg_sock+0x40/0x40
[ 47.502491][ T373] ? import_iovec+0xe5/0x120
[ 47.506964][ T373] ___sys_sendmsg+0x252/0x2e0
[ 47.511742][ T373] ? __sys_sendmsg+0x260/0x260
[ 47.516299][ T373] ? do_handle_mm_fault+0x1949/0x2330
[ 47.521759][ T373] ? __kasan_check_write+0x14/0x20
[ 47.526704][ T373] ? proc_fail_nth_write+0x20b/0x290
[ 47.532187][ T373] ? __fdget+0x1bc/0x240
[ 47.536285][ T373] __sys_sendmmsg+0x2bf/0x530
[ 47.540865][ T373] ? __ia32_sys_sendmsg+0x90/0x90
[ 47.546092][ T373] ? mutex_unlock+0xb2/0x260
[ 47.550499][ T373] ? __kasan_check_write+0x14/0x20
[ 47.555535][ T373] ? debug_smp_processor_id+0x17/0x20
[ 47.560738][ T373] ? fpregs_assert_state_consistent+0xb6/0xe0
[ 47.566728][ T373] __x64_sys_sendmmsg+0xa0/0xb0
[ 47.571625][ T373] do_syscall_64+0x3d/0xb0
[ 47.575843][ T373] entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 47.581679][ T373] RIP: 0033:0x7f9a2b64fae9
[ 47.586096][ T373] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[ 47.605830][ T373] RSP: 002b:00007f9a2b1d20c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 47.615611][ T373] RAX: ffffffffffffffda RBX: 00007f9a2b76ef80 RCX: 00007f9a2b64fae9
[ 47.623420][ T373] RDX: 0000000000000001 RSI: 00000000200063c0 RDI: 0000000000000003
[ 47.631330][ T373] RBP: 00007f9a2b1d2120 R08: 0000000000000000 R09: 0000000000000000
[ 47.639139][ T373] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 47.646941][ T373] R13: 000000000000000b R14: 00007f9a2b76ef80 R15: 00007ffe318b0678
[ 47.654760][ T373]
[ 47.664547][ T375] FAULT_INJECTION: forcing a failure.
[ 47.664547][ T375] name failslab, interval 1, probability 0, space 0, times 0
[ 47.677294][ T375] CPU: 1 PID: 375 Comm: syz-executor.0 Tainted: G B 5.15.148-syzkaller-1069047-g993bed180178 #0
[ 47.689000][ T375] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[ 47.698894][ T375] Call Trace:
[ 47.702017][ T375]
[ 47.704797][ T375] dump_stack_lvl+0x151/0x1b7
[ 47.709480][ T375] ? io_uring_drop_tctx_refs+0x190/0x190
[ 47.714950][ T375] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 47.720671][ T375] ? __skb_try_recv_datagram+0x495/0x6a0
[ 47.726148][ T375] dump_stack+0x15/0x17
[ 47.730130][ T375] should_fail+0x3c6/0x510
[ 47.734383][ T375] __should_failslab+0xa4/0xe0
[ 47.738984][ T375] ? skb_clone+0x1d1/0x360
[ 47.743234][ T375] should_failslab+0x9/0x20
[ 47.747577][ T375] slab_pre_alloc_hook+0x37/0xd0
[ 47.752352][ T375] ? skb_clone+0x1d1/0x360
[ 47.756618][ T375] kmem_cache_alloc+0x44/0x200
[ 47.761203][ T375] skb_clone+0x1d1/0x360
[ 47.765314][ T375] sk_psock_verdict_recv+0x53/0x840
[ 47.770340][ T375] ? avc_has_perm_noaudit+0x430/0x430
[ 47.775610][ T375] ? mntput_no_expire+0xfc/0x6b0
[ 47.780390][ T375] unix_read_sock+0x132/0x370
[ 47.785083][ T375] ? sk_psock_skb_redirect+0x440/0x440
[ 47.790376][ T375] ? unix_stream_splice_actor+0x120/0x120
[ 47.795932][ T375] ? _raw_spin_lock_irqsave+0xf9/0x210
[ 47.801447][ T375] ? unix_stream_splice_actor+0x120/0x120
[ 47.806999][ T375] sk_psock_verdict_data_ready+0x147/0x1a0
[ 47.812638][ T375] ? sk_psock_start_verdict+0xc0/0xc0
[ 47.817843][ T375] ? _raw_spin_lock+0xa4/0x1b0
[ 47.822561][ T375] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 47.828199][ T375] ? skb_queue_tail+0xfb/0x120
[ 47.832885][ T375] unix_dgram_sendmsg+0x15fa/0x2090
[ 47.837921][ T375] ? unix_dgram_poll+0x710/0x710
[ 47.842778][ T375] ? _raw_spin_trylock+0xcd/0x1a0
[ 47.847746][ T375] ? security_socket_sendmsg+0x82/0xb0
[ 47.853025][ T375] ? unix_dgram_poll+0x710/0x710
[ 47.858057][ T375] ____sys_sendmsg+0x59e/0x8f0
[ 47.862657][ T375] ? __sys_sendmsg_sock+0x40/0x40
[ 47.867600][ T375] ? import_iovec+0xe5/0x120
[ 47.872114][ T375] ___sys_sendmsg+0x252/0x2e0
[ 47.876833][ T375] ? __sys_sendmsg+0x260/0x260
[ 47.881600][ T375] ? do_handle_mm_fault+0x1949/0x2330
[ 47.886930][ T375] ? __kasan_check_write+0x14/0x20
[ 47.892267][ T375] ? proc_fail_nth_write+0x20b/0x290
[ 47.897655][ T375] ? __fdget+0x1bc/0x240
[ 47.901911][ T375] __sys_sendmmsg+0x2bf/0x530
[ 47.906604][ T375] ? __ia32_sys_sendmsg+0x90/0x90
[ 47.911451][ T375] ? mutex_unlock+0xb2/0x260
[ 47.916839][ T375] ? __kasan_check_write+0x14/0x20
[ 47.921789][ T375] ? debug_smp_processor_id+0x17/0x20
[ 47.926985][ T375] ? fpregs_assert_state_consistent+0xb6/0xe0
[ 47.932973][ T375] __x64_sys_sendmmsg+0xa0/0xb0
[ 47.937766][ T375] do_syscall_64+0x3d/0xb0
[ 47.942000][ T375] entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 47.947728][ T375] RIP: 0033:0x7f9a2b64fae9
[ 47.951980][ T375] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[ 47.971608][ T375] RSP: 002b:00007f9a2b1d20c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 47.982099][ T375] RAX: ffffffffffffffda RBX: 00007f9a2b76ef80 RCX: 00007f9a2b64fae9
[ 47.990001][ T375] RDX: 0000000000000001 RSI: 00000000200063c0 RDI: 0000000000000003
[ 47.997901][ T375] RBP: 00007f9a2b1d2120 R08: 0000000000000000 R09: 0000000000000000
[ 48.005889][ T375] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 48.013869][ T375] R13: 000000000000000b R14: 00007f9a2b76ef80 R15: 00007ffe318b0678
[ 48.021869][ T375]
[ 48.031837][ T377] FAULT_INJECTION: forcing a failure.
[ 48.031837][ T377] name failslab, interval 1, probability 0, space 0, times 0
[ 48.044608][ T377] CPU: 1 PID: 377 Comm: syz-executor.0 Tainted: G B 5.15.148-syzkaller-1069047-g993bed180178 #0
[ 48.056213][ T377] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[ 48.066112][ T377] Call Trace:
[ 48.069405][ T377]
[ 48.072181][ T377] dump_stack_lvl+0x151/0x1b7
[ 48.076709][ T377] ? io_uring_drop_tctx_refs+0x190/0x190
[ 48.082162][ T377] dump_stack+0x15/0x17
[ 48.086159][ T377] should_fail+0x3c6/0x510
[ 48.090415][ T377] __should_failslab+0xa4/0xe0
[ 48.095293][ T377] should_failslab+0x9/0x20
[ 48.101082][ T377] slab_pre_alloc_hook+0x37/0xd0
[ 48.105860][ T377] kmem_cache_alloc_trace+0x48/0x210
[ 48.111062][ T377] ? sk_psock_skb_ingress_self+0x60/0x330
[ 48.116629][ T377] ? migrate_disable+0x190/0x190
[ 48.121491][ T377] sk_psock_skb_ingress_self+0x60/0x330
[ 48.126954][ T377] sk_psock_verdict_recv+0x66d/0x840
[ 48.132242][ T377] unix_read_sock+0x132/0x370
[ 48.136864][ T377] ? sk_psock_skb_redirect+0x440/0x440
[ 48.142142][ T377] ? unix_stream_splice_actor+0x120/0x120
[ 48.147784][ T377] ? _raw_spin_lock_irqsave+0xf9/0x210
[ 48.153091][ T377] ? unix_stream_splice_actor+0x120/0x120
[ 48.158673][ T377] sk_psock_verdict_data_ready+0x147/0x1a0
[ 48.164275][ T377] ? sk_psock_start_verdict+0xc0/0xc0
[ 48.169496][ T377] ? _raw_spin_lock+0xa4/0x1b0
[ 48.174084][ T377] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 48.179732][ T377] ? skb_queue_tail+0xfb/0x120
[ 48.184327][ T377] unix_dgram_sendmsg+0x15fa/0x2090
[ 48.189365][ T377] ? unix_dgram_poll+0x710/0x710
[ 48.194132][ T377] ? _raw_spin_trylock+0xcd/0x1a0
[ 48.198994][ T377] ? security_socket_sendmsg+0x82/0xb0
[ 48.204387][ T377] ? unix_dgram_poll+0x710/0x710
[ 48.210462][ T377] ____sys_sendmsg+0x59e/0x8f0
[ 48.215053][ T377] ? __sys_sendmsg_sock+0x40/0x40
[ 48.219940][ T377] ? import_iovec+0xe5/0x120
[ 48.224609][ T377] ___sys_sendmsg+0x252/0x2e0
[ 48.229114][ T377] ? __sys_sendmsg+0x260/0x260
[ 48.234061][ T377] ? do_handle_mm_fault+0x1949/0x2330
[ 48.239267][ T377] ? __kasan_check_write+0x14/0x20
[ 48.244210][ T377] ? proc_fail_nth_write+0x20b/0x290
[ 48.249337][ T377] ? __fdget+0x1bc/0x240
[ 48.253424][ T377] __sys_sendmmsg+0x2bf/0x530
[ 48.258019][ T377] ? __ia32_sys_sendmsg+0x90/0x90
[ 48.262881][ T377] ? mutex_unlock+0xb2/0x260
[ 48.267393][ T377] ? __kasan_check_write+0x14/0x20
[ 48.272342][ T377] ? debug_smp_processor_id+0x17/0x20
[ 48.277541][ T377] ? fpregs_assert_state_consistent+0xb6/0xe0
[ 48.283534][ T377] __x64_sys_sendmmsg+0xa0/0xb0
[ 48.288218][ T377] do_syscall_64+0x3d/0xb0
[ 48.292732][ T377] entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 48.298744][ T377] RIP: 0033:0x7f9a2b64fae9
[ 48.303277][ T377] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[ 48.322858][ T377] RSP: 002b:00007f9a2b1d20c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 48.331212][ T377] RAX: ffffffffffffffda RBX: 00007f9a2b76ef80 RCX: 00007f9a2b64fae9
[ 48.339010][ T377] RDX: 0000000000000001 RSI: 00000000200063c0 RDI: 0000000000000003
[ 48.346996][ T377] RBP: 00007f9a2b1d2120 R08: 0000000000000000 R09: 0000000000000000
[ 48.354796][ T377] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 48.362960][ T377] R13: 000000000000000b R14: 00007f9a2b76ef80 R15: 00007ffe318b0678
[ 48.370773][ T377]
[ 48.374792][ T376] ==================================================================
[ 48.382750][ T376] BUG: KASAN: double-free or invalid-free in kmem_cache_free+0x116/0x2e0
[ 48.391272][ T376]
[ 48.393430][ T376] CPU: 0 PID: 376 Comm: syz-executor.0 Tainted: G B 5.15.148-syzkaller-1069047-g993bed180178 #0
[ 48.404972][ T376] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[ 48.414952][ T376] Call Trace:
[ 48.418085][ T376]
[ 48.420856][ T376] dump_stack_lvl+0x151/0x1b7
[ 48.425379][ T376] ? io_uring_drop_tctx_refs+0x190/0x190
[ 48.430846][ T376] ? __wake_up_klogd+0xd5/0x110
[ 48.435646][ T376] ? panic+0x751/0x751
[ 48.439526][ T376] ? kmem_cache_free+0x116/0x2e0
[ 48.444291][ T376] print_address_description+0x87/0x3b0
[ 48.449755][ T376] ? kmem_cache_free+0x116/0x2e0
[ 48.454530][ T376] ? kmem_cache_free+0x116/0x2e0
[ 48.459321][ T376] kasan_report_invalid_free+0x6b/0xa0
[ 48.464610][ T376] ____kasan_slab_free+0x13e/0x160
[ 48.469556][ T376] __kasan_slab_free+0x11/0x20
[ 48.474144][ T376] slab_free_freelist_hook+0xbd/0x190
[ 48.479354][ T376] ? kfree_skbmem+0x104/0x170
[ 48.483867][ T376] kmem_cache_free+0x116/0x2e0
[ 48.488482][ T376] kfree_skbmem+0x104/0x170
[ 48.492894][ T376] consume_skb+0xb4/0x250
[ 48.497059][ T376] __sk_msg_free+0x2dd/0x370
[ 48.501489][ T376] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 48.507561][ T376] sk_psock_stop+0x44c/0x4d0
[ 48.511988][ T376] ? unix_peer_get+0xe0/0xe0
[ 48.516416][ T376] sock_map_close+0x2b9/0x4c0
[ 48.520926][ T376] ? sock_map_remove_links+0x570/0x570
[ 48.526224][ T376] ? rwsem_mark_wake+0x6b0/0x6b0
[ 48.531000][ T376] unix_release+0x82/0xc0
[ 48.535277][ T376] sock_close+0xdf/0x270
[ 48.539426][ T376] ? sock_mmap+0xa0/0xa0
[ 48.543499][ T376] __fput+0x3fe/0x910
[ 48.547338][ T376] ____fput+0x15/0x20
[ 48.551131][ T376] task_work_run+0x129/0x190
[ 48.555566][ T376] exit_to_user_mode_loop+0xc4/0xe0
[ 48.560679][ T376] exit_to_user_mode_prepare+0x5a/0xa0
[ 48.565973][ T376] syscall_exit_to_user_mode+0x26/0x160
[ 48.571364][ T376] do_syscall_64+0x49/0xb0
[ 48.575609][ T376] entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 48.581339][ T376] RIP: 0033:0x7f9a2b64e9da
[ 48.585591][ T376] Code: 48 3d 00 f0 ff ff 77 48 c3 0f 1f 80 00 00 00 00 48 83 ec 18 89 7c 24 0c e8 03 7f 02 00 8b 7c 24 0c 89 c2 b8 03 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 36 89 d7 89 44 24 0c e8 63 7f 02 00 8b 44 24
[ 48.605302][ T376] RSP: 002b:00007ffe318b0740 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[ 48.613538][ T376] RAX: 0000000000000000 RBX: 0000000000000004 RCX: 00007f9a2b64e9da
[ 48.621350][ T376] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003
[ 48.629170][ T376] RBP: 00007f9a2b770980 R08: 0000001b31360000 R09: 00007ffe3190c0b0
[ 48.636970][ T376] R10: 0000000000000000 R11: 0000000000000293 R12: 000000000000becc
[ 48.644872][ T376] R13: ffffffffffffffff R14: 00007f9a2b1d3000 R15: 000000000000bb8b
[ 48.652771][ T376]
[ 48.655644][ T376]
[ 48.657892][ T376] Allocated by task 377:
[ 48.661968][ T376] __kasan_slab_alloc+0xb1/0xe0
[ 48.666658][ T376] slab_post_alloc_hook+0x53/0x2c0
[ 48.671603][ T376] kmem_cache_alloc+0xf5/0x200
[ 48.676385][ T376] skb_clone+0x1d1/0x360
[ 48.680555][ T376] sk_psock_verdict_recv+0x53/0x840
[ 48.685584][ T376] unix_read_sock+0x132/0x370
[ 48.690192][ T376] sk_psock_verdict_data_ready+0x147/0x1a0
[ 48.695824][ T376] unix_dgram_sendmsg+0x15fa/0x2090
[ 48.701034][ T376] ____sys_sendmsg+0x59e/0x8f0
[ 48.705732][ T376] ___sys_sendmsg+0x252/0x2e0
[ 48.710235][ T376] __sys_sendmmsg+0x2bf/0x530
[ 48.714745][ T376] __x64_sys_sendmmsg+0xa0/0xb0
[ 48.719431][ T376] do_syscall_64+0x3d/0xb0
[ 48.723700][ T376] entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 48.729420][ T376]
[ 48.731586][ T376] Freed by task 39:
[ 48.735231][ T376] kasan_set_track+0x4b/0x70
[ 48.739662][ T376] kasan_set_free_info+0x23/0x40
[ 48.744613][ T376] ____kasan_slab_free+0x126/0x160
[ 48.749733][ T376] __kasan_slab_free+0x11/0x20
[ 48.754333][ T376] slab_free_freelist_hook+0xbd/0x190
[ 48.759627][ T376] kmem_cache_free+0x116/0x2e0
[ 48.764227][ T376] kfree_skbmem+0x104/0x170
[ 48.768655][ T376] kfree_skb+0xc2/0x360
[ 48.772648][ T376] sk_psock_backlog+0xc21/0xd90
[ 48.777612][ T376] process_one_work+0x6bb/0xc10
[ 48.782632][ T376] worker_thread+0xad5/0x12a0
[ 48.787191][ T376] kthread+0x421/0x510
[ 48.791222][ T376] ret_from_fork+0x1f/0x30
[ 48.795660][ T376]
[ 48.797836][ T376] The buggy address belongs to the object at ffff88811f3b68c0
[ 48.797836][ T376] which belongs to the cache skbuff_head_cache of size 248
[ 48.812345][ T376] The buggy address is located 0 bytes inside of
[ 48.812345][ T376] 248-byte region [ffff88811f3b68c0, ffff88811f3b69b8)
[ 48.825452][ T376] The buggy address belongs to the page:
[ 48.831191][ T376] page:ffffea00047ced80 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x11f3b6
[ 48.841246][ T376] flags: 0x4000000000000200(slab|zone=1)
[ 48.847065][ T376] raw: 4000000000000200 0000000000000000 dead000000000122 ffff888100351680
[ 48.855501][ T376] raw: 0000000000000000 00000000000c000c 00000001ffffffff 0000000000000000
[ 48.863907][ T376] page dumped because: kasan: bad access detected
[ 48.870236][ T376] page_owner tracks the page as allocated
[ 48.875877][ T376] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x112cc0(GFP_USER|__GFP_NOWARN|__GFP_NORETRY), pid 89, ts 47658772626, free_ts 47657720128
[ 48.891767][ T376] post_alloc_hook+0x1a3/0x1b0
[ 48.896358][ T376] prep_new_page+0x1b/0x110
[ 48.900709][ T376] get_page_from_freelist+0x3550/0x35d0
[ 48.906083][ T376] __alloc_pages+0x27e/0x8f0
[ 48.910507][ T376] new_slab+0x9a/0x4e0
[ 48.914492][ T376] ___slab_alloc+0x39e/0x830
[ 48.918928][ T376] __slab_alloc+0x4a/0x90
[ 48.923094][ T376] kmem_cache_alloc+0x134/0x200
[ 48.927788][ T376] __alloc_skb+0xbe/0x550
[ 48.931949][ T376] alloc_skb_with_frags+0xa6/0x680
[ 48.937001][ T376] sock_alloc_send_pskb+0x915/0xa50
[ 48.942014][ T376] unix_dgram_sendmsg+0x6fd/0x2090
[ 48.946963][ T376] __sys_sendto+0x564/0x720
[ 48.951309][ T376] __x64_sys_sendto+0xe5/0x100
[ 48.955903][ T376] do_syscall_64+0x3d/0xb0
[ 48.960156][ T376] entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 48.966080][ T376] page last free stack trace:
[ 48.970660][ T376] free_unref_page_prepare+0x7c8/0x7d0
[ 48.976124][ T376] free_unref_page+0xe8/0x750
[ 48.980735][ T376] __free_pages+0x61/0xf0
[ 48.985066][ T376] __vunmap+0x7bc/0x8f0
[ 48.989056][ T376] vfree+0x7f/0xb0
[ 48.992651][ T376] module_memfree+0x17/0x30
[ 48.996954][ T376] bpf_jit_free_exec+0x15/0x20
[ 49.001642][ T376] bpf_jit_free+0x98/0x240
[ 49.006067][ T376] bpf_prog_free_deferred+0x61e/0x730
[ 49.011370][ T376] process_one_work+0x6bb/0xc10
[ 49.016135][ T376] worker_thread+0xad5/0x12a0
[ 49.020649][ T376] kthread+0x421/0x510
[ 49.024649][ T376] ret_from_fork+0x1f/0x30
[ 49.028908][ T376]
[ 49.031072][ T376] Memory state around the buggy address:
[ 49.036545][ T376] ffff88811f3b6780: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 49.044448][ T376] ffff88811f3b6800: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fc
[ 49.052525][ T376] >ffff88811f3b6880: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
[ 49.060419][ T376] ^
[ 49.066408][ T376] ffff88811f3b6900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
2024/02/20 22:18:29 executed programs: 11
[ 49.074324][ T376] ffff88811f3b6980: fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc fc
[ 49.082222][ T376] ==================================================================
[ 49.100624][ T380] FAULT_INJECTION: forcing a failure.
[ 49.100624][ T380] name failslab, interval 1, probability 0, space 0, times 0
[ 49.113541][ T380] CPU: 0 PID: 380 Comm: syz-executor.0 Tainted: G B 5.15.148-syzkaller-1069047-g993bed180178 #0
[ 49.125397][ T380] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[ 49.135274][ T380] Call Trace:
[ 49.138503][ T380]
[ 49.141278][ T380] dump_stack_lvl+0x151/0x1b7
[ 49.145778][ T380] ? io_uring_drop_tctx_refs+0x190/0x190
[ 49.151784][ T380] dump_stack+0x15/0x17
[ 49.155758][ T380] should_fail+0x3c6/0x510
[ 49.160015][ T380] __should_failslab+0xa4/0xe0
[ 49.164709][ T380] should_failslab+0x9/0x20
[ 49.169060][ T380] slab_pre_alloc_hook+0x37/0xd0
[ 49.173823][ T380] kmem_cache_alloc_trace+0x48/0x210
[ 49.178941][ T380] ? sk_psock_skb_ingress_self+0x60/0x330
[ 49.184498][ T380] ? migrate_disable+0x190/0x190
[ 49.189271][ T380] sk_psock_skb_ingress_self+0x60/0x330
[ 49.194654][ T380] sk_psock_verdict_recv+0x66d/0x840
[ 49.200818][ T380] unix_read_sock+0x132/0x370
[ 49.205351][ T380] ? sk_psock_skb_redirect+0x440/0x440
[ 49.210710][ T380] ? unix_stream_splice_actor+0x120/0x120
[ 49.216263][ T380] ? _raw_spin_lock_irqsave+0xf9/0x210
[ 49.221557][ T380] ? unix_stream_splice_actor+0x120/0x120
[ 49.227112][ T380] sk_psock_verdict_data_ready+0x147/0x1a0
[ 49.232753][ T380] ? sk_psock_start_verdict+0xc0/0xc0
[ 49.237960][ T380] ? _raw_spin_lock+0xa4/0x1b0
[ 49.242562][ T380] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 49.248212][ T380] ? skb_queue_tail+0xfb/0x120
[ 49.252804][ T380] unix_dgram_sendmsg+0x15fa/0x2090
[ 49.257844][ T380] ? unix_dgram_poll+0x710/0x710
[ 49.262640][ T380] ? _raw_spin_trylock+0xcd/0x1a0
[ 49.267683][ T380] ? security_socket_sendmsg+0x82/0xb0
[ 49.272939][ T380] ? unix_dgram_poll+0x710/0x710
[ 49.277849][ T380] ____sys_sendmsg+0x59e/0x8f0
[ 49.282402][ T380] ? __sys_sendmsg_sock+0x40/0x40
[ 49.287264][ T380] ? import_iovec+0xe5/0x120
[ 49.291688][ T380] ___sys_sendmsg+0x252/0x2e0
[ 49.296290][ T380] ? __sys_sendmsg+0x260/0x260
[ 49.300987][ T380] ? do_handle_mm_fault+0x1949/0x2330
[ 49.306185][ T380] ? __kasan_check_write+0x14/0x20
[ 49.311126][ T380] ? proc_fail_nth_write+0x20b/0x290
[ 49.316338][ T380] ? __fdget+0x1bc/0x240
[ 49.320507][ T380] __sys_sendmmsg+0x2bf/0x530
[ 49.325019][ T380] ? __ia32_sys_sendmsg+0x90/0x90
[ 49.329876][ T380] ? mutex_unlock+0xb2/0x260
[ 49.334307][ T380] ? __kasan_check_write+0x14/0x20
[ 49.339253][ T380] ? debug_smp_processor_id+0x17/0x20
[ 49.344551][ T380] ? fpregs_assert_state_consistent+0xb6/0xe0
[ 49.350447][ T380] __x64_sys_sendmmsg+0xa0/0xb0
[ 49.355222][ T380] do_syscall_64+0x3d/0xb0
[ 49.359738][ T380] entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 49.365551][ T380] RIP: 0033:0x7f9a2b64fae9
[ 49.369809][ T380] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[ 49.389334][ T380] RSP: 002b:00007f9a2b1d20c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 49.397580][ T380] RAX: ffffffffffffffda RBX: 00007f9a2b76ef80 RCX: 00007f9a2b64fae9
[ 49.405484][ T380] RDX: 0000000000000001 RSI: 00000000200063c0 RDI: 0000000000000003
[ 49.413301][ T380] RBP: 00007f9a2b1d2120 R08: 0000000000000000 R09: 0000000000000000
[ 49.421275][ T380] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 49.429081][ T380] R13: 000000000000000b R14: 00007f9a2b76ef80 R15: 00007ffe318b0678
[ 49.436901][ T380]
[ 49.440121][ T379] ==================================================================
[ 49.448004][ T379] BUG: KASAN: double-free or invalid-free in kmem_cache_free+0x116/0x2e0
[ 49.456241][ T379]
[ 49.458410][ T379] CPU: 1 PID: 379 Comm: syz-executor.0 Tainted: G B 5.15.148-syzkaller-1069047-g993bed180178 #0
[ 49.470053][ T379] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[ 49.480484][ T379] Call Trace:
[ 49.483608][ T379]
[ 49.486386][ T379] dump_stack_lvl+0x151/0x1b7
[ 49.490914][ T379] ? io_uring_drop_tctx_refs+0x190/0x190
[ 49.496365][ T379] ? __wake_up_klogd+0xd5/0x110
[ 49.501226][ T379] ? panic+0x751/0x751
[ 49.505143][ T379] ? kmem_cache_free+0x116/0x2e0
[ 49.509906][ T379] print_address_description+0x87/0x3b0
[ 49.515289][ T379] ? kmem_cache_free+0x116/0x2e0
[ 49.520069][ T379] ? kmem_cache_free+0x116/0x2e0
[ 49.524832][ T379] kasan_report_invalid_free+0x6b/0xa0
[ 49.530129][ T379] ____kasan_slab_free+0x13e/0x160
[ 49.535073][ T379] __kasan_slab_free+0x11/0x20
[ 49.539849][ T379] slab_free_freelist_hook+0xbd/0x190
[ 49.545146][ T379] ? kfree_skbmem+0x104/0x170
[ 49.549667][ T379] kmem_cache_free+0x116/0x2e0
[ 49.554346][ T379] kfree_skbmem+0x104/0x170
[ 49.558741][ T379] consume_skb+0xb4/0x250
[ 49.562859][ T379] __sk_msg_free+0x2dd/0x370
[ 49.567275][ T379] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 49.572918][ T379] sk_psock_stop+0x44c/0x4d0
[ 49.577342][ T379] ? unix_peer_get+0xe0/0xe0
[ 49.581775][ T379] sock_map_close+0x2b9/0x4c0
[ 49.586295][ T379] ? sock_map_remove_links+0x570/0x570
[ 49.591801][ T379] ? rwsem_mark_wake+0x6b0/0x6b0
[ 49.596619][ T379] unix_release+0x82/0xc0
[ 49.600782][ T379] sock_close+0xdf/0x270
[ 49.604945][ T379] ? sock_mmap+0xa0/0xa0
[ 49.609246][ T379] __fput+0x3fe/0x910
[ 49.613015][ T379] ____fput+0x15/0x20
[ 49.616834][ T379] task_work_run+0x129/0x190
[ 49.621262][ T379] exit_to_user_mode_loop+0xc4/0xe0