[ 19.964130][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 19.976237][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 19.984641][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[ 20.072409][ T296] syz-executor.0 (296) used greatest stack depth: 20704 bytes left
[ 20.591459][ T45] device bridge_slave_1 left promiscuous mode
[ 20.597584][ T45] bridge0: port 2(bridge_slave_1) entered disabled state
[ 20.605391][ T45] device bridge_slave_0 left promiscuous mode
[ 20.611510][ T45] bridge0: port 1(bridge_slave_0) entered disabled state
[ 20.619453][ T45] device veth1_macvtap left promiscuous mode
[ 20.625483][ T45] device veth0_vlan left promiscuous mode
Warning: Permanently added '10.128.0.159' (ED25519) to the list of known hosts.
2024/06/22 08:13:00 ignoring optional flag "sandboxArg"="0"
2024/06/22 08:13:00 parsed 1 programs
2024/06/22 08:13:00 executed programs: 0
[ 27.401167][ T30] kauditd_printk_skb: 19 callbacks suppressed
[ 27.401179][ T30] audit: type=1400 audit(1719043980.529:95): avc: denied { unlink } for pid=329 comm="syz-executor" name="swap-file" dev="sda1" ino=1930 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[ 27.417161][ T329] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k
[ 27.473269][ T335] bridge0: port 1(bridge_slave_0) entered blocking state
[ 27.480386][ T335] bridge0: port 1(bridge_slave_0) entered disabled state
[ 27.488010][ T335] device bridge_slave_0 entered promiscuous mode
[ 27.494951][ T335] bridge0: port 2(bridge_slave_1) entered blocking state
[ 27.501817][ T335] bridge0: port 2(bridge_slave_1) entered disabled state
[ 27.508893][ T335] device bridge_slave_1 entered promiscuous mode
[ 27.539267][ T335] bridge0: port 2(bridge_slave_1) entered blocking state
[ 27.546135][ T335] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 27.553407][ T335] bridge0: port 1(bridge_slave_0) entered blocking state
[ 27.560214][ T335] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 27.574987][ T39] bridge0: port 1(bridge_slave_0) entered disabled state
[ 27.582518][ T39] bridge0: port 2(bridge_slave_1) entered disabled state
[ 27.589754][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[ 27.597916][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 27.606698][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 27.614796][ T20] bridge0: port 1(bridge_slave_0) entered blocking state
[ 27.621941][ T20] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 27.637399][ T335] device veth0_vlan entered promiscuous mode
[ 27.644225][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 27.652736][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 27.661094][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[ 27.668606][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[ 27.676703][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 27.685034][ T60] bridge0: port 2(bridge_slave_1) entered blocking state
[ 27.691899][ T60] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 27.698997][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 27.707039][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 27.718243][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 27.727412][ T335] device veth1_macvtap entered promiscuous mode
[ 27.735705][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 27.745431][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[ 27.763039][ T30] audit: type=1400 audit(1719043980.889:96): avc: denied { prog_load } for pid=340 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1
[ 27.782802][ T30] audit: type=1400 audit(1719043980.889:97): avc: denied { bpf } for pid=340 comm="syz-executor.0" capability=39 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1
[ 27.803722][ T30] audit: type=1400 audit(1719043980.889:98): avc: denied { perfmon } for pid=340 comm="syz-executor.0" capability=38 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1
[ 27.804593][ T341] FAULT_INJECTION: forcing a failure.
[ 27.804593][ T341] name fail_page_alloc, interval 1, probability 0, space 0, times 1
[ 27.825019][ T30] audit: type=1400 audit(1719043980.929:99): avc: denied { prog_run } for pid=340 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1
[ 27.838215][ T341] CPU: 0 PID: 341 Comm: syz-executor.0 Not tainted 5.15.149-syzkaller-1069274-g85445b5a2107 #0
[ 27.857577][ T30] audit: type=1400 audit(1719043980.929:100): avc: denied { map_create } for pid=340 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1
[ 27.867965][ T341] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024
[ 27.867975][ T341] Call Trace:
[ 27.867979][ T341]
[ 27.867985][ T341] dump_stack_lvl+0x151/0x1b7
[ 27.868007][ T341] ? io_uring_drop_tctx_refs+0x190/0x190
[ 27.888298][ T30] audit: type=1400 audit(1719043980.929:101): avc: denied { map_read map_write } for pid=340 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1
[ 27.898001][ T341] ? __stack_depot_save+0x40d/0x470
[ 27.898033][ T341] dump_stack+0x15/0x17
[ 27.898047][ T341] should_fail+0x3c6/0x510
[ 27.898068][ T341] should_fail_alloc_page+0x5a/0x80
[ 27.902177][ T30] audit: type=1400 audit(1719043981.029:102): avc: denied { read } for pid=82 comm="syslogd" name="log" dev="sda1" ino=1915 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:var_t tclass=lnk_file permissive=1
[ 27.904164][ T341] prepare_alloc_pages+0x15c/0x700
[ 27.980173][ T341] ? __x64_sys_sendmmsg+0xa0/0xb0
[ 27.985100][ T341] ? do_syscall_64+0x3d/0xb0
[ 27.990298][ T341] ? entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 27.996271][ T341] ? __alloc_pages_bulk+0xe40/0xe40
[ 28.001406][ T341] __alloc_pages+0x18c/0x8f0
[ 28.006293][ T341] ? prep_new_page+0x110/0x110
[ 28.011219][ T341] ? __kasan_kmalloc+0x9/0x10
[ 28.016108][ T341] new_slab+0x9a/0x4e0
[ 28.020277][ T341] ___slab_alloc+0x39e/0x830
[ 28.024785][ T341] ? getname_kernel+0x59/0x2e0
[ 28.029368][ T341] ? getname_kernel+0x59/0x2e0
[ 28.034299][ T341] __slab_alloc+0x4a/0x90
[ 28.038664][ T341] ? getname_kernel+0x59/0x2e0
[ 28.043505][ T341] kmem_cache_alloc+0x134/0x200
[ 28.048248][ T341] getname_kernel+0x59/0x2e0
[ 28.052785][ T341] kern_path+0x23/0x1a0
[ 28.056767][ T341] unix_find_other+0xdb/0x860
[ 28.061542][ T341] ? sock_kzfree_s+0x60/0x60
[ 28.066163][ T341] ? __unix_set_addr+0x3c0/0x3c0
[ 28.071019][ T341] unix_dgram_sendmsg+0xd1d/0x2090
[ 28.076061][ T341] ? unix_dgram_poll+0x710/0x710
[ 28.081107][ T341] ? _raw_spin_trylock+0xcd/0x1a0
[ 28.086328][ T341] ? security_socket_sendmsg+0x82/0xb0
[ 28.091981][ T341] ? unix_dgram_poll+0x710/0x710
[ 28.096977][ T341] ____sys_sendmsg+0x59e/0x8f0
[ 28.101777][ T341] ? __sys_sendmsg_sock+0x40/0x40
[ 28.106687][ T341] ? import_iovec+0xe5/0x120
[ 28.111560][ T341] ___sys_sendmsg+0x252/0x2e0
[ 28.116193][ T341] ? __sys_sendmsg+0x260/0x260
[ 28.120786][ T341] ? do_handle_mm_fault+0x17e1/0x23a0
[ 28.126012][ T341] ? __kasan_check_write+0x14/0x20
[ 28.131301][ T341] ? proc_fail_nth_write+0x20b/0x290
[ 28.136832][ T341] ? __fdget+0x1bc/0x240
[ 28.140991][ T341] __sys_sendmmsg+0x2bf/0x530
[ 28.145637][ T341] ? __ia32_sys_sendmsg+0x90/0x90
[ 28.150461][ T341] ? mutex_unlock+0xb2/0x260
[ 28.154865][ T341] ? __kasan_check_write+0x14/0x20
[ 28.159848][ T341] ? debug_smp_processor_id+0x17/0x20
[ 28.165111][ T341] ? fpregs_assert_state_consistent+0xb6/0xe0
[ 28.171028][ T341] __x64_sys_sendmmsg+0xa0/0xb0
[ 28.175782][ T341] do_syscall_64+0x3d/0xb0
[ 28.180089][ T341] entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 28.185903][ T341] RIP: 0033:0x7f914cec5da9
[ 28.190145][ T341] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[ 28.210283][ T341] RSP: 002b:00007f914ca480c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 28.219062][ T341] RAX: ffffffffffffffda RBX: 00007f914cff4f80 RCX: 00007f914cec5da9
[ 28.227495][ T341] RDX: 0000000000000001 RSI: 0000000020001680 RDI: 0000000000000003
[ 28.235466][ T341] RBP: 00007f914ca48120 R08: 0000000000000000 R09: 0000000000000000
[ 28.243362][ T341] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 28.251391][ T341] R13: 000000000000000b R14: 00007f914cff4f80 R15: 00007ffe2eddc7a8
[ 28.259194][ T341]
[ 28.270839][ T344] FAULT_INJECTION: forcing a failure.
[ 28.270839][ T344] name failslab, interval 1, probability 0, space 0, times 1
[ 28.283624][ T344] CPU: 0 PID: 344 Comm: syz-executor.0 Not tainted 5.15.149-syzkaller-1069274-g85445b5a2107 #0
[ 28.293988][ T344] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024
[ 28.303946][ T344] Call Trace:
[ 28.307161][ T344]
[ 28.310086][ T344] dump_stack_lvl+0x151/0x1b7
[ 28.314854][ T344] ? io_uring_drop_tctx_refs+0x190/0x190
[ 28.320322][ T344] ? kasan_set_track+0x5d/0x70
[ 28.324917][ T344] ? kasan_set_free_info+0x23/0x40
[ 28.330080][ T344] ? ____kasan_slab_free+0x126/0x160
[ 28.335500][ T344] ? __kasan_slab_free+0x11/0x20
[ 28.340411][ T344] ? kmem_cache_free+0x116/0x2e0
[ 28.345484][ T344] ? kern_path+0x147/0x1a0
[ 28.349893][ T344] ? unix_find_other+0xdb/0x860
[ 28.354578][ T344] dump_stack+0x15/0x17
[ 28.358657][ T344] should_fail+0x3c6/0x510
[ 28.363199][ T344] __should_failslab+0xa4/0xe0
[ 28.367771][ T344] ? jbd2__journal_start+0x150/0x710
[ 28.372893][ T344] should_failslab+0x9/0x20
[ 28.377475][ T344] slab_pre_alloc_hook+0x37/0xd0
[ 28.382721][ T344] ? jbd2__journal_start+0x150/0x710
[ 28.388200][ T344] kmem_cache_alloc+0x44/0x200
[ 28.392977][ T344] jbd2__journal_start+0x150/0x710
[ 28.398187][ T344] __ext4_journal_start_sb+0xfa/0x2c0
[ 28.403493][ T344] ? current_time+0x1af/0x2f0
[ 28.408157][ T344] ext4_dirty_inode+0x8f/0x100
[ 28.412887][ T344] ? __ext4_expand_extra_isize+0x3f0/0x3f0
[ 28.418610][ T344] __mark_inode_dirty+0x200/0xa50
[ 28.423951][ T344] touch_atime+0x338/0x500
[ 28.428595][ T344] ? current_time+0x2f0/0x2f0
[ 28.433362][ T344] unix_find_other+0x6f5/0x860
[ 28.438033][ T344] ? sock_kzfree_s+0x60/0x60
[ 28.442755][ T344] ? __unix_set_addr+0x3c0/0x3c0
[ 28.447525][ T344] unix_dgram_sendmsg+0xd1d/0x2090
[ 28.452634][ T344] ? unix_dgram_poll+0x710/0x710
[ 28.457680][ T344] ? _raw_spin_trylock+0xcd/0x1a0
[ 28.462720][ T344] ? security_socket_sendmsg+0x82/0xb0
[ 28.468248][ T344] ? unix_dgram_poll+0x710/0x710
[ 28.473018][ T344] ____sys_sendmsg+0x59e/0x8f0
[ 28.477817][ T344] ? __sys_sendmsg_sock+0x40/0x40
[ 28.482757][ T344] ? import_iovec+0xe5/0x120
[ 28.487451][ T344] ___sys_sendmsg+0x252/0x2e0
[ 28.492068][ T344] ? __sys_sendmsg+0x260/0x260
[ 28.496772][ T344] ? do_handle_mm_fault+0x17e1/0x23a0
[ 28.502397][ T344] ? __kasan_check_write+0x14/0x20
[ 28.507416][ T344] ? proc_fail_nth_write+0x20b/0x290
[ 28.512779][ T344] ? __fdget+0x1bc/0x240
[ 28.516961][ T344] __sys_sendmmsg+0x2bf/0x530
[ 28.521832][ T344] ? __ia32_sys_sendmsg+0x90/0x90
[ 28.526687][ T344] ? mutex_unlock+0xb2/0x260
[ 28.531383][ T344] ? __kasan_check_write+0x14/0x20
[ 28.536464][ T344] ? debug_smp_processor_id+0x17/0x20
[ 28.541668][ T344] ? fpregs_assert_state_consistent+0xb6/0xe0
[ 28.547950][ T344] __x64_sys_sendmmsg+0xa0/0xb0
[ 28.552806][ T344] do_syscall_64+0x3d/0xb0
[ 28.557154][ T344] entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 28.562985][ T344] RIP: 0033:0x7f914cec5da9
[ 28.567479][ T344] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[ 28.588321][ T344] RSP: 002b:00007f914ca480c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 28.596819][ T344] RAX: ffffffffffffffda RBX: 00007f914cff4f80 RCX: 00007f914cec5da9
[ 28.604804][ T344] RDX: 0000000000000001 RSI: 0000000020001680 RDI: 0000000000000003
[ 28.612882][ T344] RBP: 00007f914ca48120 R08: 0000000000000000 R09: 0000000000000000
[ 28.621731][ T344] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 28.629538][ T344] R13: 000000000000000b R14: 00007f914cff4f80 R15: 00007ffe2eddc7a8
[ 28.637635][ T344]
[ 28.647688][ T346] FAULT_INJECTION: forcing a failure.
[ 28.647688][ T346] name failslab, interval 1, probability 0, space 0, times 0
[ 28.661104][ T346] CPU: 1 PID: 346 Comm: syz-executor.0 Not tainted 5.15.149-syzkaller-1069274-g85445b5a2107 #0
[ 28.671538][ T346] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024
[ 28.681997][ T346] Call Trace:
[ 28.685115][ T346]
[ 28.688041][ T346] dump_stack_lvl+0x151/0x1b7
[ 28.692637][ T346] ? io_uring_drop_tctx_refs+0x190/0x190
[ 28.698463][ T346] dump_stack+0x15/0x17
[ 28.702454][ T346] should_fail+0x3c6/0x510
[ 28.706786][ T346] __should_failslab+0xa4/0xe0
[ 28.711381][ T346] should_failslab+0x9/0x20
[ 28.716311][ T346] slab_pre_alloc_hook+0x37/0xd0
[ 28.721670][ T346] kmem_cache_alloc_trace+0x48/0x210
[ 28.726968][ T346] ? sk_psock_skb_ingress_self+0x60/0x330
[ 28.732686][ T346] ? migrate_disable+0x190/0x190
[ 28.737634][ T346] sk_psock_skb_ingress_self+0x60/0x330
[ 28.743397][ T346] sk_psock_verdict_recv+0x66d/0x840
[ 28.748775][ T346] unix_read_sock+0x132/0x370
[ 28.753506][ T346] ? sk_psock_skb_redirect+0x440/0x440
[ 28.758798][ T346] ? unix_stream_splice_actor+0x120/0x120
[ 28.764450][ T346] ? _raw_spin_lock_irqsave+0xf9/0x210
[ 28.769924][ T346] ? unix_stream_splice_actor+0x120/0x120
[ 28.776089][ T346] sk_psock_verdict_data_ready+0x147/0x1a0
[ 28.781918][ T346] ? sk_psock_start_verdict+0xc0/0xc0
[ 28.787118][ T346] ? _raw_spin_lock+0xa4/0x1b0
[ 28.791820][ T346] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 28.797673][ T346] ? skb_queue_tail+0xfb/0x120
[ 28.802325][ T346] unix_dgram_sendmsg+0x15fa/0x2090
[ 28.807372][ T346] ? unix_dgram_poll+0x710/0x710
[ 28.812944][ T346] ? _raw_spin_trylock+0xcd/0x1a0
[ 28.819205][ T346] ? security_socket_sendmsg+0x82/0xb0
[ 28.825155][ T346] ? unix_dgram_poll+0x710/0x710
[ 28.830002][ T346] ____sys_sendmsg+0x59e/0x8f0
[ 28.834648][ T346] ? __sys_sendmsg_sock+0x40/0x40
[ 28.839556][ T346] ? import_iovec+0xe5/0x120
[ 28.844164][ T346] ___sys_sendmsg+0x252/0x2e0
[ 28.848870][ T346] ? __sys_sendmsg+0x260/0x260
[ 28.853977][ T346] ? do_handle_mm_fault+0x17e1/0x23a0
[ 28.860254][ T346] ? __kasan_check_write+0x14/0x20
[ 28.865384][ T346] ? proc_fail_nth_write+0x20b/0x290
[ 28.871348][ T346] ? __fdget+0x1bc/0x240
[ 28.875857][ T346] __sys_sendmmsg+0x2bf/0x530
[ 28.882332][ T346] ? __ia32_sys_sendmsg+0x90/0x90
[ 28.888357][ T346] ? mutex_unlock+0xb2/0x260
[ 28.893527][ T346] ? __kasan_check_write+0x14/0x20
[ 28.899024][ T346] ? debug_smp_processor_id+0x17/0x20
[ 28.904535][ T346] ? fpregs_assert_state_consistent+0xb6/0xe0
[ 28.911609][ T346] __x64_sys_sendmmsg+0xa0/0xb0
[ 28.916363][ T346] do_syscall_64+0x3d/0xb0
[ 28.920722][ T346] entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 28.926836][ T346] RIP: 0033:0x7f914cec5da9
[ 28.931082][ T346] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[ 28.950996][ T346] RSP: 002b:00007f914ca480c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 28.959330][ T346] RAX: ffffffffffffffda RBX: 00007f914cff4f80 RCX: 00007f914cec5da9
[ 28.967316][ T346] RDX: 0000000000000001 RSI: 0000000020001680 RDI: 0000000000000003
[ 28.975957][ T346] RBP: 00007f914ca48120 R08: 0000000000000000 R09: 0000000000000000
[ 28.984190][ T346] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 28.992472][ T346] R13: 000000000000000b R14: 00007f914cff4f80 R15: 00007ffe2eddc7a8
[ 29.000589][ T346]
[ 29.006031][ T345] ==================================================================
[ 29.015464][ T345] BUG: KASAN: use-after-free in consume_skb+0x3c/0x250
[ 29.022532][ T345] Read of size 4 at addr ffff88811c0b786c by task syz-executor.0/345
[ 29.030767][ T345]
[ 29.032901][ T345] CPU: 1 PID: 345 Comm: syz-executor.0 Not tainted 5.15.149-syzkaller-1069274-g85445b5a2107 #0
[ 29.043152][ T345] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024
[ 29.053403][ T345] Call Trace:
[ 29.056535][ T345]
[ 29.059392][ T345] dump_stack_lvl+0x151/0x1b7
[ 29.063997][ T345] ? io_uring_drop_tctx_refs+0x190/0x190
[ 29.069547][ T345] ? panic+0x751/0x751
[ 29.073499][ T345] print_address_description+0x87/0x3b0
[ 29.079095][ T345] kasan_report+0x179/0x1c0
[ 29.083539][ T345] ? consume_skb+0x3c/0x250
[ 29.087947][ T345] ? consume_skb+0x3c/0x250
[ 29.092896][ T345] kasan_check_range+0x293/0x2a0
[ 29.097766][ T345] __kasan_check_read+0x11/0x20
[ 29.102513][ T345] consume_skb+0x3c/0x250
[ 29.106611][ T345] __sk_msg_free+0x2dd/0x370
[ 29.111204][ T345] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 29.117220][ T345] sk_psock_stop+0x44c/0x4d0
[ 29.121732][ T345] ? unix_peer_get+0xe0/0xe0
[ 29.126244][ T345] sock_map_close+0x2b9/0x4c0
[ 29.130906][ T345] ? sock_map_remove_links+0x570/0x570
[ 29.136529][ T345] ? rwsem_mark_wake+0x6b0/0x6b0
[ 29.141814][ T345] unix_release+0x82/0xc0
[ 29.146067][ T345] sock_close+0xdf/0x270
[ 29.150340][ T345] ? sock_mmap+0xa0/0xa0
[ 29.154516][ T345] __fput+0x3fe/0x910
[ 29.158326][ T345] ____fput+0x15/0x20
[ 29.162143][ T345] task_work_run+0x129/0x190
[ 29.166571][ T345] exit_to_user_mode_loop+0xc4/0xe0
[ 29.171934][ T345] exit_to_user_mode_prepare+0x5a/0xa0
[ 29.177214][ T345] syscall_exit_to_user_mode+0x26/0x160
[ 29.182698][ T345] do_syscall_64+0x49/0xb0
[ 29.188210][ T345] entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 29.194166][ T345] RIP: 0033:0x7f914cec4c9a
[ 29.198611][ T345] Code: 48 3d 00 f0 ff ff 77 48 c3 0f 1f 80 00 00 00 00 48 83 ec 18 89 7c 24 0c e8 03 7f 02 00 8b 7c 24 0c 89 c2 b8 03 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 36 89 d7 89 44 24 0c e8 63 7f 02 00 8b 44 24
[ 29.218656][ T345] RSP: 002b:00007ffe2eddc870 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[ 29.226905][ T345] RAX: 0000000000000000 RBX: 0000000000000004 RCX: 00007f914cec4c9a
[ 29.234877][ T345] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003
[ 29.242895][ T345] RBP: 0000000000000032 R08: 0000001b30a60000 R09: 00007f914cff4f8c
[ 29.250875][ T345] R10: 00007ffe2eddc9c0 R11: 0000000000000293 R12: 00007f914ca4a1b0
[ 29.258890][ T345] R13: ffffffffffffffff R14: 00007f914ca49000 R15: 0000000000006fd1
[ 29.266793][ T345]
[ 29.269649][ T345]
[ 29.271819][ T345] Allocated by task 346:
[ 29.275899][ T345] __kasan_slab_alloc+0xb1/0xe0
[ 29.280584][ T345] slab_post_alloc_hook+0x53/0x2c0
[ 29.285624][ T345] kmem_cache_alloc+0xf5/0x200
[ 29.290221][ T345] skb_clone+0x1d1/0x360
[ 29.294408][ T345] sk_psock_verdict_recv+0x53/0x840
[ 29.299630][ T345] unix_read_sock+0x132/0x370
[ 29.304220][ T345] sk_psock_verdict_data_ready+0x147/0x1a0
[ 29.309949][ T345] unix_dgram_sendmsg+0x15fa/0x2090
[ 29.314980][ T345] ____sys_sendmsg+0x59e/0x8f0
[ 29.319607][ T345] ___sys_sendmsg+0x252/0x2e0
[ 29.324182][ T345] __sys_sendmmsg+0x2bf/0x530
[ 29.328784][ T345] __x64_sys_sendmmsg+0xa0/0xb0
[ 29.333640][ T345] do_syscall_64+0x3d/0xb0
[ 29.337988][ T345] entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 29.344098][ T345]
[ 29.346350][ T345] Freed by task 39:
[ 29.350078][ T345] kasan_set_track+0x4b/0x70
[ 29.354819][ T345] kasan_set_free_info+0x23/0x40
[ 29.359584][ T345] ____kasan_slab_free+0x126/0x160
[ 29.364846][ T345] __kasan_slab_free+0x11/0x20
[ 29.369584][ T345] slab_free_freelist_hook+0xbd/0x190
[ 29.375044][ T345] kmem_cache_free+0x116/0x2e0
[ 29.379729][ T345] kfree_skbmem+0x104/0x170
[ 29.384168][ T345] kfree_skb+0xc2/0x360
[ 29.388221][ T345] sk_psock_backlog+0xc21/0xd90
[ 29.393129][ T345] process_one_work+0x6bb/0xc10
[ 29.397881][ T345] worker_thread+0xad5/0x12a0
[ 29.402383][ T345] kthread+0x421/0x510
[ 29.406316][ T345] ret_from_fork+0x1f/0x30
[ 29.410726][ T345]
[ 29.412961][ T345] The buggy address belongs to the object at ffff88811c0b7780
[ 29.412961][ T345] which belongs to the cache skbuff_head_cache of size 248
[ 29.427602][ T345] The buggy address is located 236 bytes inside of
[ 29.427602][ T345] 248-byte region [ffff88811c0b7780, ffff88811c0b7878)
[ 29.440783][ T345] The buggy address belongs to the page:
[ 29.446249][ T345] page:ffffea0004702dc0 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x11c0b7
[ 29.456316][ T345] flags: 0x4000000000000200(slab|zone=1)
[ 29.461971][ T345] raw: 4000000000000200 0000000000000000 dead000000000122 ffff888107f99380
[ 29.470934][ T345] raw: 0000000000000000 00000000000c000c 00000001ffffffff 0000000000000000
[ 29.479455][ T345] page dumped because: kasan: bad access detected
[ 29.485876][ T345] page_owner tracks the page as allocated
[ 29.491405][ T345] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x112a20(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_HARDWALL), pid 60, ts 28641206796, free_ts 27782886599
[ 29.508942][ T345] post_alloc_hook+0x1a3/0x1b0
[ 29.513712][ T345] prep_new_page+0x1b/0x110
[ 29.518142][ T345] get_page_from_freelist+0x3550/0x35d0
[ 29.523692][ T345] __alloc_pages+0x27e/0x8f0
[ 29.528213][ T345] new_slab+0x9a/0x4e0
[ 29.532218][ T345] ___slab_alloc+0x39e/0x830
[ 29.536719][ T345] __slab_alloc+0x4a/0x90
[ 29.541225][ T345] kmem_cache_alloc+0x134/0x200
[ 29.546088][ T345] __alloc_skb+0xbe/0x550
[ 29.550342][ T345] ndisc_alloc_skb+0xf3/0x2d0
[ 29.555112][ T345] ndisc_send_ns+0x29d/0x830
[ 29.559545][ T345] addrconf_dad_work+0xb29/0x1710
[ 29.564672][ T345] process_one_work+0x6bb/0xc10
[ 29.569359][ T345] worker_thread+0xad5/0x12a0
[ 29.573966][ T345] kthread+0x421/0x510
[ 29.577875][ T345] ret_from_fork+0x1f/0x30
[ 29.582127][ T345] page last free stack trace:
[ 29.586628][ T345] free_unref_page_prepare+0x7c8/0x7d0
[ 29.591942][ T345] free_unref_page+0xe8/0x750
[ 29.596437][ T345] __free_pages+0x61/0xf0
[ 29.600690][ T345] free_pages+0x7c/0x90
[ 29.604943][ T345] kasan_depopulate_vmalloc_pte+0x6a/0x90
[ 29.610781][ T345] __apply_to_page_range+0x8dd/0xbe0
[ 29.616075][ T345] apply_to_existing_page_range+0x38/0x50
[ 29.621718][ T345] kasan_release_vmalloc+0x9a/0xb0
[ 29.626753][ T345] __purge_vmap_area_lazy+0x154a/0x1690
[ 29.632220][ T345] _vm_unmap_aliases+0x339/0x3b0
[ 29.636993][ T345] vm_unmap_aliases+0x19/0x20
[ 29.641512][ T345] change_page_attr_set_clr+0x308/0x1050
[ 29.647156][ T345] set_memory_ro+0xa1/0xe0
[ 29.651663][ T345] bpf_int_jit_compile+0xbf42/0xc6d0
[ 29.656788][ T345] bpf_prog_select_runtime+0x706/0x9e0
[ 29.662260][ T345] bpf_prog_load+0x1315/0x1b50
[ 29.666966][ T345]
[ 29.669117][ T345] Memory state around the buggy address:
[ 29.674942][ T345] ffff88811c0b7700: fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc fc
[ 29.682929][ T345] ffff88811c0b7780: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 29.690811][ T345] >ffff88811c0b7800: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fc
[ 29.698707][ T345] ^
[ 29.706174][ T345] ffff88811c0b7880: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
[ 29.714081][ T345] ffff88811c0b7900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 29.721970][ T345] ==================================================================
[ 29.729957][ T345] Disabling lock debugging due to kernel taint
[ 29.736065][ T345] ==================================================================
[ 29.743934][ T345] BUG: KASAN: double-free or invalid-free in kmem_cache_free+0x116/0x2e0
[ 29.752185][ T345]
[ 29.754463][ T345] CPU: 1 PID: 345 Comm: syz-executor.0 Tainted: G B 5.15.149-syzkaller-1069274-g85445b5a2107 #0
[ 29.766006][ T345] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024
[ 29.775903][ T345] Call Trace:
[ 29.779033][ T345]
[ 29.781981][ T345] dump_stack_lvl+0x151/0x1b7
[ 29.786491][ T345] ? io_uring_drop_tctx_refs+0x190/0x190
[ 29.791960][ T345] ? __wake_up_klogd+0xd5/0x110
[ 29.796649][ T345] ? panic+0x751/0x751
[ 29.800601][ T345] ? kmem_cache_free+0x116/0x2e0
[ 29.805415][ T345] print_address_description+0x87/0x3b0
[ 29.810983][ T345] ? asm_sysvec_apic_timer_interrupt+0x1b/0x20
[ 29.817422][ T345] ? kmem_cache_free+0x116/0x2e0
[ 29.822253][ T345] ? kmem_cache_free+0x116/0x2e0
[ 29.827025][ T345] kasan_report_invalid_free+0x6b/0xa0
[ 29.832407][ T345] ____kasan_slab_free+0x13e/0x160
[ 29.837368][ T345] __kasan_slab_free+0x11/0x20
[ 29.842128][ T345] slab_free_freelist_hook+0xbd/0x190
[ 29.847522][ T345] ? kfree_skbmem+0x104/0x170
[ 29.852115][ T345] kmem_cache_free+0x116/0x2e0
[ 29.856735][ T345] kfree_skbmem+0x104/0x170
[ 29.861148][ T345] consume_skb+0xb4/0x250
[ 29.865401][ T345] __sk_msg_free+0x2dd/0x370
[ 29.869849][ T345] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 29.875657][ T345] sk_psock_stop+0x44c/0x4d0
[ 29.880167][ T345] ? unix_peer_get+0xe0/0xe0
[ 29.884766][ T345] sock_map_close+0x2b9/0x4c0
[ 29.889372][ T345] ? sock_map_remove_links+0x570/0x570
[ 29.894753][ T345] ? rwsem_mark_wake+0x6b0/0x6b0
[ 29.899693][ T345] unix_release+0x82/0xc0
[ 29.903904][ T345] sock_close+0xdf/0x270
[ 29.908156][ T345] ? sock_mmap+0xa0/0xa0
[ 29.912487][ T345] __fput+0x3fe/0x910
[ 29.916406][ T345] ____fput+0x15/0x20
[ 29.920826][ T345] task_work_run+0x129/0x190
[ 29.925423][ T345] exit_to_user_mode_loop+0xc4/0xe0
[ 29.930645][ T345] exit_to_user_mode_prepare+0x5a/0xa0
[ 29.935931][ T345] syscall_exit_to_user_mode+0x26/0x160
[ 29.941305][ T345] do_syscall_64+0x49/0xb0
[ 29.945564][ T345] entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 29.951287][ T345] RIP: 0033:0x7f914cec4c9a
[ 29.955583][ T345] Code: 48 3d 00 f0 ff ff 77 48 c3 0f 1f 80 00 00 00 00 48 83 ec 18 89 7c 24 0c e8 03 7f 02 00 8b 7c 24 0c 89 c2 b8 03 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 36 89 d7 89 44 24 0c e8 63 7f 02 00 8b 44 24
[ 29.975456][ T345] RSP: 002b:00007ffe2eddc870 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[ 29.983868][ T345] RAX: 0000000000000000 RBX: 0000000000000004 RCX: 00007f914cec4c9a
[ 29.991893][ T345] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003
[ 29.999757][ T345] RBP: 0000000000000032 R08: 0000001b30a60000 R09: 00007f914cff4f8c
[ 30.007652][ T345] R10: 00007ffe2eddc9c0 R11: 0000000000000293 R12: 00007f914ca4a1b0
[ 30.015646][ T345] R13: ffffffffffffffff R14: 00007f914ca49000 R15: 0000000000006fd1
[ 30.023490][ T345]
[ 30.026419][ T345]
[ 30.028776][ T345] Allocated by task 346:
[ 30.032869][ T345] __kasan_slab_alloc+0xb1/0xe0
[ 30.037542][ T345] slab_post_alloc_hook+0x53/0x2c0
[ 30.042576][ T345] kmem_cache_alloc+0xf5/0x200
[ 30.047183][ T345] skb_clone+0x1d1/0x360
[ 30.051516][ T345] sk_psock_verdict_recv+0x53/0x840
[ 30.056638][ T345] unix_read_sock+0x132/0x370
[ 30.061337][ T345] sk_psock_verdict_data_ready+0x147/0x1a0
[ 30.067179][ T345] unix_dgram_sendmsg+0x15fa/0x2090
[ 30.072375][ T345] ____sys_sendmsg+0x59e/0x8f0
[ 30.076976][ T345] ___sys_sendmsg+0x252/0x2e0
[ 30.081489][ T345] __sys_sendmmsg+0x2bf/0x530
[ 30.086533][ T345] __x64_sys_sendmmsg+0xa0/0xb0
[ 30.091252][ T345] do_syscall_64+0x3d/0xb0
[ 30.095647][ T345] entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 30.101649][ T345]
[ 30.103811][ T345] Freed by task 39:
[ 30.107457][ T345] kasan_set_track+0x4b/0x70
[ 30.112083][ T345] kasan_set_free_info+0x23/0x40
[ 30.116964][ T345] ____kasan_slab_free+0x126/0x160
[ 30.121866][ T345] __kasan_slab_free+0x11/0x20
[ 30.126646][ T345] slab_free_freelist_hook+0xbd/0x190
[ 30.132031][ T345] kmem_cache_free+0x116/0x2e0
[ 30.136622][ T345] kfree_skbmem+0x104/0x170
[ 30.141051][ T345] kfree_skb+0xc2/0x360
[ 30.145041][ T345] sk_psock_backlog+0xc21/0xd90
[ 30.149727][ T345] process_one_work+0x6bb/0xc10
[ 30.154450][ T345] worker_thread+0xad5/0x12a0
[ 30.159015][ T345] kthread+0x421/0x510
[ 30.162923][ T345] ret_from_fork+0x1f/0x30
[ 30.167183][ T345]
[ 30.169344][ T345] The buggy address belongs to the object at ffff88811c0b7780
[ 30.169344][ T345] which belongs to the cache skbuff_head_cache of size 248
[ 30.184279][ T345] The buggy address is located 0 bytes inside of
[ 30.184279][ T345] 248-byte region [ffff88811c0b7780, ffff88811c0b7878)
[ 30.197659][ T345] The buggy address belongs to the page:
[ 30.203301][ T345] page:ffffea0004702dc0 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x11c0b7
[ 30.213889][ T345] flags: 0x4000000000000200(slab|zone=1)
[ 30.219451][ T345] raw: 4000000000000200 0000000000000000 dead000000000122 ffff888107f99380
[ 30.228045][ T345] raw: 0000000000000000 00000000000c000c 00000001ffffffff 0000000000000000
[ 30.236728][ T345] page dumped because: kasan: bad access detected
[ 30.243054][ T345] page_owner tracks the page as allocated
[ 30.248628][ T345] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x112a20(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_HARDWALL), pid 60, ts 28641206796, free_ts 27782886599
[ 30.265895][ T345] post_alloc_hook+0x1a3/0x1b0
[ 30.270667][ T345] prep_new_page+0x1b/0x110
[ 30.275178][ T345] get_page_from_freelist+0x3550/0x35d0
[ 30.280907][ T345] __alloc_pages+0x27e/0x8f0
[ 30.285948][ T345] new_slab+0x9a/0x4e0
[ 30.290100][ T345] ___slab_alloc+0x39e/0x830
[ 30.294802][ T345] __slab_alloc+0x4a/0x90
[ 30.298967][ T345] kmem_cache_alloc+0x134/0x200
[ 30.303878][ T345] __alloc_skb+0xbe/0x550
[ 30.307993][ T345] ndisc_alloc_skb+0xf3/0x2d0
[ 30.312506][ T345] ndisc_send_ns+0x29d/0x830
[ 30.317021][ T345] addrconf_dad_work+0xb29/0x1710
[ 30.322510][ T345] process_one_work+0x6bb/0xc10
[ 30.327532][ T345] worker_thread+0xad5/0x12a0
[ 30.332131][ T345] kthread+0x421/0x510
[ 30.336131][ T345] ret_from_fork+0x1f/0x30
[ 30.340492][ T345] page last free stack trace:
[ 30.345161][ T345] free_unref_page_prepare+0x7c8/0x7d0
[ 30.350448][ T345] free_unref_page+0xe8/0x750
[ 30.354991][ T345] __free_pages+0x61/0xf0
[ 30.359315][ T345] free_pages+0x7c/0x90
[ 30.363638][ T345] kasan_depopulate_vmalloc_pte+0x6a/0x90
[ 30.369564][ T345] __apply_to_page_range+0x8dd/0xbe0
[ 30.375035][ T345] apply_to_existing_page_range+0x38/0x50
[ 30.380672][ T345] kasan_release_vmalloc+0x9a/0xb0
[ 30.385878][ T345] __purge_vmap_area_lazy+0x154a/0x1690
[ 30.391254][ T345] _vm_unmap_aliases+0x339/0x3b0
[ 30.396031][ T345] vm_unmap_aliases+0x19/0x20
[ 30.400545][ T345] change_page_attr_set_clr+0x308/0x1050
[ 30.406018][ T345] set_memory_ro+0xa1/0xe0
[ 30.410351][ T345] bpf_int_jit_compile+0xbf42/0xc6d0
[ 30.415740][ T345] bpf_prog_select_runtime+0x706/0x9e0
[ 30.421036][ T345] bpf_prog_load+0x1315/0x1b50
[ 30.425733][ T345]
[ 30.427895][ T345] Memory state around the buggy address:
[ 30.433380][ T345] ffff88811c0b7680: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 30.441350][ T345] ffff88811c0b7700: fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc fc
[ 30.449244][ T345] >ffff88811c0b7780: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 30.457316][ T345] ^
[ 30.461227][ T345] ffff88811c0b7800: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fc
[ 30.469125][ T345] ffff88811c0b7880: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
[ 30.477303][ T345] ==================================================================
[ 30.497002][ T350] FAULT_INJECTION: forcing a failure.
[ 30.497002][ T350] name failslab, interval 1, probability 0, space 0, times 0
[ 30.509630][ T350] CPU: 1 PID: 350 Comm: syz-executor.0 Tainted: G B 5.15.149-syzkaller-1069274-g85445b5a2107 #0
[ 30.521219][ T350] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024
[ 30.531286][ T350] Call Trace:
[ 30.534717][ T350]
[ 30.537456][ T350] dump_stack_lvl+0x151/0x1b7
[ 30.541970][ T350] ? io_uring_drop_tctx_refs+0x190/0x190
[ 30.547620][ T350] dump_stack+0x15/0x17
[ 30.551616][ T350] should_fail+0x3c6/0x510
[ 30.556035][ T350] __should_failslab+0xa4/0xe0
[ 30.560724][ T350] should_failslab+0x9/0x20
[ 30.565152][ T350] slab_pre_alloc_hook+0x37/0xd0
[ 30.570196][ T350] kmem_cache_alloc_trace+0x48/0x210
[ 30.575322][ T350] ? sk_psock_skb_ingress_self+0x60/0x330
[ 30.580876][ T350] ? migrate_disable+0x190/0x190
[ 30.585736][ T350] sk_psock_skb_ingress_self+0x60/0x330
[ 30.591104][ T350] sk_psock_verdict_recv+0x66d/0x840
[ 30.596322][ T350] unix_read_sock+0x132/0x370
[ 30.600835][ T350] ? sk_psock_skb_redirect+0x440/0x440
[ 30.606123][ T350] ? unix_stream_splice_actor+0x120/0x120
[ 30.612018][ T350] ? _raw_spin_lock_irqsave+0xf9/0x210
[ 30.617447][ T350] ? unix_stream_splice_actor+0x120/0x120
[ 30.622996][ T350] sk_psock_verdict_data_ready+0x147/0x1a0
[ 30.628739][ T350] ? sk_psock_start_verdict+0xc0/0xc0
[ 30.633928][ T350] ? _raw_spin_lock+0xa4/0x1b0
[ 30.638980][ T350] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 30.644717][ T350] ? skb_queue_tail+0xfb/0x120
[ 30.649316][ T350] unix_dgram_sendmsg+0x15fa/0x2090
[ 30.654378][ T350] ? unix_dgram_poll+0x710/0x710
[ 30.659216][ T350] ? __pagevec_lru_add+0xcde/0xd70
[ 30.664250][ T350] ? security_socket_sendmsg+0x82/0xb0
[ 30.669690][ T350] ? unix_dgram_poll+0x710/0x710
[ 30.674488][ T350] ____sys_sendmsg+0x59e/0x8f0
[ 30.679423][ T350] ? __sys_sendmsg_sock+0x40/0x40
[ 30.684555][ T350] ? import_iovec+0xe5/0x120
[ 30.689063][ T350] ___sys_sendmsg+0x252/0x2e0
[ 30.693668][ T350] ? __sys_sendmsg+0x260/0x260
[ 30.698525][ T350] ? do_handle_mm_fault+0x17e1/0x23a0
[ 30.703745][ T350] ? __kasan_check_write+0x14/0x20
[ 30.708782][ T350] ? proc_fail_nth_write+0x20b/0x290
[ 30.713889][ T350] ? __fdget+0x1bc/0x240
[ 30.717979][ T350] __sys_sendmmsg+0x2bf/0x530
[ 30.722483][ T350] ? __ia32_sys_sendmsg+0x90/0x90
[ 30.727628][ T350] ? mutex_unlock+0xb2/0x260
[ 30.732208][ T350] ? __kasan_check_write+0x14/0x20
[ 30.737154][ T350] ? debug_smp_processor_id+0x17/0x20
[ 30.742446][ T350] ? fpregs_assert_state_consistent+0xb6/0xe0
[ 30.748611][ T350] __x64_sys_sendmmsg+0xa0/0xb0
[ 30.753297][ T350] do_syscall_64+0x3d/0xb0
[ 30.757642][ T350] entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 30.763542][ T350] RIP: 0033:0x7f914cec5da9
[ 30.767964][ T350] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[ 30.787846][ T350] RSP: 002b:00007f914ca480c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 30.796087][ T350] RAX: ffffffffffffffda RBX: 00007f914cff4f80 RCX: 00007f914cec5da9
[ 30.803987][ T350] RDX: 0000000000000001 RSI: 0000000020001680 RDI: 0000000000000003
[ 30.812099][ T350] RBP: 00007f914ca48120 R08: 0000000000000000 R09: 0000000000000000
[ 30.819912][ T350] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 30.827716][ T350] R13: 000000000000000b R14: 00007f914cff4f80 R15: 00007ffe2eddc7a8
[ 30.835537][ T350]
[ 30.840515][ T349] ==================================================================
[ 30.848387][ T349] BUG: KASAN: double-free or invalid-free in kmem_cache_free+0x116/0x2e0
[ 30.856724][ T349]
[ 30.858985][ T349] CPU: 0 PID: 349 Comm: syz-executor.0 Tainted: G B 5.15.149-syzkaller-1069274-g85445b5a2107 #0
[ 30.871781][ T349] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024
[ 30.881751][ T349] Call Trace:
[ 30.885116][ T349]
[ 30.887885][ T349] dump_stack_lvl+0x151/0x1b7
[ 30.892492][ T349] ? io_uring_drop_tctx_refs+0x190/0x190
[ 30.897954][ T349] ? __wake_up_klogd+0xd5/0x110
[ 30.902814][ T349] ? panic+0x751/0x751
[ 30.906818][ T349] ? kmem_cache_free+0x116/0x2e0
[ 30.911814][ T349] print_address_description+0x87/0x3b0
[ 30.917498][ T349] ? kmem_cache_free+0x116/0x2e0
[ 30.922324][ T349] ? kmem_cache_free+0x116/0x2e0
[ 30.927099][ T349] kasan_report_invalid_free+0x6b/0xa0
[ 30.932468][ T349] ____kasan_slab_free+0x13e/0x160
[ 30.937422][ T349] __kasan_slab_free+0x11/0x20
[ 30.942109][ T349] slab_free_freelist_hook+0xbd/0x190
[ 30.947316][ T349] ? kfree_skbmem+0x104/0x170
[ 30.951918][ T349] kmem_cache_free+0x116/0x2e0
[ 30.956610][ T349] kfree_skbmem+0x104/0x170
[ 30.960936][ T349] consume_skb+0xb4/0x250
[ 30.965291][ T349] __sk_msg_free+0x2dd/0x370
[ 30.969891][ T349] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 30.975544][ T349] sk_psock_stop+0x44c/0x4d0
[ 30.980074][ T349] ? unix_peer_get+0xe0/0xe0
[ 30.984654][ T349] sock_map_close+0x2b9/0x4c0
[ 30.989290][ T349] ? sock_map_remove_links+0x570/0x570
[ 30.994652][ T349] ? rwsem_mark_wake+0x6b0/0x6b0
[ 30.999724][ T349] unix_release+0x82/0xc0
[ 31.003971][ T349] sock_close+0xdf/0x270
[ 31.008331][ T349] ? sock_mmap+0xa0/0xa0
[ 31.012502][ T349] __fput+0x3fe/0x910
[ 31.016326][ T349] ____fput+0x15/0x20
[ 31.020138][ T349] task_work_run+0x129/0x190
[ 31.024657][ T349] exit_to_user_mode_loop+0xc4/0xe0
[ 31.029769][ T349] exit_to_user_mode_prepare+0x5a/0xa0
[ 31.035150][ T349] syscall_exit_to_user_mode+0x26/0x160
[ 31.040584][ T349] do_syscall_64+0x49/0xb0
[ 31.044872][ T349] entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 31.050713][ T349] RIP: 0033:0x7f914cec4c9a
[ 31.055051][ T349] Code: 48 3d 00 f0 ff ff 77 48 c3 0f 1f 80 00 00 00 00 48 83 ec 18 89 7c 24 0c e8 03 7f 02 00 8b 7c 24 0c 89 c2 b8 03 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 36 89 d7 89 44 24 0c e8 63 7f 02 00 8b 44 24
[ 31.074773][ T349] RSP: 002b:00007ffe2eddc870 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[ 31.083304][ T349] RAX: 0000000000000000 RBX: 0000000000000004 RCX: 00007f914cec4c9a
[ 31.091150][ T349] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003
[ 31.099229][ T349] RBP: 00007f914cff6980 R08: 0000001b30a60000 R09: 00007ffe2ede40b0
[ 31.107123][ T349] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000007a4c
[ 31.115022][ T349] R13: ffffffffffffffff R14: 00007f914ca49000 R15: 000000000000770b
[ 31.123106][ T349]
[ 31.126047][ T349]
[ 31.128300][ T349] Allocated by task 350:
[ 31.132486][ T349] __kasan_slab_alloc+0xb1/0xe0
[ 31.137336][ T349] slab_post_alloc_hook+0x53/0x2c0
[ 31.142289][ T349] kmem_cache_alloc+0xf5/0x200
[ 31.146876][ T349] skb_clone+0x1d1/0x360
[ 31.151042][ T349] sk_psock_verdict_recv+0x53/0x840
[ 31.156180][ T349] unix_read_sock+0x132/0x370
[ 31.160771][ T349] sk_psock_verdict_data_ready+0x147/0x1a0
[ 31.166492][ T349] unix_dgram_sendmsg+0x15fa/0x2090
[ 31.171527][ T349] ____sys_sendmsg+0x59e/0x8f0
[ 31.176146][ T349] ___sys_sendmsg+0x252/0x2e0
[ 31.180727][ T349] __sys_sendmmsg+0x2bf/0x530
[ 31.185241][ T349] __x64_sys_sendmmsg+0xa0/0xb0
[ 31.189927][ T349] do_syscall_64+0x3d/0xb0
[ 31.194267][ T349] entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 31.200084][ T349]
[ 31.202254][ T349] Freed by task 60:
[ 31.205987][ T349] kasan_set_track+0x4b/0x70
[ 31.210686][ T349] kasan_set_free_info+0x23/0x40
[ 31.215541][ T349] ____kasan_slab_free+0x126/0x160
[ 31.220489][ T349] __kasan_slab_free+0x11/0x20
[ 31.225086][ T349] slab_free_freelist_hook+0xbd/0x190
[ 31.230378][ T349] kmem_cache_free+0x116/0x2e0
[ 31.235255][ T349] kfree_skbmem+0x104/0x170
[ 31.239958][ T349] kfree_skb+0xc2/0x360
[ 31.243919][ T349] sk_psock_backlog+0xc21/0xd90
[ 31.248605][ T349] process_one_work+0x6bb/0xc10
[ 31.253293][ T349] worker_thread+0xad5/0x12a0
[ 31.257810][ T349] kthread+0x421/0x510
[ 31.261714][ T349] ret_from_fork+0x1f/0x30
[ 31.265968][ T349]
[ 31.268142][ T349] The buggy address belongs to the object at ffff88811c1e8000
[ 31.268142][ T349] which belongs to the cache skbuff_head_cache of size 248
[ 31.283304][ T349] The buggy address is located 0 bytes inside of
[ 31.283304][ T349] 248-byte region [ffff88811c1e8000, ffff88811c1e80f8)
[ 31.296237][ T349] The buggy address belongs to the page:
[ 31.301715][ T349] page:ffffea0004707a00 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x11c1e8
[ 31.311946][ T349] flags: 0x4000000000000200(slab|zone=1)
[ 31.317424][ T349] raw: 4000000000000200 0000000000000000 dead000000000122 ffff888107f99380
[ 31.325939][ T349] raw: 0000000000000000 00000000000c000c 00000001ffffffff 0000000000000000
[ 31.334440][ T349] page dumped because: kasan: bad access detected
[ 31.340944][ T349] page_owner tracks the page as allocated
[ 31.346494][ T349] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x112cc0(GFP_USER|__GFP_NOWARN|__GFP_NORETRY), pid 100, ts 30495235792, free_ts 30492375160
[ 31.362932][ T349] post_alloc_hook+0x1a3/0x1b0
[ 31.367593][ T349] prep_new_page+0x1b/0x110
[ 31.371937][ T349] get_page_from_freelist+0x3550/0x35d0
[ 31.377578][ T349] __alloc_pages+0x27e/0x8f0
[ 31.382001][ T349] new_slab+0x9a/0x4e0
[ 31.386080][ T349] ___slab_alloc+0x39e/0x830
[ 31.390514][ T349] __slab_alloc+0x4a/0x90
[ 31.394682][ T349] kmem_cache_alloc+0x134/0x200
[ 31.399449][ T349] __alloc_skb+0xbe/0x550
[ 31.403788][ T349] netlink_sendmsg+0x797/0xd20
[ 31.408746][ T349] ____sys_sendmsg+0x59e/0x8f0
[ 31.413350][ T349] ___sys_sendmsg+0x252/0x2e0
[ 31.417937][ T349] __se_sys_sendmsg+0x19a/0x260
[ 31.422725][ T349] __x64_sys_sendmsg+0x7b/0x90
[ 31.427320][ T349] do_syscall_64+0x3d/0xb0
[ 31.431892][ T349] entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 31.437974][ T349] page last free stack trace:
[ 31.442486][ T349] free_unref_page_prepare+0x7c8/0x7d0
[ 31.447860][ T349] free_unref_page+0xe8/0x750
[ 31.452515][ T349] __free_pages+0x61/0xf0
[ 31.456722][ T349] free_pages+0x7c/0x90
[ 31.460899][ T349] pgd_free+0x17d/0x190
[ 31.465312][ T349] __mmdrop+0xb0/0x410
[ 31.469324][ T349] finish_task_switch+0x2cd/0x7b0
[ 31.474683][ T349] __schedule+0xcd4/0x1590
[ 31.479166][ T349] schedule+0x11f/0x1e0
[ 31.483426][ T349] schedule_hrtimeout_range_clock+0x228/0x3a0
[ 31.489402][ T349] schedule_hrtimeout_range+0x2a/0x40
[ 31.494714][ T349] do_epoll_wait+0x1913/0x1c10
[ 31.499392][ T349] do_epoll_pwait+0x5c/0x1f0
[ 31.503920][ T349] __x64_sys_epoll_pwait+0x2b4/0x300
[ 31.509220][ T349] do_syscall_64+0x3d/0xb0
[ 31.513735][ T349] entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 31.519947][ T349]
[ 31.522088][ T349] Memory state around the buggy address:
[ 31.527957][ T349] ffff88811c1e7f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 31.536951][ T349] ffff88811c1e7f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 31.545152][ T349] >ffff88811c1e8000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 31.553305][ T349] ^
[ 31.557388][ T349] ffff88811c1e8080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fc
[ 31.565911][ T349] ffff88811c1e8100: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
[ 31.574194][ T349] ==================================================================
[ 31.591730][ T353] FAULT_INJECTION: forcing a failure.
[ 31.591730][ T353] name failslab, interval 1, probability 0, space 0, times 0
[ 31.604430][ T353] CPU: 1 PID: 353 Comm: syz-executor.0 Tainted: G B 5.15.149-syzkaller-1069274-g85445b5a2107 #0
[ 31.616316][ T353] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024
[ 31.626558][ T353] Call Trace:
[ 31.629707][ T353]
[ 31.632557][ T353] dump_stack_lvl+0x151/0x1b7
[ 31.637242][ T353] ? io_uring_drop_tctx_refs+0x190/0x190
[ 31.642793][ T353] dump_stack+0x15/0x17
[ 31.646880][ T353] should_fail+0x3c6/0x510
[ 31.651268][ T353] __should_failslab+0xa4/0xe0
[ 31.655909][ T353] should_failslab+0x9/0x20
[ 31.660501][ T353] slab_pre_alloc_hook+0x37/0xd0
[ 31.665638][ T353] kmem_cache_alloc_trace+0x48/0x210
[ 31.670890][ T353] ? sk_psock_skb_ingress_self+0x60/0x330
[ 31.676566][ T353] ? migrate_disable+0x190/0x190
[ 31.681600][ T353] sk_psock_skb_ingress_self+0x60/0x330
[ 31.686910][ T353] sk_psock_verdict_recv+0x66d/0x840
[ 31.692116][ T353] unix_read_sock+0x132/0x370
[ 31.696781][ T353] ? sk_psock_skb_redirect+0x440/0x440
[ 31.702161][ T353] ? unix_stream_splice_actor+0x120/0x120
[ 31.707755][ T353] ? _raw_spin_lock_irqsave+0xf9/0x210
[ 31.713101][ T353] ? unix_stream_splice_actor+0x120/0x120
[ 31.718823][ T353] sk_psock_verdict_data_ready+0x147/0x1a0
[ 31.724468][ T353] ? sk_psock_start_verdict+0xc0/0xc0
[ 31.729807][ T353] ? _raw_spin_lock+0xa4/0x1b0
[ 31.734380][ T353] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 31.740195][ T353] ? skb_queue_tail+0xfb/0x120
[ 31.745055][ T353] unix_dgram_sendmsg+0x15fa/0x2090
[ 31.750088][ T353] ? unix_dgram_poll+0x710/0x710
[ 31.754860][ T353] ? _raw_spin_trylock+0xcd/0x1a0
[ 31.759807][ T353] ? security_socket_sendmsg+0x82/0xb0
[ 31.765342][ T353] ? unix_dgram_poll+0x710/0x710
[ 31.770450][ T353] ____sys_sendmsg+0x59e/0x8f0
[ 31.775380][ T353] ? __sys_sendmsg_sock+0x40/0x40
[ 31.780627][ T353] ? import_iovec+0xe5/0x120
[ 31.785185][ T353] ___sys_sendmsg+0x252/0x2e0
[ 31.789702][ T353] ? __sys_sendmsg+0x260/0x260
[ 31.794490][ T353] ? do_handle_mm_fault+0x17e1/0x23a0
[ 31.799885][ T353] ? __kasan_check_write+0x14/0x20
[ 31.804977][ T353] ? proc_fail_nth_write+0x20b/0x290
[ 31.810483][ T353] ? __fdget+0x1bc/0x240
[ 31.814788][ T353] __sys_sendmmsg+0x2bf/0x530
[ 31.819532][ T353] ? __ia32_sys_sendmsg+0x90/0x90
[ 31.824365][ T353] ? mutex_unlock+0xb2/0x260
[ 31.828793][ T353] ? __kasan_check_write+0x14/0x20
[ 31.833852][ T353] ? debug_smp_processor_id+0x17/0x20
[ 31.839248][ T353] ? fpregs_assert_state_consistent+0xb6/0xe0
[ 31.845686][ T353] __x64_sys_sendmmsg+0xa0/0xb0
[ 31.850450][ T353] do_syscall_64+0x3d/0xb0
[ 31.854721][ T353] entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 31.861136][ T353] RIP: 0033:0x7f914cec5da9
[ 31.865673][ T353] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[ 31.886177][ T353] RSP: 002b:00007f914ca480c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 31.894417][ T353] RAX: ffffffffffffffda RBX: 00007f914cff4f80 RCX: 00007f914cec5da9
[ 31.902322][ T353] RDX: 0000000000000001 RSI: 0000000020001680 RDI: 0000000000000003
[ 31.910444][ T353] RBP: 00007f914ca48120 R08: 0000000000000000 R09: 0000000000000000
[ 31.918671][ T353] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 31.926778][ T353] R13: 000000000000000b R14: 00007f914cff4f80 R15: 00007ffe2eddc7a8
[ 31.935136][ T353]
[ 31.939631][ T352] ==================================================================
[ 31.947597][ T352] BUG: KASAN: double-free or invalid-free in kmem_cache_free+0x116/0x2e0
[ 31.956195][ T352]
[ 31.958372][ T352] CPU: 1 PID: 352 Comm: syz-executor.0 Tainted: G B 5.15.149-syzkaller-1069274-g85445b5a2107 #0
[ 31.970440][ T352] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024
[ 31.981234][ T352] Call Trace:
[ 31.984615][ T352]
[ 31.987526][ T352] dump_stack_lvl+0x151/0x1b7
[ 31.992085][ T352] ? io_uring_drop_tctx_refs+0x190/0x190
[ 31.997932][ T352] ? __wake_up_klogd+0xd5/0x110
[ 32.002814][ T352] ? panic+0x751/0x751
[ 32.006962][ T352] ? kmem_cache_free+0x116/0x2e0
[ 32.011843][ T352] print_address_description+0x87/0x3b0
[ 32.017609][ T352] ? kmem_cache_free+0x116/0x2e0
[ 32.022492][ T352] ? kmem_cache_free+0x116/0x2e0
[ 32.027377][ T352] kasan_report_invalid_free+0x6b/0xa0
[ 32.032678][ T352] ____kasan_slab_free+0x13e/0x160
[ 32.037642][ T352] __kasan_slab_free+0x11/0x20
[ 32.042225][ T352] slab_free_freelist_hook+0xbd/0x190
[ 32.047512][ T352] ? kfree_skbmem+0x104/0x170
[ 32.052025][ T352] kmem_cache_free+0x116/0x2e0
[ 32.056687][ T352] kfree_skbmem+0x104/0x170
[ 32.061054][ T352] consume_skb+0xb4/0x250
[ 32.065309][ T352] __sk_msg_free+0x2dd/0x370
[ 32.069737][ T352] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 32.075476][ T352] sk_psock_stop+0x44c/0x4d0
[ 32.080523][ T352] ? unix_peer_get+0xe0/0xe0
[ 32.084920][ T352] sock_map_close+0x2b9/0x4c0
[ 32.089770][ T352] ? sock_map_remove_links+0x570/0x570
[ 32.095382][ T352] ? rwsem_mark_wake+0x6b0/0x6b0
[ 32.100695][ T352] unix_release+0x82/0xc0
[ 32.104856][ T352] sock_close+0xdf/0x270
[ 32.108930][ T352] ? sock_mmap+0xa0/0xa0
[ 32.113096][ T352] __fput+0x3fe/0x910
[ 32.117014][ T352] ____fput+0x15/0x20
[ 32.120924][ T352] task_work_run+0x129/0x190
[ 32.125526][ T352] exit_to_user_mode_loop+0xc4/0xe0
[ 32.130924][ T352] exit_to_user_mode_prepare+0x5a/0xa0
[ 32.136381][ T352] syscall_exit_to_user_mode+0x26/0x160
[ 32.141856][ T352] do_syscall_64+0x49/0xb0
[ 32.146196][ T352] entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 32.152111][ T352] RIP: 0033:0x7f914cec4c9a
[ 32.156352][ T352] Code: 48 3d 00 f0 ff ff 77 48 c3 0f 1f 80 00 00 00 00 48 83 ec 18 89 7c 24 0c e8 03 7f 02 00 8b 7c 24 0c 89 c2 b8 03 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 36 89 d7 89 44 24 0c e8 63 7f 02 00 8b 44 24
[ 32.176155][ T352] RSP: 002b:00007ffe2eddc870 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[ 32.184571][ T352] RAX: 0000000000000000 RBX: 0000000000000004 RCX: 00007f914cec4c9a
[ 32.192470][ T352] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003
[ 32.200366][ T352] RBP: 00007f914cff6980 R08: 0000001b30a60000 R09: 00007ffe2ede40b0
[ 32.208439][ T352] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000007e92
[ 32.216512][ T352] R13: ffffffffffffffff R14: 00007f914ca49000 R15: 0000000000007b51
[ 32.224415][ T352]
[ 32.227359][ T352]
[ 32.229622][ T352] Allocated by task 353:
[ 32.233708][ T352] __kasan_slab_alloc+0xb1/0xe0
[ 32.238557][ T352] slab_post_alloc_hook+0x53/0x2c0
[ 32.243599][ T352] kmem_cache_alloc+0xf5/0x200
[ 32.248250][ T352] skb_clone+0x1d1/0x360
[ 32.252280][ T352] sk_psock_verdict_recv+0x53/0x840
[ 32.257398][ T352] unix_read_sock+0x132/0x370
[ 32.262005][ T352] sk_psock_verdict_data_ready+0x147/0x1a0
[ 32.267644][ T352] unix_dgram_sendmsg+0x15fa/0x2090
[ 32.272864][ T352] ____sys_sendmsg+0x59e/0x8f0
[ 32.277731][ T352] ___sys_sendmsg+0x252/0x2e0
[ 32.282320][ T352] __sys_sendmmsg+0x2bf/0x530
[ 32.286912][ T352] __x64_sys_sendmmsg+0xa0/0xb0
[ 32.291600][ T352] do_syscall_64+0x3d/0xb0
[ 32.295904][ T352] entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 32.301840][ T352]
[ 32.304023][ T352] Freed by task 60:
[ 32.307765][ T352] kasan_set_track+0x4b/0x70
[ 32.312274][ T352] kasan_set_free_info+0x23/0x40
[ 32.317047][ T352] ____kasan_slab_free+0x126/0x160
[ 32.321982][ T352] __kasan_slab_free+0x11/0x20
[ 32.326585][ T352] slab_free_freelist_hook+0xbd/0x190
[ 32.331800][ T352] kmem_cache_free+0x116/0x2e0
[ 32.336602][ T352] kfree_skbmem+0x104/0x170
[ 32.340996][ T352] kfree_skb+0xc2/0x360
[ 32.345177][ T352] sk_psock_backlog+0xc21/0xd90
[ 32.349940][ T352] process_one_work+0x6bb/0xc10
[ 32.354712][ T352] worker_thread+0xad5/0x12a0
[ 32.359322][ T352] kthread+0x421/0x510
[ 32.363214][ T352] ret_from_fork+0x1f/0x30
[ 32.367469][ T352]
[ 32.369638][ T352] The buggy address belongs to the object at ffff88811c1c7640
[ 32.369638][ T352] which belongs to the cache skbuff_head_cache of size 248
[ 32.384217][ T352] The buggy address is located 0 bytes inside of
[ 32.384217][ T352] 248-byte region [ffff88811c1c7640, ffff88811c1c7738)
[ 32.397342][ T352] The buggy address belongs to the page:
[ 32.402986][ T352] page:ffffea00047071c0 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x11c1c7
[ 32.413140][ T352] flags: 0x4000000000000200(slab|zone=1)
[ 32.418618][ T352] raw: 4000000000000200 0000000000000000 dead000000000122 ffff888107f99380
[ 32.427319][ T352] raw: 0000000000000000 00000000000c000c 00000001ffffffff 0000000000000000
[ 32.435809][ T352] page dumped because: kasan: bad access detected
[ 32.442253][ T352] page_owner tracks the page as allocated
[ 32.447887][ T352] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x112cc0(GFP_USER|__GFP_NOWARN|__GFP_NORETRY), pid 39, ts 31584070171, free_ts 31583017748
[ 32.463651][ T352] post_alloc_hook+0x1a3/0x1b0
[ 32.468196][ T352] prep_new_page+0x1b/0x110
[ 32.473762][ T352] get_page_from_freelist+0x3550/0x35d0
[ 32.479469][ T352] __alloc_pages+0x27e/0x8f0
[ 32.483966][ T352] new_slab+0x9a/0x4e0
[ 32.487889][ T352] ___slab_alloc+0x39e/0x830
[ 32.492382][ T352] __slab_alloc+0x4a/0x90
[ 32.496554][ T352] kmem_cache_alloc+0x134/0x200
[ 32.501250][ T352] __alloc_skb+0xbe/0x550
[ 32.505500][ T352] alloc_skb_with_frags+0xa6/0x680
[ 32.510576][ T352] sock_alloc_send_pskb+0x915/0xa50
[ 32.515558][ T352] sock_alloc_send_skb+0x32/0x40
[ 32.520631][ T352] mld_newpack+0x1b4/0xa20
[ 32.524846][ T352] add_grec+0xdc8/0x13a0
[ 32.529097][ T352] mld_dad_work+0x1f8/0x620
[ 32.533616][ T352] process_one_work+0x6bb/0xc10
[ 32.538396][ T352] page last free stack trace:
[ 32.543086][ T352] free_unref_page_prepare+0x7c8/0x7d0
[ 32.548471][ T352] free_unref_page+0xe8/0x750
[ 32.553353][ T352] __free_pages+0x61/0xf0
[ 32.557603][ T352] __vunmap+0x7bc/0x8f0
[ 32.561620][ T352] vfree+0x7f/0xb0
[ 32.565222][ T352] bpf_jit_free+0x1e3/0x240
[ 32.569563][ T352] bpf_prog_free_deferred+0x61e/0x730
[ 32.574974][ T352] process_one_work+0x6bb/0xc10
[ 32.579747][ T352] worker_thread+0xad5/0x12a0
[ 32.584267][ T352] kthread+0x421/0x510
[ 32.588250][ T352] ret_from_fork+0x1f/0x30
[ 32.592593][ T352]
[ 32.594759][ T352] Memory state around the buggy address:
[ 32.600231][ T352] ffff88811c1c7500: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
2024/06/22 08:13:05 executed programs: 5
[ 32.608140][ T352] ffff88811c1c7580: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fc
[ 32.616209][ T352] >ffff88811c1c7600: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
[ 32.624125][ T352] ^
[ 32.630348][ T352] ffff88811c1c7680: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 32.638447][ T352] ffff88811c1c7700: fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc fc
[ 32.646676][ T352] ==================================================================
[ 32.698937][ T356] FAULT_INJECTION: forcing a failure.
[ 32.698937][ T356] name failslab, interval 1, probability 0, space 0, times 0
[ 32.712076][ T356] CPU: 1 PID: 356 Comm: syz-executor.0 Tainted: G B 5.15.149-syzkaller-1069274-g85445b5a2107 #0
[ 32.723736][ T356] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024
[ 32.733897][ T356] Call Trace:
[ 32.737115][ T356]
[ 32.739990][ T356] dump_stack_lvl+0x151/0x1b7
[ 32.744502][ T356] ? io_uring_drop_tctx_refs+0x190/0x190
[ 32.749969][ T356] dump_stack+0x15/0x17
[ 32.754190][ T356] should_fail+0x3c6/0x510
[ 32.758589][ T356] __should_failslab+0xa4/0xe0
[ 32.763217][ T356] should_failslab+0x9/0x20
[ 32.767633][ T356] slab_pre_alloc_hook+0x37/0xd0
[ 32.772507][ T356] kmem_cache_alloc_trace+0x48/0x210
[ 32.777646][ T356] ? sk_psock_skb_ingress_self+0x60/0x330
[ 32.783290][ T356] ? migrate_disable+0x190/0x190
[ 32.788063][ T356] sk_psock_skb_ingress_self+0x60/0x330
[ 32.793439][ T356] sk_psock_verdict_recv+0x66d/0x840
[ 32.798644][ T356] unix_read_sock+0x132/0x370
[ 32.803254][ T356] ? sk_psock_skb_redirect+0x440/0x440
[ 32.808653][ T356] ? unix_stream_splice_actor+0x120/0x120
[ 32.814734][ T356] ? _raw_spin_lock_irqsave+0xf9/0x210
[ 32.820267][ T356] ? unix_stream_splice_actor+0x120/0x120
[ 32.825798][ T356] sk_psock_verdict_data_ready+0x147/0x1a0
[ 32.831441][ T356] ? sk_psock_start_verdict+0xc0/0xc0
[ 32.836839][ T356] ? _raw_spin_lock+0xa4/0x1b0
[ 32.841428][ T356] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 32.847183][ T356] ? skb_queue_tail+0xfb/0x120
[ 32.852137][ T356] unix_dgram_sendmsg+0x15fa/0x2090
[ 32.857356][ T356] ? unix_dgram_poll+0x710/0x710
[ 32.862201][ T356] ? _raw_spin_trylock+0xcd/0x1a0
[ 32.867058][ T356] ? security_socket_sendmsg+0x82/0xb0
[ 32.872350][ T356] ? unix_dgram_poll+0x710/0x710
[ 32.877124][ T356] ____sys_sendmsg+0x59e/0x8f0
[ 32.881824][ T356] ? __sys_sendmsg_sock+0x40/0x40
[ 32.886784][ T356] ? import_iovec+0xe5/0x120
[ 32.891361][ T356] ___sys_sendmsg+0x252/0x2e0
[ 32.896133][ T356] ? __sys_sendmsg+0x260/0x260
[ 32.900862][ T356] ? do_handle_mm_fault+0x17e1/0x23a0
[ 32.906065][ T356] ? __kasan_check_write+0x14/0x20
[ 32.911723][ T356] ? proc_fail_nth_write+0x20b/0x290
[ 32.917018][ T356] ? __fdget+0x1bc/0x240
[ 32.921184][ T356] __sys_sendmmsg+0x2bf/0x530
[ 32.925698][ T356] ? __ia32_sys_sendmsg+0x90/0x90
[ 32.930556][ T356] ? mutex_unlock+0xb2/0x260
[ 32.935161][ T356] ? __kasan_check_write+0x14/0x20
[ 32.940108][ T356] ? debug_smp_processor_id+0x17/0x20
[ 32.945313][ T356] ? fpregs_assert_state_consistent+0xb6/0xe0
[ 32.951304][ T356] __x64_sys_sendmmsg+0xa0/0xb0
[ 32.955990][ T356] do_syscall_64+0x3d/0xb0
[ 32.960247][ T356] entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 32.965973][ T356] RIP: 0033:0x7f914cec5da9
[ 32.970227][ T356] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[ 32.990325][ T356] RSP: 002b:00007f914ca480c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 32.998830][ T356] RAX: ffffffffffffffda RBX: 00007f914cff4f80 RCX: 00007f914cec5da9
[ 33.006734][ T356] RDX: 0000000000000001 RSI: 0000000020001680 RDI: 0000000000000003
[ 33.015066][ T356] RBP: 00007f914ca48120 R08: 0000000000000000 R09: 0000000000000000
[ 33.024114][ T356] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 33.032278][ T356] R13: 000000000000000b R14: 00007f914cff4f80 R15: 00007ffe2eddc7a8
[ 33.040258][ T356]
[ 33.043608][ T355] ==================================================================
[ 33.051605][ T355] BUG: KASAN: double-free or invalid-free in kmem_cache_free+0x116/0x2e0
[ 33.060150][ T355]
[ 33.062328][ T355] CPU: 1 PID: 355 Comm: syz-executor.0 Tainted: G B 5.15.149-syzkaller-1069274-g85445b5a2107 #0
[ 33.074015][ T355] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024
[ 33.084514][ T355] Call Trace:
[ 33.087610][ T355]
[ 33.090661][ T355] dump_stack_lvl+0x151/0x1b7
[ 33.095318][ T355] ? io_uring_drop_tctx_refs+0x190/0x190
[ 33.100894][ T355] ? __wake_up_klogd+0xd5/0x110
[ 33.105804][ T355] ? panic+0x751/0x751
[ 33.109717][ T355] ? kmem_cache_free+0x116/0x2e0
[ 33.114610][ T355] print_address_description+0x87/0x3b0
[ 33.119990][ T355] ? kmem_cache_free+0x116/0x2e0
[ 33.124943][ T355] ? kmem_cache_free+0x116/0x2e0
[ 33.129733][ T355] kasan_report_invalid_free+0x6b/0xa0
[ 33.135089][ T355] ____kasan_slab_free+0x13e/0x160
[ 33.140118][ T355] __kasan_slab_free+0x11/0x20
[ 33.144816][ T355] slab_free_freelist_hook+0xbd/0x190
[ 33.150015][ T355] ? kfree_skbmem+0x104/0x170
[ 33.154624][ T355] kmem_cache_free+0x116/0x2e0
[ 33.159506][ T355] kfree_skbmem+0x104/0x170
[ 33.163831][ T355] consume_skb+0xb4/0x250
[ 33.167990][ T355] __sk_msg_free+0x2dd/0x370
[ 33.172594][ T355] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 33.178449][ T355] sk_psock_stop+0x44c/0x4d0
[ 33.182927][ T355] ? unix_peer_get+0xe0/0xe0
[ 33.187434][ T355] sock_map_close+0x2b9/0x4c0
[ 33.192013][ T355] ? sock_map_remove_links+0x570/0x570
[ 33.197235][ T355] ? rwsem_mark_wake+0x6b0/0x6b0
[ 33.202008][ T355] unix_release+0x82/0xc0
[ 33.206181][ T355] sock_close+0xdf/0x270
[ 33.210252][ T355] ? sock_mmap+0xa0/0xa0
[ 33.214334][ T355] __fput+0x3fe/0x910
[ 33.218154][ T355] ____fput+0x15/0x20
[ 33.221969][ T355] task_work_run+0x129/0x190
[ 33.226472][ T355] exit_to_user_mode_loop+0xc4/0xe0
[ 33.231518][ T355] exit_to_user_mode_prepare+0x5a/0xa0
[ 33.236901][ T355] syscall_exit_to_user_mode+0x26/0x160
[ 33.242460][ T355] do_syscall_64+0x49/0xb0
[ 33.246801][ T355] entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 33.252611][ T355] RIP: 0033:0x7f914cec4c9a
[ 33.256865][ T355] Code: 48 3d 00 f0 ff ff 77 48 c3 0f 1f 80 00 00 00 00 48 83 ec 18 89 7c 24 0c e8 03 7f 02 00 8b 7c 24 0c 89 c2 b8 03 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 36 89 d7 89 44 24 0c e8 63 7f 02 00 8b 44 24
[ 33.276742][ T355] RSP: 002b:00007ffe2eddc870 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[ 33.285342][ T355] RAX: 0000000000000000 RBX: 0000000000000004 RCX: 00007f914cec4c9a
[ 33.293242][ T355] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003
[ 33.301145][ T355] RBP: 0000000000000032 R08: 0000001b30a60000 R09: 00007f914cff4f8c
[ 33.309197][ T355] R10: 00007ffe2eddc9c0 R11: 0000000000000293 R12: 00007f914ca4a1b0
[ 33.317025][ T355] R13: ffffffffffffffff R14: 00007f914ca49000 R15: 0000000000007fa4
[ 33.324935][ T355]
[ 33.327788][ T355]
[ 33.329963][ T355] Allocated by task 356:
[ 33.334131][ T355] __kasan_slab_alloc+0xb1/0xe0
[ 33.338809][ T355] slab_post_alloc_hook+0x53/0x2c0
[ 33.343931][ T355] kmem_cache_alloc+0xf5/0x200
[ 33.348633][ T355] skb_clone+0x1d1/0x360
[ 33.352798][ T355] sk_psock_verdict_recv+0x53/0x840
[ 33.358015][ T355] unix_read_sock+0x132/0x370
[ 33.362618][ T355] sk_psock_verdict_data_ready+0x147/0x1a0
[ 33.368345][ T355] unix_dgram_sendmsg+0x15fa/0x2090
[ 33.373571][ T355] ____sys_sendmsg+0x59e/0x8f0
[ 33.378168][ T355] ___sys_sendmsg+0x252/0x2e0
[ 33.382763][ T355] __sys_sendmmsg+0x2bf/0x530
[ 33.387462][ T355] __x64_sys_sendmmsg+0xa0/0xb0
[ 33.392226][ T355] do_syscall_64+0x3d/0xb0
[ 33.396478][ T355] entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 33.402211][ T355]
[ 33.404385][ T355] Freed by task 60:
[ 33.408111][ T355] kasan_set_track+0x4b/0x70
[ 33.412539][ T355] kasan_set_free_info+0x23/0x40
[ 33.417308][ T355] ____kasan_slab_free+0x126/0x160
[ 33.422593][ T355] __kasan_slab_free+0x11/0x20
[ 33.427291][ T355] slab_free_freelist_hook+0xbd/0x190
[ 33.432759][ T355] kmem_cache_free+0x116/0x2e0
[ 33.437488][ T355] kfree_skbmem+0x104/0x170
[ 33.441801][ T355] kfree_skb+0xc2/0x360
[ 33.445871][ T355] sk_psock_backlog+0xc21/0xd90
[ 33.450688][ T355] process_one_work+0x6bb/0xc10
[ 33.455328][ T355] worker_thread+0xad5/0x12a0
[ 33.459841][ T355] kthread+0x421/0x510
[ 33.463832][ T355] ret_from_fork+0x1f/0x30
[ 33.468171][ T355]
[ 33.470356][ T355] The buggy address belongs to the object at ffff88810c624500
[ 33.470356][ T355] which belongs to the cache skbuff_head_cache of size 248
[ 33.485035][ T355] The buggy address is located 0 bytes inside of
[ 33.485035][ T355] 248-byte region [ffff88810c624500, ffff88810c6245f8)
[ 33.498077][ T355] The buggy address belongs to the page:
[ 33.503527][ T355] page:ffffea0004318900 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10c624
[ 33.514031][ T355] flags: 0x4000000000000200(slab|zone=1)
[ 33.519738][ T355] raw: 4000000000000200 0000000000000000 dead000000000122 ffff888107f99380
[ 33.528228][ T355] raw: 0000000000000000 00000000000c000c 00000001ffffffff 0000000000000000
[ 33.536726][ T355] page dumped because: kasan: bad access detected
[ 33.543238][ T355] page_owner tracks the page as allocated
[ 33.548803][ T355] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x112cc0(GFP_USER|__GFP_NOWARN|__GFP_NORETRY), pid 89, ts 32660564148, free_ts 32656614757
[ 33.565008][ T355] post_alloc_hook+0x1a3/0x1b0
[ 33.569798][ T355] prep_new_page+0x1b/0x110
[ 33.574210][ T355] get_page_from_freelist+0x3550/0x35d0
[ 33.579637][ T355] __alloc_pages+0x27e/0x8f0
[ 33.584103][ T355] new_slab+0x9a/0x4e0
[ 33.588097][ T355] ___slab_alloc+0x39e/0x830
[ 33.592522][ T355] __slab_alloc+0x4a/0x90
[ 33.596775][ T355] kmem_cache_alloc+0x134/0x200
[ 33.601621][ T355] __alloc_skb+0xbe/0x550
[ 33.605816][ T355] alloc_skb_with_frags+0xa6/0x680
[ 33.611046][ T355] sock_alloc_send_pskb+0x915/0xa50
[ 33.616251][ T355] unix_dgram_sendmsg+0x6fd/0x2090
[ 33.621201][ T355] __sys_sendto+0x564/0x720
[ 33.625632][ T355] __x64_sys_sendto+0xe5/0x100
[ 33.630231][ T355] do_syscall_64+0x3d/0xb0
[ 33.634485][ T355] entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 33.640213][ T355] page last free stack trace:
[ 33.644728][ T355] free_unref_page_prepare+0x7c8/0x7d0
[ 33.650107][ T355] free_unref_page_list+0x14b/0xa60
[ 33.655409][ T355] release_pages+0x1310/0x1370
[ 33.660011][ T355] free_pages_and_swap_cache+0x8a/0xa0
[ 33.665393][ T355] tlb_finish_mmu+0x177/0x320
[ 33.669904][ T355] exit_mmap+0x40d/0x940
[ 33.674085][ T355] __mmput+0x95/0x310
[ 33.677988][ T355] mmput+0x5b/0x170
[ 33.681725][ T355] do_exit+0xb9c/0x2ca0
[ 33.685892][ T355] do_group_exit+0x141/0x310
[ 33.690575][ T355] get_signal+0x7a3/0x1630
[ 33.694833][ T355] arch_do_signal_or_restart+0xbd/0x1680
[ 33.700566][ T355] exit_to_user_mode_loop+0xa0/0xe0
[ 33.705686][ T355] exit_to_user_mode_prepare+0x5a/0xa0
[ 33.711060][ T355] syscall_exit_to_user_mode+0x26/0x160
[ 33.716543][ T355] do_syscall_64+0x49/0xb0
[ 33.721313][ T355]
[ 33.723478][ T355] Memory state around the buggy address:
[ 33.729040][ T355] ffff88810c624400: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 33.737017][ T355] ffff88810c624480: fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc fc
[ 33.745001][ T355] >ffff88810c624500: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 33.753102][ T355] ^
[ 33.757373][ T355] ffff88810c624580: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fc
[ 33.765432][ T355] ffff88810c624600: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
[ 33.773693][ T355] ==================================================================
[ 33.784297][ T30] audit: type=1400 audit(1719043986.909:103): avc: denied { remove_name } for pid=82 comm="syslogd" name="messages" dev="tmpfs" ino=2 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[ 33.807229][ T30] audit: type=1400 audit(1719043986.909:104): avc: denied { rename } for pid=82 comm="syslogd" name="messages" dev="tmpfs" ino=2 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[ 33.834241][ T359] FAULT_INJECTION: forcing a failure.
[ 33.834241][ T359] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 33.847729][ T359] CPU: 0 PID: 359 Comm: syz-executor.0 Tainted: G B 5.15.149-syzkaller-1069274-g85445b5a2107 #0
[ 33.859724][ T359] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024
[ 33.870051][ T359] Call Trace:
[ 33.873288][ T359]
[ 33.876159][ T359] dump_stack_lvl+0x151/0x1b7
[ 33.880834][ T359] ? io_uring_drop_tctx_refs+0x190/0x190
[ 33.886413][ T359] dump_stack+0x15/0x17
[ 33.890952][ T359] should_fail+0x3c6/0x510
[ 33.895208][ T359] should_fail_alloc_page+0x5a/0x80
[ 33.900238][ T359] prepare_alloc_pages+0x15c/0x700
[ 33.905550][ T359] ? __alloc_pages_bulk+0xe40/0xe40
[ 33.910587][ T359] __alloc_pages+0x18c/0x8f0
[ 33.915007][ T359] ? prep_new_page+0x110/0x110
[ 33.919707][ T359] ? _raw_spin_lock_irqsave+0xf9/0x210
[ 33.925212][ T359] ? __skb_try_recv_from_queue+0x2b6/0x750
[ 33.930947][ T359] new_slab+0x9a/0x4e0
[ 33.934932][ T359] ___slab_alloc+0x39e/0x830
[ 33.939659][ T359] ? skb_clone+0x1d1/0x360
[ 33.943906][ T359] ? skb_clone+0x1d1/0x360
[ 33.948340][ T359] __slab_alloc+0x4a/0x90
[ 33.952594][ T359] ? skb_clone+0x1d1/0x360
[ 33.956842][ T359] kmem_cache_alloc+0x134/0x200
[ 33.962247][ T359] skb_clone+0x1d1/0x360
[ 33.966617][ T359] sk_psock_verdict_recv+0x53/0x840
[ 33.971673][ T359] ? avc_has_perm_noaudit+0x430/0x430
[ 33.977719][ T359] ? mntput_no_expire+0xfc/0x6b0
[ 33.982755][ T359] unix_read_sock+0x132/0x370
[ 33.987463][ T359] ? sk_psock_skb_redirect+0x440/0x440
[ 33.993044][ T359] ? unix_stream_splice_actor+0x120/0x120
[ 33.998686][ T359] ? _raw_spin_lock_irqsave+0xf9/0x210
[ 34.004075][ T359] ? unix_stream_splice_actor+0x120/0x120
[ 34.009884][ T359] sk_psock_verdict_data_ready+0x147/0x1a0
[ 34.015640][ T359] ? sk_psock_start_verdict+0xc0/0xc0
[ 34.021095][ T359] ? _raw_spin_lock+0xa4/0x1b0
[ 34.025776][ T359] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 34.031536][ T359] ? skb_queue_tail+0xfb/0x120
[ 34.036102][ T359] unix_dgram_sendmsg+0x15fa/0x2090
[ 34.041307][ T359] ? unix_dgram_poll+0x710/0x710
[ 34.046173][ T359] ? __kasan_check_read+0x11/0x20
[ 34.051203][ T359] ? security_socket_sendmsg+0x82/0xb0
[ 34.056620][ T359] ? unix_dgram_poll+0x710/0x710
[ 34.061602][ T359] ____sys_sendmsg+0x59e/0x8f0
[ 34.066291][ T359] ? __sys_sendmsg_sock+0x40/0x40
[ 34.071519][ T359] ? import_iovec+0xe5/0x120
[ 34.076206][ T359] ___sys_sendmsg+0x252/0x2e0
[ 34.081104][ T359] ? __sys_sendmsg+0x260/0x260
[ 34.085791][ T359] ? do_handle_mm_fault+0x17e1/0x23a0
[ 34.091091][ T359] ? __kasan_check_write+0x14/0x20
[ 34.096346][ T359] ? proc_fail_nth_write+0x20b/0x290
[ 34.101743][ T359] ? __fdget+0x1bc/0x240
[ 34.105890][ T359] __sys_sendmmsg+0x2bf/0x530
[ 34.110634][ T359] ? __ia32_sys_sendmsg+0x90/0x90
[ 34.115646][ T359] ? mutex_unlock+0xb2/0x260
[ 34.120190][ T359] ? __kasan_check_write+0x14/0x20
[ 34.125232][ T359] ? debug_smp_processor_id+0x17/0x20
[ 34.130436][ T359] ? fpregs_assert_state_consistent+0xb6/0xe0
[ 34.136586][ T359] __x64_sys_sendmmsg+0xa0/0xb0
[ 34.141549][ T359] do_syscall_64+0x3d/0xb0
[ 34.145802][ T359] entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 34.151561][ T359] RIP: 0033:0x7f914cec5da9
[ 34.155871][ T359] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[ 34.175601][ T359] RSP: 002b:00007f914ca480c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 34.183976][ T359] RAX: ffffffffffffffda RBX: 00007f914cff4f80 RCX: 00007f914cec5da9
[ 34.191733][ T359] RDX: 0000000000000001 RSI: 0000000020001680 RDI: 0000000000000003
[ 34.199722][ T359] RBP: 00007f914ca48120 R08: 0000000000000000 R09: 0000000000000000
[ 34.207701][ T359] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 34.215704][ T359] R13: 000000000000000b R14: 00007f914cff4f80 R15: 00007ffe2eddc7a8
[ 34.223767][ T359]
[ 34.234917][ T361] FAULT_INJECTION: forcing a failure.
[ 34.234917][ T361] name failslab, interval 1, probability 0, space 0, times 0
[ 34.248771][ T361] CPU: 0 PID: 361 Comm: syz-executor.0 Tainted: G B 5.15.149-syzkaller-1069274-g85445b5a2107 #0
[ 34.260388][ T361] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024
[ 34.270414][ T361] Call Trace:
[ 34.273782][ T361]
[ 34.276838][ T361] dump_stack_lvl+0x151/0x1b7
[ 34.281608][ T361] ? io_uring_drop_tctx_refs+0x190/0x190
[ 34.287075][ T361] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 34.292722][ T361] ? __skb_try_recv_datagram+0x495/0x6a0
[ 34.298284][ T361] dump_stack+0x15/0x17
[ 34.302358][ T361] should_fail+0x3c6/0x510
[ 34.306692][ T361] __should_failslab+0xa4/0xe0
[ 34.311298][ T361] ? skb_clone+0x1d1/0x360
[ 34.315547][ T361] should_failslab+0x9/0x20
[ 34.319975][ T361] slab_pre_alloc_hook+0x37/0xd0
[ 34.324838][ T361] ? skb_clone+0x1d1/0x360
[ 34.329238][ T361] kmem_cache_alloc+0x44/0x200
[ 34.333951][ T361] skb_clone+0x1d1/0x360
[ 34.338020][ T361] sk_psock_verdict_recv+0x53/0x840
[ 34.343052][ T361] ? avc_has_perm_noaudit+0x430/0x430
[ 34.348260][ T361] ? mntput_no_expire+0xfc/0x6b0
[ 34.353131][ T361] unix_read_sock+0x132/0x370
[ 34.357814][ T361] ? sk_psock_skb_redirect+0x440/0x440
[ 34.363113][ T361] ? unix_stream_splice_actor+0x120/0x120
[ 34.368718][ T361] ? _raw_spin_lock_irqsave+0xf9/0x210
[ 34.374053][ T361] ? unix_stream_splice_actor+0x120/0x120
[ 34.379806][ T361] sk_psock_verdict_data_ready+0x147/0x1a0
[ 34.385644][ T361] ? sk_psock_start_verdict+0xc0/0xc0
[ 34.391015][ T361] ? _raw_spin_lock+0xa4/0x1b0
[ 34.395720][ T361] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 34.401459][ T361] ? skb_queue_tail+0xfb/0x120
[ 34.406050][ T361] unix_dgram_sendmsg+0x15fa/0x2090
[ 34.411078][ T361] ? unix_dgram_poll+0x710/0x710
[ 34.415844][ T361] ? _raw_spin_trylock+0xcd/0x1a0
[ 34.420698][ T361] ? security_socket_sendmsg+0x82/0xb0
[ 34.425991][ T361] ? unix_dgram_poll+0x710/0x710
[ 34.430767][ T361] ____sys_sendmsg+0x59e/0x8f0
[ 34.435669][ T361] ? __sys_sendmsg_sock+0x40/0x40
[ 34.441060][ T361] ? import_iovec+0xe5/0x120
[ 34.445572][ T361] ___sys_sendmsg+0x252/0x2e0
[ 34.450178][ T361] ? __sys_sendmsg+0x260/0x260
[ 34.454948][ T361] ? do_handle_mm_fault+0x17e1/0x23a0
[ 34.460247][ T361] ? __kasan_check_write+0x14/0x20
[ 34.465448][ T361] ? proc_fail_nth_write+0x20b/0x290
[ 34.470771][ T361] ? __fdget+0x1bc/0x240
[ 34.474872][ T361] __sys_sendmmsg+0x2bf/0x530
[ 34.479372][ T361] ? __ia32_sys_sendmsg+0x90/0x90
[ 34.484312][ T361] ? mutex_unlock+0xb2/0x260
[ 34.488733][ T361] ? __kasan_check_write+0x14/0x20
[ 34.493795][ T361] ? debug_smp_processor_id+0x17/0x20
[ 34.498972][ T361] ? fpregs_assert_state_consistent+0xb6/0xe0
[ 34.505137][ T361] __x64_sys_sendmmsg+0xa0/0xb0
[ 34.510097][ T361] do_syscall_64+0x3d/0xb0
[ 34.514340][ T361] entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 34.520161][ T361] RIP: 0033:0x7f914cec5da9
[ 34.524410][ T361] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[ 34.543971][ T361] RSP: 002b:00007f914ca480c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 34.552378][ T361] RAX: ffffffffffffffda RBX: 00007f914cff4f80 RCX: 00007f914cec5da9
[ 34.560253][ T361] RDX: 0000000000000001 RSI: 0000000020001680 RDI: 0000000000000003
[ 34.568247][ T361] RBP: 00007f914ca48120 R08: 0000000000000000 R09: 0000000000000000
[ 34.576062][ T361] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 34.583958][ T361] R13: 000000000000000b R14: 00007f914cff4f80 R15: 00007ffe2eddc7a8
[ 34.591945][ T361]
[ 34.602054][ T363] FAULT_INJECTION: forcing a failure.
[ 34.602054][ T363] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 34.615444][ T363] CPU: 1 PID: 363 Comm: syz-executor.0 Tainted: G B 5.15.149-syzkaller-1069274-g85445b5a2107 #0
[ 34.627579][ T363] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024
[ 34.637539][ T363] Call Trace:
[ 34.640663][ T363]
[ 34.643463][ T363] dump_stack_lvl+0x151/0x1b7
[ 34.648125][ T363] ? io_uring_drop_tctx_refs+0x190/0x190
[ 34.653772][ T363] dump_stack+0x15/0x17
[ 34.657829][ T363] should_fail+0x3c6/0x510
[ 34.662021][ T363] should_fail_alloc_page+0x5a/0x80
[ 34.667310][ T363] prepare_alloc_pages+0x15c/0x700
[ 34.672259][ T363] ? __alloc_pages_bulk+0xe40/0xe40
[ 34.677482][ T363] __alloc_pages+0x18c/0x8f0
[ 34.682060][ T363] ? prep_new_page+0x110/0x110
[ 34.686672][ T363] ? _raw_spin_lock_irqsave+0xf9/0x210
[ 34.691970][ T363] ? __skb_try_recv_from_queue+0x2b6/0x750
[ 34.697686][ T363] new_slab+0x9a/0x4e0
[ 34.701599][ T363] ___slab_alloc+0x39e/0x830
[ 34.706111][ T363] ? skb_clone+0x1d1/0x360
[ 34.710481][ T363] ? skb_clone+0x1d1/0x360
[ 34.714848][ T363] __slab_alloc+0x4a/0x90
[ 34.719012][ T363] ? skb_clone+0x1d1/0x360
[ 34.723262][ T363] kmem_cache_alloc+0x134/0x200
[ 34.727955][ T363] skb_clone+0x1d1/0x360
[ 34.732417][ T363] sk_psock_verdict_recv+0x53/0x840
[ 34.737658][ T363] ? avc_has_perm_noaudit+0x430/0x430
[ 34.742958][ T363] ? mntput_no_expire+0xfc/0x6b0
[ 34.747741][ T363] unix_read_sock+0x132/0x370
[ 34.752243][ T363] ? sk_psock_skb_redirect+0x440/0x440
[ 34.757531][ T363] ? unix_stream_splice_actor+0x120/0x120
[ 34.763083][ T363] ? _raw_spin_lock_irqsave+0xf9/0x210
[ 34.768393][ T363] ? unix_stream_splice_actor+0x120/0x120
[ 34.774393][ T363] sk_psock_verdict_data_ready+0x147/0x1a0
[ 34.780110][ T363] ? sk_psock_start_verdict+0xc0/0xc0
[ 34.785303][ T363] ? _raw_spin_lock+0xa4/0x1b0
[ 34.789915][ T363] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 34.795665][ T363] ? skb_queue_tail+0xfb/0x120
[ 34.800324][ T363] unix_dgram_sendmsg+0x15fa/0x2090
[ 34.805576][ T363] ? unix_dgram_poll+0x710/0x710
[ 34.810337][ T363] ? _raw_spin_trylock+0xcd/0x1a0
[ 34.815311][ T363] ? security_socket_sendmsg+0x82/0xb0
[ 34.820678][ T363] ? unix_dgram_poll+0x710/0x710
[ 34.825578][ T363] ____sys_sendmsg+0x59e/0x8f0
[ 34.830187][ T363] ? __sys_sendmsg_sock+0x40/0x40
[ 34.835041][ T363] ? import_iovec+0xe5/0x120
[ 34.839475][ T363] ___sys_sendmsg+0x252/0x2e0
[ 34.844239][ T363] ? __sys_sendmsg+0x260/0x260
[ 34.849449][ T363] ? do_handle_mm_fault+0x17e1/0x23a0
[ 34.854780][ T363] ? __kasan_check_write+0x14/0x20
[ 34.859693][ T363] ? proc_fail_nth_write+0x20b/0x290
[ 34.864894][ T363] ? __fdget+0x1bc/0x240
[ 34.868969][ T363] __sys_sendmmsg+0x2bf/0x530
[ 34.873573][ T363] ? __ia32_sys_sendmsg+0x90/0x90
[ 34.878863][ T363] ? mutex_unlock+0xb2/0x260
[ 34.883285][ T363] ? __kasan_check_write+0x14/0x20
[ 34.888234][ T363] ? debug_smp_processor_id+0x17/0x20
[ 34.893620][ T363] ? fpregs_assert_state_consistent+0xb6/0xe0
[ 34.899574][ T363] __x64_sys_sendmmsg+0xa0/0xb0
[ 34.904336][ T363] do_syscall_64+0x3d/0xb0
[ 34.908690][ T363] entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 34.914673][ T363] RIP: 0033:0x7f914cec5da9
[ 34.919013][ T363] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[ 34.939283][ T363] RSP: 002b:00007f914ca480c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 34.947531][ T363] RAX: ffffffffffffffda RBX: 00007f914cff4f80 RCX: 00007f914cec5da9
[ 34.955426][ T363] RDX: 0000000000000001 RSI: 0000000020001680 RDI: 0000000000000003
[ 34.963411][ T363] RBP: 00007f914ca48120 R08: 0000000000000000 R09: 0000000000000000
[ 34.971578][ T363] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 34.979708][ T363] R13: 000000000000000b R14: 00007f914cff4f80 R15: 00007ffe2eddc7a8
[ 34.987878][ T363]
[ 35.000764][ T366] FAULT_INJECTION: forcing a failure.
[ 35.000764][ T366] name failslab, interval 1, probability 0, space 0, times 0
[ 35.014394][ T366] CPU: 0 PID: 366 Comm: syz-executor.0 Tainted: G B 5.15.149-syzkaller-1069274-g85445b5a2107 #0
[ 35.025934][ T366] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024
[ 35.035994][ T366] Call Trace:
[ 35.039210][ T366]
[ 35.042070][ T366] dump_stack_lvl+0x151/0x1b7
[ 35.046689][ T366] ? io_uring_drop_tctx_refs+0x190/0x190
[ 35.052333][ T366] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 35.058134][ T366] ? __skb_try_recv_datagram+0x495/0x6a0
[ 35.063701][ T366] dump_stack+0x15/0x17
[ 35.067688][ T366] should_fail+0x3c6/0x510
[ 35.072326][ T366] __should_failslab+0xa4/0xe0
[ 35.076883][ T366] ? skb_clone+0x1d1/0x360
[ 35.081406][ T366] should_failslab+0x9/0x20
[ 35.085829][ T366] slab_pre_alloc_hook+0x37/0xd0
[ 35.090798][ T366] ? skb_clone+0x1d1/0x360
[ 35.095336][ T366] kmem_cache_alloc+0x44/0x200
[ 35.100025][ T366] skb_clone+0x1d1/0x360
[ 35.104205][ T366] sk_psock_verdict_recv+0x53/0x840
[ 35.109489][ T366] ? avc_has_perm_noaudit+0x430/0x430
[ 35.114699][ T366] ? mntput_no_expire+0xfc/0x6b0
[ 35.119638][ T366] unix_read_sock+0x132/0x370
[ 35.124153][ T366] ? sk_psock_skb_redirect+0x440/0x440
[ 35.129448][ T366] ? unix_stream_splice_actor+0x120/0x120
[ 35.135111][ T366] ? _raw_spin_lock_irqsave+0xf9/0x210
[ 35.140504][ T366] ? unix_stream_splice_actor+0x120/0x120
[ 35.146058][ T366] sk_psock_verdict_data_ready+0x147/0x1a0
[ 35.151832][ T366] ? sk_psock_start_verdict+0xc0/0xc0
[ 35.157100][ T366] ? _raw_spin_lock+0xa4/0x1b0
[ 35.161790][ T366] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 35.167565][ T366] ? skb_queue_tail+0xfb/0x120
[ 35.172125][ T366] unix_dgram_sendmsg+0x15fa/0x2090
[ 35.177241][ T366] ? unix_dgram_poll+0x710/0x710
[ 35.182100][ T366] ? _raw_spin_trylock+0xcd/0x1a0
[ 35.187235][ T366] ? security_socket_sendmsg+0x82/0xb0
[ 35.192609][ T366] ? unix_dgram_poll+0x710/0x710
[ 35.197643][ T366] ____sys_sendmsg+0x59e/0x8f0
[ 35.202364][ T366] ? __sys_sendmsg_sock+0x40/0x40
[ 35.207389][ T366] ? import_iovec+0xe5/0x120
[ 35.211994][ T366] ___sys_sendmsg+0x252/0x2e0
[ 35.216776][ T366] ? __sys_sendmsg+0x260/0x260
[ 35.221369][ T366] ? do_handle_mm_fault+0x17e1/0x23a0
[ 35.226576][ T366] ? __kasan_check_write+0x14/0x20
[ 35.231529][ T366] ? proc_fail_nth_write+0x20b/0x290
[ 35.236830][ T366] ? __fdget+0x1bc/0x240
[ 35.240896][ T366] __sys_sendmmsg+0x2bf/0x530
[ 35.245515][ T366] ? __ia32_sys_sendmsg+0x90/0x90
[ 35.250680][ T366] ? mutex_unlock+0xb2/0x260
[ 35.255131][ T366] ? __kasan_check_write+0x14/0x20
[ 35.260342][ T366] ? debug_smp_processor_id+0x17/0x20
[ 35.266154][ T366] ? fpregs_assert_state_consistent+0xb6/0xe0
[ 35.272189][ T366] __x64_sys_sendmmsg+0xa0/0xb0
[ 35.276830][ T366] do_syscall_64+0x3d/0xb0
[ 35.281112][ T366] entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 35.286984][ T366] RIP: 0033:0x7f914cec5da9
[ 35.291241][ T366] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[ 35.311143][ T366] RSP: 002b:00007f914ca480c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 35.319397][ T366] RAX: ffffffffffffffda RBX: 00007f914cff4f80 RCX: 00007f914cec5da9
[ 35.327596][ T366] RDX: 0000000000000001 RSI: 0000000020001680 RDI: 0000000000000003
[ 35.335362][ T366] RBP: 00007f914ca48120 R08: 0000000000000000 R09: 0000000000000000
[ 35.343520][ T366] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 35.351330][ T366] R13: 000000000000000b R14: 00007f914cff4f80 R15: 00007ffe2eddc7a8
[ 35.359563][ T366]
[ 35.371932][ T368] FAULT_INJECTION: forcing a failure.
[ 35.371932][ T368] name failslab, interval 1, probability 0, space 0, times 0
[ 35.384922][ T368] CPU: 1 PID: 368 Comm: syz-executor.0 Tainted: G B 5.15.149-syzkaller-1069274-g85445b5a2107 #0
[ 35.396745][ T368] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024
[ 35.406888][ T368] Call Trace:
[ 35.410006][ T368]
[ 35.412779][ T368] dump_stack_lvl+0x151/0x1b7
[ 35.417593][ T368] ? io_uring_drop_tctx_refs+0x190/0x190
[ 35.423264][ T368] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 35.429320][ T368] ? __skb_try_recv_datagram+0x495/0x6a0
[ 35.434888][ T368] dump_stack+0x15/0x17
[ 35.438872][ T368] should_fail+0x3c6/0x510
[ 35.443212][ T368] __should_failslab+0xa4/0xe0
[ 35.447839][ T368] ? skb_clone+0x1d1/0x360
[ 35.452260][ T368] should_failslab+0x9/0x20
[ 35.456598][ T368] slab_pre_alloc_hook+0x37/0xd0
[ 35.461371][ T368] ? skb_clone+0x1d1/0x360
[ 35.466006][ T368] kmem_cache_alloc+0x44/0x200
[ 35.470609][ T368] skb_clone+0x1d1/0x360
[ 35.474863][ T368] sk_psock_verdict_recv+0x53/0x840
[ 35.479893][ T368] ? avc_has_perm_noaudit+0x430/0x430
[ 35.485112][ T368] ? mntput_no_expire+0xfc/0x6b0
[ 35.489964][ T368] unix_read_sock+0x132/0x370
[ 35.494476][ T368] ? sk_psock_skb_redirect+0x440/0x440
[ 35.500403][ T368] ? unix_stream_splice_actor+0x120/0x120
[ 35.506156][ T368] ? _raw_spin_lock_irqsave+0xf9/0x210
[ 35.511451][ T368] ? unix_stream_splice_actor+0x120/0x120
[ 35.517271][ T368] sk_psock_verdict_data_ready+0x147/0x1a0
[ 35.523007][ T368] ? sk_psock_start_verdict+0xc0/0xc0
[ 35.528294][ T368] ? _raw_spin_lock+0xa4/0x1b0
[ 35.532895][ T368] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 35.539082][ T368] ? skb_queue_tail+0xfb/0x120
[ 35.543961][ T368] unix_dgram_sendmsg+0x15fa/0x2090
[ 35.549084][ T368] ? unix_dgram_poll+0x710/0x710
[ 35.553943][ T368] ? _raw_spin_trylock+0xcd/0x1a0
[ 35.558890][ T368] ? security_socket_sendmsg+0x82/0xb0
[ 35.564714][ T368] ? unix_dgram_poll+0x710/0x710
[ 35.569482][ T368] ____sys_sendmsg+0x59e/0x8f0
[ 35.574081][ T368] ? __sys_sendmsg_sock+0x40/0x40
[ 35.579035][ T368] ? import_iovec+0xe5/0x120
[ 35.583541][ T368] ___sys_sendmsg+0x252/0x2e0
[ 35.588167][ T368] ? __sys_sendmsg+0x260/0x260
[ 35.592744][ T368] ? do_handle_mm_fault+0x17e1/0x23a0
[ 35.597953][ T368] ? __kasan_check_write+0x14/0x20
[ 35.602898][ T368] ? proc_fail_nth_write+0x20b/0x290
[ 35.608115][ T368] ? __fdget+0x1bc/0x240
[ 35.612103][ T368] __sys_sendmmsg+0x2bf/0x530
[ 35.616620][ T368] ? __ia32_sys_sendmsg+0x90/0x90
[ 35.621563][ T368] ? mutex_unlock+0xb2/0x260
[ 35.625992][ T368] ? __kasan_check_write+0x14/0x20
[ 35.631110][ T368] ? debug_smp_processor_id+0x17/0x20
[ 35.636488][ T368] ? fpregs_assert_state_consistent+0xb6/0xe0
[ 35.642505][ T368] __x64_sys_sendmmsg+0xa0/0xb0
[ 35.647338][ T368] do_syscall_64+0x3d/0xb0
[ 35.651698][ T368] entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 35.657590][ T368] RIP: 0033:0x7f914cec5da9
[ 35.662093][ T368] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[ 35.682336][ T368] RSP: 002b:00007f914ca480c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 35.691054][ T368] RAX: ffffffffffffffda RBX: 00007f914cff4f80 RCX: 00007f914cec5da9
[ 35.698845][ T368] RDX: 0000000000000001 RSI: 0000000020001680 RDI: 0000000000000003
[ 35.707029][ T368] RBP: 00007f914ca48120 R08: 0000000000000000 R09: 0000000000000000
[ 35.714929][ T368] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 35.723184][ T368] R13: 000000000000000b R14: 00007f914cff4f80 R15: 00007ffe2eddc7a8
[ 35.731078][ T368]
[ 35.742576][ T370] FAULT_INJECTION: forcing a failure.
[ 35.742576][ T370] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 35.756282][ T370] CPU: 1 PID: 370 Comm: syz-executor.0 Tainted: G B 5.15.149-syzkaller-1069274-g85445b5a2107 #0
[ 35.768152][ T370] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024
[ 35.778223][ T370] Call Trace:
[ 35.781435][ T370]
[ 35.784218][ T370] dump_stack_lvl+0x151/0x1b7
[ 35.789073][ T370] ? io_uring_drop_tctx_refs+0x190/0x190
[ 35.794568][ T370] dump_stack+0x15/0x17
[ 35.798536][ T370] should_fail+0x3c6/0x510
[ 35.803171][ T370] should_fail_alloc_page+0x5a/0x80
[ 35.808409][ T370] prepare_alloc_pages+0x15c/0x700
[ 35.813530][ T370] ? __alloc_pages_bulk+0xe40/0xe40
[ 35.818621][ T370] __alloc_pages+0x18c/0x8f0
[ 35.823268][ T370] ? prep_new_page+0x110/0x110
[ 35.828118][ T370] ? _raw_spin_lock_irqsave+0xf9/0x210
[ 35.833678][ T370] ? __skb_try_recv_from_queue+0x2b6/0x750
[ 35.839529][ T370] new_slab+0x9a/0x4e0
[ 35.843532][ T370] ___slab_alloc+0x39e/0x830
[ 35.848042][ T370] ? skb_clone+0x1d1/0x360
[ 35.852381][ T370] ? skb_clone+0x1d1/0x360
[ 35.856760][ T370] __slab_alloc+0x4a/0x90
[ 35.861024][ T370] ? skb_clone+0x1d1/0x360
[ 35.865270][ T370] kmem_cache_alloc+0x134/0x200
[ 35.870211][ T370] skb_clone+0x1d1/0x360
[ 35.874744][ T370] sk_psock_verdict_recv+0x53/0x840
[ 35.880451][ T370] ? avc_has_perm_noaudit+0x430/0x430
[ 35.885660][ T370] ? mntput_no_expire+0xfc/0x6b0
[ 35.890805][ T370] unix_read_sock+0x132/0x370
[ 35.895292][ T370] ? sk_psock_skb_redirect+0x440/0x440
[ 35.900927][ T370] ? unix_stream_splice_actor+0x120/0x120
[ 35.906714][ T370] ? _raw_spin_lock_irqsave+0xf9/0x210
[ 35.912064][ T370] ? unix_stream_splice_actor+0x120/0x120
[ 35.917642][ T370] sk_psock_verdict_data_ready+0x147/0x1a0
[ 35.923447][ T370] ? sk_psock_start_verdict+0xc0/0xc0
[ 35.928991][ T370] ? _raw_spin_lock+0xa4/0x1b0
[ 35.933681][ T370] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 35.939405][ T370] ? skb_queue_tail+0xfb/0x120
[ 35.944091][ T370] unix_dgram_sendmsg+0x15fa/0x2090
[ 35.949256][ T370] ? unix_dgram_poll+0x710/0x710
[ 35.953989][ T370] ? _raw_spin_trylock+0xcd/0x1a0
[ 35.958956][ T370] ? security_socket_sendmsg+0x82/0xb0
[ 35.964229][ T370] ? unix_dgram_poll+0x710/0x710
[ 35.969004][ T370] ____sys_sendmsg+0x59e/0x8f0
[ 35.973607][ T370] ? __sys_sendmsg_sock+0x40/0x40
[ 35.978465][ T370] ? import_iovec+0xe5/0x120
[ 35.982988][ T370] ___sys_sendmsg+0x252/0x2e0
[ 35.987656][ T370] ? __sys_sendmsg+0x260/0x260
[ 35.992498][ T370] ? do_handle_mm_fault+0x17e1/0x23a0
[ 35.997803][ T370] ? __kasan_check_write+0x14/0x20
[ 36.002913][ T370] ? proc_fail_nth_write+0x20b/0x290
[ 36.008149][ T370] ? __fdget+0x1bc/0x240
[ 36.012341][ T370] __sys_sendmmsg+0x2bf/0x530
[ 36.017089][ T370] ? __ia32_sys_sendmsg+0x90/0x90
[ 36.022004][ T370] ? mutex_unlock+0xb2/0x260
[ 36.026594][ T370] ? __kasan_check_write+0x14/0x20
[ 36.031730][ T370] ? debug_smp_processor_id+0x17/0x20
[ 36.037022][ T370] ? fpregs_assert_state_consistent+0xb6/0xe0
[ 36.043182][ T370] __x64_sys_sendmmsg+0xa0/0xb0
[ 36.047862][ T370] do_syscall_64+0x3d/0xb0
[ 36.052361][ T370] entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 36.058333][ T370] RIP: 0033:0x7f914cec5da9
[ 36.062850][ T370] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[ 36.083041][ T370] RSP: 002b:00007f914ca480c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 36.091596][ T370] RAX: ffffffffffffffda RBX: 00007f914cff4f80 RCX: 00007f914cec5da9
[ 36.099649][ T370] RDX: 0000000000000001 RSI: 0000000020001680 RDI: 0000000000000003
[ 36.107699][ T370] RBP: 00007f914ca48120 R08: 0000000000000000 R09: 0000000000000000
[ 36.115596][ T370] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 36.123445][ T370] R13: 000000000000000b R14: 00007f914cff4f80 R15: 00007ffe2eddc7a8
[ 36.131661][ T370]
[ 36.144815][ T373] FAULT_INJECTION: forcing a failure.
[ 36.144815][ T373] name failslab, interval 1, probability 0, space 0, times 0
[ 36.157451][ T373] CPU: 1 PID: 373 Comm: syz-executor.0 Tainted: G B 5.15.149-syzkaller-1069274-g85445b5a2107 #0
[ 36.168942][ T373] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024
[ 36.179148][ T373] Call Trace:
[ 36.182275][ T373]
[ 36.185063][ T373] dump_stack_lvl+0x151/0x1b7
[ 36.189672][ T373] ? io_uring_drop_tctx_refs+0x190/0x190
[ 36.195122][ T373] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 36.200971][ T373] ? __skb_try_recv_datagram+0x495/0x6a0
[ 36.206621][ T373] dump_stack+0x15/0x17
[ 36.210605][ T373] should_fail+0x3c6/0x510
[ 36.215025][ T373] __should_failslab+0xa4/0xe0
[ 36.219640][ T373] ? skb_clone+0x1d1/0x360
[ 36.223886][ T373] should_failslab+0x9/0x20
[ 36.228481][ T373] slab_pre_alloc_hook+0x37/0xd0
[ 36.233253][ T373] ? skb_clone+0x1d1/0x360
[ 36.237550][ T373] kmem_cache_alloc+0x44/0x200
[ 36.242194][ T373] skb_clone+0x1d1/0x360
[ 36.246604][ T373] sk_psock_verdict_recv+0x53/0x840
[ 36.252079][ T373] ? avc_has_perm_noaudit+0x430/0x430
[ 36.257460][ T373] ? mntput_no_expire+0xfc/0x6b0
[ 36.262241][ T373] unix_read_sock+0x132/0x370
[ 36.266853][ T373] ? sk_psock_skb_redirect+0x440/0x440
[ 36.272254][ T373] ? unix_stream_splice_actor+0x120/0x120
[ 36.277806][ T373] ? _raw_spin_lock_irqsave+0xf9/0x210
[ 36.283222][ T373] ? unix_stream_splice_actor+0x120/0x120
[ 36.288865][ T373] sk_psock_verdict_data_ready+0x147/0x1a0
[ 36.294742][ T373] ? sk_psock_start_verdict+0xc0/0xc0
[ 36.300249][ T373] ? _raw_spin_lock+0xa4/0x1b0
[ 36.304849][ T373] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 36.310575][ T373] ? skb_queue_tail+0xfb/0x120
[ 36.315390][ T373] unix_dgram_sendmsg+0x15fa/0x2090
[ 36.320578][ T373] ? unix_dgram_poll+0x710/0x710
[ 36.325418][ T373] ? _raw_spin_trylock+0xcd/0x1a0
[ 36.330585][ T373] ? security_socket_sendmsg+0x82/0xb0
[ 36.335855][ T373] ? unix_dgram_poll+0x710/0x710
[ 36.340721][ T373] ____sys_sendmsg+0x59e/0x8f0
[ 36.345326][ T373] ? __sys_sendmsg_sock+0x40/0x40
[ 36.350205][ T373] ? import_iovec+0xe5/0x120
[ 36.354631][ T373] ___sys_sendmsg+0x252/0x2e0
[ 36.359304][ T373] ? __sys_sendmsg+0x260/0x260
[ 36.364012][ T373] ? do_handle_mm_fault+0x17e1/0x23a0
[ 36.369303][ T373] ? __kasan_check_write+0x14/0x20
[ 36.374357][ T373] ? proc_fail_nth_write+0x20b/0x290
[ 36.379759][ T373] ? __fdget+0x1bc/0x240
[ 36.383912][ T373] __sys_sendmmsg+0x2bf/0x530
[ 36.388536][ T373] ? __ia32_sys_sendmsg+0x90/0x90
[ 36.393457][ T373] ? mutex_unlock+0xb2/0x260
[ 36.398001][ T373] ? __kasan_check_write+0x14/0x20
[ 36.403119][ T373] ? debug_smp_processor_id+0x17/0x20
[ 36.408412][ T373] ? fpregs_assert_state_consistent+0xb6/0xe0
[ 36.414450][ T373] __x64_sys_sendmmsg+0xa0/0xb0
[ 36.419178][ T373] do_syscall_64+0x3d/0xb0
[ 36.423618][ T373] entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 36.429776][ T373] RIP: 0033:0x7f914cec5da9
[ 36.434109][ T373] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[ 36.453641][ T373] RSP: 002b:00007f914ca480c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 36.461982][ T373] RAX: ffffffffffffffda RBX: 00007f914cff4f80 RCX: 00007f914cec5da9
[ 36.470052][ T373] RDX: 0000000000000001 RSI: 0000000020001680 RDI: 0000000000000003
[ 36.478011][ T373] RBP: 00007f914ca48120 R08: 0000000000000000 R09: 0000000000000000
[ 36.486111][ T373] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 36.494002][ T373] R13: 000000000000000b R14: 00007f914cff4f80 R15: 00007ffe2eddc7a8
[ 36.501819][ T373]
[ 36.512762][ T375] FAULT_INJECTION: forcing a failure.
[ 36.512762][ T375] name failslab, interval 1, probability 0, space 0, times 0
[ 36.525714][ T375] CPU: 1 PID: 375 Comm: syz-executor.0 Tainted: G B 5.15.149-syzkaller-1069274-g85445b5a2107 #0
[ 36.537837][ T375] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024
[ 36.547716][ T375] Call Trace:
[ 36.551211][ T375]
[ 36.554106][ T375] dump_stack_lvl+0x151/0x1b7
[ 36.558709][ T375] ? io_uring_drop_tctx_refs+0x190/0x190
[ 36.564176][ T375] dump_stack+0x15/0x17
[ 36.568165][ T375] should_fail+0x3c6/0x510
[ 36.572632][ T375] __should_failslab+0xa4/0xe0
[ 36.577225][ T375] should_failslab+0x9/0x20
[ 36.581561][ T375] slab_pre_alloc_hook+0x37/0xd0
[ 36.586566][ T375] kmem_cache_alloc_trace+0x48/0x210
[ 36.591994][ T375] ? sk_psock_skb_ingress_self+0x60/0x330
[ 36.597620][ T375] ? migrate_disable+0x190/0x190
[ 36.602397][ T375] sk_psock_skb_ingress_self+0x60/0x330
[ 36.608199][ T375] sk_psock_verdict_recv+0x66d/0x840
[ 36.613451][ T375] unix_read_sock+0x132/0x370
[ 36.618348][ T375] ? sk_psock_skb_redirect+0x440/0x440
[ 36.623725][ T375] ? unix_stream_splice_actor+0x120/0x120
[ 36.629289][ T375] ? _raw_spin_lock_irqsave+0xf9/0x210
[ 36.634598][ T375] ? unix_stream_splice_actor+0x120/0x120
[ 36.640228][ T375] sk_psock_verdict_data_ready+0x147/0x1a0
[ 36.645955][ T375] ? sk_psock_start_verdict+0xc0/0xc0
[ 36.651327][ T375] ? _raw_spin_lock+0xa4/0x1b0
[ 36.655972][ T375] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 36.661793][ T375] ? skb_queue_tail+0xfb/0x120
[ 36.666545][ T375] unix_dgram_sendmsg+0x15fa/0x2090
[ 36.671666][ T375] ? unix_dgram_poll+0x710/0x710
[ 36.676551][ T375] ? _raw_spin_trylock+0xcd/0x1a0
[ 36.681597][ T375] ? security_socket_sendmsg+0x82/0xb0
[ 36.686988][ T375] ? unix_dgram_poll+0x710/0x710
[ 36.691762][ T375] ____sys_sendmsg+0x59e/0x8f0
[ 36.696437][ T375] ? __sys_sendmsg_sock+0x40/0x40
[ 36.701297][ T375] ? import_iovec+0xe5/0x120
[ 36.705905][ T375] ___sys_sendmsg+0x252/0x2e0
[ 36.710682][ T375] ? __sys_sendmsg+0x260/0x260
[ 36.715275][ T375] ? do_handle_mm_fault+0x17e1/0x23a0
[ 36.720478][ T375] ? __kasan_check_write+0x14/0x20
[ 36.725439][ T375] ? proc_fail_nth_write+0x20b/0x290
[ 36.730551][ T375] ? __fdget+0x1bc/0x240
[ 36.734634][ T375] __sys_sendmmsg+0x2bf/0x530
[ 36.739141][ T375] ? __ia32_sys_sendmsg+0x90/0x90
[ 36.744002][ T375] ? mutex_unlock+0xb2/0x260
[ 36.748435][ T375] ? __kasan_check_write+0x14/0x20
[ 36.753654][ T375] ? debug_smp_processor_id+0x17/0x20
[ 36.759126][ T375] ? fpregs_assert_state_consistent+0xb6/0xe0
[ 36.765195][ T375] __x64_sys_sendmmsg+0xa0/0xb0
[ 36.769969][ T375] do_syscall_64+0x3d/0xb0
[ 36.774223][ T375] entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 36.780049][ T375] RIP: 0033:0x7f914cec5da9
[ 36.784303][ T375] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[ 36.804168][ T375] RSP: 002b:00007f914ca480c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 36.812418][ T375] RAX: ffffffffffffffda RBX: 00007f914cff4f80 RCX: 00007f914cec5da9
[ 36.820397][ T375] RDX: 0000000000000001 RSI: 0000000020001680 RDI: 0000000000000003
[ 36.828211][ T375] RBP: 00007f914ca48120 R08: 0000000000000000 R09: 0000000000000000
[ 36.836023][ T375] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 36.843932][ T375] R13: 000000000000000b R14: 00007f914cff4f80 R15: 00007ffe2eddc7a8
[ 36.851745][ T375]
[ 36.857315][ T374] ==================================================================
[ 36.865335][ T374] BUG: KASAN: double-free or invalid-free in kmem_cache_free+0x116/0x2e0
[ 36.874814][ T374]
[ 36.877253][ T374] CPU: 1 PID: 374 Comm: syz-executor.0 Tainted: G B 5.15.149-syzkaller-1069274-g85445b5a2107 #0
[ 36.889933][ T374] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024
[ 36.900073][ T374] Call Trace:
[ 36.903357][ T374]
[ 36.906402][ T374] dump_stack_lvl+0x151/0x1b7
[ 36.911419][ T374] ? io_uring_drop_tctx_refs+0x190/0x190
[ 36.916854][ T374] ? __wake_up_klogd+0xd5/0x110
[ 36.921559][ T374] ? panic+0x751/0x751
[ 36.925524][ T374] ? kmem_cache_free+0x116/0x2e0
[ 36.930470][ T374] print_address_description+0x87/0x3b0
[ 36.935967][ T374] ? kmem_cache_free+0x116/0x2e0
[ 36.940713][ T374] ? kmem_cache_free+0x116/0x2e0
[ 36.945576][ T374] kasan_report_invalid_free+0x6b/0xa0
[ 36.950885][ T374] ____kasan_slab_free+0x13e/0x160
[ 36.956037][ T374] __kasan_slab_free+0x11/0x20
[ 36.960782][ T374] slab_free_freelist_hook+0xbd/0x190
[ 36.965982][ T374] ? kfree_skbmem+0x104/0x170
[ 36.970618][ T374] kmem_cache_free+0x116/0x2e0
[ 36.975558][ T374] kfree_skbmem+0x104/0x170
[ 36.979997][ T374] consume_skb+0xb4/0x250
[ 36.984397][ T374] __sk_msg_free+0x2dd/0x370
[ 36.989003][ T374] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 36.994845][ T374] sk_psock_stop+0x44c/0x4d0
[ 36.999242][ T374] ? unix_peer_get+0xe0/0xe0
[ 37.003926][ T374] sock_map_close+0x2b9/0x4c0
[ 37.008518][ T374] ? sock_map_remove_links+0x570/0x570
[ 37.014177][ T374] ? rwsem_mark_wake+0x6b0/0x6b0
[ 37.019036][ T374] unix_release+0x82/0xc0
[ 37.023274][ T374] sock_close+0xdf/0x270
[ 37.027357][ T374] ? sock_mmap+0xa0/0xa0
[ 37.031435][ T374] __fput+0x3fe/0x910
[ 37.035351][ T374] ____fput+0x15/0x20
[ 37.039319][ T374] task_work_run+0x129/0x190
[ 37.043915][ T374] exit_to_user_mode_loop+0xc4/0xe0
[ 37.049307][ T374] exit_to_user_mode_prepare+0x5a/0xa0
[ 37.054757][ T374] syscall_exit_to_user_mode+0x26/0x160
[ 37.060405][ T374] do_syscall_64+0x49/0xb0
[ 37.064763][ T374] entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 37.070763][ T374] RIP: 0033:0x7f914cec4c9a
[ 37.075388][ T374] Code: 48 3d 00 f0 ff ff 77 48 c3 0f 1f 80 00 00 00 00 48 83 ec 18 89 7c 24 0c e8 03 7f 02 00 8b 7c 24 0c 89 c2 b8 03 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 36 89 d7 89 44 24 0c e8 63 7f 02 00 8b 44 24
[ 37.096217][ T374] RSP: 002b:00007ffe2eddc870 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[ 37.105153][ T374] RAX: 0000000000000000 RBX: 0000000000000004 RCX: 00007f914cec4c9a
[ 37.113055][ T374] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003
[ 37.120943][ T374] RBP: 00007f914cff6980 R08: 0000001b30a60000 R09: 00007ffe2ede40b0
[ 37.129024][ T374] R10: 0000000000000000 R11: 0000000000000293 R12: 00000000000091cb
[ 37.137546][ T374] R13: ffffffffffffffff R14: 00007f914ca49000 R15: 0000000000008e8a
[ 37.145708][ T374]
[ 37.148569][ T374]
[ 37.150740][ T374] Allocated by task 375:
[ 37.154832][ T374] __kasan_slab_alloc+0xb1/0xe0
[ 37.159595][ T374] slab_post_alloc_hook+0x53/0x2c0
[ 37.164542][ T374] kmem_cache_alloc+0xf5/0x200
[ 37.169335][ T374] skb_clone+0x1d1/0x360
[ 37.173678][ T374] sk_psock_verdict_recv+0x53/0x840
[ 37.178715][ T374] unix_read_sock+0x132/0x370
[ 37.183219][ T374] sk_psock_verdict_data_ready+0x147/0x1a0
[ 37.189217][ T374] unix_dgram_sendmsg+0x15fa/0x2090
[ 37.194398][ T374] ____sys_sendmsg+0x59e/0x8f0
[ 37.199207][ T374] ___sys_sendmsg+0x252/0x2e0
[ 37.203725][ T374] __sys_sendmmsg+0x2bf/0x530
[ 37.208327][ T374] __x64_sys_sendmmsg+0xa0/0xb0
[ 37.213123][ T374] do_syscall_64+0x3d/0xb0
[ 37.217562][ T374] entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 37.223369][ T374]
[ 37.225565][ T374] Freed by task 39:
[ 37.229275][ T374] kasan_set_track+0x4b/0x70
[ 37.233787][ T374] kasan_set_free_info+0x23/0x40
[ 37.238820][ T374] ____kasan_slab_free+0x126/0x160
[ 37.243771][ T374] __kasan_slab_free+0x11/0x20
[ 37.248460][ T374] slab_free_freelist_hook+0xbd/0x190
[ 37.253778][ T374] kmem_cache_free+0x116/0x2e0
[ 37.258445][ T374] kfree_skbmem+0x104/0x170
[ 37.263064][ T374] kfree_skb+0xc2/0x360
[ 37.267053][ T374] sk_psock_backlog+0xc21/0xd90
[ 37.271741][ T374] process_one_work+0x6bb/0xc10
[ 37.276572][ T374] worker_thread+0xad5/0x12a0
[ 37.281202][ T374] kthread+0x421/0x510
[ 37.285228][ T374] ret_from_fork+0x1f/0x30
[ 37.289558][ T374]
[ 37.291724][ T374] The buggy address belongs to the object at ffff88810d5d8b40
[ 37.291724][ T374] which belongs to the cache skbuff_head_cache of size 248
[ 37.306867][ T374] The buggy address is located 0 bytes inside of
[ 37.306867][ T374] 248-byte region [ffff88810d5d8b40, ffff88810d5d8c38)
[ 37.320228][ T374] The buggy address belongs to the page:
[ 37.325786][ T374] page:ffffea0004357600 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10d5d8
[ 37.336030][ T374] flags: 0x4000000000000200(slab|zone=1)
[ 37.341552][ T374] raw: 4000000000000200 ffffea0004357540 0000000400000004 ffff888107f99380
[ 37.350093][ T374] raw: 0000000000000000 00000000000c000c 00000001ffffffff 0000000000000000
[ 37.358593][ T374] page dumped because: kasan: bad access detected
[ 37.364944][ T374] page_owner tracks the page as allocated
[ 37.370575][ T374] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x12cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY), pid 101, ts 3700344678, free_ts 0
[ 37.385591][ T374] post_alloc_hook+0x1a3/0x1b0
[ 37.390275][ T374] prep_new_page+0x1b/0x110
[ 37.394620][ T374] get_page_from_freelist+0x3550/0x35d0
[ 37.400301][ T374] __alloc_pages+0x27e/0x8f0
[ 37.404781][ T374] new_slab+0x9a/0x4e0
[ 37.408872][ T374] ___slab_alloc+0x39e/0x830
[ 37.413278][ T374] __slab_alloc+0x4a/0x90
[ 37.417442][ T374] kmem_cache_alloc+0x134/0x200
[ 37.422154][ T374] __alloc_skb+0xbe/0x550
[ 37.426297][ T374] alloc_uevent_skb+0x80/0x230
[ 37.430910][ T374] kobject_uevent_net_broadcast+0x311/0x590
[ 37.436728][ T374] kobject_uevent_env+0x525/0x700
[ 37.441847][ T374] kobject_synth_uevent+0x4eb/0xae0
[ 37.446992][ T374] bus_uevent_store+0x4f/0x70
[ 37.451851][ T374] bus_attr_store+0x78/0x90
[ 37.456273][ T374] sysfs_kf_write+0x123/0x140
[ 37.460836][ T374] page_owner free stack trace missing
[ 37.466181][ T374]
[ 37.468437][ T374] Memory state around the buggy address:
[ 37.473920][ T374] ffff88810d5d8a00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 37.481932][ T374] ffff88810d5d8a80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fc
[ 37.490296][ T374] >ffff88810d5d8b00: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
[ 37.498318][ T374] ^
[ 37.504303][ T374] ffff88810d5d8b80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 37.512564][ T374] ffff88810d5d8c00: fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc fc
[ 37.520637][ T374] ==================================================================
[ 37.536561][ T378] FAULT_INJECTION: forcing a failure.
[ 37.536561][ T378] name failslab, interval 1, probability 0, space 0, times 0
[ 37.549255][ T378] CPU: 1 PID: 378 Comm: syz-executor.0 Tainted: G B 5.15.149-syzkaller-1069274-g85445b5a2107 #0
[ 37.561628][ T378] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024
[ 37.571789][ T378] Call Trace:
[ 37.574923][ T378]
[ 37.577780][ T378] dump_stack_lvl+0x151/0x1b7
[ 37.582499][ T378] ? io_uring_drop_tctx_refs+0x190/0x190
[ 37.588024][ T378] dump_stack+0x15/0x17
[ 37.592249][ T378] should_fail+0x3c6/0x510
[ 37.596585][ T378] __should_failslab+0xa4/0xe0
[ 37.601189][ T378] should_failslab+0x9/0x20
[ 37.605528][ T378] slab_pre_alloc_hook+0x37/0xd0
[ 37.610298][ T378] kmem_cache_alloc_trace+0x48/0x210
[ 37.615596][ T378] ? sk_psock_skb_ingress_self+0x60/0x330
[ 37.621151][ T378] ? migrate_disable+0x190/0x190
[ 37.626095][ T378] sk_psock_skb_ingress_self+0x60/0x330
[ 37.631571][ T378] sk_psock_verdict_recv+0x66d/0x840
[ 37.636747][ T378] unix_read_sock+0x132/0x370
[ 37.641439][ T378] ? sk_psock_skb_redirect+0x440/0x440
[ 37.646726][ T378] ? unix_stream_splice_actor+0x120/0x120
[ 37.652278][ T378] ? _raw_spin_lock_irqsave+0xf9/0x210
[ 37.657754][ T378] ? unix_stream_splice_actor+0x120/0x120
[ 37.663444][ T378] sk_psock_verdict_data_ready+0x147/0x1a0
[ 37.669422][ T378] ? sk_psock_start_verdict+0xc0/0xc0
[ 37.674586][ T378] ? _raw_spin_lock+0xa4/0x1b0
[ 37.679309][ T378] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 37.685017][ T378] ? skb_queue_tail+0xfb/0x120
[ 37.689691][ T378] unix_dgram_sendmsg+0x15fa/0x2090
[ 37.694825][ T378] ? unix_dgram_poll+0x710/0x710
[ 37.699600][ T378] ? _raw_spin_trylock+0xcd/0x1a0
[ 37.704562][ T378] ? security_socket_sendmsg+0x82/0xb0
[ 37.709927][ T378] ? unix_dgram_poll+0x710/0x710
[ 37.714701][ T378] ____sys_sendmsg+0x59e/0x8f0
[ 37.719479][ T378] ? __sys_sendmsg_sock+0x40/0x40
[ 37.724430][ T378] ? import_iovec+0xe5/0x120
[ 37.729042][ T378] ___sys_sendmsg+0x252/0x2e0
[ 37.733548][ T378] ? __sys_sendmsg+0x260/0x260
[ 37.738248][ T378] ? do_handle_mm_fault+0x17e1/0x23a0
[ 37.743445][ T378] ? __kasan_check_write+0x14/0x20
[ 37.748392][ T378] ? proc_fail_nth_write+0x20b/0x290
[ 37.753611][ T378] ? __fdget+0x1bc/0x240
[ 37.757680][ T378] __sys_sendmmsg+0x2bf/0x530
[ 37.762335][ T378] ? __ia32_sys_sendmsg+0x90/0x90
[ 37.767273][ T378] ? mutex_unlock+0xb2/0x260
[ 37.771696][ T378] ? __kasan_check_write+0x14/0x20
[ 37.776657][ T378] ? debug_smp_processor_id+0x17/0x20
[ 37.781977][ T378] ? fpregs_assert_state_consistent+0xb6/0xe0
[ 37.787859][ T378] __x64_sys_sendmmsg+0xa0/0xb0
[ 37.792548][ T378] do_syscall_64+0x3d/0xb0
[ 37.797016][ T378] entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 37.802748][ T378] RIP: 0033:0x7f914cec5da9
[ 37.807003][ T378] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[ 37.826529][ T378] RSP: 002b:00007f914ca480c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 37.834778][ T378] RAX: ffffffffffffffda RBX: 00007f914cff4f80 RCX: 00007f914cec5da9
[ 37.842780][ T378] RDX: 0000000000000001 RSI: 0000000020001680 RDI: 0000000000000003
[ 37.851200][ T378] RBP: 00007f914ca48120 R08: 0000000000000000 R09: 0000000000000000
[ 37.859390][ T378] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 37.868435][ T378] R13: 000000000000000b R14: 00007f914cff4f80 R15: 00007ffe2eddc7a8
[ 37.876339][ T378]
[ 37.880907][ T377] ==================================================================
[ 37.888975][ T377] BUG: KASAN: double-free or invalid-free in kmem_cache_free+0x116/0x2e0
[ 37.897303][ T377]
[ 37.899473][ T377] CPU: 1 PID: 377 Comm: syz-executor.0 Tainted: G B 5.15.149-syzkaller-1069274-g85445b5a2107 #0
[ 37.911737][ T377] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024
[ 37.921798][ T377] Call Trace:
[ 37.924942][ T377]
[ 37.927693][ T377] dump_stack_lvl+0x151/0x1b7
[ 37.932208][ T377] ? io_uring_drop_tctx_refs+0x190/0x190
[ 37.937757][ T377] ? __wake_up_klogd+0xd5/0x110
[ 37.942447][ T377] ? panic+0x751/0x751
[ 37.946471][ T377] ? kmem_cache_free+0x116/0x2e0
[ 37.951628][ T377] print_address_description+0x87/0x3b0
[ 37.956991][ T377] ? kmem_cache_free+0x116/0x2e0
[ 37.961838][ T377] ? kmem_cache_free+0x116/0x2e0
[ 37.966721][ T377] kasan_report_invalid_free+0x6b/0xa0
[ 37.972022][ T377] ____kasan_slab_free+0x13e/0x160
[ 37.977222][ T377] __kasan_slab_free+0x11/0x20
[ 37.981827][ T377] slab_free_freelist_hook+0xbd/0x190
[ 37.987030][ T377] ? kfree_skbmem+0x104/0x170
[ 37.991630][ T377] kmem_cache_free+0x116/0x2e0
[ 37.996319][ T377] kfree_skbmem+0x104/0x170
[ 38.000664][ T377] consume_skb+0xb4/0x250
[ 38.004913][ T377] __sk_msg_free+0x2dd/0x370
[ 38.009444][ T377] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 38.015154][ T377] sk_psock_stop+0x44c/0x4d0
[ 38.019584][ T377] ? unix_peer_get+0xe0/0xe0
[ 38.024229][ T377] sock_map_close+0x2b9/0x4c0
[ 38.028775][ T377] ? sock_map_remove_links+0x570/0x570
[ 38.034041][ T377] ? rwsem_mark_wake+0x6b0/0x6b0
[ 38.038811][ T377] unix_release+0x82/0xc0
[ 38.043190][ T377] sock_close+0xdf/0x270
[ 38.047476][ T377] ? sock_mmap+0xa0/0xa0
[ 38.051649][ T377] __fput+0x3fe/0x910
[ 38.055864][ T377] ____fput+0x15/0x20
[ 38.059880][ T377] task_work_run+0x129/0x190
[ 38.064298][ T377] exit_to_user_mode_loop+0xc4/0xe0
[ 38.069335][ T377] exit_to_user_mode_prepare+0x5a/0xa0
[ 38.074806][ T377] syscall_exit_to_user_mode+0x26/0x160
[ 38.080187][ T377] do_syscall_64+0x49/0xb0
[ 38.084445][ T377] entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 38.090173][ T377] RIP: 0033:0x7f914cec4c9a
[ 38.094432][ T377] Code: 48 3d 00 f0 ff ff 77 48 c3 0f 1f 80 00 00 00 00 48 83 ec 18 89 7c 24 0c e8 03 7f 02 00 8b 7c 24 0c 89 c2 b8 03 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 36 89 d7 89 44 24 0c e8 63 7f 02 00 8b 44 24
[ 38.114425][ T377] RSP: 002b:00007ffe2eddc870 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[ 38.122814][ T377] RAX: 0000000000000000 RBX: 0000000000000004 RCX: 00007f914cec4c9a
[ 38.130780][ T377] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003
[ 38.138665][ T377] RBP: 00007f914cff6980 R08: 0000001b30a60000 R09: 00007ffe2ede40b0
[ 38.146650][ T377] R10: 0000000000000000 R11: 0000000000000293 R12: 00000000000095ca
[ 38.154454][ T377] R13: ffffffffffffffff R14: 00007f914ca49000 R15: 0000000000009289
[ 38.162623][ T377]
[ 38.165487][ T377]
[ 38.167737][ T377] Allocated by task 378:
[ 38.171813][ T377] __kasan_slab_alloc+0xb1/0xe0
[ 38.176754][ T377] slab_post_alloc_hook+0x53/0x2c0
[ 38.181783][ T377] kmem_cache_alloc+0xf5/0x200
[ 38.186828][ T377] skb_clone+0x1d1/0x360
[ 38.190984][ T377] sk_psock_verdict_recv+0x53/0x840
[ 38.196186][ T377] unix_read_sock+0x132/0x370
[ 38.200711][ T377] sk_psock_verdict_data_ready+0x147/0x1a0
[ 38.206442][ T377] unix_dgram_sendmsg+0x15fa/0x2090
[ 38.211695][ T377] ____sys_sendmsg+0x59e/0x8f0
[ 38.216441][ T377] ___sys_sendmsg+0x252/0x2e0
[ 38.221259][ T377] __sys_sendmmsg+0x2bf/0x530
[ 38.225783][ T377] __x64_sys_sendmmsg+0xa0/0xb0
[ 38.230545][ T377] do_syscall_64+0x3d/0xb0
[ 38.235029][ T377] entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 38.240876][ T377]
[ 38.243043][ T377] Freed by task 39:
[ 38.246690][ T377] kasan_set_track+0x4b/0x70
[ 38.251208][ T377] kasan_set_free_info+0x23/0x40
[ 38.256151][ T377] ____kasan_slab_free+0x126/0x160
[ 38.261991][ T377] __kasan_slab_free+0x11/0x20
[ 38.267320][ T377] slab_free_freelist_hook+0xbd/0x190
[ 38.272648][ T377] kmem_cache_free+0x116/0x2e0
[ 38.277385][ T377] kfree_skbmem+0x104/0x170
[ 38.281853][ T377] kfree_skb+0xc2/0x360
[ 38.285938][ T377] sk_psock_backlog+0xc21/0xd90
[ 38.290735][ T377] process_one_work+0x6bb/0xc10
[ 38.295567][ T377] worker_thread+0xad5/0x12a0
[ 38.300586][ T377] kthread+0x421/0x510
[ 38.304537][ T377] ret_from_fork+0x1f/0x30
[ 38.308788][ T377]
[ 38.311051][ T377] The buggy address belongs to the object at ffff88810d5f4140
[ 38.311051][ T377] which belongs to the cache skbuff_head_cache of size 248
[ 38.325639][ T377] The buggy address is located 0 bytes inside of
[ 38.325639][ T377] 248-byte region [ffff88810d5f4140, ffff88810d5f4238)
[ 38.339244][ T377] The buggy address belongs to the page:
[ 38.344773][ T377] page:ffffea0004357d00 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10d5f4
[ 38.355093][ T377] flags: 0x4000000000000200(slab|zone=1)
[ 38.360658][ T377] raw: 4000000000000200 ffffea0004357c80 0000000c0000000c ffff888107f99380
[ 38.369156][ T377] raw: 0000000000000000 00000000800c000c 00000001ffffffff 0000000000000000
[ 38.377745][ T377] page dumped because: kasan: bad access detected
[ 38.384359][ T377] page_owner tracks the page as allocated
[ 38.390098][ T377] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x12cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY), pid 101, ts 3710570013, free_ts 3710528633
[ 38.405828][ T377] post_alloc_hook+0x1a3/0x1b0
[ 38.410605][ T377] prep_new_page+0x1b/0x110
[ 38.414937][ T377] get_page_from_freelist+0x3550/0x35d0
[ 38.420320][ T377] __alloc_pages+0x27e/0x8f0
[ 38.424744][ T377] new_slab+0x9a/0x4e0
[ 38.428652][ T377] ___slab_alloc+0x39e/0x830
[ 38.433424][ T377] __slab_alloc+0x4a/0x90
[ 38.437567][ T377] kmem_cache_alloc+0x134/0x200
[ 38.442250][ T377] __alloc_skb+0xbe/0x550
[ 38.446423][ T377] alloc_uevent_skb+0x80/0x230
[ 38.451027][ T377] kobject_uevent_net_broadcast+0x311/0x590
[ 38.456746][ T377] kobject_uevent_env+0x525/0x700
[ 38.461622][ T377] kobject_synth_uevent+0x4eb/0xae0
[ 38.466759][ T377] uevent_store+0x4b/0x70
[ 38.470921][ T377] drv_attr_store+0x78/0xa0
[ 38.475264][ T377] sysfs_kf_write+0x123/0x140
[ 38.479862][ T377] page last free stack trace:
[ 38.484898][ T377] free_unref_page_prepare+0x7c8/0x7d0
[ 38.490197][ T377] free_unref_page+0xe8/0x750
[ 38.494893][ T377] __free_pages+0x61/0xf0
[ 38.499150][ T377] free_pages+0x7c/0x90
[ 38.503127][ T377] selinux_genfs_get_sid+0x24d/0x2a0
[ 38.508349][ T377] inode_doinit_with_dentry+0x8d2/0x1070
[ 38.513980][ T377] selinux_d_instantiate+0x27/0x40
[ 38.519019][ T377] security_d_instantiate+0x9f/0x100
[ 38.524222][ T377] d_splice_alias+0x6d/0x390
[ 38.528877][ T377] kernfs_iop_lookup+0x29e/0x2f0
[ 38.533750][ T377] path_openat+0x1194/0x2f40
[ 38.538523][ T377] do_filp_open+0x21c/0x460
[ 38.543305][ T377] do_sys_openat2+0x13f/0x830
[ 38.548128][ T377] __x64_sys_openat+0x243/0x290
[ 38.552820][ T377] do_syscall_64+0x3d/0xb0
[ 38.557072][ T377] entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 38.563282][ T377]
[ 38.565659][ T377] Memory state around the buggy address:
[ 38.571344][ T377] ffff88810d5f4000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 38.579335][ T377] ffff88810d5f4080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fc
[ 38.587233][ T377] >ffff88810d5f4100: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
[ 38.595383][ T377] ^
[ 38.601554][ T377] ffff88810d5f4180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 38.609445][ T377] ffff88810d5f4200: fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc fc
2024/06/22 08:13:11 executed programs: 15
[ 38.617467][ T377] ==================================================================
[ 38.636131][ T381] FAULT_INJECTION: forcing a failure.
[ 38.636131][ T381] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 38.649618][ T381] CPU: 0 PID: 381 Comm: syz-executor.0 Tainted: G B 5.15.149-syzkaller-1069274-g85445b5a2107 #0
[ 38.661484][ T381] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024
[ 38.671871][ T381] Call Trace:
[ 38.674949][ T381]
[ 38.677981][ T381] dump_stack_lvl+0x151/0x1b7
[ 38.682811][ T381] ? io_uring_drop_tctx_refs+0x190/0x190
[ 38.688496][ T381] dump_stack+0x15/0x17
[ 38.692491][ T381] should_fail+0x3c6/0x510
[ 38.696904][ T381] should_fail_alloc_page+0x5a/0x80
[ 38.702030][ T381] prepare_alloc_pages+0x15c/0x700
[ 38.706980][ T381] ? __alloc_pages_bulk+0xe40/0xe40
[ 38.712219][ T381] __alloc_pages+0x18c/0x8f0
[ 38.716612][ T381] ? prep_new_page+0x110/0x110
[ 38.721306][ T381] ? _raw_spin_lock_irqsave+0xf9/0x210
[ 38.726664][ T381] ? __skb_try_recv_from_queue+0x2b6/0x750
[ 38.732546][ T381] new_slab+0x9a/0x4e0
[ 38.736420][ T381] ___slab_alloc+0x39e/0x830
[ 38.740847][ T381] ? skb_clone+0x1d1/0x360
[ 38.745198][ T381] ? skb_clone+0x1d1/0x360
[ 38.749549][ T381] __slab_alloc+0x4a/0x90
[ 38.753696][ T381] ? skb_clone+0x1d1/0x360
[ 38.758045][ T381] kmem_cache_alloc+0x134/0x200
[ 38.763192][ T381] skb_clone+0x1d1/0x360
[ 38.767280][ T381] sk_psock_verdict_recv+0x53/0x840
[ 38.772307][ T381] ? avc_has_perm_noaudit+0x430/0x430
[ 38.777515][ T381] ? mntput_no_expire+0xfc/0x6b0
[ 38.782468][ T381] unix_read_sock+0x132/0x370
[ 38.787071][ T381] ? sk_psock_skb_redirect+0x440/0x440
[ 38.792418][ T381] ? unix_stream_splice_actor+0x120/0x120
[ 38.798006][ T381] ? _raw_spin_lock_irqsave+0xf9/0x210
[ 38.803309][ T381] ? unix_stream_splice_actor+0x120/0x120
[ 38.809024][ T381] sk_psock_verdict_data_ready+0x147/0x1a0
[ 38.815101][ T381] ? sk_psock_start_verdict+0xc0/0xc0
[ 38.820377][ T381] ? _raw_spin_lock+0xa4/0x1b0
[ 38.825085][ T381] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 38.830817][ T381] ? skb_queue_tail+0xfb/0x120
[ 38.835422][ T381] unix_dgram_sendmsg+0x15fa/0x2090
[ 38.840623][ T381] ? unix_dgram_poll+0x710/0x710
[ 38.845394][ T381] ? _raw_spin_trylock+0xcd/0x1a0
[ 38.850271][ T381] ? security_socket_sendmsg+0x82/0xb0
[ 38.855641][ T381] ? unix_dgram_poll+0x710/0x710
[ 38.860501][ T381] ____sys_sendmsg+0x59e/0x8f0
[ 38.865456][ T381] ? __sys_sendmsg_sock+0x40/0x40
[ 38.870761][ T381] ? import_iovec+0xe5/0x120
[ 38.875192][ T381] ___sys_sendmsg+0x252/0x2e0
[ 38.880118][ T381] ? __sys_sendmsg+0x260/0x260
[ 38.884975][ T381] ? do_handle_mm_fault+0x17e1/0x23a0
[ 38.890280][ T381] ? __kasan_check_write+0x14/0x20
[ 38.895210][ T381] ? proc_fail_nth_write+0x20b/0x290
[ 38.900419][ T381] ? __fdget+0x1bc/0x240
[ 38.904601][ T381] __sys_sendmmsg+0x2bf/0x530
[ 38.909187][ T381] ? __ia32_sys_sendmsg+0x90/0x90
[ 38.914240][ T381] ? mutex_unlock+0xb2/0x260
[ 38.918751][ T381] ? __kasan_check_write+0x14/0x20
[ 38.924151][ T381] ? debug_smp_processor_id+0x17/0x20
[ 38.930173][ T381] ? fpregs_assert_state_consistent+0xb6/0xe0
[ 38.936594][ T381] __x64_sys_sendmmsg+0xa0/0xb0
[ 38.941497][ T381] do_syscall_64+0x3d/0xb0
[ 38.945729][ T381] entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 38.951665][ T381] RIP: 0033:0x7f914cec5da9
[ 38.955926][ T381] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[ 38.975899][ T381] RSP: 002b:00007f914ca480c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 38.984311][ T381] RAX: ffffffffffffffda RBX: 00007f914cff4f80 RCX: 00007f914cec5da9
[ 38.992319][ T381] RDX: 0000000000000001 RSI: 0000000020001680 RDI: 0000000000000003
[ 39.000412][ T381] RBP: 00007f914ca48120 R08: 0000000000000000 R09: 0000000000000000
[ 39.008527][ T381] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 39.016476][ T381] R13: 000000000000000b R14: 00007f914cff4f80 R15: 00007ffe2eddc7a8
[ 39.024443][ T381]