Warning: Permanently added '10.128.1.20' (ED25519) to the list of known hosts.
2023/12/12 22:10:46 ignoring optional flag "sandboxArg"="0"
2023/12/12 22:10:47 parsed 1 programs
[ 41.498151][ T29] kauditd_printk_skb: 78 callbacks suppressed
[ 41.498157][ T29] audit: type=1400 audit(1702419047.093:154): avc: denied { mounton } for pid=338 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1
[ 41.529065][ T29] audit: type=1400 audit(1702419047.103:155): avc: denied { mount } for pid=338 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1
[ 41.552176][ T29] audit: type=1400 audit(1702419047.103:156): avc: denied { setattr } for pid=338 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=82 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[ 41.575336][ T29] audit: type=1400 audit(1702419047.103:157): avc: denied { read write } for pid=338 comm="syz-executor" name="swap-file" dev="sda1" ino=1929 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[ 41.601402][ T29] audit: type=1400 audit(1702419047.103:158): avc: denied { open } for pid=338 comm="syz-executor" path="/root/swap-file" dev="sda1" ino=1929 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
2023/12/12 22:10:47 executed programs: 0
[ 41.628088][ T29] audit: type=1400 audit(1702419047.233:159): avc: denied { unlink } for pid=338 comm="syz-executor" name="swap-file" dev="sda1" ino=1929 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[ 41.643702][ T338] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k
[ 41.653818][ T29] audit: type=1400 audit(1702419047.233:160): avc: denied { relabelto } for pid=340 comm="mkswap" name="swap-file" dev="sda1" ino=1929 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[ 41.721621][ T345] bridge0: port 1(bridge_slave_0) entered blocking state
[ 41.728450][ T345] bridge0: port 1(bridge_slave_0) entered disabled state
[ 41.735829][ T345] device bridge_slave_0 entered promiscuous mode
[ 41.742571][ T345] bridge0: port 2(bridge_slave_1) entered blocking state
[ 41.749459][ T345] bridge0: port 2(bridge_slave_1) entered disabled state
[ 41.756628][ T345] device bridge_slave_1 entered promiscuous mode
[ 41.794611][ T345] bridge0: port 2(bridge_slave_1) entered blocking state
[ 41.801466][ T345] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 41.808531][ T345] bridge0: port 1(bridge_slave_0) entered blocking state
[ 41.815386][ T345] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 41.832220][ T37] bridge0: port 1(bridge_slave_0) entered disabled state
[ 41.839301][ T37] bridge0: port 2(bridge_slave_1) entered disabled state
[ 41.846501][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[ 41.854224][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 41.862583][ T38] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 41.870589][ T38] bridge0: port 1(bridge_slave_0) entered blocking state
[ 41.877601][ T38] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 41.894199][ T345] device veth0_vlan entered promiscuous mode
[ 41.900868][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 41.909316][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 41.916922][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[ 41.924122][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[ 41.931535][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 41.939481][ T37] bridge0: port 2(bridge_slave_1) entered blocking state
[ 41.946299][ T37] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 41.953480][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 41.961532][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 41.972513][ T345] device veth1_macvtap entered promiscuous mode
[ 41.979082][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 41.989846][ T38] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 41.999332][ T38] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[ 42.020840][ T29] audit: type=1400 audit(1702419047.623:161): avc: denied { prog_load } for pid=350 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1
[ 42.040434][ T29] audit: type=1400 audit(1702419047.623:162): avc: denied { bpf } for pid=350 comm="syz-executor.0" capability=39 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1
[ 42.041499][ T351] FAULT_INJECTION: forcing a failure.
[ 42.041499][ T351] name failslab, interval 1, probability 0, space 0, times 1
[ 42.061131][ T29] audit: type=1400 audit(1702419047.623:163): avc: denied { perfmon } for pid=350 comm="syz-executor.0" capability=38 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1
[ 42.074357][ T351] CPU: 1 PID: 351 Comm: syz-executor.0 Not tainted 5.15.139-syzkaller #0
[ 42.103466][ T351] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/10/2023
[ 42.113792][ T351] Call Trace:
[ 42.116918][ T351]
[ 42.119697][ T351] dump_stack_lvl+0x38/0x49
[ 42.124035][ T351] dump_stack+0x10/0x12
[ 42.128163][ T351] should_fail.cold+0x5/0xa
[ 42.132590][ T351] ? sk_psock_skb_ingress_self+0x52/0x3a0
[ 42.138144][ T351] __should_failslab+0xb6/0x100
[ 42.142916][ T351] should_failslab+0x9/0x20
[ 42.147269][ T351] kmem_cache_alloc_trace+0x3f/0x490
[ 42.152380][ T351] sk_psock_skb_ingress_self+0x52/0x3a0
[ 42.157861][ T351] sk_psock_verdict_recv+0x799/0x9e0
[ 42.162980][ T351] unix_read_sock+0xd8/0x200
[ 42.167403][ T351] ? sk_psock_tls_strp_read+0x360/0x360
[ 42.172877][ T351] ? unix_compat_ioctl+0x10/0x10
[ 42.177806][ T351] sk_psock_verdict_data_ready+0x104/0x170
[ 42.183528][ T351] ? failover_event+0x330/0x330
[ 42.188210][ T351] ? _raw_spin_unlock_irqrestore+0x4d/0x80
[ 42.193853][ T351] ? skb_queue_tail+0xdc/0x150
[ 42.198448][ T351] unix_dgram_sendmsg+0xc13/0x16d0
[ 42.203403][ T351] ? unix_dgram_connect+0xc70/0xc70
[ 42.208433][ T351] ? unix_dgram_connect+0xc70/0xc70
[ 42.213645][ T351] __sock_sendmsg+0xb5/0xf0
[ 42.217982][ T351] ____sys_sendmsg+0x3f3/0x990
[ 42.222584][ T351] ? kernel_sendmsg+0x30/0x30
[ 42.227090][ T351] ? do_recvmmsg+0x5a0/0x5a0
[ 42.231525][ T351] ? __kasan_check_read+0x11/0x20
[ 42.236498][ T351] ___sys_sendmsg+0xfc/0x190
[ 42.240936][ T351] ? sendmsg_copy_msghdr+0x110/0x110
[ 42.246045][ T351] ? handle_pte_fault+0x1a2/0x2180
[ 42.250995][ T351] ? __handle_mm_fault+0x4aa/0x1380
[ 42.256029][ T351] ? do_filp_open+0x1ab/0x3f0
[ 42.260539][ T351] ? __pmd_alloc+0x330/0x330
[ 42.264973][ T351] ? __fdget+0xe/0x10
[ 42.268882][ T351] ? sockfd_lookup_light+0x1c/0x150
[ 42.274153][ T351] __sys_sendmmsg+0x160/0x340
[ 42.279010][ T351] ? __ia32_sys_sendmsg+0xb0/0xb0
[ 42.283874][ T351] ? branch_type+0x2e0/0x470
[ 42.288287][ T351] ? mutex_unlock+0x7e/0x240
[ 42.293062][ T351] ? mutex_trylock+0x260/0x260
[ 42.297662][ T351] ? vfs_write+0x2b2/0x8e0
[ 42.301916][ T351] ? __kasan_check_write+0x14/0x20
[ 42.306949][ T351] ? fput+0x17/0x30
[ 42.310590][ T351] ? __ia32_sys_read+0xa0/0xa0
[ 42.315204][ T351] ? debug_smp_processor_id+0x17/0x20
[ 42.320403][ T351] __x64_sys_sendmmsg+0x98/0xf0
[ 42.325202][ T351] ? syscall_exit_to_user_mode+0x2f/0x40
[ 42.330755][ T351] do_syscall_64+0x35/0xb0
[ 42.335032][ T351] entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 42.340742][ T351] RIP: 0033:0x7f31b5b26ae9
[ 42.344994][ T351] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[ 42.365385][ T351] RSP: 002b:00007f31b56a90c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 42.374068][ T351] RAX: ffffffffffffffda RBX: 00007f31b5c45f80 RCX: 00007f31b5b26ae9
[ 42.381884][ T351] RDX: 0000000000000001 RSI: 00000000200063c0 RDI: 0000000000000003
[ 42.389861][ T351] RBP: 00007f31b56a9120 R08: 0000000000000000 R09: 0000000000000000
[ 42.397966][ T351] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 42.405842][ T351] R13: 000000000000000b R14: 00007f31b5c45f80 R15: 00007ffdbe193458
[ 42.414094][ T351]
[ 42.420395][ T350] ==================================================================
[ 42.428256][ T350] BUG: KASAN: use-after-free in consume_skb+0x28/0x1d0
[ 42.435030][ T350] Read of size 4 at addr ffff888123354ae4 by task syz-executor.0/350
[ 42.442964][ T350]
[ 42.445101][ T350] CPU: 1 PID: 350 Comm: syz-executor.0 Not tainted 5.15.139-syzkaller #0
[ 42.453553][ T350] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/10/2023
[ 42.463531][ T350] Call Trace:
[ 42.466658][ T350]
[ 42.469438][ T350] dump_stack_lvl+0x38/0x49
[ 42.473797][ T350] print_address_description.constprop.0+0x24/0x160
[ 42.480203][ T350] ? consume_skb+0x28/0x1d0
[ 42.484535][ T350] kasan_report.cold+0x82/0xdb
[ 42.489136][ T350] ? consume_skb+0x28/0x1d0
[ 42.493605][ T350] kasan_check_range+0x148/0x190
[ 42.498373][ T350] __kasan_check_read+0x11/0x20
[ 42.503061][ T350] consume_skb+0x28/0x1d0
[ 42.507317][ T350] __sk_msg_free+0x267/0x4e0
[ 42.511741][ T350] ? _raw_spin_unlock_irqrestore+0x4d/0x80
[ 42.517375][ T350] ? skb_dequeue+0x115/0x1a0
[ 42.521814][ T350] sk_psock_stop+0x3e4/0x600
[ 42.526273][ T350] ? __local_bh_enable_ip+0x28/0x60
[ 42.531355][ T350] ? xfrmi6_err+0x440/0x440
[ 42.535691][ T350] sock_map_close+0x253/0x310
[ 42.540203][ T350] ? sock_map_lookup+0x300/0x300
[ 42.545100][ T350] ? do_lock_file_wait+0x320/0x320
[ 42.550559][ T350] ? down_write_killable+0x2c0/0x2c0
[ 42.555682][ T350] unix_release+0x73/0xe0
[ 42.559845][ T350] __sock_release+0xc2/0x270
[ 42.564283][ T350] sock_close+0x10/0x20
[ 42.568293][ T350] __fput+0x317/0x960
[ 42.572087][ T350] ____fput+0x9/0x10
[ 42.575823][ T350] task_work_run+0xc2/0x150
[ 42.580158][ T350] exit_to_user_mode_prepare+0x140/0x150
[ 42.585627][ T350] syscall_exit_to_user_mode+0x21/0x40
[ 42.590917][ T350] do_syscall_64+0x42/0xb0
[ 42.595171][ T350] entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 42.600903][ T350] RIP: 0033:0x7f31b5b259da
[ 42.605152][ T350] Code: 48 3d 00 f0 ff ff 77 48 c3 0f 1f 80 00 00 00 00 48 83 ec 18 89 7c 24 0c e8 03 7f 02 00 8b 7c 24 0c 89 c2 b8 03 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 36 89 d7 89 44 24 0c e8 63 7f 02 00 8b 44 24
[ 42.624682][ T350] RSP: 002b:00007ffdbe193520 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[ 42.633100][ T350] RAX: 0000000000000000 RBX: 0000000000000004 RCX: 00007f31b5b259da
[ 42.641694][ T350] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003
[ 42.649508][ T350] RBP: 00007f31b5c47980 R08: 0000001b31460000 R09: 00007ffdbe1d4080
[ 42.657436][ T350] R10: 0000000000000000 R11: 0000000000000293 R12: 000000000000a752
[ 42.665306][ T350] R13: ffffffffffffffff R14: 00007f31b56aa000 R15: 000000000000a411
[ 42.673123][ T350]
[ 42.675983][ T350]
[ 42.678155][ T350] Allocated by task 351:
[ 42.682264][ T350] kasan_save_stack+0x26/0x50
[ 42.686847][ T350] __kasan_slab_alloc+0x94/0xc0
[ 42.691533][ T350] kmem_cache_alloc+0x197/0x480
[ 42.696247][ T350] skb_clone+0x131/0x310
[ 42.700320][ T350] sk_psock_verdict_recv+0x4a/0x9e0
[ 42.705334][ T350] unix_read_sock+0xd8/0x200
[ 42.709761][ T350] sk_psock_verdict_data_ready+0x104/0x170
[ 42.715403][ T350] unix_dgram_sendmsg+0xc13/0x16d0
[ 42.720348][ T350] __sock_sendmsg+0xb5/0xf0
[ 42.724688][ T350] ____sys_sendmsg+0x3f3/0x990
[ 42.729289][ T350] ___sys_sendmsg+0xfc/0x190
[ 42.733713][ T350] __sys_sendmmsg+0x160/0x340
[ 42.738225][ T350] __x64_sys_sendmmsg+0x98/0xf0
[ 42.743027][ T350] do_syscall_64+0x35/0xb0
[ 42.747279][ T350] entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 42.753270][ T350]
[ 42.755441][ T350] Freed by task 25:
[ 42.759085][ T350] kasan_save_stack+0x26/0x50
[ 42.763596][ T350] kasan_set_track+0x25/0x30
[ 42.768024][ T350] kasan_set_free_info+0x24/0x40
[ 42.772882][ T350] __kasan_slab_free+0x111/0x150
[ 42.777658][ T350] slab_free_freelist_hook+0x94/0x1a0
[ 42.782868][ T350] kmem_cache_free+0x105/0x250
[ 42.787467][ T350] kfree_skbmem+0x95/0x140
[ 42.791725][ T350] kfree_skb_reason+0xbb/0x2b0
[ 42.796320][ T350] kfree_skb+0xb/0x10
[ 42.800155][ T350] sk_psock_backlog+0x694/0xd00
[ 42.804928][ T350] process_one_work+0x62c/0xec0
[ 42.809613][ T350] worker_thread+0x48e/0xdb0
[ 42.814040][ T350] kthread+0x324/0x3e0
[ 42.817963][ T350] ret_from_fork+0x1f/0x30
[ 42.822438][ T350]
[ 42.824715][ T350] The buggy address belongs to the object at ffff888123354a00
[ 42.824715][ T350] which belongs to the cache skbuff_head_cache of size 240
[ 42.839538][ T350] The buggy address is located 228 bytes inside of
[ 42.839538][ T350] 240-byte region [ffff888123354a00, ffff888123354af0)
[ 42.853044][ T350] The buggy address belongs to the page:
[ 42.858703][ T350] page:ffffea00048cd500 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x123354
[ 42.868987][ T350] flags: 0x4000000000000200(slab|zone=1)
[ 42.874581][ T350] raw: 4000000000000200 0000000000000000 dead000000000122 ffff8881002fb080
[ 42.883203][ T350] raw: 0000000000000000 00000000000c000c 00000001ffffffff 0000000000000000
[ 42.891617][ T350] page dumped because: kasan: bad access detected
[ 42.897868][ T350] page_owner tracks the page as allocated
[ 42.903852][ T350] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x112a20(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_HARDWALL), pid 37, ts 42039982546, free_ts 42021057563
[ 42.921052][ T350] prep_new_page+0x1a2/0x310
[ 42.925485][ T350] get_page_from_freelist+0x1ce2/0x30a0
[ 42.930962][ T350] __alloc_pages+0x23f/0x2400
[ 42.935613][ T350] allocate_slab+0x39d/0x530
[ 42.940156][ T350] ___slab_alloc.constprop.0+0x3ca/0x890
[ 42.945759][ T350] __slab_alloc.constprop.0+0x42/0x80
[ 42.950964][ T350] kmem_cache_alloc+0x440/0x480
[ 42.955653][ T350] __alloc_skb+0x14b/0x250
[ 42.960058][ T350] ndisc_alloc_skb+0x135/0x320
[ 42.964820][ T350] ndisc_send_ns+0x12f/0x7e0
[ 42.969202][ T350] addrconf_dad_work+0x9e6/0x1100
[ 42.974072][ T350] process_one_work+0x62c/0xec0
[ 42.978743][ T350] worker_thread+0x48e/0xdb0
[ 42.983319][ T350] kthread+0x324/0x3e0
[ 42.987233][ T350] ret_from_fork+0x1f/0x30
[ 42.991474][ T350] page last free stack trace:
[ 42.995991][ T350] free_pcp_prepare+0x1b6/0x4c0
[ 43.000684][ T350] free_unref_page+0x84/0x760
[ 43.005304][ T350] __free_pages+0xd7/0xf0
[ 43.009473][ T350] __vunmap+0x4b2/0x7b0
[ 43.013701][ T350] __vfree+0x21/0x90
[ 43.018358][ T350] vfree+0x27/0x40
[ 43.022087][ T350] bpf_patch_insn_data+0x329/0x640
[ 43.027560][ T350] convert_ctx_accesses+0x41a/0x1580
[ 43.032863][ T350] bpf_check+0x27f4/0xb620
[ 43.037725][ T350] bpf_prog_load+0xbd1/0x1770
[ 43.042236][ T350] __sys_bpf+0x14b1/0x46e0
[ 43.046669][ T350] __x64_sys_bpf+0x70/0xb0
[ 43.050877][ T350] do_syscall_64+0x35/0xb0
[ 43.055129][ T350] entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 43.060860][ T350]
[ 43.063027][ T350] Memory state around the buggy address:
[ 43.068506][ T350] ffff888123354980: fb fb fb fb fb fb fc fc fc fc fc fc fc fc fc fc
[ 43.076583][ T350] ffff888123354a00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 43.084670][ T350] >ffff888123354a80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fc fc
[ 43.092801][ T350] ^
[ 43.099773][ T350] ffff888123354b00: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
[ 43.107918][ T350] ffff888123354b80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 43.115911][ T350] ==================================================================
[ 43.123806][ T350] Disabling lock debugging due to kernel taint
[ 43.129825][ T350] ==================================================================
[ 43.137859][ T350] BUG: KASAN: double-free or invalid-free in kmem_cache_free+0x105/0x250
[ 43.146148][ T350]
[ 43.148328][ T350] CPU: 1 PID: 350 Comm: syz-executor.0 Tainted: G B 5.15.139-syzkaller #0
[ 43.158124][ T350] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/10/2023
[ 43.168159][ T350] Call Trace:
[ 43.171274][ T350]
[ 43.174046][ T350] dump_stack_lvl+0x38/0x49
[ 43.178419][ T350] print_address_description.constprop.0+0x24/0x160
[ 43.184820][ T350] ? kmem_cache_free+0x105/0x250
[ 43.189592][ T350] kasan_report_invalid_free+0x75/0xa0
[ 43.194888][ T350] ? kmem_cache_free+0x105/0x250
[ 43.199661][ T350] __kasan_slab_free+0x134/0x150
[ 43.204423][ T350] slab_free_freelist_hook+0x94/0x1a0
[ 43.209630][ T350] ? kfree_skbmem+0x95/0x140
[ 43.214057][ T350] kmem_cache_free+0x105/0x250
[ 43.218657][ T350] kfree_skbmem+0x95/0x140
[ 43.223434][ T350] consume_skb+0xab/0x1d0
[ 43.227633][ T350] __sk_msg_free+0x267/0x4e0
[ 43.232026][ T350] ? _raw_spin_unlock_irqrestore+0x4d/0x80
[ 43.237865][ T350] ? skb_dequeue+0x115/0x1a0
[ 43.242374][ T350] sk_psock_stop+0x3e4/0x600
[ 43.247044][ T350] ? __local_bh_enable_ip+0x28/0x60
[ 43.252064][ T350] ? xfrmi6_err+0x440/0x440
[ 43.256531][ T350] sock_map_close+0x253/0x310
[ 43.261602][ T350] ? sock_map_lookup+0x300/0x300
[ 43.266382][ T350] ? do_lock_file_wait+0x320/0x320
[ 43.271315][ T350] ? down_write_killable+0x2c0/0x2c0
[ 43.276564][ T350] unix_release+0x73/0xe0
[ 43.280695][ T350] __sock_release+0xc2/0x270
[ 43.285119][ T350] sock_close+0x10/0x20
[ 43.289119][ T350] __fput+0x317/0x960
[ 43.292936][ T350] ____fput+0x9/0x10
[ 43.296660][ T350] task_work_run+0xc2/0x150
[ 43.301189][ T350] exit_to_user_mode_prepare+0x140/0x150
[ 43.306645][ T350] syscall_exit_to_user_mode+0x21/0x40
[ 43.311939][ T350] do_syscall_64+0x42/0xb0
[ 43.316187][ T350] entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 43.321921][ T350] RIP: 0033:0x7f31b5b259da
[ 43.326175][ T350] Code: 48 3d 00 f0 ff ff 77 48 c3 0f 1f 80 00 00 00 00 48 83 ec 18 89 7c 24 0c e8 03 7f 02 00 8b 7c 24 0c 89 c2 b8 03 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 36 89 d7 89 44 24 0c e8 63 7f 02 00 8b 44 24
[ 43.347027][ T350] RSP: 002b:00007ffdbe193520 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[ 43.355268][ T350] RAX: 0000000000000000 RBX: 0000000000000004 RCX: 00007f31b5b259da
[ 43.363094][ T350] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003
[ 43.370893][ T350] RBP: 00007f31b5c47980 R08: 0000001b31460000 R09: 00007ffdbe1d4080
[ 43.378715][ T350] R10: 0000000000000000 R11: 0000000000000293 R12: 000000000000a752
[ 43.386600][ T350] R13: ffffffffffffffff R14: 00007f31b56aa000 R15: 000000000000a411
[ 43.394422][ T350]
[ 43.397364][ T350]
[ 43.399728][ T350] Allocated by task 351:
[ 43.403901][ T350] kasan_save_stack+0x26/0x50
[ 43.408413][ T350] __kasan_slab_alloc+0x94/0xc0
[ 43.413267][ T350] kmem_cache_alloc+0x197/0x480
[ 43.417969][ T350] skb_clone+0x131/0x310
[ 43.422153][ T350] sk_psock_verdict_recv+0x4a/0x9e0
[ 43.427651][ T350] unix_read_sock+0xd8/0x200
[ 43.432157][ T350] sk_psock_verdict_data_ready+0x104/0x170
[ 43.437805][ T350] unix_dgram_sendmsg+0xc13/0x16d0
[ 43.442877][ T350] __sock_sendmsg+0xb5/0xf0
[ 43.447514][ T350] ____sys_sendmsg+0x3f3/0x990
[ 43.452284][ T350] ___sys_sendmsg+0xfc/0x190
[ 43.456709][ T350] __sys_sendmmsg+0x160/0x340
[ 43.461279][ T350] __x64_sys_sendmmsg+0x98/0xf0
[ 43.465922][ T350] do_syscall_64+0x35/0xb0
[ 43.470271][ T350] entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 43.476236][ T350]
[ 43.478388][ T350] Freed by task 25:
[ 43.482034][ T350] kasan_save_stack+0x26/0x50
[ 43.486547][ T350] kasan_set_track+0x25/0x30
[ 43.490974][ T350] kasan_set_free_info+0x24/0x40
[ 43.495749][ T350] __kasan_slab_free+0x111/0x150
[ 43.500691][ T350] slab_free_freelist_hook+0x94/0x1a0
[ 43.505901][ T350] kmem_cache_free+0x105/0x250
[ 43.510504][ T350] kfree_skbmem+0x95/0x140
[ 43.514752][ T350] kfree_skb_reason+0xbb/0x2b0
[ 43.519356][ T350] kfree_skb+0xb/0x10
[ 43.523171][ T350] sk_psock_backlog+0x694/0xd00
[ 43.527951][ T350] process_one_work+0x62c/0xec0
[ 43.532632][ T350] worker_thread+0x48e/0xdb0
[ 43.537161][ T350] kthread+0x324/0x3e0
[ 43.541066][ T350] ret_from_fork+0x1f/0x30
[ 43.545452][ T350]
[ 43.547783][ T350] The buggy address belongs to the object at ffff888123354a00
[ 43.547783][ T350] which belongs to the cache skbuff_head_cache of size 240
[ 43.562365][ T350] The buggy address is located 0 bytes inside of
[ 43.562365][ T350] 240-byte region [ffff888123354a00, ffff888123354af0)
[ 43.575299][ T350] The buggy address belongs to the page:
[ 43.580764][ T350] page:ffffea00048cd500 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x123354
[ 43.590920][ T350] flags: 0x4000000000000200(slab|zone=1)
[ 43.596391][ T350] raw: 4000000000000200 0000000000000000 dead000000000122 ffff8881002fb080
[ 43.604820][ T350] raw: 0000000000000000 00000000000c000c 00000001ffffffff 0000000000000000
[ 43.613234][ T350] page dumped because: kasan: bad access detected
[ 43.619481][ T350] page_owner tracks the page as allocated
[ 43.625027][ T350] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x112a20(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_HARDWALL), pid 37, ts 42039982546, free_ts 42021057563
[ 43.642151][ T350] prep_new_page+0x1a2/0x310
[ 43.646554][ T350] get_page_from_freelist+0x1ce2/0x30a0
[ 43.651937][ T350] __alloc_pages+0x23f/0x2400
[ 43.656448][ T350] allocate_slab+0x39d/0x530
[ 43.660877][ T350] ___slab_alloc.constprop.0+0x3ca/0x890
[ 43.666353][ T350] __slab_alloc.constprop.0+0x42/0x80
[ 43.671552][ T350] kmem_cache_alloc+0x440/0x480
[ 43.676324][ T350] __alloc_skb+0x14b/0x250
[ 43.680579][ T350] ndisc_alloc_skb+0x135/0x320
[ 43.685202][ T350] ndisc_send_ns+0x12f/0x7e0
[ 43.689605][ T350] addrconf_dad_work+0x9e6/0x1100
[ 43.694462][ T350] process_one_work+0x62c/0xec0
[ 43.699148][ T350] worker_thread+0x48e/0xdb0
[ 43.703578][ T350] kthread+0x324/0x3e0
[ 43.707484][ T350] ret_from_fork+0x1f/0x30
[ 43.711835][ T350] page last free stack trace:
[ 43.716348][ T350] free_pcp_prepare+0x1b6/0x4c0
[ 43.721045][ T350] free_unref_page+0x84/0x760
[ 43.725797][ T350] __free_pages+0xd7/0xf0
[ 43.729963][ T350] __vunmap+0x4b2/0x7b0
[ 43.734032][ T350] __vfree+0x21/0x90
[ 43.737766][ T350] vfree+0x27/0x40
[ 43.741333][ T350] bpf_patch_insn_data+0x329/0x640
[ 43.746273][ T350] convert_ctx_accesses+0x41a/0x1580
[ 43.751393][ T350] bpf_check+0x27f4/0xb620
[ 43.755644][ T350] bpf_prog_load+0xbd1/0x1770
[ 43.760340][ T350] __sys_bpf+0x14b1/0x46e0
[ 43.764583][ T350] __x64_sys_bpf+0x70/0xb0
[ 43.768839][ T350] do_syscall_64+0x35/0xb0
[ 43.773092][ T350] entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 43.778834][ T350]
[ 43.780990][ T350] Memory state around the buggy address:
[ 43.786460][ T350] ffff888123354900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 43.794358][ T350] ffff888123354980: fb fb fb fb fb fb fc fc fc fc fc fc fc fc fc fc
[ 43.802271][ T350] >ffff888123354a00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 43.810247][ T350] ^
[ 43.814145][ T350] ffff888123354a80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fc fc
[ 43.822477][ T350] ffff888123354b00: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
[ 43.830377][ T350] ==================================================================
[ 43.937352][ T355] FAULT_INJECTION: forcing a failure.
[ 43.937352][ T355] name failslab, interval 1, probability 0, space 0, times 0
[ 43.950698][ T355] CPU: 0 PID: 355 Comm: syz-executor.0 Tainted: G B 5.15.139-syzkaller #0
[ 43.960600][ T355] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/10/2023
[ 43.970617][ T355] Call Trace:
[ 43.973937][ T355]
[ 43.976713][ T355] dump_stack_lvl+0x38/0x49
[ 43.981055][ T355] dump_stack+0x10/0x12
[ 43.985244][ T355] should_fail.cold+0x5/0xa
[ 43.989582][ T355] ? sk_psock_skb_ingress_self+0x52/0x3a0
[ 43.995137][ T355] __should_failslab+0xb6/0x100
[ 43.999823][ T355] should_failslab+0x9/0x20
[ 44.004329][ T355] kmem_cache_alloc_trace+0x3f/0x490
[ 44.009445][ T355] sk_psock_skb_ingress_self+0x52/0x3a0
[ 44.014863][ T355] sk_psock_verdict_recv+0x799/0x9e0
[ 44.019947][ T355] unix_read_sock+0xd8/0x200
[ 44.024384][ T355] ? sk_psock_tls_strp_read+0x360/0x360
[ 44.029755][ T355] ? unix_compat_ioctl+0x10/0x10
[ 44.034531][ T355] sk_psock_verdict_data_ready+0x104/0x170
[ 44.040180][ T355] ? failover_event+0x330/0x330
[ 44.044858][ T355] ? _raw_spin_unlock_irqrestore+0x4d/0x80
[ 44.050615][ T355] ? skb_queue_tail+0xdc/0x150
[ 44.055187][ T355] unix_dgram_sendmsg+0xc13/0x16d0
[ 44.060316][ T355] ? unix_dgram_connect+0xc70/0xc70
[ 44.065626][ T355] ? unix_dgram_connect+0xc70/0xc70
[ 44.070668][ T355] __sock_sendmsg+0xb5/0xf0
[ 44.075083][ T355] ____sys_sendmsg+0x3f3/0x990
[ 44.079674][ T355] ? kernel_sendmsg+0x30/0x30
[ 44.084187][ T355] ? do_recvmmsg+0x5a0/0x5a0
[ 44.088791][ T355] ? __kasan_check_read+0x11/0x20
[ 44.093646][ T355] ___sys_sendmsg+0xfc/0x190
[ 44.098076][ T355] ? sendmsg_copy_msghdr+0x110/0x110
[ 44.103205][ T355] ? handle_pte_fault+0x1a2/0x2180
[ 44.108232][ T355] ? __handle_mm_fault+0x4aa/0x1380
[ 44.113262][ T355] ? do_filp_open+0x1ab/0x3f0
[ 44.117776][ T355] ? __pmd_alloc+0x330/0x330
[ 44.122211][ T355] ? __fdget+0xe/0x10
[ 44.126023][ T355] ? sockfd_lookup_light+0x1c/0x150
[ 44.131075][ T355] __sys_sendmmsg+0x160/0x340
[ 44.135573][ T355] ? __ia32_sys_sendmsg+0xb0/0xb0
[ 44.140434][ T355] ? branch_type+0x2e0/0x470
[ 44.144855][ T355] ? mutex_unlock+0x7e/0x240
[ 44.149282][ T355] ? mutex_trylock+0x260/0x260
[ 44.153882][ T355] ? vfs_write+0x2b2/0x8e0
[ 44.158165][ T355] ? __kasan_check_write+0x14/0x20
[ 44.163082][ T355] ? fput+0x17/0x30
[ 44.166848][ T355] ? __ia32_sys_read+0xa0/0xa0
[ 44.171442][ T355] ? debug_smp_processor_id+0x17/0x20
[ 44.176652][ T355] __x64_sys_sendmmsg+0x98/0xf0
[ 44.181337][ T355] ? syscall_exit_to_user_mode+0x2f/0x40
[ 44.186835][ T355] do_syscall_64+0x35/0xb0
[ 44.191065][ T355] entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 44.196785][ T355] RIP: 0033:0x7f31b5b26ae9
[ 44.201053][ T355] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[ 44.220808][ T355] RSP: 002b:00007f31b56a90c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 44.229039][ T355] RAX: ffffffffffffffda RBX: 00007f31b5c45f80 RCX: 00007f31b5b26ae9
[ 44.236854][ T355] RDX: 0000000000000001 RSI: 00000000200063c0 RDI: 0000000000000003
[ 44.244678][ T355] RBP: 00007f31b56a9120 R08: 0000000000000000 R09: 0000000000000000
[ 44.252564][ T355] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 44.260373][ T355] R13: 000000000000000b R14: 00007f31b5c45f80 R15: 00007ffdbe193458
[ 44.268190][ T355]
[ 44.272311][ T354] ==================================================================
[ 44.280177][ T354] BUG: KASAN: double-free or invalid-free in kmem_cache_free+0x105/0x250
[ 44.289805][ T354]
[ 44.291985][ T354] CPU: 0 PID: 354 Comm: syz-executor.0 Tainted: G B 5.15.139-syzkaller #0
[ 44.301630][ T354] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/10/2023
[ 44.311594][ T354] Call Trace:
[ 44.314718][ T354]
[ 44.317493][ T354] dump_stack_lvl+0x38/0x49
[ 44.321922][ T354] print_address_description.constprop.0+0x24/0x160
[ 44.328265][ T354] ? kmem_cache_free+0x105/0x250
[ 44.333027][ T354] kasan_report_invalid_free+0x75/0xa0
[ 44.338330][ T354] ? kmem_cache_free+0x105/0x250
[ 44.343103][ T354] __kasan_slab_free+0x134/0x150
[ 44.347879][ T354] slab_free_freelist_hook+0x94/0x1a0
[ 44.353088][ T354] ? kfree_skbmem+0x95/0x140
[ 44.357686][ T354] kmem_cache_free+0x105/0x250
[ 44.362455][ T354] kfree_skbmem+0x95/0x140
[ 44.366707][ T354] consume_skb+0xab/0x1d0
[ 44.370884][ T354] __sk_msg_free+0x267/0x4e0
[ 44.375304][ T354] ? _raw_spin_unlock_irqrestore+0x4d/0x80
[ 44.381115][ T354] ? skb_dequeue+0x115/0x1a0
[ 44.385545][ T354] sk_psock_stop+0x3e4/0x600
[ 44.390145][ T354] ? __local_bh_enable_ip+0x28/0x60
[ 44.395278][ T354] ? xfrmi6_err+0x440/0x440
[ 44.400133][ T354] sock_map_close+0x253/0x310
[ 44.404669][ T354] ? sock_map_lookup+0x300/0x300
[ 44.409434][ T354] ? do_lock_file_wait+0x320/0x320
[ 44.414453][ T354] ? down_write_killable+0x2c0/0x2c0
[ 44.420099][ T354] unix_release+0x73/0xe0
[ 44.424346][ T354] __sock_release+0xc2/0x270
[ 44.430258][ T354] sock_close+0x10/0x20
[ 44.435036][ T354] __fput+0x317/0x960
[ 44.438849][ T354] ____fput+0x9/0x10
[ 44.442669][ T354] task_work_run+0xc2/0x150
[ 44.447008][ T354] exit_to_user_mode_prepare+0x140/0x150
[ 44.452565][ T354] syscall_exit_to_user_mode+0x21/0x40
[ 44.457856][ T354] do_syscall_64+0x42/0xb0
[ 44.462272][ T354] entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 44.468015][ T354] RIP: 0033:0x7f31b5b259da
[ 44.472266][ T354] Code: 48 3d 00 f0 ff ff 77 48 c3 0f 1f 80 00 00 00 00 48 83 ec 18 89 7c 24 0c e8 03 7f 02 00 8b 7c 24 0c 89 c2 b8 03 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 36 89 d7 89 44 24 0c e8 63 7f 02 00 8b 44 24
[ 44.492064][ T354] RSP: 002b:00007ffdbe193520 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[ 44.500300][ T354] RAX: 0000000000000000 RBX: 0000000000000004 RCX: 00007f31b5b259da
[ 44.508136][ T354] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003
[ 44.515926][ T354] RBP: 00007f31b5c47980 R08: 0000001b31460000 R09: 00007ffdbe1d4080
[ 44.523736][ T354] R10: 0000000000000000 R11: 0000000000000293 R12: 000000000000aece
[ 44.531571][ T354] R13: ffffffffffffffff R14: 00007f31b56aa000 R15: 000000000000ab8d
[ 44.539359][ T354]
[ 44.542234][ T354]
[ 44.544398][ T354] Allocated by task 355:
[ 44.548477][ T354] kasan_save_stack+0x26/0x50
[ 44.553766][ T354] __kasan_slab_alloc+0x94/0xc0
[ 44.558538][ T354] kmem_cache_alloc+0x197/0x480
[ 44.563223][ T354] skb_clone+0x131/0x310
[ 44.567315][ T354] sk_psock_verdict_recv+0x4a/0x9e0
[ 44.572337][ T354] unix_read_sock+0xd8/0x200
[ 44.576764][ T354] sk_psock_verdict_data_ready+0x104/0x170
[ 44.582405][ T354] unix_dgram_sendmsg+0xc13/0x16d0
[ 44.587360][ T354] __sock_sendmsg+0xb5/0xf0
[ 44.591693][ T354] ____sys_sendmsg+0x3f3/0x990
[ 44.596295][ T354] ___sys_sendmsg+0xfc/0x190
[ 44.600728][ T354] __sys_sendmmsg+0x160/0x340
[ 44.605406][ T354] __x64_sys_sendmmsg+0x98/0xf0
[ 44.610093][ T354] do_syscall_64+0x35/0xb0
[ 44.614432][ T354] entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 44.620165][ T354]
[ 44.622333][ T354] Freed by task 38:
[ 44.625975][ T354] kasan_save_stack+0x26/0x50
[ 44.630488][ T354] kasan_set_track+0x25/0x30
[ 44.634917][ T354] kasan_set_free_info+0x24/0x40
[ 44.639691][ T354] __kasan_slab_free+0x111/0x150
[ 44.644465][ T354] slab_free_freelist_hook+0x94/0x1a0
[ 44.649683][ T354] kmem_cache_free+0x105/0x250
[ 44.654618][ T354] kfree_skbmem+0x95/0x140
[ 44.658873][ T354] kfree_skb_reason+0xbb/0x2b0
[ 44.663487][ T354] kfree_skb+0xb/0x10
[ 44.667298][ T354] sk_psock_backlog+0x694/0xd00
[ 44.671977][ T354] process_one_work+0x62c/0xec0
[ 44.676777][ T354] worker_thread+0x48e/0xdb0
[ 44.681179][ T354] kthread+0x324/0x3e0
[ 44.685081][ T354] ret_from_fork+0x1f/0x30
[ 44.689339][ T354]
[ 44.691505][ T354] The buggy address belongs to the object at ffff8881234098c0
[ 44.691505][ T354] which belongs to the cache skbuff_head_cache of size 240
[ 44.706782][ T354] The buggy address is located 0 bytes inside of
[ 44.706782][ T354] 240-byte region [ffff8881234098c0, ffff8881234099b0)
[ 44.719715][ T354] The buggy address belongs to the page:
[ 44.725184][ T354] page:ffffea00048d0240 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x123409
[ 44.735247][ T354] flags: 0x4000000000000200(slab|zone=1)
[ 44.740723][ T354] raw: 4000000000000200 0000000000000000 dead000000000122 ffff8881002fb080
[ 44.749166][ T354] raw: 0000000000000000 00000000800c000c 00000001ffffffff 0000000000000000
[ 44.757734][ T354] page dumped because: kasan: bad access detected
[ 44.763983][ T354] page_owner tracks the page as allocated
[ 44.769620][ T354] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x112cc0(GFP_USER|__GFP_NOWARN|__GFP_NORETRY), pid 84, ts 43843682698, free_ts 0
[ 44.784376][ T354] prep_new_page+0x1a2/0x310
[ 44.788982][ T354] get_page_from_freelist+0x1ce2/0x30a0
[ 44.794361][ T354] __alloc_pages+0x23f/0x2400
[ 44.799040][ T354] allocate_slab+0x39d/0x530
[ 44.803469][ T354] ___slab_alloc.constprop.0+0x3ca/0x890
[ 44.808952][ T354] __slab_alloc.constprop.0+0x42/0x80
[ 44.814145][ T354] kmem_cache_alloc+0x440/0x480
[ 44.818836][ T354] __alloc_skb+0x14b/0x250
[ 44.823087][ T354] alloc_skb_with_frags+0x76/0x4a0
[ 44.828291][ T354] sock_alloc_send_pskb+0x68b/0x840
[ 44.833327][ T354] unix_dgram_sendmsg+0x33a/0x16d0
[ 44.838447][ T354] __sock_sendmsg+0xb5/0xf0
[ 44.842786][ T354] __sys_sendto+0x1e3/0x2f0
[ 44.847297][ T354] __x64_sys_sendto+0xdc/0x1a0
[ 44.851906][ T354] do_syscall_64+0x35/0xb0
[ 44.856154][ T354] entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 44.861882][ T354] page_owner free stack trace missing
[ 44.867090][ T354]
[ 44.869257][ T354] Memory state around the buggy address:
[ 44.874729][ T354] ffff888123409780: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 44.882623][ T354] ffff888123409800: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fc fc
[ 44.890524][ T354] >ffff888123409880: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
[ 44.898420][ T354] ^
[ 44.904412][ T354] ffff888123409900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 44.912488][ T354] ffff888123409980: fb fb fb fb fb fb fc fc fc fc fc fc fc fc fc fc
[ 44.920774][ T354] ==================================================================
[ 44.938311][ T358] FAULT_INJECTION: forcing a failure.
[ 44.938311][ T358] name failslab, interval 1, probability 0, space 0, times 0
[ 44.950912][ T358] CPU: 0 PID: 358 Comm: syz-executor.0 Tainted: G B 5.15.139-syzkaller #0
[ 44.961380][ T358] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/10/2023
[ 44.971651][ T358] Call Trace:
[ 44.974766][ T358]
[ 44.977589][ T358] dump_stack_lvl+0x38/0x49
[ 44.981872][ T358] dump_stack+0x10/0x12
[ 44.985941][ T358] should_fail.cold+0x5/0xa
[ 44.990400][ T358] ? skb_clone+0x131/0x310
[ 44.994658][ T358] __should_failslab+0xb6/0x100
[ 44.999339][ T358] should_failslab+0x9/0x20
[ 45.003810][ T358] kmem_cache_alloc+0x40/0x480
[ 45.008396][ T358] ? avc_has_perm_noaudit+0x200/0x200
[ 45.013610][ T358] skb_clone+0x131/0x310
[ 45.017901][ T358] sk_psock_verdict_recv+0x4a/0x9e0
[ 45.023111][ T358] unix_read_sock+0xd8/0x200
[ 45.027652][ T358] ? sk_psock_tls_strp_read+0x360/0x360
[ 45.033079][ T358] ? unix_compat_ioctl+0x10/0x10
[ 45.038026][ T358] sk_psock_verdict_data_ready+0x104/0x170
[ 45.043762][ T358] ? failover_event+0x330/0x330
[ 45.048444][ T358] ? _raw_spin_unlock_irqrestore+0x4d/0x80
[ 45.054258][ T358] ? skb_queue_tail+0xdc/0x150
[ 45.059143][ T358] unix_dgram_sendmsg+0xc13/0x16d0
[ 45.064068][ T358] ? unix_dgram_connect+0xc70/0xc70
[ 45.069111][ T358] ? unix_dgram_connect+0xc70/0xc70
[ 45.074135][ T358] __sock_sendmsg+0xb5/0xf0
[ 45.078475][ T358] ____sys_sendmsg+0x3f3/0x990
[ 45.083074][ T358] ? kernel_sendmsg+0x30/0x30
[ 45.087596][ T358] ? do_recvmmsg+0x5a0/0x5a0
[ 45.092014][ T358] ? __kasan_check_read+0x11/0x20
[ 45.096963][ T358] ___sys_sendmsg+0xfc/0x190
[ 45.101388][ T358] ? sendmsg_copy_msghdr+0x110/0x110
[ 45.106507][ T358] ? handle_pte_fault+0x1a2/0x2180
[ 45.111456][ T358] ? __handle_mm_fault+0x4aa/0x1380
[ 45.116493][ T358] ? do_filp_open+0x1ab/0x3f0
[ 45.123000][ T358] ? __pmd_alloc+0x330/0x330
[ 45.127424][ T358] ? __fdget+0xe/0x10
[ 45.131248][ T358] ? sockfd_lookup_light+0x1c/0x150
[ 45.136282][ T358] __sys_sendmmsg+0x160/0x340
[ 45.140825][ T358] ? __ia32_sys_sendmsg+0xb0/0xb0
[ 45.145652][ T358] ? branch_type+0x2e0/0x470
[ 45.150079][ T358] ? mutex_unlock+0x7e/0x240
[ 45.154503][ T358] ? mutex_trylock+0x260/0x260
[ 45.159190][ T358] ? vfs_write+0x2b2/0x8e0
[ 45.163445][ T358] ? __kasan_check_write+0x14/0x20
[ 45.168389][ T358] ? fput+0x17/0x30
[ 45.172066][ T358] ? __ia32_sys_read+0xa0/0xa0
[ 45.176634][ T358] ? debug_smp_processor_id+0x17/0x20
[ 45.181846][ T358] __x64_sys_sendmmsg+0x98/0xf0
[ 45.186535][ T358] ? syscall_exit_to_user_mode+0x2f/0x40
[ 45.191996][ T358] do_syscall_64+0x35/0xb0
[ 45.196261][ T358] entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 45.202072][ T358] RIP: 0033:0x7f31b5b26ae9
[ 45.206325][ T358] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[ 45.225846][ T358] RSP: 002b:00007f31b56a90c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 45.234107][ T358] RAX: ffffffffffffffda RBX: 00007f31b5c45f80 RCX: 00007f31b5b26ae9
[ 45.241905][ T358] RDX: 0000000000000001 RSI: 00000000200063c0 RDI: 0000000000000003
[ 45.249717][ T358] RBP: 00007f31b56a9120 R08: 0000000000000000 R09: 0000000000000000
[ 45.257614][ T358] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 45.265426][ T358] R13: 000000000000000b R14: 00007f31b5c45f80 R15: 00007ffdbe193458
[ 45.273238][ T358]
[ 45.284629][ T360] FAULT_INJECTION: forcing a failure.
[ 45.284629][ T360] name failslab, interval 1, probability 0, space 0, times 0
[ 45.297229][ T360] CPU: 1 PID: 360 Comm: syz-executor.0 Tainted: G B 5.15.139-syzkaller #0
[ 45.306943][ T360] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/10/2023
[ 45.316982][ T360] Call Trace:
[ 45.320141][ T360]
[ 45.322883][ T360] dump_stack_lvl+0x38/0x49
[ 45.327223][ T360] dump_stack+0x10/0x12
[ 45.331220][ T360] should_fail.cold+0x5/0xa
[ 45.335655][ T360] ? sk_psock_skb_ingress_self+0x52/0x3a0
[ 45.341628][ T360] __should_failslab+0xb6/0x100
[ 45.346621][ T360] should_failslab+0x9/0x20
[ 45.350957][ T360] kmem_cache_alloc_trace+0x3f/0x490
[ 45.356081][ T360] sk_psock_skb_ingress_self+0x52/0x3a0
[ 45.361638][ T360] sk_psock_verdict_recv+0x799/0x9e0
[ 45.366866][ T360] unix_read_sock+0xd8/0x200
[ 45.371626][ T360] ? sk_psock_tls_strp_read+0x360/0x360
[ 45.377297][ T360] ? unix_compat_ioctl+0x10/0x10
[ 45.382074][ T360] sk_psock_verdict_data_ready+0x104/0x170
[ 45.387859][ T360] ? failover_event+0x330/0x330
[ 45.392490][ T360] ? _raw_spin_unlock_irqrestore+0x4d/0x80
[ 45.398222][ T360] ? skb_queue_tail+0xdc/0x150
[ 45.402897][ T360] unix_dgram_sendmsg+0xc13/0x16d0
[ 45.407845][ T360] ? unix_dgram_connect+0xc70/0xc70
[ 45.412881][ T360] ? unix_dgram_connect+0xc70/0xc70
[ 45.418021][ T360] __sock_sendmsg+0xb5/0xf0
[ 45.422342][ T360] ____sys_sendmsg+0x3f3/0x990
[ 45.427088][ T360] ? kernel_sendmsg+0x30/0x30
[ 45.431604][ T360] ? do_recvmmsg+0x5a0/0x5a0
[ 45.436018][ T360] ? __kasan_check_read+0x11/0x20
[ 45.440968][ T360] ___sys_sendmsg+0xfc/0x190
[ 45.445426][ T360] ? sendmsg_copy_msghdr+0x110/0x110
[ 45.450518][ T360] ? handle_pte_fault+0x1a2/0x2180
[ 45.455547][ T360] ? __handle_mm_fault+0x4aa/0x1380
[ 45.460695][ T360] ? do_filp_open+0x1ab/0x3f0
[ 45.465207][ T360] ? __pmd_alloc+0x330/0x330
[ 45.469650][ T360] ? __fdget+0xe/0x10
[ 45.474212][ T360] ? sockfd_lookup_light+0x1c/0x150
[ 45.479240][ T360] __sys_sendmmsg+0x160/0x340
[ 45.483755][ T360] ? __ia32_sys_sendmsg+0xb0/0xb0
[ 45.488613][ T360] ? branch_type+0x2e0/0x470
[ 45.493044][ T360] ? mutex_unlock+0x7e/0x240
[ 45.497474][ T360] ? mutex_trylock+0x260/0x260
[ 45.502074][ T360] ? vfs_write+0x2b2/0x8e0
[ 45.506323][ T360] ? __kasan_check_write+0x14/0x20
[ 45.511288][ T360] ? fput+0x17/0x30
[ 45.514912][ T360] ? __ia32_sys_read+0xa0/0xa0
[ 45.519514][ T360] ? debug_smp_processor_id+0x17/0x20
[ 45.524935][ T360] __x64_sys_sendmmsg+0x98/0xf0
[ 45.529816][ T360] ? syscall_exit_to_user_mode+0x2f/0x40
[ 45.535284][ T360] do_syscall_64+0x35/0xb0
[ 45.539533][ T360] entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 45.545267][ T360] RIP: 0033:0x7f31b5b26ae9
[ 45.549639][ T360] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[ 45.569339][ T360] RSP: 002b:00007f31b56a90c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 45.577583][ T360] RAX: ffffffffffffffda RBX: 00007f31b5c45f80 RCX: 00007f31b5b26ae9
[ 45.585390][ T360] RDX: 0000000000000001 RSI: 00000000200063c0 RDI: 0000000000000003
[ 45.593206][ T360] RBP: 00007f31b56a9120 R08: 0000000000000000 R09: 0000000000000000
[ 45.601019][ T360] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 45.608916][ T360] R13: 000000000000000b R14: 00007f31b5c45f80 R15: 00007ffdbe193458
[ 45.617256][ T360]
[ 45.622521][ T359] ==================================================================
[ 45.630409][ T359] BUG: KASAN: double-free or invalid-free in kmem_cache_free+0x105/0x250
[ 45.638630][ T359]
[ 45.640801][ T359] CPU: 1 PID: 359 Comm: syz-executor.0 Tainted: G B 5.15.139-syzkaller #0
[ 45.650432][ T359] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/10/2023
[ 45.660532][ T359] Call Trace:
[ 45.663653][ T359]
[ 45.666421][ T359] dump_stack_lvl+0x38/0x49
[ 45.670766][ T359] print_address_description.constprop.0+0x24/0x160
[ 45.677487][ T359] ? kmem_cache_free+0x105/0x250
[ 45.682258][ T359] kasan_report_invalid_free+0x75/0xa0
[ 45.687561][ T359] ? kmem_cache_free+0x105/0x250
[ 45.692322][ T359] __kasan_slab_free+0x134/0x150
[ 45.697097][ T359] slab_free_freelist_hook+0x94/0x1a0
[ 45.702302][ T359] ? kfree_skbmem+0x95/0x140
[ 45.706736][ T359] kmem_cache_free+0x105/0x250
[ 45.711331][ T359] kfree_skbmem+0x95/0x140
[ 45.715583][ T359] consume_skb+0xab/0x1d0
[ 45.719760][ T359] __sk_msg_free+0x267/0x4e0
[ 45.724290][ T359] ? _raw_spin_unlock_irqrestore+0x4d/0x80
[ 45.729934][ T359] ? skb_dequeue+0x115/0x1a0
[ 45.734475][ T359] sk_psock_stop+0x3e4/0x600
[ 45.738902][ T359] ? __local_bh_enable_ip+0x28/0x60
[ 45.744078][ T359] ? xfrmi6_err+0x440/0x440
[ 45.748530][ T359] sock_map_close+0x253/0x310
[ 45.753061][ T359] ? sock_map_lookup+0x300/0x300
[ 45.757818][ T359] ? do_lock_file_wait+0x320/0x320
[ 45.762769][ T359] ? down_write_killable+0x2c0/0x2c0
[ 45.767881][ T359] unix_release+0x73/0xe0
[ 45.772418][ T359] __sock_release+0xc2/0x270
[ 45.777126][ T359] sock_close+0x10/0x20
[ 45.781116][ T359] __fput+0x317/0x960
[ 45.784933][ T359] ____fput+0x9/0x10
[ 45.788702][ T359] task_work_run+0xc2/0x150
[ 45.793026][ T359] exit_to_user_mode_prepare+0x140/0x150
[ 45.798469][ T359] syscall_exit_to_user_mode+0x21/0x40
[ 45.804066][ T359] do_syscall_64+0x42/0xb0
[ 45.808304][ T359] entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 45.814034][ T359] RIP: 0033:0x7f31b5b259da
[ 45.818649][ T359] Code: 48 3d 00 f0 ff ff 77 48 c3 0f 1f 80 00 00 00 00 48 83 ec 18 89 7c 24 0c e8 03 7f 02 00 8b 7c 24 0c 89 c2 b8 03 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 36 89 d7 89 44 24 0c e8 63 7f 02 00 8b 44 24
[ 45.838353][ T359] RSP: 002b:00007ffdbe193520 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[ 45.846685][ T359] RAX: 0000000000000000 RBX: 0000000000000004 RCX: 00007f31b5b259da
[ 45.854621][ T359] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003
[ 45.862686][ T359] RBP: 00007f31b5c47980 R08: 0000001b31460000 R09: 00007ffdbe1d4080
[ 45.870498][ T359] R10: 0000000000000000 R11: 0000000000000293 R12: 000000000000b410
[ 45.878391][ T359] R13: ffffffffffffffff R14: 00007f31b56aa000 R15: 000000000000b0cf
[ 45.886412][ T359]
[ 45.889361][ T359]
[ 45.891531][ T359] Allocated by task 360:
[ 45.896592][ T359] kasan_save_stack+0x26/0x50
[ 45.901175][ T359] __kasan_slab_alloc+0x94/0xc0
[ 45.905866][ T359] kmem_cache_alloc+0x197/0x480
[ 45.910552][ T359] skb_clone+0x131/0x310
[ 45.915168][ T359] sk_psock_verdict_recv+0x4a/0x9e0
[ 45.920231][ T359] unix_read_sock+0xd8/0x200
[ 45.924659][ T359] sk_psock_verdict_data_ready+0x104/0x170
[ 45.930328][ T359] unix_dgram_sendmsg+0xc13/0x16d0
[ 45.935236][ T359] __sock_sendmsg+0xb5/0xf0
[ 45.939583][ T359] ____sys_sendmsg+0x3f3/0x990
[ 45.944171][ T359] ___sys_sendmsg+0xfc/0x190
[ 45.948599][ T359] __sys_sendmmsg+0x160/0x340
[ 45.953207][ T359] __x64_sys_sendmmsg+0x98/0xf0
[ 45.957908][ T359] do_syscall_64+0x35/0xb0
[ 45.962147][ T359] entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 45.967889][ T359]
[ 45.970060][ T359] Freed by task 293:
[ 45.973801][ T359] kasan_save_stack+0x26/0x50
[ 45.978289][ T359] kasan_set_track+0x25/0x30
[ 45.982758][ T359] kasan_set_free_info+0x24/0x40
[ 45.987490][ T359] __kasan_slab_free+0x111/0x150
[ 45.992267][ T359] slab_free_freelist_hook+0x94/0x1a0
[ 45.997560][ T359] kmem_cache_free+0x105/0x250
[ 46.002162][ T359] kfree_skbmem+0x95/0x140
[ 46.006421][ T359] kfree_skb_reason+0xbb/0x2b0
[ 46.011029][ T359] kfree_skb+0xb/0x10
[ 46.014849][ T359] sk_psock_backlog+0x694/0xd00
[ 46.019642][ T359] process_one_work+0x62c/0xec0
[ 46.024514][ T359] worker_thread+0x48e/0xdb0
[ 46.028955][ T359] kthread+0x324/0x3e0
[ 46.033118][ T359] ret_from_fork+0x1f/0x30
[ 46.037461][ T359]
[ 46.039633][ T359] The buggy address belongs to the object at ffff888104f89500
[ 46.039633][ T359] which belongs to the cache skbuff_head_cache of size 240
[ 46.054931][ T359] The buggy address is located 0 bytes inside of
[ 46.054931][ T359] 240-byte region [ffff888104f89500, ffff888104f895f0)
[ 46.067844][ T359] The buggy address belongs to the page:
[ 46.073310][ T359] page:ffffea000413e240 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104f89
[ 46.083375][ T359] flags: 0x4000000000000200(slab|zone=1)
[ 46.088935][ T359] raw: 4000000000000200 0000000000000000 dead000000000122 ffff8881002fb080
[ 46.097463][ T359] raw: 0000000000000000 00000000800c000c 00000001ffffffff 0000000000000000
[ 46.105865][ T359] page dumped because: kasan: bad access detected
[ 46.112103][ T359] page_owner tracks the page as allocated
[ 46.117657][ T359] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x112cc0(GFP_USER|__GFP_NOWARN|__GFP_NORETRY), pid 84, ts 45276549294, free_ts 44931106740
[ 46.133290][ T359] prep_new_page+0x1a2/0x310
[ 46.137747][ T359] get_page_from_freelist+0x1ce2/0x30a0
[ 46.143088][ T359] __alloc_pages+0x23f/0x2400
[ 46.147604][ T359] allocate_slab+0x39d/0x530
[ 46.152028][ T359] ___slab_alloc.constprop.0+0x3ca/0x890
[ 46.157496][ T359] __slab_alloc.constprop.0+0x42/0x80
[ 46.162792][ T359] kmem_cache_alloc+0x440/0x480
[ 46.167566][ T359] __alloc_skb+0x14b/0x250
[ 46.171816][ T359] alloc_skb_with_frags+0x76/0x4a0
[ 46.176763][ T359] sock_alloc_send_pskb+0x68b/0x840
[ 46.181798][ T359] unix_dgram_sendmsg+0x33a/0x16d0
[ 46.186746][ T359] __sock_sendmsg+0xb5/0xf0
[ 46.191091][ T359] __sys_sendto+0x1e3/0x2f0
[ 46.195424][ T359] __x64_sys_sendto+0xdc/0x1a0
[ 46.200025][ T359] do_syscall_64+0x35/0xb0
[ 46.204275][ T359] entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 46.210019][ T359] page last free stack trace:
[ 46.214516][ T359] free_pcp_prepare+0x1b6/0x4c0
[ 46.219212][ T359] free_unref_page+0x84/0x760
[ 46.223717][ T359] __free_pages+0xd7/0xf0
[ 46.227887][ T359] __free_slab+0xdb/0x1c0
[ 46.232055][ T359] discard_slab+0x2b/0x40
[ 46.236214][ T359] __unfreeze_partials+0x1e2/0x230
[ 46.241166][ T359] put_cpu_partial+0x96/0xb0
[ 46.245599][ T359] __slab_free+0x21e/0x4d0
[ 46.249847][ T359] ___cache_free+0x1ee/0x230
[ 46.254269][ T359] qlist_free_all+0x6e/0x150
[ 46.258703][ T359] kasan_quarantine_reduce+0x15f/0x1c0
[ 46.263995][ T359] __kasan_slab_alloc+0xaa/0xc0
[ 46.268761][ T359] kmem_cache_alloc+0x197/0x480
[ 46.273451][ T359] __alloc_skb+0x14b/0x250
[ 46.277700][ T359] alloc_skb_with_frags+0x76/0x4a0
[ 46.282650][ T359] sock_alloc_send_pskb+0x68b/0x840
[ 46.287771][ T359]
[ 46.290028][ T359] Memory state around the buggy address:
[ 46.295497][ T359] ffff888104f89400: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 46.303411][ T359] ffff888104f89480: fb fb fb fb fb fb fc fc fc fc fc fc fc fc fc fc
[ 46.311294][ T359] >ffff888104f89500: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 46.319189][ T359] ^
[ 46.323444][ T359] ffff888104f89580: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fc fc
[ 46.332211][ T359] ffff888104f89600: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
[ 46.340106][ T359] ==================================================================
[ 46.360157][ T363] FAULT_INJECTION: forcing a failure.
[ 46.360157][ T363] name failslab, interval 1, probability 0, space 0, times 0
[ 46.372964][ T363] CPU: 1 PID: 363 Comm: syz-executor.0 Tainted: G B 5.15.139-syzkaller #0
[ 46.382542][ T363] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/10/2023
[ 46.392458][ T363] Call Trace:
[ 46.395549][ T363]
[ 46.398324][ T363] dump_stack_lvl+0x38/0x49
[ 46.402678][ T363] dump_stack+0x10/0x12
[ 46.406657][ T363] should_fail.cold+0x5/0xa
[ 46.411118][ T363] ? skb_clone+0x131/0x310
[ 46.415514][ T363] __should_failslab+0xb6/0x100
[ 46.420189][ T363] should_failslab+0x9/0x20
[ 46.424539][ T363] kmem_cache_alloc+0x40/0x480
[ 46.429125][ T363] ? avc_has_perm_noaudit+0x200/0x200
[ 46.434340][ T363] skb_clone+0x131/0x310
[ 46.438419][ T363] sk_psock_verdict_recv+0x4a/0x9e0
[ 46.443542][ T363] unix_read_sock+0xd8/0x200
[ 46.448651][ T363] ? sk_psock_tls_strp_read+0x360/0x360
[ 46.454051][ T363] ? unix_compat_ioctl+0x10/0x10
[ 46.458815][ T363] sk_psock_verdict_data_ready+0x104/0x170
[ 46.464458][ T363] ? failover_event+0x330/0x330
[ 46.469234][ T363] ? _raw_spin_unlock_irqrestore+0x4d/0x80
[ 46.475067][ T363] ? skb_queue_tail+0xdc/0x150
[ 46.479602][ T363] unix_dgram_sendmsg+0xc13/0x16d0
[ 46.484616][ T363] ? unix_dgram_connect+0xc70/0xc70
[ 46.489651][ T363] ? unix_dgram_connect+0xc70/0xc70
[ 46.494681][ T363] __sock_sendmsg+0xb5/0xf0
[ 46.499028][ T363] ____sys_sendmsg+0x3f3/0x990
[ 46.503637][ T363] ? kernel_sendmsg+0x30/0x30
[ 46.508138][ T363] ? do_recvmmsg+0x5a0/0x5a0
[ 46.512570][ T363] ? __kasan_check_read+0x11/0x20
[ 46.517425][ T363] ___sys_sendmsg+0xfc/0x190
[ 46.521856][ T363] ? sendmsg_copy_msghdr+0x110/0x110
[ 46.526980][ T363] ? handle_pte_fault+0x1a2/0x2180
[ 46.531935][ T363] ? __handle_mm_fault+0x4aa/0x1380
[ 46.536953][ T363] ? do_filp_open+0x1ab/0x3f0
[ 46.541467][ T363] ? __pmd_alloc+0x330/0x330
[ 46.545891][ T363] ? __fdget+0xe/0x10
[ 46.549716][ T363] ? sockfd_lookup_light+0x1c/0x150
[ 46.554830][ T363] __sys_sendmmsg+0x160/0x340
[ 46.559343][ T363] ? __ia32_sys_sendmsg+0xb0/0xb0
[ 46.564201][ T363] ? branch_type+0x2e0/0x470
[ 46.568724][ T363] ? mutex_unlock+0x7e/0x240
[ 46.573258][ T363] ? mutex_trylock+0x260/0x260
[ 46.577837][ T363] ? vfs_write+0x2b2/0x8e0
[ 46.582178][ T363] ? __kasan_check_write+0x14/0x20
[ 46.587124][ T363] ? fput+0x17/0x30
[ 46.590772][ T363] ? __ia32_sys_read+0xa0/0xa0
[ 46.595369][ T363] ? debug_smp_processor_id+0x17/0x20
[ 46.601564][ T363] __x64_sys_sendmmsg+0x98/0xf0
[ 46.606243][ T363] ? syscall_exit_to_user_mode+0x2f/0x40
[ 46.611712][ T363] do_syscall_64+0x35/0xb0
[ 46.615963][ T363] entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 46.621699][ T363] RIP: 0033:0x7f31b5b26ae9
[ 46.625952][ T363] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[ 46.645398][ T363] RSP: 002b:00007f31b56a90c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 46.653632][ T363] RAX: ffffffffffffffda RBX: 00007f31b5c45f80 RCX: 00007f31b5b26ae9
2023/12/12 22:10:52 executed programs: 5
[ 46.661448][ T363] RDX: 0000000000000001 RSI: 00000000200063c0 RDI: 0000000000000003
[ 46.669257][ T363] RBP: 00007f31b56a9120 R08: 0000000000000000 R09: 0000000000000000
[ 46.677159][ T363] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 46.684983][ T363] R13: 000000000000000b R14: 00007f31b5c45f80 R15: 00007ffdbe193458
[ 46.692783][ T363]
[ 46.741554][ T365] FAULT_INJECTION: forcing a failure.
[ 46.741554][ T365] name failslab, interval 1, probability 0, space 0, times 0
[ 46.754052][ T365] CPU: 1 PID: 365 Comm: syz-executor.0 Tainted: G B 5.15.139-syzkaller #0
[ 46.763567][ T365] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/10/2023
[ 46.773547][ T365] Call Trace:
[ 46.776671][ T365]
[ 46.779561][ T365] dump_stack_lvl+0x38/0x49
[ 46.785546][ T365] dump_stack+0x10/0x12
[ 46.790572][ T365] should_fail.cold+0x5/0xa
[ 46.794997][ T365] ? sk_psock_skb_ingress_self+0x52/0x3a0
[ 46.800562][ T365] __should_failslab+0xb6/0x100
[ 46.805335][ T365] should_failslab+0x9/0x20
[ 46.809666][ T365] kmem_cache_alloc_trace+0x3f/0x490
[ 46.814791][ T365] sk_psock_skb_ingress_self+0x52/0x3a0
[ 46.820171][ T365] sk_psock_verdict_recv+0x799/0x9e0
[ 46.825387][ T365] unix_read_sock+0xd8/0x200
[ 46.829806][ T365] ? sk_psock_tls_strp_read+0x360/0x360
[ 46.835625][ T365] ? unix_compat_ioctl+0x10/0x10
[ 46.840395][ T365] sk_psock_verdict_data_ready+0x104/0x170
[ 46.846031][ T365] ? failover_event+0x330/0x330
[ 46.850732][ T365] ? _raw_spin_unlock_irqrestore+0x4d/0x80
[ 46.856370][ T365] ? skb_queue_tail+0xdc/0x150
[ 46.860963][ T365] unix_dgram_sendmsg+0xc13/0x16d0
[ 46.866173][ T365] ? unix_dgram_connect+0xc70/0xc70
[ 46.871311][ T365] ? unix_dgram_connect+0xc70/0xc70
[ 46.876340][ T365] __sock_sendmsg+0xb5/0xf0
[ 46.880667][ T365] ____sys_sendmsg+0x3f3/0x990
[ 46.885278][ T365] ? kernel_sendmsg+0x30/0x30
[ 46.889782][ T365] ? do_recvmmsg+0x5a0/0x5a0
[ 46.894206][ T365] ? __kasan_check_read+0x11/0x20
[ 46.899169][ T365] ___sys_sendmsg+0xfc/0x190
[ 46.903605][ T365] ? sendmsg_copy_msghdr+0x110/0x110
[ 46.908718][ T365] ? handle_pte_fault+0x1a2/0x2180
[ 46.913665][ T365] ? __handle_mm_fault+0x4aa/0x1380
[ 46.918696][ T365] ? do_filp_open+0x1ab/0x3f0
[ 46.923302][ T365] ? __pmd_alloc+0x330/0x330
[ 46.927735][ T365] ? __fdget+0xe/0x10
[ 46.931548][ T365] ? sockfd_lookup_light+0x1c/0x150
[ 46.936612][ T365] __sys_sendmmsg+0x160/0x340
[ 46.941088][ T365] ? __ia32_sys_sendmsg+0xb0/0xb0
[ 46.945951][ T365] ? branch_type+0x2e0/0x470
[ 46.950407][ T365] ? mutex_unlock+0x7e/0x240
[ 46.954893][ T365] ? mutex_trylock+0x260/0x260
[ 46.959502][ T365] ? vfs_write+0x2b2/0x8e0
[ 46.963745][ T365] ? __kasan_check_write+0x14/0x20
[ 46.969147][ T365] ? fput+0x17/0x30
[ 46.972810][ T365] ? __ia32_sys_read+0xa0/0xa0
[ 46.977381][ T365] ? debug_smp_processor_id+0x17/0x20
[ 46.982598][ T365] __x64_sys_sendmmsg+0x98/0xf0
[ 46.987295][ T365] ? syscall_exit_to_user_mode+0x2f/0x40
[ 46.992834][ T365] do_syscall_64+0x35/0xb0
[ 46.997085][ T365] entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 47.002812][ T365] RIP: 0033:0x7f31b5b26ae9
[ 47.007065][ T365] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[ 47.026890][ T365] RSP: 002b:00007f31b56a90c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 47.035147][ T365] RAX: ffffffffffffffda RBX: 00007f31b5c45f80 RCX: 00007f31b5b26ae9
[ 47.042944][ T365] RDX: 0000000000000001 RSI: 00000000200063c0 RDI: 0000000000000003
[ 47.050762][ T365] RBP: 00007f31b56a9120 R08: 0000000000000000 R09: 0000000000000000
[ 47.058656][ T365] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 47.066736][ T365] R13: 000000000000000b R14: 00007f31b5c45f80 R15: 00007ffdbe193458
[ 47.074634][ T365]
[ 47.078715][ T364] ==================================================================
[ 47.086949][ T364] BUG: KASAN: double-free or invalid-free in kmem_cache_free+0x105/0x250
[ 47.095319][ T364]
[ 47.097571][ T364] CPU: 0 PID: 364 Comm: syz-executor.0 Tainted: G B 5.15.139-syzkaller #0
[ 47.107290][ T364] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/10/2023
[ 47.117409][ T364] Call Trace:
[ 47.120596][ T364]
[ 47.123369][ T364] dump_stack_lvl+0x38/0x49
[ 47.127708][ T364] print_address_description.constprop.0+0x24/0x160
[ 47.134128][ T364] ? kmem_cache_free+0x105/0x250
[ 47.138911][ T364] kasan_report_invalid_free+0x75/0xa0
[ 47.144201][ T364] ? kmem_cache_free+0x105/0x250
[ 47.148973][ T364] __kasan_slab_free+0x134/0x150
[ 47.153848][ T364] slab_free_freelist_hook+0x94/0x1a0
[ 47.159157][ T364] ? kfree_skbmem+0x95/0x140
[ 47.163672][ T364] kmem_cache_free+0x105/0x250
[ 47.168273][ T364] kfree_skbmem+0x95/0x140
[ 47.172525][ T364] consume_skb+0xab/0x1d0
[ 47.176701][ T364] __sk_msg_free+0x267/0x4e0
[ 47.181115][ T364] ? _raw_spin_unlock_irqrestore+0x4d/0x80
[ 47.186760][ T364] ? skb_dequeue+0x115/0x1a0
[ 47.191189][ T364] sk_psock_stop+0x3e4/0x600
[ 47.195634][ T364] ? __local_bh_enable_ip+0x28/0x60
[ 47.200655][ T364] ? xfrmi6_err+0x440/0x440
[ 47.204986][ T364] sock_map_close+0x253/0x310
[ 47.209498][ T364] ? sock_map_lookup+0x300/0x300
[ 47.214272][ T364] ? do_lock_file_wait+0x320/0x320
[ 47.219226][ T364] ? down_write_killable+0x2c0/0x2c0
[ 47.224340][ T364] unix_release+0x73/0xe0
[ 47.228512][ T364] __sock_release+0xc2/0x270
[ 47.232933][ T364] sock_close+0x10/0x20
[ 47.236924][ T364] __fput+0x317/0x960
[ 47.240745][ T364] ____fput+0x9/0x10
[ 47.244477][ T364] task_work_run+0xc2/0x150
[ 47.248927][ T364] exit_to_user_mode_prepare+0x140/0x150
[ 47.254370][ T364] syscall_exit_to_user_mode+0x21/0x40
[ 47.259670][ T364] do_syscall_64+0x42/0xb0
[ 47.264006][ T364] entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 47.269741][ T364] RIP: 0033:0x7f31b5b259da
[ 47.274077][ T364] Code: 48 3d 00 f0 ff ff 77 48 c3 0f 1f 80 00 00 00 00 48 83 ec 18 89 7c 24 0c e8 03 7f 02 00 8b 7c 24 0c 89 c2 b8 03 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 36 89 d7 89 44 24 0c e8 63 7f 02 00 8b 44 24
[ 47.293600][ T364] RSP: 002b:00007ffdbe193520 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[ 47.301867][ T364] RAX: 0000000000000000 RBX: 0000000000000004 RCX: 00007f31b5b259da
[ 47.309752][ T364] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003
[ 47.318255][ T364] RBP: 00007f31b5c47980 R08: 0000001b31460000 R09: 00007ffdbe1d4080
[ 47.326067][ T364] R10: 0000000000000000 R11: 0000000000000293 R12: 000000000000b9c2
[ 47.333879][ T364] R13: ffffffffffffffff R14: 00007f31b56aa000 R15: 000000000000b681
[ 47.341703][ T364]
[ 47.344642][ T364]
[ 47.346816][ T364] Allocated by task 365:
[ 47.350893][ T364] kasan_save_stack+0x26/0x50
[ 47.355404][ T364] __kasan_slab_alloc+0x94/0xc0
[ 47.360093][ T364] kmem_cache_alloc+0x197/0x480
[ 47.364779][ T364] skb_clone+0x131/0x310
[ 47.368859][ T364] sk_psock_verdict_recv+0x4a/0x9e0
[ 47.373979][ T364] unix_read_sock+0xd8/0x200
[ 47.378490][ T364] sk_psock_verdict_data_ready+0x104/0x170
[ 47.384133][ T364] unix_dgram_sendmsg+0xc13/0x16d0
[ 47.389081][ T364] __sock_sendmsg+0xb5/0xf0
[ 47.393439][ T364] ____sys_sendmsg+0x3f3/0x990
[ 47.398018][ T364] ___sys_sendmsg+0xfc/0x190
[ 47.402460][ T364] __sys_sendmmsg+0x160/0x340
[ 47.407305][ T364] __x64_sys_sendmmsg+0x98/0xf0
[ 47.412002][ T364] do_syscall_64+0x35/0xb0
[ 47.416248][ T364] entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 47.421976][ T364]
[ 47.424144][ T364] Freed by task 25:
[ 47.427793][ T364] kasan_save_stack+0x26/0x50
[ 47.432302][ T364] kasan_set_track+0x25/0x30
[ 47.436731][ T364] kasan_set_free_info+0x24/0x40
[ 47.441504][ T364] __kasan_slab_free+0x111/0x150
[ 47.446277][ T364] slab_free_freelist_hook+0x94/0x1a0
[ 47.451485][ T364] kmem_cache_free+0x105/0x250
[ 47.456438][ T364] kfree_skbmem+0x95/0x140
[ 47.460687][ T364] kfree_skb_reason+0xbb/0x2b0
[ 47.465285][ T364] kfree_skb+0xb/0x10
[ 47.469283][ T364] sk_psock_backlog+0x694/0xd00
[ 47.473974][ T364] process_one_work+0x62c/0xec0
[ 47.478670][ T364] worker_thread+0x48e/0xdb0
[ 47.483077][ T364] kthread+0x324/0x3e0
[ 47.486985][ T364] ret_from_fork+0x1f/0x30
[ 47.491237][ T364]
[ 47.493414][ T364] The buggy address belongs to the object at ffff888123623dc0
[ 47.493414][ T364] which belongs to the cache skbuff_head_cache of size 240
[ 47.507815][ T364] The buggy address is located 0 bytes inside of
[ 47.507815][ T364] 240-byte region [ffff888123623dc0, ffff888123623eb0)
[ 47.520755][ T364] The buggy address belongs to the page:
[ 47.526225][ T364] page:ffffea00048d88c0 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x123623
[ 47.536322][ T364] flags: 0x4000000000000200(slab|zone=1)
[ 47.541752][ T364] raw: 4000000000000200 0000000000000000 dead000000000122 ffff8881002fb080
[ 47.550475][ T364] raw: 0000000000000000 00000000800c000c 00000001ffffffff 0000000000000000
[ 47.558882][ T364] page dumped because: kasan: bad access detected
[ 47.565111][ T364] page_owner tracks the page as allocated
[ 47.570673][ T364] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x112cc0(GFP_USER|__GFP_NOWARN|__GFP_NORETRY), pid 84, ts 46697386335, free_ts 0
[ 47.585423][ T364] prep_new_page+0x1a2/0x310
[ 47.590018][ T364] get_page_from_freelist+0x1ce2/0x30a0
[ 47.595407][ T364] __alloc_pages+0x23f/0x2400
[ 47.599915][ T364] allocate_slab+0x39d/0x530
[ 47.604344][ T364] ___slab_alloc.constprop.0+0x3ca/0x890
[ 47.609807][ T364] __slab_alloc.constprop.0+0x42/0x80
[ 47.615021][ T364] kmem_cache_alloc+0x440/0x480
[ 47.619705][ T364] __alloc_skb+0x14b/0x250
[ 47.623957][ T364] alloc_skb_with_frags+0x76/0x4a0
[ 47.628989][ T364] sock_alloc_send_pskb+0x68b/0x840
[ 47.634026][ T364] unix_dgram_sendmsg+0x33a/0x16d0
[ 47.639063][ T364] __sock_sendmsg+0xb5/0xf0
[ 47.643581][ T364] __sys_sendto+0x1e3/0x2f0
[ 47.648004][ T364] __x64_sys_sendto+0xdc/0x1a0
[ 47.652604][ T364] do_syscall_64+0x35/0xb0
[ 47.656865][ T364] entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 47.662674][ T364] page_owner free stack trace missing
[ 47.667882][ T364]
[ 47.670138][ T364] Memory state around the buggy address:
[ 47.675708][ T364] ffff888123623c80: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 47.683594][ T364] ffff888123623d00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fc fc
[ 47.691753][ T364] >ffff888123623d80: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
[ 47.699659][ T364] ^
[ 47.705900][ T364] ffff888123623e00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 47.714502][ T364] ffff888123623e80: fb fb fb fb fb fb fc fc fc fc fc fc fc fc fc fc
[ 47.722750][ T364] ==================================================================
[ 47.737967][ T29] kauditd_printk_skb: 3 callbacks suppressed
[ 47.737975][ T29] audit: type=1400 audit(1702419053.333:167): avc: denied { remove_name } for pid=77 comm="syslogd" name="messages" dev="tmpfs" ino=2 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[ 47.744559][ T368] FAULT_INJECTION: forcing a failure.
[ 47.744559][ T368] name failslab, interval 1, probability 0, space 0, times 0
[ 47.768799][ T29] audit: type=1400 audit(1702419053.363:168): avc: denied { rename } for pid=77 comm="syslogd" name="messages" dev="tmpfs" ino=2 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[ 47.788926][ T368] CPU: 1 PID: 368 Comm: syz-executor.0 Tainted: G B 5.15.139-syzkaller #0
[ 47.800629][ T29] audit: type=1400 audit(1702419053.363:169): avc: denied { create } for pid=77 comm="syslogd" name="messages" scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[ 47.809993][ T368] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/10/2023
[ 47.809998][ T368] Call Trace:
[ 47.810001][ T368]
[ 47.810004][ T368] dump_stack_lvl+0x38/0x49
[ 47.810016][ T368] dump_stack+0x10/0x12
[ 47.855652][ T368] should_fail.cold+0x5/0xa
[ 47.859969][ T368] ? sk_psock_skb_ingress_self+0x52/0x3a0
[ 47.865522][ T368] __should_failslab+0xb6/0x100
[ 47.870221][ T368] should_failslab+0x9/0x20
[ 47.874728][ T368] kmem_cache_alloc_trace+0x3f/0x490
[ 47.879858][ T368] sk_psock_skb_ingress_self+0x52/0x3a0
[ 47.885366][ T368] sk_psock_verdict_recv+0x799/0x9e0
[ 47.890459][ T368] unix_read_sock+0xd8/0x200
[ 47.894991][ T368] ? sk_psock_tls_strp_read+0x360/0x360
[ 47.900348][ T368] ? unix_compat_ioctl+0x10/0x10
[ 47.905216][ T368] sk_psock_verdict_data_ready+0x104/0x170
[ 47.911054][ T368] ? failover_event+0x330/0x330
[ 47.915935][ T368] ? _raw_spin_unlock_irqrestore+0x4d/0x80
[ 47.921553][ T368] ? skb_queue_tail+0xdc/0x150
[ 47.926153][ T368] unix_dgram_sendmsg+0xc13/0x16d0
[ 47.931110][ T368] ? unix_dgram_connect+0xc70/0xc70
[ 47.936222][ T368] ? unix_dgram_connect+0xc70/0xc70
[ 47.941258][ T368] __sock_sendmsg+0xb5/0xf0
[ 47.945598][ T368] ____sys_sendmsg+0x3f3/0x990
[ 47.950219][ T368] ? kernel_sendmsg+0x30/0x30
[ 47.954707][ T368] ? do_recvmmsg+0x5a0/0x5a0
[ 47.959234][ T368] ? __kasan_check_read+0x11/0x20
[ 47.964348][ T368] ___sys_sendmsg+0xfc/0x190
[ 47.968769][ T368] ? sendmsg_copy_msghdr+0x110/0x110
[ 47.973889][ T368] ? handle_pte_fault+0x1a2/0x2180
[ 47.978843][ T368] ? __handle_mm_fault+0x4aa/0x1380
[ 47.984047][ T368] ? do_filp_open+0x1ab/0x3f0
[ 47.988676][ T368] ? __pmd_alloc+0x330/0x330
[ 47.993095][ T368] ? __fdget+0xe/0x10
[ 47.996911][ T368] ? sockfd_lookup_light+0x1c/0x150
[ 48.002375][ T368] __sys_sendmmsg+0x160/0x340
[ 48.006856][ T368] ? __ia32_sys_sendmsg+0xb0/0xb0
[ 48.011717][ T368] ? branch_type+0x2e0/0x470
[ 48.016142][ T368] ? mutex_unlock+0x7e/0x240
[ 48.020568][ T368] ? mutex_trylock+0x260/0x260
[ 48.025167][ T368] ? vfs_write+0x2b2/0x8e0
[ 48.029424][ T368] ? __kasan_check_write+0x14/0x20
[ 48.034390][ T368] ? fput+0x17/0x30
[ 48.038018][ T368] ? __ia32_sys_read+0xa0/0xa0
[ 48.042635][ T368] ? debug_smp_processor_id+0x17/0x20
[ 48.047852][ T368] __x64_sys_sendmmsg+0x98/0xf0
[ 48.052604][ T368] ? syscall_exit_to_user_mode+0x2f/0x40
[ 48.058063][ T368] do_syscall_64+0x35/0xb0
[ 48.062340][ T368] entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 48.068129][ T368] RIP: 0033:0x7f31b5b26ae9
[ 48.072559][ T368] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[ 48.092227][ T368] RSP: 002b:00007f31b56a90c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 48.100476][ T368] RAX: ffffffffffffffda RBX: 00007f31b5c45f80 RCX: 00007f31b5b26ae9
[ 48.108384][ T368] RDX: 0000000000000001 RSI: 00000000200063c0 RDI: 0000000000000003
[ 48.116282][ T368] RBP: 00007f31b56a9120 R08: 0000000000000000 R09: 0000000000000000
[ 48.124087][ T368] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 48.131907][ T368] R13: 000000000000000b R14: 00007f31b5c45f80 R15: 00007ffdbe193458
[ 48.139827][ T368]
[ 48.144374][ T367] ==================================================================
[ 48.152321][ T367] BUG: KASAN: double-free or invalid-free in kmem_cache_free+0x105/0x250
[ 48.160699][ T367]
[ 48.162880][ T367] CPU: 1 PID: 367 Comm: syz-executor.0 Tainted: G B 5.15.139-syzkaller #0
[ 48.172599][ T367] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/10/2023
[ 48.182493][ T367] Call Trace:
[ 48.185714][ T367]
[ 48.188485][ T367] dump_stack_lvl+0x38/0x49
[ 48.192910][ T367] print_address_description.constprop.0+0x24/0x160
[ 48.199334][ T367] ? kmem_cache_free+0x105/0x250
[ 48.204115][ T367] kasan_report_invalid_free+0x75/0xa0
[ 48.209401][ T367] ? kmem_cache_free+0x105/0x250
[ 48.214285][ T367] __kasan_slab_free+0x134/0x150
[ 48.219056][ T367] slab_free_freelist_hook+0x94/0x1a0
[ 48.224264][ T367] ? kfree_skbmem+0x95/0x140
[ 48.228693][ T367] kmem_cache_free+0x105/0x250
[ 48.233307][ T367] kfree_skbmem+0x95/0x140
[ 48.237574][ T367] consume_skb+0xab/0x1d0
[ 48.241807][ T367] __sk_msg_free+0x267/0x4e0
[ 48.246221][ T367] ? _raw_spin_unlock_irqrestore+0x4d/0x80
[ 48.252392][ T367] ? skb_dequeue+0x115/0x1a0
[ 48.256813][ T367] sk_psock_stop+0x3e4/0x600
[ 48.261241][ T367] ? __local_bh_enable_ip+0x28/0x60
[ 48.266274][ T367] ? xfrmi6_err+0x440/0x440
[ 48.270614][ T367] sock_map_close+0x253/0x310
[ 48.275905][ T367] ? sock_map_lookup+0x300/0x300
[ 48.280681][ T367] ? do_lock_file_wait+0x320/0x320
[ 48.285631][ T367] ? down_write_killable+0x2c0/0x2c0
[ 48.290748][ T367] unix_release+0x73/0xe0
[ 48.294917][ T367] __sock_release+0xc2/0x270
[ 48.299516][ T367] sock_close+0x10/0x20
[ 48.303513][ T367] __fput+0x317/0x960
[ 48.307386][ T367] ____fput+0x9/0x10
[ 48.311052][ T367] task_work_run+0xc2/0x150
[ 48.315574][ T367] exit_to_user_mode_prepare+0x140/0x150
[ 48.321126][ T367] syscall_exit_to_user_mode+0x21/0x40
[ 48.326416][ T367] do_syscall_64+0x42/0xb0
[ 48.330671][ T367] entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 48.337270][ T367] RIP: 0033:0x7f31b5b259da
[ 48.341525][ T367] Code: 48 3d 00 f0 ff ff 77 48 c3 0f 1f 80 00 00 00 00 48 83 ec 18 89 7c 24 0c e8 03 7f 02 00 8b 7c 24 0c 89 c2 b8 03 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 36 89 d7 89 44 24 0c e8 63 7f 02 00 8b 44 24
[ 48.361554][ T367] RSP: 002b:00007ffdbe193520 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[ 48.369797][ T367] RAX: 0000000000000000 RBX: 0000000000000004 RCX: 00007f31b5b259da
[ 48.377614][ T367] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003
[ 48.385509][ T367] RBP: 00007f31b5c47980 R08: 0000001b31460000 R09: 00007ffdbe1d4080
[ 48.393414][ T367] R10: 0000000000000000 R11: 0000000000000293 R12: 000000000000bda9
[ 48.401379][ T367] R13: ffffffffffffffff R14: 00007f31b56aa000 R15: 000000000000ba68
[ 48.409863][ T367]
[ 48.412698][ T367]
[ 48.414853][ T367] Allocated by task 368:
[ 48.419047][ T367] kasan_save_stack+0x26/0x50
[ 48.423671][ T367] __kasan_slab_alloc+0x94/0xc0
[ 48.429110][ T367] kmem_cache_alloc+0x197/0x480
[ 48.433885][ T367] skb_clone+0x131/0x310
[ 48.438067][ T367] sk_psock_verdict_recv+0x4a/0x9e0
[ 48.443087][ T367] unix_read_sock+0xd8/0x200
[ 48.447507][ T367] sk_psock_verdict_data_ready+0x104/0x170
[ 48.453149][ T367] unix_dgram_sendmsg+0xc13/0x16d0
[ 48.458228][ T367] __sock_sendmsg+0xb5/0xf0
[ 48.462583][ T367] ____sys_sendmsg+0x3f3/0x990
[ 48.467165][ T367] ___sys_sendmsg+0xfc/0x190
[ 48.471865][ T367] __sys_sendmmsg+0x160/0x340
[ 48.476364][ T367] __x64_sys_sendmmsg+0x98/0xf0
[ 48.481063][ T367] do_syscall_64+0x35/0xb0
[ 48.485322][ T367] entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 48.491037][ T367]
[ 48.493199][ T367] Freed by task 37:
[ 48.496935][ T367] kasan_save_stack+0x26/0x50
[ 48.501463][ T367] kasan_set_track+0x25/0x30
[ 48.506055][ T367] kasan_set_free_info+0x24/0x40
[ 48.510815][ T367] __kasan_slab_free+0x111/0x150
[ 48.515586][ T367] slab_free_freelist_hook+0x94/0x1a0
[ 48.520795][ T367] kmem_cache_free+0x105/0x250
[ 48.525409][ T367] kfree_skbmem+0x95/0x140
[ 48.529740][ T367] kfree_skb_reason+0xbb/0x2b0
[ 48.534366][ T367] kfree_skb+0xb/0x10
[ 48.538152][ T367] sk_psock_backlog+0x694/0xd00
[ 48.542853][ T367] process_one_work+0x62c/0xec0
[ 48.547533][ T367] worker_thread+0x48e/0xdb0
[ 48.551975][ T367] kthread+0x324/0x3e0
[ 48.555890][ T367] ret_from_fork+0x1f/0x30
[ 48.560213][ T367]
[ 48.562368][ T367] The buggy address belongs to the object at ffff888104f813c0
[ 48.562368][ T367] which belongs to the cache skbuff_head_cache of size 240
[ 48.576949][ T367] The buggy address is located 0 bytes inside of
[ 48.576949][ T367] 240-byte region [ffff888104f813c0, ffff888104f814b0)
[ 48.590231][ T367] The buggy address belongs to the page:
[ 48.595696][ T367] page:ffffea000413e040 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104f81
[ 48.605782][ T367] flags: 0x4000000000000200(slab|zone=1)
[ 48.611250][ T367] raw: 4000000000000200 0000000000000000 dead000000000122 ffff8881002fb080
[ 48.619750][ T367] raw: 0000000000000000 00000000000c000c 00000001ffffffff 0000000000000000
[ 48.628157][ T367] page dumped because: kasan: bad access detected
[ 48.634497][ T367] page_owner tracks the page as allocated
[ 48.640653][ T367] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x112cc0(GFP_USER|__GFP_NOWARN|__GFP_NORETRY), pid 84, ts 47734806256, free_ts 47732214519
[ 48.656416][ T367] prep_new_page+0x1a2/0x310
[ 48.660913][ T367] get_page_from_freelist+0x1ce2/0x30a0
[ 48.666297][ T367] __alloc_pages+0x23f/0x2400
[ 48.671066][ T367] allocate_slab+0x39d/0x530
[ 48.675490][ T367] ___slab_alloc.constprop.0+0x3ca/0x890
[ 48.680959][ T367] __slab_alloc.constprop.0+0x42/0x80
[ 48.686166][ T367] kmem_cache_alloc+0x440/0x480
[ 48.690853][ T367] __alloc_skb+0x14b/0x250
[ 48.695108][ T367] alloc_skb_with_frags+0x76/0x4a0
[ 48.700172][ T367] sock_alloc_send_pskb+0x68b/0x840
[ 48.705209][ T367] unix_dgram_sendmsg+0x33a/0x16d0
[ 48.710238][ T367] __sock_sendmsg+0xb5/0xf0
[ 48.714925][ T367] __sys_sendto+0x1e3/0x2f0
[ 48.719268][ T367] __x64_sys_sendto+0xdc/0x1a0
[ 48.723869][ T367] do_syscall_64+0x35/0xb0
[ 48.728122][ T367] entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 48.733865][ T367] page last free stack trace:
[ 48.738451][ T367] free_pcp_prepare+0x1b6/0x4c0
[ 48.743138][ T367] free_unref_page_list+0x1e3/0xcd0
[ 48.748168][ T367] release_pages+0x37f/0xff0
[ 48.752612][ T367] free_pages_and_swap_cache+0x5d/0x80
[ 48.758077][ T367] tlb_finish_mmu+0x129/0x790
[ 48.762576][ T367] exit_mmap+0x21a/0x710
[ 48.766660][ T367] __mmput+0x70/0x3a0
[ 48.770749][ T367] mmput+0x35/0xf0
[ 48.774297][ T367] do_exit+0x889/0x24b0
[ 48.778298][ T367] do_group_exit+0xe6/0x290
[ 48.782712][ T367] get_signal+0x236/0x1db0
[ 48.786994][ T367] arch_do_signal_or_restart+0x2b4/0x21c0
[ 48.792617][ T367] exit_to_user_mode_prepare+0xff/0x150
[ 48.797993][ T367] syscall_exit_to_user_mode+0x21/0x40
[ 48.803283][ T367] do_syscall_64+0x42/0xb0
[ 48.807550][ T367] entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 48.813266][ T367]
[ 48.815435][ T367] Memory state around the buggy address:
[ 48.821001][ T367] ffff888104f81280: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 48.828892][ T367] ffff888104f81300: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fc fc
[ 48.837007][ T367] >ffff888104f81380: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
[ 48.845015][ T367] ^
[ 48.850990][ T367] ffff888104f81400: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 48.858988][ T367] ffff888104f81480: fb fb fb fb fb fb fc fc fc fc fc fc fc fc fc fc
[ 48.867047][ T367] ==================================================================
[ 48.883742][ T371] FAULT_INJECTION: forcing a failure.
[ 48.883742][ T371] name failslab, interval 1, probability 0, space 0, times 0
[ 48.896302][ T371] CPU: 0 PID: 371 Comm: syz-executor.0 Tainted: G B 5.15.139-syzkaller #0
[ 48.905962][ T371] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/10/2023
[ 48.916125][ T371] Call Trace:
[ 48.919334][ T371]
[ 48.922103][ T371] dump_stack_lvl+0x38/0x49
[ 48.926442][ T371] dump_stack+0x10/0x12
[ 48.930525][ T371] should_fail.cold+0x5/0xa
[ 48.934858][ T371] ? skb_clone+0x131/0x310
[ 48.939112][ T371] __should_failslab+0xb6/0x100
[ 48.943990][ T371] should_failslab+0x9/0x20
[ 48.948416][ T371] kmem_cache_alloc+0x40/0x480
[ 48.953036][ T371] ? avc_has_perm_noaudit+0x200/0x200
[ 48.958234][ T371] skb_clone+0x131/0x310
[ 48.962307][ T371] sk_psock_verdict_recv+0x4a/0x9e0
[ 48.967355][ T371] unix_read_sock+0xd8/0x200
[ 48.972493][ T371] ? sk_psock_tls_strp_read+0x360/0x360
[ 48.977843][ T371] ? unix_compat_ioctl+0x10/0x10
[ 48.982586][ T371] sk_psock_verdict_data_ready+0x104/0x170
[ 48.988230][ T371] ? failover_event+0x330/0x330
[ 48.993033][ T371] ? _raw_spin_unlock_irqrestore+0x4d/0x80
[ 48.998691][ T371] ? skb_queue_tail+0xdc/0x150
[ 49.003315][ T371] unix_dgram_sendmsg+0xc13/0x16d0
[ 49.008312][ T371] ? unix_dgram_connect+0xc70/0xc70
[ 49.013343][ T371] ? unix_dgram_connect+0xc70/0xc70
[ 49.018375][ T371] __sock_sendmsg+0xb5/0xf0
[ 49.022713][ T371] ____sys_sendmsg+0x3f3/0x990
[ 49.027329][ T371] ? kernel_sendmsg+0x30/0x30
[ 49.031838][ T371] ? do_recvmmsg+0x5a0/0x5a0
[ 49.036255][ T371] ? __kasan_check_read+0x11/0x20
[ 49.041125][ T371] ___sys_sendmsg+0xfc/0x190
[ 49.045543][ T371] ? sendmsg_copy_msghdr+0x110/0x110
[ 49.050662][ T371] ? handle_pte_fault+0x1a2/0x2180
[ 49.055620][ T371] ? __handle_mm_fault+0x4aa/0x1380
[ 49.060678][ T371] ? do_filp_open+0x1ab/0x3f0
[ 49.065255][ T371] ? __pmd_alloc+0x330/0x330
[ 49.071935][ T371] ? __fdget+0xe/0x10
[ 49.075870][ T371] ? sockfd_lookup_light+0x1c/0x150
[ 49.080917][ T371] __sys_sendmmsg+0x160/0x340
[ 49.085410][ T371] ? __ia32_sys_sendmsg+0xb0/0xb0
[ 49.090271][ T371] ? branch_type+0x2e0/0x470
[ 49.094871][ T371] ? mutex_unlock+0x7e/0x240
[ 49.099305][ T371] ? mutex_trylock+0x260/0x260
[ 49.103906][ T371] ? vfs_write+0x2b2/0x8e0
[ 49.108175][ T371] ? __kasan_check_write+0x14/0x20
[ 49.113094][ T371] ? fput+0x17/0x30
[ 49.116841][ T371] ? __ia32_sys_read+0xa0/0xa0
[ 49.121491][ T371] ? debug_smp_processor_id+0x17/0x20
[ 49.126645][ T371] __x64_sys_sendmmsg+0x98/0xf0
[ 49.131334][ T371] ? syscall_exit_to_user_mode+0x2f/0x40
[ 49.136794][ T371] do_syscall_64+0x35/0xb0
[ 49.141144][ T371] entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 49.147089][ T371] RIP: 0033:0x7f31b5b26ae9
[ 49.151425][ T371] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[ 49.171045][ T371] RSP: 002b:00007f31b56a90c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 49.179462][ T371] RAX: ffffffffffffffda RBX: 00007f31b5c45f80 RCX: 00007f31b5b26ae9
[ 49.187425][ T371] RDX: 0000000000000001 RSI: 00000000200063c0 RDI: 0000000000000003
[ 49.195240][ T371] RBP: 00007f31b56a9120 R08: 0000000000000000 R09: 0000000000000000
[ 49.203132][ T371] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 49.210947][ T371] R13: 000000000000000b R14: 00007f31b5c45f80 R15: 00007ffdbe193458
[ 49.218828][ T371]
[ 49.228979][ T373] FAULT_INJECTION: forcing a failure.
[ 49.228979][ T373] name failslab, interval 1, probability 0, space 0, times 0
[ 49.241511][ T373] CPU: 0 PID: 373 Comm: syz-executor.0 Tainted: G B 5.15.139-syzkaller #0
[ 49.251096][ T373] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/10/2023
[ 49.261340][ T373] Call Trace:
[ 49.264462][ T373]
[ 49.267250][ T373] dump_stack_lvl+0x38/0x49
[ 49.271587][ T373] dump_stack+0x10/0x12
[ 49.275562][ T373] should_fail.cold+0x5/0xa
[ 49.279901][ T373] ? skb_clone+0x131/0x310
[ 49.284158][ T373] __should_failslab+0xb6/0x100
[ 49.288853][ T373] should_failslab+0x9/0x20
[ 49.293202][ T373] kmem_cache_alloc+0x40/0x480
[ 49.297796][ T373] ? avc_has_perm_noaudit+0x200/0x200
[ 49.302992][ T373] skb_clone+0x131/0x310
[ 49.307075][ T373] sk_psock_verdict_recv+0x4a/0x9e0
[ 49.312194][ T373] unix_read_sock+0xd8/0x200
[ 49.316624][ T373] ? sk_psock_tls_strp_read+0x360/0x360
[ 49.321999][ T373] ? unix_compat_ioctl+0x10/0x10
[ 49.326777][ T373] sk_psock_verdict_data_ready+0x104/0x170
[ 49.332412][ T373] ? failover_event+0x330/0x330
[ 49.337101][ T373] ? _raw_spin_unlock_irqrestore+0x4d/0x80
[ 49.344510][ T373] ? skb_queue_tail+0xdc/0x150
[ 49.349108][ T373] unix_dgram_sendmsg+0xc13/0x16d0
[ 49.354056][ T373] ? unix_dgram_connect+0xc70/0xc70
[ 49.359281][ T373] ? unix_dgram_connect+0xc70/0xc70
[ 49.364405][ T373] __sock_sendmsg+0xb5/0xf0
[ 49.368830][ T373] ____sys_sendmsg+0x3f3/0x990
[ 49.373424][ T373] ? kernel_sendmsg+0x30/0x30
[ 49.377932][ T373] ? do_recvmmsg+0x5a0/0x5a0
[ 49.382453][ T373] ? __kasan_check_read+0x11/0x20
[ 49.387308][ T373] ___sys_sendmsg+0xfc/0x190
[ 49.391737][ T373] ? sendmsg_copy_msghdr+0x110/0x110
[ 49.396857][ T373] ? handle_pte_fault+0x1a2/0x2180
[ 49.402670][ T373] ? __handle_mm_fault+0x4aa/0x1380
[ 49.407705][ T373] ? do_filp_open+0x1ab/0x3f0
[ 49.412217][ T373] ? __pmd_alloc+0x330/0x330
[ 49.416645][ T373] ? __fdget+0xe/0x10
[ 49.420462][ T373] ? sockfd_lookup_light+0x1c/0x150
[ 49.425625][ T373] __sys_sendmmsg+0x160/0x340
[ 49.430138][ T373] ? __ia32_sys_sendmsg+0xb0/0xb0
[ 49.434999][ T373] ? branch_type+0x2e0/0x470
[ 49.439515][ T373] ? mutex_unlock+0x7e/0x240
[ 49.444122][ T373] ? mutex_trylock+0x260/0x260
[ 49.448713][ T373] ? vfs_write+0x2b2/0x8e0
[ 49.452967][ T373] ? __kasan_check_write+0x14/0x20
[ 49.457914][ T373] ? fput+0x17/0x30
[ 49.461571][ T373] ? __ia32_sys_read+0xa0/0xa0
[ 49.466162][ T373] ? debug_smp_processor_id+0x17/0x20
[ 49.471368][ T373] __x64_sys_sendmmsg+0x98/0xf0
[ 49.476051][ T373] ? syscall_exit_to_user_mode+0x2f/0x40
[ 49.481613][ T373] do_syscall_64+0x35/0xb0
[ 49.486148][ T373] entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 49.492653][ T373] RIP: 0033:0x7f31b5b26ae9
[ 49.496886][ T373] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[ 49.516333][ T373] RSP: 002b:00007f31b56a90c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 49.524711][ T373] RAX: ffffffffffffffda RBX: 00007f31b5c45f80 RCX: 00007f31b5b26ae9
[ 49.532471][ T373] RDX: 0000000000000001 RSI: 00000000200063c0 RDI: 0000000000000003
[ 49.542450][ T373] RBP: 00007f31b56a9120 R08: 0000000000000000 R09: 0000000000000000
[ 49.550256][ T373] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 49.558071][ T373] R13: 000000000000000b R14: 00007f31b5c45f80 R15: 00007ffdbe193458
[ 49.565886][ T373]
[ 49.581744][ T375] FAULT_INJECTION: forcing a failure.
[ 49.581744][ T375] name failslab, interval 1, probability 0, space 0, times 0
[ 49.594340][ T375] CPU: 0 PID: 375 Comm: syz-executor.0 Tainted: G B 5.15.139-syzkaller #0
[ 49.603881][ T375] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/10/2023
[ 49.613776][ T375] Call Trace:
[ 49.616901][ T375]
[ 49.619681][ T375] dump_stack_lvl+0x38/0x49
[ 49.624018][ T375] dump_stack+0x10/0x12
[ 49.628010][ T375] should_fail.cold+0x5/0xa
[ 49.632357][ T375] ? sk_psock_skb_ingress_self+0x52/0x3a0
[ 49.638352][ T375] __should_failslab+0xb6/0x100
[ 49.643038][ T375] should_failslab+0x9/0x20
[ 49.647376][ T375] kmem_cache_alloc_trace+0x3f/0x490
[ 49.652596][ T375] sk_psock_skb_ingress_self+0x52/0x3a0
[ 49.658093][ T375] sk_psock_verdict_recv+0x799/0x9e0
[ 49.663220][ T375] unix_read_sock+0xd8/0x200
[ 49.667625][ T375] ? sk_psock_tls_strp_read+0x360/0x360
[ 49.673005][ T375] ? unix_compat_ioctl+0x10/0x10
[ 49.677787][ T375] sk_psock_verdict_data_ready+0x104/0x170
[ 49.683511][ T375] ? failover_event+0x330/0x330
[ 49.688193][ T375] ? _raw_spin_unlock_irqrestore+0x4d/0x80
[ 49.693838][ T375] ? skb_queue_tail+0xdc/0x150
[ 49.698435][ T375] unix_dgram_sendmsg+0xc13/0x16d0
[ 49.703387][ T375] ? unix_dgram_connect+0xc70/0xc70
[ 49.708421][ T375] ? unix_dgram_connect+0xc70/0xc70
[ 49.713452][ T375] __sock_sendmsg+0xb5/0xf0
[ 49.717794][ T375] ____sys_sendmsg+0x3f3/0x990
[ 49.722424][ T375] ? kernel_sendmsg+0x30/0x30
[ 49.726903][ T375] ? do_recvmmsg+0x5a0/0x5a0
[ 49.731332][ T375] ? __kasan_check_read+0x11/0x20
[ 49.736288][ T375] ___sys_sendmsg+0xfc/0x190
[ 49.740704][ T375] ? sendmsg_copy_msghdr+0x110/0x110
[ 49.745827][ T375] ? handle_pte_fault+0x1a2/0x2180
[ 49.750779][ T375] ? __handle_mm_fault+0x4aa/0x1380
[ 49.755807][ T375] ? do_filp_open+0x1ab/0x3f0
[ 49.760323][ T375] ? __pmd_alloc+0x330/0x330
[ 49.764751][ T375] ? __fdget+0xe/0x10
[ 49.768569][ T375] ? sockfd_lookup_light+0x1c/0x150
[ 49.773599][ T375] __sys_sendmmsg+0x160/0x340
[ 49.778203][ T375] ? __ia32_sys_sendmsg+0xb0/0xb0
[ 49.783070][ T375] ? branch_type+0x2e0/0x470
[ 49.787492][ T375] ? mutex_unlock+0x7e/0x240
[ 49.791927][ T375] ? mutex_trylock+0x260/0x260
[ 49.796518][ T375] ? vfs_write+0x2b2/0x8e0
[ 49.800766][ T375] ? __kasan_check_write+0x14/0x20
[ 49.805788][ T375] ? fput+0x17/0x30
[ 49.809362][ T375] ? __ia32_sys_read+0xa0/0xa0
[ 49.813959][ T375] ? debug_smp_processor_id+0x17/0x20
[ 49.819172][ T375] __x64_sys_sendmmsg+0x98/0xf0
[ 49.823856][ T375] ? syscall_exit_to_user_mode+0x2f/0x40
[ 49.829322][ T375] do_syscall_64+0x35/0xb0
[ 49.833575][ T375] entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 49.839400][ T375] RIP: 0033:0x7f31b5b26ae9
[ 49.843906][ T375] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[ 49.863521][ T375] RSP: 002b:00007f31b56a90c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 49.872024][ T375] RAX: ffffffffffffffda RBX: 00007f31b5c45f80 RCX: 00007f31b5b26ae9
[ 49.879836][ T375] RDX: 0000000000000001 RSI: 00000000200063c0 RDI: 0000000000000003
[ 49.887753][ T375] RBP: 00007f31b56a9120 R08: 0000000000000000 R09: 0000000000000000
[ 49.895740][ T375] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 49.903549][ T375] R13: 000000000000000b R14: 00007f31b5c45f80 R15: 00007ffdbe193458
[ 49.911360][ T375]
[ 49.916266][ T374] ==================================================================
[ 49.924126][ T374] BUG: KASAN: double-free or invalid-free in kmem_cache_free+0x105/0x250
[ 49.932460][ T374]
[ 49.934627][ T374] CPU: 1 PID: 374 Comm: syz-executor.0 Tainted: G B 5.15.139-syzkaller #0
[ 49.944354][ T374] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/10/2023
[ 49.954243][ T374] Call Trace:
[ 49.957377][ T374]
[ 49.960144][ T374] dump_stack_lvl+0x38/0x49
[ 49.964567][ T374] print_address_description.constprop.0+0x24/0x160
[ 49.970989][ T374] ? kmem_cache_free+0x105/0x250
[ 49.975765][ T374] kasan_report_invalid_free+0x75/0xa0
[ 49.981058][ T374] ? kmem_cache_free+0x105/0x250
[ 49.985831][ T374] __kasan_slab_free+0x134/0x150
[ 49.990606][ T374] slab_free_freelist_hook+0x94/0x1a0
[ 49.995815][ T374] ? kfree_skbmem+0x95/0x140
[ 50.000248][ T374] kmem_cache_free+0x105/0x250
[ 50.004846][ T374] kfree_skbmem+0x95/0x140
[ 50.009094][ T374] consume_skb+0xab/0x1d0
[ 50.013261][ T374] __sk_msg_free+0x267/0x4e0
[ 50.017687][ T374] ? _raw_spin_unlock_irqrestore+0x4d/0x80
[ 50.023331][ T374] ? skb_dequeue+0x115/0x1a0
[ 50.027849][ T374] sk_psock_stop+0x3e4/0x600
[ 50.032286][ T374] ? __local_bh_enable_ip+0x28/0x60
[ 50.037305][ T374] ? xfrmi6_err+0x440/0x440
[ 50.041649][ T374] sock_map_close+0x253/0x310
[ 50.046155][ T374] ? sock_map_lookup+0x300/0x300
[ 50.050937][ T374] ? do_lock_file_wait+0x320/0x320
[ 50.055873][ T374] ? down_write_killable+0x2c0/0x2c0
[ 50.060998][ T374] unix_release+0x73/0xe0
[ 50.065160][ T374] __sock_release+0xc2/0x270
[ 50.069589][ T374] sock_close+0x10/0x20
[ 50.073590][ T374] __fput+0x317/0x960
[ 50.077400][ T374] ____fput+0x9/0x10
[ 50.081142][ T374] task_work_run+0xc2/0x150
[ 50.085484][ T374] exit_to_user_mode_prepare+0x140/0x150
[ 50.090940][ T374] syscall_exit_to_user_mode+0x21/0x40
[ 50.096235][ T374] do_syscall_64+0x42/0xb0
[ 50.100487][ T374] entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 50.106226][ T374] RIP: 0033:0x7f31b5b259da
[ 50.110469][ T374] Code: 48 3d 00 f0 ff ff 77 48 c3 0f 1f 80 00 00 00 00 48 83 ec 18 89 7c 24 0c e8 03 7f 02 00 8b 7c 24 0c 89 c2 b8 03 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 36 89 d7 89 44 24 0c e8 63 7f 02 00 8b 44 24
[ 50.129909][ T374] RSP: 002b:00007ffdbe193520 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[ 50.138161][ T374] RAX: 0000000000000000 RBX: 0000000000000004 RCX: 00007f31b5b259da
[ 50.146006][ T374] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003
[ 50.153784][ T374] RBP: 00007f31b5c47980 R08: 0000001b31460000 R09: 00007ffdbe1d4080
[ 50.161589][ T374] R10: 0000000000000000 R11: 0000000000000293 R12: 000000000000c4da
[ 50.169400][ T374] R13: ffffffffffffffff R14: 00007f31b56aa000 R15: 000000000000c199
[ 50.177228][ T374]
[ 50.180085][ T374]
[ 50.182248][ T374] Allocated by task 375:
[ 50.186333][ T374] kasan_save_stack+0x26/0x50
[ 50.190924][ T374] __kasan_slab_alloc+0x94/0xc0
[ 50.195610][ T374] kmem_cache_alloc+0x197/0x480
[ 50.200386][ T374] skb_clone+0x131/0x310
[ 50.204465][ T374] sk_psock_verdict_recv+0x4a/0x9e0
[ 50.209498][ T374] unix_read_sock+0xd8/0x200
[ 50.213926][ T374] sk_psock_verdict_data_ready+0x104/0x170
[ 50.219576][ T374] unix_dgram_sendmsg+0xc13/0x16d0
[ 50.226369][ T374] __sock_sendmsg+0xb5/0xf0
[ 50.230707][ T374] ____sys_sendmsg+0x3f3/0x990
[ 50.235312][ T374] ___sys_sendmsg+0xfc/0x190
[ 50.239733][ T374] __sys_sendmmsg+0x160/0x340
[ 50.244247][ T374] __x64_sys_sendmmsg+0x98/0xf0
[ 50.248933][ T374] do_syscall_64+0x35/0xb0
[ 50.253185][ T374] entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 50.258926][ T374]
[ 50.261171][ T374] Freed by task 293:
[ 50.264903][ T374] kasan_save_stack+0x26/0x50
[ 50.269412][ T374] kasan_set_track+0x25/0x30
[ 50.273836][ T374] kasan_set_free_info+0x24/0x40
[ 50.278610][ T374] __kasan_slab_free+0x111/0x150
[ 50.283388][ T374] slab_free_freelist_hook+0x94/0x1a0
[ 50.289128][ T374] kmem_cache_free+0x105/0x250
[ 50.293719][ T374] kfree_skbmem+0x95/0x140
[ 50.297986][ T374] kfree_skb_reason+0xbb/0x2b0
[ 50.302579][ T374] kfree_skb+0xb/0x10
[ 50.306482][ T374] sk_psock_backlog+0x694/0xd00
[ 50.311161][ T374] process_one_work+0x62c/0xec0
[ 50.315848][ T374] worker_thread+0x48e/0xdb0
[ 50.320276][ T374] kthread+0x324/0x3e0
[ 50.324193][ T374] ret_from_fork+0x1f/0x30
[ 50.328434][ T374]
[ 50.331035][ T374] The buggy address belongs to the object at ffff888109bc3280
[ 50.331035][ T374] which belongs to the cache skbuff_head_cache of size 240
[ 50.345444][ T374] The buggy address is located 0 bytes inside of
[ 50.345444][ T374] 240-byte region [ffff888109bc3280, ffff888109bc3370)
[ 50.358390][ T374] The buggy address belongs to the page:
[ 50.363845][ T374] page:ffffea000426f0c0 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109bc3
[ 50.374955][ T374] flags: 0x4000000000000200(slab|zone=1)
[ 50.380428][ T374] raw: 4000000000000200 0000000000000000 dead000000000122 ffff8881002fb080
[ 50.388943][ T374] raw: 0000000000000000 00000000800c000c 00000001ffffffff 0000000000000000
[ 50.397436][ T374] page dumped because: kasan: bad access detected
[ 50.403681][ T374] page_owner tracks the page as allocated
[ 50.409252][ T374] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x112cc0(GFP_USER|__GFP_NOWARN|__GFP_NORETRY), pid 84, ts 49571031774, free_ts 49569569820
[ 50.424964][ T374] prep_new_page+0x1a2/0x310
[ 50.429486][ T374] get_page_from_freelist+0x1ce2/0x30a0
[ 50.434963][ T374] __alloc_pages+0x23f/0x2400
[ 50.439477][ T374] allocate_slab+0x39d/0x530
[ 50.443903][ T374] ___slab_alloc.constprop.0+0x3ca/0x890
[ 50.449358][ T374] __slab_alloc.constprop.0+0x42/0x80
[ 50.454652][ T374] kmem_cache_alloc+0x440/0x480
[ 50.459340][ T374] __alloc_skb+0x14b/0x250
[ 50.463615][ T374] alloc_skb_with_frags+0x76/0x4a0
[ 50.468545][ T374] sock_alloc_send_pskb+0x68b/0x840
[ 50.473573][ T374] unix_dgram_sendmsg+0x33a/0x16d0
[ 50.478531][ T374] __sock_sendmsg+0xb5/0xf0
[ 50.482867][ T374] __sys_sendto+0x1e3/0x2f0
[ 50.487211][ T374] __x64_sys_sendto+0xdc/0x1a0
[ 50.491803][ T374] do_syscall_64+0x35/0xb0
[ 50.496056][ T374] entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 50.501869][ T374] page last free stack trace:
[ 50.506386][ T374] free_pcp_prepare+0x1b6/0x4c0
[ 50.511068][ T374] free_unref_page+0x84/0x760
[ 50.515580][ T374] __free_pages+0xd7/0xf0
[ 50.519924][ T374] __free_slab+0xdb/0x1c0
[ 50.524085][ T374] discard_slab+0x2b/0x40
[ 50.528252][ T374] __slab_free+0x4af/0x4d0
[ 50.532512][ T374] ___cache_free+0x1ee/0x230
[ 50.536931][ T374] qlist_free_all+0x6e/0x150
[ 50.541371][ T374] kasan_quarantine_reduce+0x15f/0x1c0
[ 50.546655][ T374] __kasan_slab_alloc+0xaa/0xc0
[ 50.551345][ T374] kmem_cache_alloc+0x197/0x480
[ 50.556028][ T374] __alloc_skb+0x14b/0x250
[ 50.560281][ T374] alloc_skb_with_frags+0x76/0x4a0
[ 50.565239][ T374] sock_alloc_send_pskb+0x68b/0x840
[ 50.570266][ T374] unix_dgram_sendmsg+0x33a/0x16d0
[ 50.575208][ T374] __sock_sendmsg+0xb5/0xf0
[ 50.579551][ T374]
[ 50.581720][ T374] Memory state around the buggy address:
[ 50.587369][ T374] ffff888109bc3180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 50.595394][ T374] ffff888109bc3200: fb fb fb fb fb fb fc fc fc fc fc fc fc fc fc fc
[ 50.603280][ T374] >ffff888109bc3280: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 50.611181][ T374] ^
[ 50.615100][ T374] ffff888109bc3300: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fc fc
[ 50.622985][ T374] ffff888109bc3380: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
[ 50.631400][ T374] ==================================================================
[ 50.650085][ T378] FAULT_INJECTION: forcing a failure.
[ 50.650085][ T378] name fail_page_alloc, interval 1, probability 0, space 0, times 1
[ 50.663292][ T378] CPU: 1 PID: 378 Comm: syz-executor.0 Tainted: G B 5.15.139-syzkaller #0
[ 50.673005][ T378] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/10/2023
[ 50.684774][ T378] Call Trace:
[ 50.687896][ T378]
[ 50.690651][ T378] dump_stack_lvl+0x38/0x49
[ 50.694990][ T378] dump_stack+0x10/0x12
[ 50.698988][ T378] should_fail.cold+0x5/0xa
[ 50.703323][ T378] ? register_early_stack+0xb0/0xb0
[ 50.708357][ T378] should_fail_alloc_page+0x50/0x60
[ 50.713402][ T378] prepare_alloc_pages.constprop.0+0x178/0x6e0
[ 50.719390][ T378] ? should_fail_alloc_page+0x60/0x60
[ 50.724587][ T378] ? is_bpf_text_address+0x1f/0x30
[ 50.729531][ T378] __alloc_pages+0x1a1/0x2400
[ 50.734055][ T378] ? is_bpf_text_address+0x1f/0x30
[ 50.739001][ T378] ? kernel_text_address+0xc0/0xf0
[ 50.743958][ T378] ? __kernel_text_address+0xd/0x40
[ 50.748975][ T378] ? unwind_get_return_address+0x58/0xa0
[ 50.754445][ T378] ? warn_alloc+0x120/0x120
[ 50.758784][ T378] ? __stack_depot_save+0x36/0x440
[ 50.763731][ T378] ? __kasan_check_write+0x14/0x20
[ 50.768679][ T378] ? _raw_write_lock_irqsave+0xe0/0xe0
[ 50.774011][ T378] ? kasan_save_stack+0x26/0x50
[ 50.778680][ T378] ? kasan_set_free_info+0x24/0x40
[ 50.783602][ T378] ? __kasan_slab_free+0x111/0x150
[ 50.788651][ T378] ? slab_free_freelist_hook+0x94/0x1a0
[ 50.794128][ T378] ? kmem_cache_free+0x105/0x250
[ 50.798890][ T378] ? putname+0xb8/0xf0
[ 50.802797][ T378] allocate_slab+0x39d/0x530
[ 50.807645][ T378] ___slab_alloc.constprop.0+0x3ca/0x890
[ 50.813112][ T378] ? __skb_try_recv_from_queue+0x820/0x820
[ 50.818884][ T378] ? skb_clone+0x131/0x310
[ 50.823297][ T378] ? __skb_recv_datagram+0x15d/0x1d0
[ 50.828660][ T378] ? skb_clone+0x131/0x310
[ 50.832911][ T378] __slab_alloc.constprop.0+0x42/0x80
[ 50.838227][ T378] ? skb_clone+0x131/0x310
[ 50.842454][ T378] kmem_cache_alloc+0x440/0x480
[ 50.847342][ T378] ? avc_has_perm_noaudit+0x200/0x200
[ 50.852718][ T378] skb_clone+0x131/0x310
[ 50.856800][ T378] sk_psock_verdict_recv+0x4a/0x9e0
[ 50.861833][ T378] unix_read_sock+0xd8/0x200
[ 50.866447][ T378] ? sk_psock_tls_strp_read+0x360/0x360
[ 50.871938][ T378] ? unix_compat_ioctl+0x10/0x10
[ 50.876689][ T378] sk_psock_verdict_data_ready+0x104/0x170
[ 50.882413][ T378] ? failover_event+0x330/0x330
[ 50.887096][ T378] ? _raw_spin_unlock_irqrestore+0x4d/0x80
[ 50.892741][ T378] ? skb_queue_tail+0xdc/0x150
[ 50.897342][ T378] unix_dgram_sendmsg+0xc13/0x16d0
[ 50.902288][ T378] ? unix_dgram_connect+0xc70/0xc70
[ 50.907541][ T378] ? unix_dgram_connect+0xc70/0xc70
[ 50.912921][ T378] __sock_sendmsg+0xb5/0xf0
[ 50.917259][ T378] ____sys_sendmsg+0x3f3/0x990
[ 50.921859][ T378] ? kernel_sendmsg+0x30/0x30
[ 50.926816][ T378] ? do_recvmmsg+0x5a0/0x5a0
[ 50.931242][ T378] ? __kasan_check_read+0x11/0x20
[ 50.936127][ T378] ___sys_sendmsg+0xfc/0x190
[ 50.940614][ T378] ? sendmsg_copy_msghdr+0x110/0x110
[ 50.945826][ T378] ? handle_pte_fault+0x1a2/0x2180
[ 50.950780][ T378] ? __handle_mm_fault+0x4aa/0x1380
[ 50.955820][ T378] ? do_filp_open+0x1ab/0x3f0
[ 50.960321][ T378] ? __pmd_alloc+0x330/0x330
[ 50.964749][ T378] ? __fdget+0xe/0x10
[ 50.968666][ T378] ? sockfd_lookup_light+0x1c/0x150
[ 50.973688][ T378] __sys_sendmmsg+0x160/0x340
[ 50.978200][ T378] ? __ia32_sys_sendmsg+0xb0/0xb0
[ 50.983057][ T378] ? branch_type+0x2e0/0x470
[ 50.987486][ T378] ? mutex_unlock+0x7e/0x240
[ 50.991909][ T378] ? mutex_trylock+0x260/0x260
[ 50.996598][ T378] ? vfs_write+0x2b2/0x8e0
[ 51.000937][ T378] ? __kasan_check_write+0x14/0x20
[ 51.005884][ T378] ? fput+0x17/0x30
[ 51.009528][ T378] ? __ia32_sys_read+0xa0/0xa0
[ 51.014129][ T378] ? debug_smp_processor_id+0x17/0x20
[ 51.019335][ T378] __x64_sys_sendmmsg+0x98/0xf0
[ 51.024027][ T378] ? syscall_exit_to_user_mode+0x2f/0x40
[ 51.029665][ T378] do_syscall_64+0x35/0xb0
[ 51.034126][ T378] entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 51.039857][ T378] RIP: 0033:0x7f31b5b26ae9
[ 51.044113][ T378] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[ 51.063728][ T378] RSP: 002b:00007f31b56a90c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 51.071973][ T378] RAX: ffffffffffffffda RBX: 00007f31b5c45f80 RCX: 00007f31b5b26ae9
[ 51.079788][ T378] RDX: 0000000000000001 RSI: 00000000200063c0 RDI: 0000000000000003
[ 51.087793][ T378] RBP: 00007f31b56a9120 R08: 0000000000000000 R09: 0000000000000000
[ 51.095664][ T378] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 51.103476][ T378] R13: 000000000000000b R14: 00007f31b5c45f80 R15: 00007ffdbe193458
[ 51.111298][ T378]
[ 51.122317][ T381] FAULT_INJECTION: forcing a failure.
[ 51.122317][ T381] name failslab, interval 1, probability 0, space 0, times 0
[ 51.135428][ T381] CPU: 0 PID: 381 Comm: syz-executor.0 Tainted: G B 5.15.139-syzkaller #0
[ 51.144987][ T381] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/10/2023
[ 51.154880][ T381] Call Trace:
[ 51.158002][ T381]
[ 51.160781][ T381] dump_stack_lvl+0x38/0x49
[ 51.165120][ T381] dump_stack+0x10/0x12
[ 51.169112][ T381] should_fail.cold+0x5/0xa
[ 51.173452][ T381] ? sk_psock_skb_ingress_self+0x52/0x3a0
[ 51.179014][ T381] __should_failslab+0xb6/0x100
[ 51.183781][ T381] should_failslab+0x9/0x20
[ 51.188130][ T381] kmem_cache_alloc_trace+0x3f/0x490
[ 51.193244][ T381] sk_psock_skb_ingress_self+0x52/0x3a0
[ 51.198630][ T381] sk_psock_verdict_recv+0x799/0x9e0
[ 51.203863][ T381] unix_read_sock+0xd8/0x200
[ 51.208282][ T381] ? sk_psock_tls_strp_read+0x360/0x360
[ 51.213919][ T381] ? unix_compat_ioctl+0x10/0x10
[ 51.218699][ T381] sk_psock_verdict_data_ready+0x104/0x170
[ 51.224515][ T381] ? failover_event+0x330/0x330
[ 51.229304][ T381] ? _raw_spin_unlock_irqrestore+0x4d/0x80
[ 51.234946][ T381] ? skb_queue_tail+0xdc/0x150
[ 51.239658][ T381] unix_dgram_sendmsg+0xc13/0x16d0
[ 51.244836][ T381] ? unix_dgram_connect+0xc70/0xc70
[ 51.249871][ T381] ? unix_dgram_connect+0xc70/0xc70
[ 51.254897][ T381] __sock_sendmsg+0xb5/0xf0
[ 51.259238][ T381] ____sys_sendmsg+0x3f3/0x990
[ 51.263830][ T381] ? kernel_sendmsg+0x30/0x30
[ 51.268343][ T381] ? do_recvmmsg+0x5a0/0x5a0
[ 51.272867][ T381] ? __kasan_check_read+0x11/0x20
[ 51.277717][ T381] ___sys_sendmsg+0xfc/0x190
[ 51.282146][ T381] ? sendmsg_copy_msghdr+0x110/0x110
[ 51.287349][ T381] ? handle_pte_fault+0x1a2/0x2180
[ 51.292385][ T381] ? __handle_mm_fault+0x4aa/0x1380
[ 51.297419][ T381] ? do_filp_open+0x1ab/0x3f0
[ 51.301984][ T381] ? __pmd_alloc+0x330/0x330
[ 51.306371][ T381] ? __fdget+0xe/0x10
[ 51.310279][ T381] ? sockfd_lookup_light+0x1c/0x150
[ 51.315302][ T381] __sys_sendmmsg+0x160/0x340
[ 51.319823][ T381] ? __ia32_sys_sendmsg+0xb0/0xb0
[ 51.324675][ T381] ? branch_type+0x2e0/0x470
[ 51.329187][ T381] ? mutex_unlock+0x7e/0x240
[ 51.333612][ T381] ? mutex_trylock+0x260/0x260
[ 51.338212][ T381] ? vfs_write+0x2b2/0x8e0
[ 51.342465][ T381] ? __kasan_check_write+0x14/0x20
[ 51.347426][ T381] ? fput+0x17/0x30
[ 51.351061][ T381] ? __ia32_sys_read+0xa0/0xa0
[ 51.355667][ T381] ? debug_smp_processor_id+0x17/0x20
[ 51.360882][ T381] __x64_sys_sendmmsg+0x98/0xf0
[ 51.366091][ T381] ? syscall_exit_to_user_mode+0x2f/0x40
[ 51.371550][ T381] do_syscall_64+0x35/0xb0
[ 51.375801][ T381] entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 51.381532][ T381] RIP: 0033:0x7f31b5b26ae9
[ 51.385878][ T381] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[ 51.405546][ T381] RSP: 002b:00007f31b56a90c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 51.413794][ T381] RAX: ffffffffffffffda RBX: 00007f31b5c45f80 RCX: 00007f31b5b26ae9
[ 51.422128][ T381] RDX: 0000000000000001 RSI: 00000000200063c0 RDI: 0000000000000003
[ 51.430285][ T381] RBP: 00007f31b56a9120 R08: 0000000000000000 R09: 0000000000000000
[ 51.439507][ T381] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 51.447395][ T381] R13: 000000000000000b R14: 00007f31b5c45f80 R15: 00007ffdbe193458
[ 51.455595][ T381]
[ 51.460041][ T380] ==================================================================
[ 51.468173][ T380] BUG: KASAN: double-free or invalid-free in kmem_cache_free+0x105/0x250
[ 51.476468][ T380]
[ 51.478641][ T380] CPU: 0 PID: 380 Comm: syz-executor.0 Tainted: G B 5.15.139-syzkaller #0
[ 51.488293][ T380] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/10/2023
[ 51.498166][ T380] Call Trace:
[ 51.501292][ T380]
[ 51.504078][ T380] dump_stack_lvl+0x38/0x49
[ 51.508409][ T380] print_address_description.constprop.0+0x24/0x160
[ 51.514839][ T380] ? kmem_cache_free+0x105/0x250
[ 51.519602][ T380] kasan_report_invalid_free+0x75/0xa0
[ 51.524902][ T380] ? kmem_cache_free+0x105/0x250
[ 51.529681][ T380] __kasan_slab_free+0x134/0x150
[ 51.534448][ T380] slab_free_freelist_hook+0x94/0x1a0
[ 51.539654][ T380] ? kfree_skbmem+0x95/0x140
[ 51.544084][ T380] kmem_cache_free+0x105/0x250
[ 51.548687][ T380] kfree_skbmem+0x95/0x140
[ 51.552931][ T380] consume_skb+0xab/0x1d0
[ 51.557101][ T380] __sk_msg_free+0x267/0x4e0
[ 51.561526][ T380] ? _raw_spin_unlock_irqrestore+0x4d/0x80
[ 51.567166][ T380] ? skb_dequeue+0x115/0x1a0
[ 51.571590][ T380] sk_psock_stop+0x3e4/0x600
[ 51.576020][ T380] ? __local_bh_enable_ip+0x28/0x60
[ 51.581051][ T380] ? xfrmi6_err+0x440/0x440
[ 51.585392][ T380] sock_map_close+0x253/0x310
[ 51.589906][ T380] ? sock_map_lookup+0x300/0x300
[ 51.594770][ T380] ? do_lock_file_wait+0x320/0x320
[ 51.599710][ T380] ? down_write_killable+0x2c0/0x2c0
[ 51.604841][ T380] unix_release+0x73/0xe0
[ 51.609000][ T380] __sock_release+0xc2/0x270
[ 51.613426][ T380] sock_close+0x10/0x20
[ 51.617422][ T380] __fput+0x317/0x960
[ 51.621237][ T380] ____fput+0x9/0x10
[ 51.624986][ T380] task_work_run+0xc2/0x150
[ 51.629401][ T380] exit_to_user_mode_prepare+0x140/0x150
[ 51.634864][ T380] syscall_exit_to_user_mode+0x21/0x40
[ 51.640251][ T380] do_syscall_64+0x42/0xb0
[ 51.644522][ T380] entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 51.650227][ T380] RIP: 0033:0x7f31b5b259da
[ 51.654480][ T380] Code: 48 3d 00 f0 ff ff 77 48 c3 0f 1f 80 00 00 00 00 48 83 ec 18 89 7c 24 0c e8 03 7f 02 00 8b 7c 24 0c 89 c2 b8 03 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 36 89 d7 89 44 24 0c e8 63 7f 02 00 8b 44 24
[ 51.673932][ T380] RSP: 002b:00007ffdbe193520 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[ 51.682167][ T380] RAX: 0000000000000000 RBX: 0000000000000004 RCX: 00007f31b5b259da
[ 51.689977][ T380] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003
[ 51.697875][ T380] RBP: 00007f31b5c47980 R08: 0000001b31460000 R09: 00007ffdbe1d4080
[ 51.706471][ T380] R10: 0000000000000000 R11: 0000000000000293 R12: 000000000000cadf
[ 51.714370][ T380] R13: ffffffffffffffff R14: 00007f31b56aa000 R15: 000000000000c79e
[ 51.722282][ T380]
[ 51.725139][ T380]
[ 51.727309][ T380] Allocated by task 381:
[ 51.731488][ T380] kasan_save_stack+0x26/0x50
[ 51.736089][ T380] __kasan_slab_alloc+0x94/0xc0
[ 51.740770][ T380] kmem_cache_alloc+0x197/0x480
[ 51.745459][ T380] skb_clone+0x131/0x310
[ 51.749537][ T380] sk_psock_verdict_recv+0x4a/0x9e0
[ 51.754571][ T380] unix_read_sock+0xd8/0x200
[ 51.759004][ T380] sk_psock_verdict_data_ready+0x104/0x170
[ 51.764646][ T380] unix_dgram_sendmsg+0xc13/0x16d0
[ 51.769585][ T380] __sock_sendmsg+0xb5/0xf0
[ 51.774444][ T380] ____sys_sendmsg+0x3f3/0x990
[ 51.779134][ T380] ___sys_sendmsg+0xfc/0x190
[ 51.783566][ T380] __sys_sendmmsg+0x160/0x340
[ 51.788080][ T380] __x64_sys_sendmmsg+0x98/0xf0
[ 51.792762][ T380] do_syscall_64+0x35/0xb0
[ 51.797104][ T380] entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 51.802829][ T380]
[ 51.805006][ T380] Freed by task 37:
[ 51.808644][ T380] kasan_save_stack+0x26/0x50
[ 51.813156][ T380] kasan_set_track+0x25/0x30
[ 51.817582][ T380] kasan_set_free_info+0x24/0x40
[ 51.822360][ T380] __kasan_slab_free+0x111/0x150
[ 51.827233][ T380] slab_free_freelist_hook+0x94/0x1a0
[ 51.832423][ T380] kmem_cache_free+0x105/0x250
[ 51.837026][ T380] kfree_skbmem+0x95/0x140
[ 51.841277][ T380] kfree_skb_reason+0xbb/0x2b0
[ 51.845966][ T380] kfree_skb+0xb/0x10
[ 51.849780][ T380] sk_psock_backlog+0x694/0xd00
[ 51.854555][ T380] process_one_work+0x62c/0xec0
[ 51.859241][ T380] worker_thread+0x48e/0xdb0
[ 51.863676][ T380] kthread+0x324/0x3e0
[ 51.867575][ T380] ret_from_fork+0x1f/0x30
[ 51.871831][ T380]
[ 51.874002][ T380] The buggy address belongs to the object at ffff888109bb2780
[ 51.874002][ T380] which belongs to the cache skbuff_head_cache of size 240
[ 51.888492][ T380] The buggy address is located 0 bytes inside of
[ 51.888492][ T380] 240-byte region [ffff888109bb2780, ffff888109bb2870)
[ 51.901521][ T380] The buggy address belongs to the page:
[ 51.906982][ T380] page:ffffea000426ec80 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109bb2
[ 51.917138][ T380] flags: 0x4000000000000200(slab|zone=1)
[ 51.922620][ T380] raw: 4000000000000200 0000000000000000 dead000000000122 ffff8881002fb080
[ 51.931023][ T380] raw: 0000000000000000 00000000000c000c 00000001ffffffff 0000000000000000
[ 51.939627][ T380] page dumped because: kasan: bad access detected
[ 51.945876][ T380] page_owner tracks the page as allocated
[ 51.951531][ T380] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x112cc0(GFP_USER|__GFP_NOWARN|__GFP_NORETRY), pid 84, ts 51116285023, free_ts 50648295356
[ 51.967880][ T380] prep_new_page+0x1a2/0x310
[ 51.972305][ T380] get_page_from_freelist+0x1ce2/0x30a0
[ 51.977867][ T380] __alloc_pages+0x23f/0x2400
[ 51.982555][ T380] allocate_slab+0x39d/0x530
[ 51.986973][ T380] ___slab_alloc.constprop.0+0x3ca/0x890
[ 51.992451][ T380] __slab_alloc.constprop.0+0x42/0x80
[ 51.997753][ T380] kmem_cache_alloc+0x440/0x480
[ 52.002614][ T380] __alloc_skb+0x14b/0x250
[ 52.006864][ T380] alloc_skb_with_frags+0x76/0x4a0
[ 52.011810][ T380] sock_alloc_send_pskb+0x68b/0x840
[ 52.016845][ T380] unix_dgram_sendmsg+0x33a/0x16d0
[ 52.021928][ T380] __sock_sendmsg+0xb5/0xf0
[ 52.026222][ T380] __sys_sendto+0x1e3/0x2f0
[ 52.030740][ T380] __x64_sys_sendto+0xdc/0x1a0
[ 52.035338][ T380] do_syscall_64+0x35/0xb0
[ 52.039791][ T380] entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 52.045496][ T380] page last free stack trace:
[ 52.050015][ T380] free_pcp_prepare+0x1b6/0x4c0
[ 52.054710][ T380] free_unref_page+0x84/0x760
[ 52.059203][ T380] __free_pages+0xd7/0xf0
[ 52.063721][ T380] __free_slab+0xdb/0x1c0
[ 52.067884][ T380] discard_slab+0x2b/0x40
[ 52.072582][ T380] __unfreeze_partials+0x1e2/0x230
[ 52.077610][ T380] put_cpu_partial+0x96/0xb0
[ 52.082036][ T380] __slab_free+0x21e/0x4d0
[ 52.086291][ T380] ___cache_free+0x1ee/0x230
[ 52.091328][ T380] qlist_free_all+0x6e/0x150
[ 52.095828][ T380] kasan_quarantine_reduce+0x15f/0x1c0
[ 52.101122][ T380] __kasan_slab_alloc+0xaa/0xc0
[ 52.105839][ T380] kmem_cache_alloc+0x197/0x480
[ 52.110497][ T380] getname_flags.part.0+0x4d/0x480
[ 52.115442][ T380] getname+0x75/0xa0
[ 52.119186][ T380] do_sys_openat2+0xdf/0x8e0
[ 52.123692][ T380]
[ 52.126164][ T380] Memory state around the buggy address:
[ 52.131634][ T380] ffff888109bb2680: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 52.139657][ T380] ffff888109bb2700: fb fb fb fb fb fb fc fc fc fc fc fc fc fc fc fc
[ 52.147474][ T380] >ffff888109bb2780: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 52.155369][ T380] ^
2023/12/12 22:10:57 executed programs: 12
[ 52.159275][ T380] ffff888109bb2800: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fc fc
[ 52.167182][ T380] ffff888109bb2880: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
[ 52.175163][ T380] ==================================================================
[ 52.193669][ T384] FAULT_INJECTION: forcing a failure.
[ 52.193669][ T384] name failslab, interval 1, probability 0, space 0, times 0
[ 52.206206][ T384] CPU: 0 PID: 384 Comm: syz-executor.0 Tainted: G B 5.15.139-syzkaller #0
[ 52.215809][ T384] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/10/2023
[ 52.226049][ T384] Call Trace:
[ 52.229174][ T384]
[ 52.231962][ T384] dump_stack_lvl+0x38/0x49
[ 52.236381][ T384] dump_stack+0x10/0x12
[ 52.240372][ T384] should_fail.cold+0x5/0xa
[ 52.244708][ T384] ? sk_psock_skb_ingress_self+0x52/0x3a0
[ 52.250267][ T384] __should_failslab+0xb6/0x100
[ 52.254951][ T384] should_failslab+0x9/0x20
[ 52.259386][ T384] kmem_cache_alloc_trace+0x3f/0x490
[ 52.264614][ T384] sk_psock_skb_ingress_self+0x52/0x3a0
[ 52.269999][ T384] sk_psock_verdict_recv+0x799/0x9e0
[ 52.275139][ T384] unix_read_sock+0xd8/0x200
[ 52.279836][ T384] ? sk_psock_tls_strp_read+0x360/0x360
[ 52.285969][ T384] ? unix_compat_ioctl+0x10/0x10
[ 52.290916][ T384] sk_psock_verdict_data_ready+0x104/0x170
[ 52.296558][ T384] ? failover_event+0x330/0x330
[ 52.301350][ T384] ? _raw_spin_unlock_irqrestore+0x4d/0x80
[ 52.307055][ T384] ? skb_queue_tail+0xdc/0x150
[ 52.311748][ T384] unix_dgram_sendmsg+0xc13/0x16d0
[ 52.316739][ T384] ? unix_dgram_connect+0xc70/0xc70
[ 52.322250][ T384] ? unix_dgram_connect+0xc70/0xc70
[ 52.327478][ T384] __sock_sendmsg+0xb5/0xf0
[ 52.331812][ T384] ____sys_sendmsg+0x3f3/0x990
[ 52.336504][ T384] ? kernel_sendmsg+0x30/0x30
[ 52.341073][ T384] ? do_recvmmsg+0x5a0/0x5a0
[ 52.345457][ T384] ? __kasan_check_read+0x11/0x20
[ 52.350312][ T384] ___sys_sendmsg+0xfc/0x190
[ 52.354751][ T384] ? sendmsg_copy_msghdr+0x110/0x110
[ 52.359865][ T384] ? handle_pte_fault+0x1a2/0x2180
[ 52.365054][ T384] ? __handle_mm_fault+0x4aa/0x1380
[ 52.370087][ T384] ? do_filp_open+0x1ab/0x3f0
[ 52.374613][ T384] ? __pmd_alloc+0x330/0x330
[ 52.379047][ T384] ? __fdget+0xe/0x10
[ 52.383040][ T384] ? sockfd_lookup_light+0x1c/0x150
[ 52.388163][ T384] __sys_sendmmsg+0x160/0x340
[ 52.392940][ T384] ? __ia32_sys_sendmsg+0xb0/0xb0
[ 52.397892][ T384] ? branch_type+0x2e0/0x470
[ 52.402406][ T384] ? mutex_unlock+0x7e/0x240
[ 52.406830][ T384] ? mutex_trylock+0x260/0x260
[ 52.411431][ T384] ? vfs_write+0x2b2/0x8e0