Warning: Permanently added '10.128.1.4' (ED25519) to the list of known hosts.
2024/09/06 20:48:17 ignoring optional flag "sandboxArg"="0"
2024/09/06 20:48:17 parsed 1 programs
[ 47.443103][ T30] kauditd_printk_skb: 19 callbacks suppressed
[ 47.443120][ T30] audit: type=1400 audit(1725655697.537:95): avc: denied { unlink } for pid=350 comm="syz-executor" name="swap-file" dev="sda1" ino=1930 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
2024/09/06 20:48:17 executed programs: 0
[ 47.508309][ T350] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k
[ 47.567413][ T356] bridge0: port 1(bridge_slave_0) entered blocking state
[ 47.574517][ T356] bridge0: port 1(bridge_slave_0) entered disabled state
[ 47.581927][ T356] device bridge_slave_0 entered promiscuous mode
[ 47.589432][ T356] bridge0: port 2(bridge_slave_1) entered blocking state
[ 47.597176][ T356] bridge0: port 2(bridge_slave_1) entered disabled state
[ 47.604910][ T356] device bridge_slave_1 entered promiscuous mode
[ 47.657275][ T356] bridge0: port 2(bridge_slave_1) entered blocking state
[ 47.664569][ T356] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 47.671640][ T356] bridge0: port 1(bridge_slave_0) entered blocking state
[ 47.678698][ T356] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 47.700016][ T39] bridge0: port 1(bridge_slave_0) entered disabled state
[ 47.707934][ T39] bridge0: port 2(bridge_slave_1) entered disabled state
[ 47.716658][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[ 47.724093][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 47.743911][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 47.752311][ T39] bridge0: port 1(bridge_slave_0) entered blocking state
[ 47.759254][ T39] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 47.767340][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 47.775636][ T39] bridge0: port 2(bridge_slave_1) entered blocking state
[ 47.782477][ T39] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 47.789753][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 47.798348][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 47.812014][ T356] device veth0_vlan entered promiscuous mode
[ 47.818393][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 47.826896][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 47.835313][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[ 47.842804][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[ 47.855853][ T356] device veth1_macvtap entered promiscuous mode
[ 47.863310][ T311] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 47.874802][ T312] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 47.888250][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[ 47.907674][ T30] audit: type=1400 audit(1725655697.997:96): avc: denied { prog_load } for pid=360 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1
[ 47.928190][ T30] audit: type=1400 audit(1725655698.017:97): avc: denied { bpf } for pid=360 comm="syz-executor.0" capability=39 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1
[ 47.949607][ T30] audit: type=1400 audit(1725655698.017:98): avc: denied { perfmon } for pid=360 comm="syz-executor.0" capability=38 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1
[ 47.971537][ T30] audit: type=1400 audit(1725655698.037:99): avc: denied { read } for pid=83 comm="syslogd" name="log" dev="sda1" ino=1915 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:var_t tclass=lnk_file permissive=1
[ 47.973857][ T361] FAULT_INJECTION: forcing a failure.
[ 47.973857][ T361] name fail_usercopy, interval 1, probability 0, space 0, times 1
[ 47.994123][ T30] audit: type=1400 audit(1725655698.067:100): avc: denied { prog_run } for pid=360 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1
[ 48.007495][ T361] CPU: 1 PID: 361 Comm: syz-executor.0 Not tainted 5.15.157-syzkaller-1070874-g53be7c8abe11 #0
[ 48.026703][ T30] audit: type=1400 audit(1725655698.067:101): avc: denied { map_create } for pid=360 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1
[ 48.036778][ T361] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[ 48.036803][ T361] Call Trace:
[ 48.036809][ T361]
[ 48.036816][ T361] dump_stack_lvl+0x151/0x1c0
[ 48.056141][ T30] audit: type=1400 audit(1725655698.067:102): avc: denied { map_read map_write } for pid=360 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1
[ 48.066028][ T361] ? io_uring_drop_tctx_refs+0x190/0x190
[ 48.066063][ T361] dump_stack+0x15/0x20
[ 48.107345][ T361] should_fail+0x3c6/0x510
[ 48.111567][ T361] should_fail_usercopy+0x1a/0x20
[ 48.116426][ T361] _copy_to_user+0x20/0x90
[ 48.120764][ T361] simple_read_from_buffer+0xc7/0x150
[ 48.126136][ T361] proc_fail_nth_read+0x1a3/0x210
[ 48.131095][ T361] ? proc_fault_inject_write+0x390/0x390
[ 48.136567][ T361] ? fsnotify_perm+0x470/0x5d0
[ 48.141160][ T361] ? security_file_permission+0x86/0xb0
[ 48.146627][ T361] ? proc_fault_inject_write+0x390/0x390
[ 48.152193][ T361] vfs_read+0x27d/0xd40
[ 48.156177][ T361] ? kernel_read+0x1f0/0x1f0
[ 48.160776][ T361] ? __kasan_check_write+0x14/0x20
[ 48.165809][ T361] ? mutex_lock+0xb6/0x1e0
[ 48.170075][ T361] ? wait_for_completion_killable_timeout+0x10/0x10
[ 48.176487][ T361] ? __fdget_pos+0x2e7/0x3a0
[ 48.180907][ T361] ? ksys_read+0x77/0x2c0
[ 48.185091][ T361] ksys_read+0x199/0x2c0
[ 48.189195][ T361] ? __kasan_check_write+0x14/0x20
[ 48.194235][ T361] ? vfs_write+0x1110/0x1110
[ 48.198626][ T361] ? __kasan_check_read+0x11/0x20
[ 48.203865][ T361] __x64_sys_read+0x7b/0x90
[ 48.208401][ T361] x64_sys_call+0x28/0x9a0
[ 48.212738][ T361] do_syscall_64+0x3b/0xb0
[ 48.217120][ T361] ? clear_bhb_loop+0x35/0x90
[ 48.221993][ T361] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 48.228056][ T361] RIP: 0033:0x7f3d7cbf078c
[ 48.232387][ T361] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 59 81 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 af 81 02 00 48
[ 48.252005][ T361] RSP: 002b:00007f3d7c7740c0 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[ 48.260248][ T361] RAX: ffffffffffffffda RBX: 00007f3d7cd10f80 RCX: 00007f3d7cbf078c
[ 48.268069][ T361] RDX: 000000000000000f RSI: 00007f3d7c774130 RDI: 0000000000000006
[ 48.275981][ T361] RBP: 00007f3d7c774120 R08: 0000000000000000 R09: 0000000000000000
[ 48.283771][ T361] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 48.291871][ T361] R13: 000000000000000b R14: 00007f3d7cd10f80 R15: 00007fff534e7f08
[ 48.299771][ T361]
[ 48.314800][ T366] FAULT_INJECTION: forcing a failure.
[ 48.314800][ T366] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 48.328445][ T366] CPU: 0 PID: 366 Comm: syz-executor.0 Not tainted 5.15.157-syzkaller-1070874-g53be7c8abe11 #0
[ 48.339263][ T366] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[ 48.349530][ T366] Call Trace:
[ 48.352995][ T366]
[ 48.355868][ T366] dump_stack_lvl+0x151/0x1c0
[ 48.360373][ T366] ? io_uring_drop_tctx_refs+0x190/0x190
[ 48.366022][ T366] dump_stack+0x15/0x20
[ 48.370047][ T366] should_fail+0x3c6/0x510
[ 48.374261][ T366] should_fail_usercopy+0x1a/0x20
[ 48.379199][ T366] _copy_to_user+0x20/0x90
[ 48.383465][ T366] simple_read_from_buffer+0xc7/0x150
[ 48.389433][ T366] proc_fail_nth_read+0x1a3/0x210
[ 48.394357][ T366] ? proc_fault_inject_write+0x390/0x390
[ 48.400320][ T366] ? fsnotify_perm+0x470/0x5d0
[ 48.405267][ T366] ? security_file_permission+0x86/0xb0
[ 48.410820][ T366] ? proc_fault_inject_write+0x390/0x390
[ 48.416376][ T366] vfs_read+0x27d/0xd40
[ 48.420478][ T366] ? kernel_read+0x1f0/0x1f0
[ 48.425090][ T366] ? __kasan_check_write+0x14/0x20
[ 48.430288][ T366] ? mutex_lock+0xb6/0x1e0
[ 48.434801][ T366] ? wait_for_completion_killable_timeout+0x10/0x10
[ 48.441830][ T366] ? __fdget_pos+0x2e7/0x3a0
[ 48.446380][ T366] ? ksys_read+0x77/0x2c0
[ 48.450699][ T366] ksys_read+0x199/0x2c0
[ 48.454813][ T366] ? __kasan_check_write+0x14/0x20
[ 48.459761][ T366] ? vfs_write+0x1110/0x1110
[ 48.464355][ T366] ? __kasan_check_read+0x11/0x20
[ 48.469298][ T366] __x64_sys_read+0x7b/0x90
[ 48.473637][ T366] x64_sys_call+0x28/0x9a0
[ 48.477971][ T366] do_syscall_64+0x3b/0xb0
[ 48.482312][ T366] ? clear_bhb_loop+0x35/0x90
[ 48.486850][ T366] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 48.492765][ T366] RIP: 0033:0x7f3d7cbf078c
[ 48.497023][ T366] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 59 81 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 af 81 02 00 48
[ 48.517023][ T366] RSP: 002b:00007f3d7c7740c0 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[ 48.525378][ T366] RAX: ffffffffffffffda RBX: 00007f3d7cd10f80 RCX: 00007f3d7cbf078c
[ 48.533253][ T366] RDX: 000000000000000f RSI: 00007f3d7c774130 RDI: 0000000000000006
[ 48.541059][ T366] RBP: 00007f3d7c774120 R08: 0000000000000000 R09: 0000000000000000
[ 48.548871][ T366] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 48.556766][ T366] R13: 000000000000000b R14: 00007f3d7cd10f80 R15: 00007fff534e7f08
[ 48.564765][ T366]
[ 48.578061][ T368] FAULT_INJECTION: forcing a failure.
[ 48.578061][ T368] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 48.591649][ T368] CPU: 0 PID: 368 Comm: syz-executor.0 Not tainted 5.15.157-syzkaller-1070874-g53be7c8abe11 #0
[ 48.602365][ T368] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[ 48.613164][ T368] Call Trace:
[ 48.616482][ T368]
[ 48.619256][ T368] dump_stack_lvl+0x151/0x1c0
[ 48.623985][ T368] ? io_uring_drop_tctx_refs+0x190/0x190
[ 48.629572][ T368] dump_stack+0x15/0x20
[ 48.633514][ T368] should_fail+0x3c6/0x510
[ 48.637933][ T368] should_fail_usercopy+0x1a/0x20
[ 48.643118][ T368] _copy_to_user+0x20/0x90
[ 48.647577][ T368] simple_read_from_buffer+0xc7/0x150
[ 48.653044][ T368] proc_fail_nth_read+0x1a3/0x210
[ 48.657900][ T368] ? proc_fault_inject_write+0x390/0x390
[ 48.663538][ T368] ? fsnotify_perm+0x470/0x5d0
[ 48.668242][ T368] ? security_file_permission+0x86/0xb0
[ 48.673788][ T368] ? proc_fault_inject_write+0x390/0x390
[ 48.679433][ T368] vfs_read+0x27d/0xd40
[ 48.683678][ T368] ? kernel_read+0x1f0/0x1f0
[ 48.688307][ T368] ? __kasan_check_write+0x14/0x20
[ 48.693530][ T368] ? mutex_lock+0xb6/0x1e0
[ 48.698171][ T368] ? wait_for_completion_killable_timeout+0x10/0x10
[ 48.705138][ T368] ? __fdget_pos+0x2e7/0x3a0
[ 48.709571][ T368] ? ksys_read+0x77/0x2c0
[ 48.714106][ T368] ksys_read+0x199/0x2c0
[ 48.718725][ T368] ? __kasan_check_write+0x14/0x20
[ 48.724099][ T368] ? vfs_write+0x1110/0x1110
[ 48.728522][ T368] ? __kasan_check_read+0x11/0x20
[ 48.733728][ T368] __x64_sys_read+0x7b/0x90
[ 48.738163][ T368] x64_sys_call+0x28/0x9a0
[ 48.742411][ T368] do_syscall_64+0x3b/0xb0
[ 48.747194][ T368] ? clear_bhb_loop+0x35/0x90
[ 48.751811][ T368] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 48.757885][ T368] RIP: 0033:0x7f3d7cbf078c
[ 48.762261][ T368] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 59 81 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 af 81 02 00 48
[ 48.782400][ T368] RSP: 002b:00007f3d7c7740c0 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[ 48.790730][ T368] RAX: ffffffffffffffda RBX: 00007f3d7cd10f80 RCX: 00007f3d7cbf078c
[ 48.798637][ T368] RDX: 000000000000000f RSI: 00007f3d7c774130 RDI: 0000000000000006
[ 48.806447][ T368] RBP: 00007f3d7c774120 R08: 0000000000000000 R09: 0000000000000000
[ 48.814981][ T368] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 48.823353][ T368] R13: 000000000000000b R14: 00007f3d7cd10f80 R15: 00007fff534e7f08
[ 48.831429][ T368]
[ 48.844451][ T370] FAULT_INJECTION: forcing a failure.
[ 48.844451][ T370] name failslab, interval 1, probability 0, space 0, times 1
[ 48.857563][ T370] CPU: 0 PID: 370 Comm: syz-executor.0 Not tainted 5.15.157-syzkaller-1070874-g53be7c8abe11 #0
[ 48.867905][ T370] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[ 48.877793][ T370] Call Trace:
[ 48.880913][ T370]
[ 48.883688][ T370] dump_stack_lvl+0x151/0x1c0
[ 48.888226][ T370] ? io_uring_drop_tctx_refs+0x190/0x190
[ 48.894104][ T370] dump_stack+0x15/0x20
[ 48.898550][ T370] should_fail+0x3c6/0x510
[ 48.902972][ T370] __should_failslab+0xa4/0xe0
[ 48.907739][ T370] should_failslab+0x9/0x20
[ 48.912607][ T370] slab_pre_alloc_hook+0x37/0xd0
[ 48.917672][ T370] kmem_cache_alloc_trace+0x48/0x210
[ 48.922980][ T370] ? sk_psock_skb_ingress_self+0x60/0x330
[ 48.928616][ T370] ? migrate_disable+0x190/0x190
[ 48.933473][ T370] sk_psock_skb_ingress_self+0x60/0x330
[ 48.939529][ T370] sk_psock_verdict_recv+0x66d/0x840
[ 48.944906][ T370] unix_read_sock+0x132/0x370
[ 48.949583][ T370] ? sk_psock_skb_redirect+0x440/0x440
[ 48.954863][ T370] ? unix_stream_splice_actor+0x120/0x120
[ 48.960429][ T370] ? _raw_spin_lock_irqsave+0xf9/0x210
[ 48.966228][ T370] ? unix_stream_splice_actor+0x120/0x120
[ 48.971782][ T370] sk_psock_verdict_data_ready+0x147/0x1a0
[ 48.977780][ T370] ? sk_psock_start_verdict+0xc0/0xc0
[ 48.983824][ T370] ? _raw_spin_lock+0xa4/0x1b0
[ 48.988727][ T370] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 48.994466][ T370] ? skb_queue_tail+0xfb/0x120
[ 48.999431][ T370] unix_dgram_sendmsg+0x15fa/0x2090
[ 49.004542][ T370] ? unix_dgram_poll+0x710/0x710
[ 49.009396][ T370] ? __kasan_check_write+0x14/0x20
[ 49.014340][ T370] ? __cpuidle_text_end+0x2/0x2
[ 49.019223][ T370] ? cgroup_rstat_updated+0xe5/0x370
[ 49.024626][ T370] ? security_socket_sendmsg+0x82/0xb0
[ 49.030026][ T370] ? unix_dgram_poll+0x710/0x710
[ 49.035059][ T370] ____sys_sendmsg+0x59e/0x8f0
[ 49.039598][ T370] ? __sys_sendmsg_sock+0x40/0x40
[ 49.044825][ T370] ? import_iovec+0xe5/0x120
[ 49.049340][ T370] ___sys_sendmsg+0x252/0x2e0
[ 49.053851][ T370] ? __sys_sendmsg+0x260/0x260
[ 49.058541][ T370] ? __kasan_check_write+0x14/0x20
[ 49.063493][ T370] ? proc_fail_nth_write+0x20b/0x290
[ 49.068613][ T370] ? __fdget+0x1bc/0x240
[ 49.072687][ T370] __sys_sendmmsg+0x2bf/0x530
[ 49.077202][ T370] ? __ia32_sys_sendmsg+0x90/0x90
[ 49.082220][ T370] ? mutex_unlock+0xb2/0x260
[ 49.086660][ T370] ? __kasan_check_write+0x14/0x20
[ 49.091689][ T370] ? __ia32_sys_read+0x90/0x90
[ 49.096414][ T370] ? debug_smp_processor_id+0x17/0x20
[ 49.101834][ T370] ? fpregs_assert_state_consistent+0xb6/0xe0
[ 49.107684][ T370] __x64_sys_sendmmsg+0xa0/0xb0
[ 49.112381][ T370] x64_sys_call+0x81d/0x9a0
[ 49.116924][ T370] do_syscall_64+0x3b/0xb0
[ 49.121256][ T370] ? clear_bhb_loop+0x35/0x90
[ 49.126148][ T370] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 49.132053][ T370] RIP: 0033:0x7f3d7cbf1ae9
[ 49.136311][ T370] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[ 49.156391][ T370] RSP: 002b:00007f3d7c7740c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 49.165059][ T370] RAX: ffffffffffffffda RBX: 00007f3d7cd10f80 RCX: 00007f3d7cbf1ae9
[ 49.172891][ T370] RDX: 0000000000000001 RSI: 00000000200063c0 RDI: 0000000000000003
[ 49.181143][ T370] RBP: 00007f3d7c774120 R08: 0000000000000000 R09: 0000000000000000
[ 49.189166][ T370] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 49.196980][ T370] R13: 000000000000000b R14: 00007f3d7cd10f80 R15: 00007fff534e7f08
[ 49.204943][ T370]
[ 49.211247][ T369] ==================================================================
[ 49.219564][ T369] BUG: KASAN: use-after-free in consume_skb+0x3c/0x250
[ 49.226383][ T369] Read of size 4 at addr ffff88810cbca4ac by task syz-executor.0/369
[ 49.234345][ T369]
[ 49.236510][ T369] CPU: 0 PID: 369 Comm: syz-executor.0 Not tainted 5.15.157-syzkaller-1070874-g53be7c8abe11 #0
[ 49.247416][ T369] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[ 49.257774][ T369] Call Trace:
[ 49.261248][ T369]
[ 49.264034][ T369] dump_stack_lvl+0x151/0x1c0
[ 49.268614][ T369] ? io_uring_drop_tctx_refs+0x190/0x190
[ 49.274082][ T369] ? panic+0x760/0x760
[ 49.278120][ T369] ? debug_smp_processor_id+0x17/0x20
[ 49.283415][ T369] print_address_description+0x87/0x3b0
[ 49.288805][ T369] kasan_report+0x179/0x1c0
[ 49.293150][ T369] ? consume_skb+0x3c/0x250
[ 49.297558][ T369] ? consume_skb+0x3c/0x250
[ 49.301897][ T369] kasan_check_range+0x293/0x2a0
[ 49.306676][ T369] __kasan_check_read+0x11/0x20
[ 49.311475][ T369] consume_skb+0x3c/0x250
[ 49.315730][ T369] __sk_msg_free+0x2dd/0x370
[ 49.320156][ T369] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 49.325809][ T369] sk_psock_stop+0x44c/0x4d0
[ 49.330319][ T369] ? unix_peer_get+0xe0/0xe0
[ 49.334738][ T369] sock_map_close+0x2b9/0x4c0
[ 49.339431][ T369] ? sock_map_remove_links+0x650/0x650
[ 49.344738][ T369] ? rwsem_mark_wake+0x770/0x770
[ 49.349679][ T369] unix_release+0x82/0xc0
[ 49.353845][ T369] sock_close+0xdf/0x270
[ 49.358101][ T369] ? sock_mmap+0xa0/0xa0
[ 49.363149][ T369] __fput+0x3fe/0x910
[ 49.367253][ T369] ____fput+0x15/0x20
[ 49.371097][ T369] task_work_run+0x129/0x190
[ 49.375713][ T369] exit_to_user_mode_loop+0xc4/0xe0
[ 49.381046][ T369] exit_to_user_mode_prepare+0x5a/0xa0
[ 49.386621][ T369] syscall_exit_to_user_mode+0x26/0x160
[ 49.392325][ T369] do_syscall_64+0x47/0xb0
[ 49.396705][ T369] ? clear_bhb_loop+0x35/0x90
[ 49.401348][ T369] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 49.407203][ T369] RIP: 0033:0x7f3d7cbf09da
[ 49.411431][ T369] Code: 48 3d 00 f0 ff ff 77 48 c3 0f 1f 80 00 00 00 00 48 83 ec 18 89 7c 24 0c e8 03 7f 02 00 8b 7c 24 0c 89 c2 b8 03 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 36 89 d7 89 44 24 0c e8 63 7f 02 00 8b 44 24
[ 49.431463][ T369] RSP: 002b:00007fff534e7fd0 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[ 49.440196][ T369] RAX: 0000000000000000 RBX: 0000000000000004 RCX: 00007f3d7cbf09da
[ 49.448087][ T369] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003
[ 49.456297][ T369] RBP: 00007f3d7cd12980 R08: 0000001b31f60000 R09: 00007fff535d30b0
[ 49.464093][ T369] R10: 0000000000000000 R11: 0000000000000293 R12: 000000000000c1f4
[ 49.472379][ T369] R13: ffffffffffffffff R14: 00007f3d7c775000 R15: 000000000000beb3
[ 49.480369][ T369]
[ 49.483329][ T369]
[ 49.485635][ T369] Allocated by task 370:
[ 49.489677][ T369] __kasan_slab_alloc+0xb1/0xe0
[ 49.494539][ T369] slab_post_alloc_hook+0x53/0x2c0
[ 49.499487][ T369] kmem_cache_alloc+0xf5/0x200
[ 49.504217][ T369] skb_clone+0x1d1/0x360
[ 49.508359][ T369] sk_psock_verdict_recv+0x53/0x840
[ 49.513414][ T369] unix_read_sock+0x132/0x370
[ 49.517999][ T369] sk_psock_verdict_data_ready+0x147/0x1a0
[ 49.523651][ T369] unix_dgram_sendmsg+0x15fa/0x2090
[ 49.528670][ T369] ____sys_sendmsg+0x59e/0x8f0
[ 49.533465][ T369] ___sys_sendmsg+0x252/0x2e0
[ 49.537975][ T369] __sys_sendmmsg+0x2bf/0x530
[ 49.542665][ T369] __x64_sys_sendmmsg+0xa0/0xb0
[ 49.547593][ T369] x64_sys_call+0x81d/0x9a0
[ 49.551884][ T369] do_syscall_64+0x3b/0xb0
[ 49.556262][ T369] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 49.562097][ T369]
[ 49.564338][ T369] Freed by task 312:
[ 49.568402][ T369] kasan_set_track+0x4b/0x70
[ 49.573377][ T369] kasan_set_free_info+0x23/0x40
[ 49.578235][ T369] ____kasan_slab_free+0x126/0x160
[ 49.583422][ T369] __kasan_slab_free+0x11/0x20
[ 49.588008][ T369] slab_free_freelist_hook+0xbd/0x190
[ 49.593384][ T369] kmem_cache_free+0x116/0x2e0
[ 49.598077][ T369] kfree_skbmem+0x104/0x170
[ 49.602640][ T369] kfree_skb+0xc2/0x360
[ 49.606634][ T369] sk_psock_backlog+0xc21/0xd90
[ 49.611486][ T369] process_one_work+0x6bb/0xc10
[ 49.616548][ T369] worker_thread+0xad5/0x12a0
[ 49.621147][ T369] kthread+0x421/0x510
[ 49.625205][ T369] ret_from_fork+0x1f/0x30
[ 49.629468][ T369]
[ 49.631708][ T369] The buggy address belongs to the object at ffff88810cbca3c0
[ 49.631708][ T369] which belongs to the cache skbuff_head_cache of size 248
[ 49.646214][ T369] The buggy address is located 236 bytes inside of
[ 49.646214][ T369] 248-byte region [ffff88810cbca3c0, ffff88810cbca4b8)
[ 49.659714][ T369] The buggy address belongs to the page:
[ 49.665396][ T369] page:ffffea000432f280 refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff88810cbca000 pfn:0x10cbca
[ 49.677273][ T369] flags: 0x4000000000000200(slab|zone=1)
[ 49.682881][ T369] raw: 4000000000000200 0000000000000000 0000000a00000001 ffff8881081b3b00
[ 49.691668][ T369] raw: ffff88810cbca000 00000000800c000a 00000001ffffffff 0000000000000000
[ 49.700080][ T369] page dumped because: kasan: bad access detected
[ 49.706319][ T369] page_owner tracks the page as allocated
[ 49.712211][ T369] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x12cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY), pid 90, ts 3922485252, free_ts 0
[ 49.728236][ T369] post_alloc_hook+0x1a3/0x1b0
[ 49.733046][ T369] prep_new_page+0x1b/0x110
[ 49.737540][ T369] get_page_from_freelist+0x3550/0x35d0
[ 49.743381][ T369] __alloc_pages+0x27e/0x8f0
[ 49.747806][ T369] new_slab+0x9a/0x4e0
[ 49.751711][ T369] ___slab_alloc+0x39e/0x830
[ 49.756251][ T369] __slab_alloc+0x4a/0x90
[ 49.760404][ T369] kmem_cache_alloc+0x134/0x200
[ 49.765791][ T369] __alloc_skb+0xbe/0x550
[ 49.770132][ T369] alloc_skb_with_frags+0xa6/0x680
[ 49.775511][ T369] sock_alloc_send_pskb+0x915/0xa50
[ 49.780640][ T369] unix_dgram_sendmsg+0x6fd/0x2090
[ 49.785608][ T369] __sys_sendto+0x564/0x720
[ 49.789917][ T369] __x64_sys_sendto+0xe5/0x100
[ 49.794600][ T369] x64_sys_call+0x15c/0x9a0
[ 49.798940][ T369] do_syscall_64+0x3b/0xb0
[ 49.803313][ T369] page_owner free stack trace missing
[ 49.808615][ T369]
[ 49.810947][ T369] Memory state around the buggy address:
[ 49.816726][ T369] ffff88810cbca380: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
[ 49.825415][ T369] ffff88810cbca400: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 49.833547][ T369] >ffff88810cbca480: fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc fc
[ 49.841359][ T369] ^
[ 49.846832][ T369] ffff88810cbca500: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 49.854896][ T369] ffff88810cbca580: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fc
[ 49.862795][ T369] ==================================================================
[ 49.870944][ T369] Disabling lock debugging due to kernel taint
[ 49.877353][ T369] ==================================================================
[ 49.885629][ T369] BUG: KASAN: double-free or invalid-free in kmem_cache_free+0x116/0x2e0
[ 49.894151][ T369]
[ 49.896424][ T369] CPU: 0 PID: 369 Comm: syz-executor.0 Tainted: G B 5.15.157-syzkaller-1070874-g53be7c8abe11 #0
[ 49.908540][ T369] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[ 49.918914][ T369] Call Trace:
[ 49.922289][ T369]
[ 49.925057][ T369] dump_stack_lvl+0x151/0x1c0
[ 49.929763][ T369] ? io_uring_drop_tctx_refs+0x190/0x190
[ 49.935239][ T369] ? __wake_up_klogd+0xd5/0x110
[ 49.940184][ T369] ? panic+0x760/0x760
[ 49.944088][ T369] ? kmem_cache_free+0x116/0x2e0
[ 49.949043][ T369] print_address_description+0x87/0x3b0
[ 49.954561][ T369] ? asm_sysvec_apic_timer_interrupt+0x1b/0x20
[ 49.960756][ T369] ? kmem_cache_free+0x116/0x2e0
[ 49.965792][ T369] ? kmem_cache_free+0x116/0x2e0
[ 49.970570][ T369] kasan_report_invalid_free+0x6b/0xa0
[ 49.975861][ T369] ____kasan_slab_free+0x13e/0x160
[ 49.981101][ T369] __kasan_slab_free+0x11/0x20
[ 49.985859][ T369] slab_free_freelist_hook+0xbd/0x190
[ 49.991163][ T369] ? kfree_skbmem+0x104/0x170
[ 49.995684][ T369] kmem_cache_free+0x116/0x2e0
[ 50.000450][ T369] kfree_skbmem+0x104/0x170
[ 50.005007][ T369] consume_skb+0xb4/0x250
[ 50.009231][ T369] __sk_msg_free+0x2dd/0x370
[ 50.013659][ T369] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 50.019388][ T369] sk_psock_stop+0x44c/0x4d0
[ 50.024023][ T369] ? unix_peer_get+0xe0/0xe0
[ 50.028424][ T369] sock_map_close+0x2b9/0x4c0
[ 50.032998][ T369] ? sock_map_remove_links+0x650/0x650
[ 50.038340][ T369] ? rwsem_mark_wake+0x770/0x770
[ 50.043429][ T369] unix_release+0x82/0xc0
[ 50.047943][ T369] sock_close+0xdf/0x270
[ 50.052031][ T369] ? sock_mmap+0xa0/0xa0
[ 50.056777][ T369] __fput+0x3fe/0x910
[ 50.060575][ T369] ____fput+0x15/0x20
[ 50.064426][ T369] task_work_run+0x129/0x190
[ 50.069085][ T369] exit_to_user_mode_loop+0xc4/0xe0
[ 50.074405][ T369] exit_to_user_mode_prepare+0x5a/0xa0
[ 50.079914][ T369] syscall_exit_to_user_mode+0x26/0x160
[ 50.085745][ T369] do_syscall_64+0x47/0xb0
[ 50.090294][ T369] ? clear_bhb_loop+0x35/0x90
[ 50.095180][ T369] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 50.101393][ T369] RIP: 0033:0x7f3d7cbf09da
[ 50.105876][ T369] Code: 48 3d 00 f0 ff ff 77 48 c3 0f 1f 80 00 00 00 00 48 83 ec 18 89 7c 24 0c e8 03 7f 02 00 8b 7c 24 0c 89 c2 b8 03 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 36 89 d7 89 44 24 0c e8 63 7f 02 00 8b 44 24
[ 50.126792][ T369] RSP: 002b:00007fff534e7fd0 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[ 50.136300][ T369] RAX: 0000000000000000 RBX: 0000000000000004 RCX: 00007f3d7cbf09da
[ 50.144404][ T369] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003
[ 50.152387][ T369] RBP: 00007f3d7cd12980 R08: 0000001b31f60000 R09: 00007fff535d30b0
[ 50.160199][ T369] R10: 0000000000000000 R11: 0000000000000293 R12: 000000000000c1f4
[ 50.168838][ T369] R13: ffffffffffffffff R14: 00007f3d7c775000 R15: 000000000000beb3
[ 50.176738][ T369]
[ 50.179595][ T369]
[ 50.181877][ T369] Allocated by task 370:
[ 50.186085][ T369] __kasan_slab_alloc+0xb1/0xe0
[ 50.190762][ T369] slab_post_alloc_hook+0x53/0x2c0
[ 50.195730][ T369] kmem_cache_alloc+0xf5/0x200
[ 50.200397][ T369] skb_clone+0x1d1/0x360
[ 50.204646][ T369] sk_psock_verdict_recv+0x53/0x840
[ 50.209680][ T369] unix_read_sock+0x132/0x370
[ 50.214204][ T369] sk_psock_verdict_data_ready+0x147/0x1a0
[ 50.219927][ T369] unix_dgram_sendmsg+0x15fa/0x2090
[ 50.225028][ T369] ____sys_sendmsg+0x59e/0x8f0
[ 50.229599][ T369] ___sys_sendmsg+0x252/0x2e0
[ 50.234168][ T369] __sys_sendmmsg+0x2bf/0x530
[ 50.238875][ T369] __x64_sys_sendmmsg+0xa0/0xb0
[ 50.243600][ T369] x64_sys_call+0x81d/0x9a0
[ 50.247946][ T369] do_syscall_64+0x3b/0xb0
[ 50.252282][ T369] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 50.258791][ T369]
[ 50.261006][ T369] Freed by task 312:
[ 50.264811][ T369] kasan_set_track+0x4b/0x70
[ 50.269330][ T369] kasan_set_free_info+0x23/0x40
[ 50.274189][ T369] ____kasan_slab_free+0x126/0x160
[ 50.279245][ T369] __kasan_slab_free+0x11/0x20
[ 50.283846][ T369] slab_free_freelist_hook+0xbd/0x190
[ 50.289051][ T369] kmem_cache_free+0x116/0x2e0
[ 50.293932][ T369] kfree_skbmem+0x104/0x170
[ 50.298251][ T369] kfree_skb+0xc2/0x360
[ 50.302329][ T369] sk_psock_backlog+0xc21/0xd90
[ 50.307252][ T369] process_one_work+0x6bb/0xc10
[ 50.312069][ T369] worker_thread+0xad5/0x12a0
[ 50.316699][ T369] kthread+0x421/0x510
[ 50.320714][ T369] ret_from_fork+0x1f/0x30
[ 50.324934][ T369]
[ 50.327126][ T369] The buggy address belongs to the object at ffff88810cbca3c0
[ 50.327126][ T369] which belongs to the cache skbuff_head_cache of size 248
[ 50.341773][ T369] The buggy address is located 0 bytes inside of
[ 50.341773][ T369] 248-byte region [ffff88810cbca3c0, ffff88810cbca4b8)
[ 50.355141][ T369] The buggy address belongs to the page:
[ 50.360702][ T369] page:ffffea000432f280 refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff88810cbca000 pfn:0x10cbca
[ 50.372421][ T369] flags: 0x4000000000000200(slab|zone=1)
[ 50.377907][ T369] raw: 4000000000000200 0000000000000000 0000000a00000001 ffff8881081b3b00
[ 50.387262][ T369] raw: ffff88810cbca000 00000000800c000a 00000001ffffffff 0000000000000000
[ 50.397902][ T369] page dumped because: kasan: bad access detected
[ 50.404371][ T369] page_owner tracks the page as allocated
[ 50.410104][ T369] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x12cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY), pid 90, ts 3922485252, free_ts 0
[ 50.425376][ T369] post_alloc_hook+0x1a3/0x1b0
[ 50.429971][ T369] prep_new_page+0x1b/0x110
[ 50.435207][ T369] get_page_from_freelist+0x3550/0x35d0
[ 50.440742][ T369] __alloc_pages+0x27e/0x8f0
[ 50.445151][ T369] new_slab+0x9a/0x4e0
[ 50.449152][ T369] ___slab_alloc+0x39e/0x830
[ 50.453780][ T369] __slab_alloc+0x4a/0x90
[ 50.458152][ T369] kmem_cache_alloc+0x134/0x200
[ 50.462915][ T369] __alloc_skb+0xbe/0x550
[ 50.467356][ T369] alloc_skb_with_frags+0xa6/0x680
[ 50.472591][ T369] sock_alloc_send_pskb+0x915/0xa50
[ 50.477782][ T369] unix_dgram_sendmsg+0x6fd/0x2090
[ 50.482708][ T369] __sys_sendto+0x564/0x720
[ 50.487130][ T369] __x64_sys_sendto+0xe5/0x100
[ 50.491912][ T369] x64_sys_call+0x15c/0x9a0
[ 50.496327][ T369] do_syscall_64+0x3b/0xb0
[ 50.500741][ T369] page_owner free stack trace missing
[ 50.505998][ T369]
[ 50.508135][ T369] Memory state around the buggy address:
[ 50.513839][ T369] ffff88810cbca280: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 50.521827][ T369] ffff88810cbca300: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fc
[ 50.529899][ T369] >ffff88810cbca380: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
[ 50.538007][ T369] ^
[ 50.544334][ T369] ffff88810cbca400: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 50.552808][ T369] ffff88810cbca480: fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc fc
[ 50.561125][ T369] ==================================================================
[ 50.580952][ T374] FAULT_INJECTION: forcing a failure.
[ 50.580952][ T374] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 50.594217][ T374] CPU: 1 PID: 374 Comm: syz-executor.0 Tainted: G B 5.15.157-syzkaller-1070874-g53be7c8abe11 #0
[ 50.605893][ T374] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[ 50.616306][ T374] Call Trace:
[ 50.619438][ T374]
[ 50.622294][ T374] dump_stack_lvl+0x151/0x1c0
[ 50.627084][ T374] ? io_uring_drop_tctx_refs+0x190/0x190
[ 50.632734][ T374] dump_stack+0x15/0x20
[ 50.636809][ T374] should_fail+0x3c6/0x510
[ 50.641320][ T374] should_fail_usercopy+0x1a/0x20
[ 50.646616][ T374] _copy_to_user+0x20/0x90
[ 50.650894][ T374] simple_read_from_buffer+0xc7/0x150
[ 50.656157][ T374] proc_fail_nth_read+0x1a3/0x210
[ 50.661276][ T374] ? proc_fault_inject_write+0x390/0x390
[ 50.666963][ T374] ? fsnotify_perm+0x470/0x5d0
[ 50.671642][ T374] ? security_file_permission+0x86/0xb0
[ 50.677023][ T374] ? proc_fault_inject_write+0x390/0x390
[ 50.682668][ T374] vfs_read+0x27d/0xd40
[ 50.686678][ T374] ? kernel_read+0x1f0/0x1f0
[ 50.691164][ T374] ? __kasan_check_write+0x14/0x20
[ 50.696708][ T374] ? mutex_lock+0xb6/0x1e0
[ 50.701210][ T374] ? wait_for_completion_killable_timeout+0x10/0x10
[ 50.707635][ T374] ? __fdget_pos+0x2e7/0x3a0
[ 50.712567][ T374] ? ksys_read+0x77/0x2c0
[ 50.716844][ T374] ksys_read+0x199/0x2c0
[ 50.721925][ T374] ? __kasan_check_write+0x14/0x20
[ 50.726880][ T374] ? vfs_write+0x1110/0x1110
[ 50.731395][ T374] ? __kasan_check_read+0x11/0x20
[ 50.736780][ T374] __x64_sys_read+0x7b/0x90
[ 50.741279][ T374] x64_sys_call+0x28/0x9a0
[ 50.745751][ T374] do_syscall_64+0x3b/0xb0
[ 50.750087][ T374] ? clear_bhb_loop+0x35/0x90
[ 50.754598][ T374] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 50.760327][ T374] RIP: 0033:0x7f3d7cbf078c
[ 50.764582][ T374] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 59 81 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 af 81 02 00 48
[ 50.784022][ T374] RSP: 002b:00007f3d7c7740c0 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[ 50.792663][ T374] RAX: ffffffffffffffda RBX: 00007f3d7cd10f80 RCX: 00007f3d7cbf078c
[ 50.801022][ T374] RDX: 000000000000000f RSI: 00007f3d7c774130 RDI: 0000000000000006
[ 50.809205][ T374] RBP: 00007f3d7c774120 R08: 0000000000000000 R09: 0000000000000000
[ 50.817320][ T374] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 50.825712][ T374] R13: 000000000000000b R14: 00007f3d7cd10f80 R15: 00007fff534e7f08
[ 50.833972][ T374]
[ 50.848030][ T376] FAULT_INJECTION: forcing a failure.
[ 50.848030][ T376] name failslab, interval 1, probability 0, space 0, times 0
[ 50.861077][ T376] CPU: 0 PID: 376 Comm: syz-executor.0 Tainted: G B 5.15.157-syzkaller-1070874-g53be7c8abe11 #0
[ 50.872802][ T376] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[ 50.883028][ T376] Call Trace:
[ 50.886262][ T376]
[ 50.889130][ T376] dump_stack_lvl+0x151/0x1c0
[ 50.893994][ T376] ? io_uring_drop_tctx_refs+0x190/0x190
[ 50.899624][ T376] dump_stack+0x15/0x20
[ 50.903702][ T376] should_fail+0x3c6/0x510
[ 50.908013][ T376] __should_failslab+0xa4/0xe0
[ 50.912974][ T376] should_failslab+0x9/0x20
[ 50.917691][ T376] slab_pre_alloc_hook+0x37/0xd0
[ 50.922461][ T376] kmem_cache_alloc_trace+0x48/0x210
[ 50.927786][ T376] ? sk_psock_skb_ingress_self+0x60/0x330
[ 50.933503][ T376] ? migrate_disable+0x190/0x190
[ 50.938472][ T376] sk_psock_skb_ingress_self+0x60/0x330
[ 50.944100][ T376] sk_psock_verdict_recv+0x66d/0x840
[ 50.949630][ T376] unix_read_sock+0x132/0x370
[ 50.954420][ T376] ? sk_psock_skb_redirect+0x440/0x440
[ 50.959810][ T376] ? unix_stream_splice_actor+0x120/0x120
[ 50.965522][ T376] ? _raw_spin_lock_irqsave+0xf9/0x210
[ 50.970819][ T376] ? unix_stream_splice_actor+0x120/0x120
[ 50.976483][ T376] sk_psock_verdict_data_ready+0x147/0x1a0
[ 50.982294][ T376] ? sk_psock_start_verdict+0xc0/0xc0
[ 50.987771][ T376] ? _raw_spin_lock+0xa4/0x1b0
[ 50.992461][ T376] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 50.998203][ T376] ? skb_queue_tail+0xfb/0x120
[ 51.003463][ T376] unix_dgram_sendmsg+0x15fa/0x2090
[ 51.008472][ T376] ? unix_dgram_poll+0x710/0x710
[ 51.013379][ T376] ? __kasan_check_write+0x14/0x20
[ 51.018324][ T376] ? __cpuidle_text_end+0x2/0x2
[ 51.023146][ T376] ? cgroup_rstat_updated+0xe5/0x370
[ 51.028472][ T376] ? security_socket_sendmsg+0x82/0xb0
[ 51.034495][ T376] ? unix_dgram_poll+0x710/0x710
[ 51.039351][ T376] ____sys_sendmsg+0x59e/0x8f0
[ 51.043950][ T376] ? __sys_sendmsg_sock+0x40/0x40
[ 51.048843][ T376] ? import_iovec+0xe5/0x120
[ 51.053243][ T376] ___sys_sendmsg+0x252/0x2e0
[ 51.057949][ T376] ? __sys_sendmsg+0x260/0x260
[ 51.062644][ T376] ? __kasan_check_write+0x14/0x20
[ 51.068017][ T376] ? proc_fail_nth_write+0x20b/0x290
[ 51.073142][ T376] ? __fdget+0x1bc/0x240
[ 51.077498][ T376] __sys_sendmmsg+0x2bf/0x530
[ 51.082083][ T376] ? __ia32_sys_sendmsg+0x90/0x90
[ 51.087521][ T376] ? mutex_unlock+0xb2/0x260
[ 51.092390][ T376] ? __kasan_check_write+0x14/0x20
[ 51.097414][ T376] ? __ia32_sys_read+0x90/0x90
[ 51.102029][ T376] ? debug_smp_processor_id+0x17/0x20
[ 51.107314][ T376] ? fpregs_assert_state_consistent+0xb6/0xe0
[ 51.113289][ T376] __x64_sys_sendmmsg+0xa0/0xb0
[ 51.117999][ T376] x64_sys_call+0x81d/0x9a0
[ 51.122314][ T376] do_syscall_64+0x3b/0xb0
[ 51.126821][ T376] ? clear_bhb_loop+0x35/0x90
[ 51.131332][ T376] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 51.137402][ T376] RIP: 0033:0x7f3d7cbf1ae9
[ 51.141757][ T376] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[ 51.161619][ T376] RSP: 002b:00007f3d7c7740c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 51.170917][ T376] RAX: ffffffffffffffda RBX: 00007f3d7cd10f80 RCX: 00007f3d7cbf1ae9
[ 51.178893][ T376] RDX: 0000000000000001 RSI: 00000000200063c0 RDI: 0000000000000003
[ 51.187167][ T376] RBP: 00007f3d7c774120 R08: 0000000000000000 R09: 0000000000000000
[ 51.195221][ T376] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 51.203026][ T376] R13: 000000000000000b R14: 00007f3d7cd10f80 R15: 00007fff534e7f08
[ 51.211029][ T376]
[ 51.217088][ T375] ==================================================================
[ 51.224978][ T375] BUG: KASAN: double-free or invalid-free in kmem_cache_free+0x116/0x2e0
[ 51.233219][ T375]
[ 51.235388][ T375] CPU: 0 PID: 375 Comm: syz-executor.0 Tainted: G B 5.15.157-syzkaller-1070874-g53be7c8abe11 #0
[ 51.247219][ T375] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[ 51.257193][ T375] Call Trace:
[ 51.260414][ T375]
[ 51.263284][ T375] dump_stack_lvl+0x151/0x1c0
[ 51.267967][ T375] ? io_uring_drop_tctx_refs+0x190/0x190
[ 51.273624][ T375] ? __wake_up_klogd+0xd5/0x110
[ 51.278320][ T375] ? panic+0x760/0x760
[ 51.282303][ T375] ? kmem_cache_free+0x116/0x2e0
[ 51.287167][ T375] print_address_description+0x87/0x3b0
[ 51.292567][ T375] ? kmem_cache_free+0x116/0x2e0
[ 51.297403][ T375] ? kmem_cache_free+0x116/0x2e0
[ 51.302306][ T375] kasan_report_invalid_free+0x6b/0xa0
[ 51.307685][ T375] ____kasan_slab_free+0x13e/0x160
[ 51.313208][ T375] __kasan_slab_free+0x11/0x20
[ 51.318138][ T375] slab_free_freelist_hook+0xbd/0x190
[ 51.323433][ T375] ? kfree_skbmem+0x104/0x170
[ 51.328289][ T375] kmem_cache_free+0x116/0x2e0
[ 51.332975][ T375] kfree_skbmem+0x104/0x170
[ 51.337390][ T375] consume_skb+0xb4/0x250
[ 51.341556][ T375] __sk_msg_free+0x2dd/0x370
[ 51.346079][ T375] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 51.351746][ T375] sk_psock_stop+0x44c/0x4d0
[ 51.356233][ T375] ? unix_peer_get+0xe0/0xe0
[ 51.360659][ T375] sock_map_close+0x2b9/0x4c0
[ 51.365827][ T375] ? sock_map_remove_links+0x650/0x650
[ 51.371469][ T375] ? rwsem_mark_wake+0x770/0x770
[ 51.376353][ T375] unix_release+0x82/0xc0
[ 51.381030][ T375] sock_close+0xdf/0x270
[ 51.385106][ T375] ? sock_mmap+0xa0/0xa0
[ 51.389489][ T375] __fput+0x3fe/0x910
[ 51.393391][ T375] ____fput+0x15/0x20
[ 51.397209][ T375] task_work_run+0x129/0x190
[ 51.402243][ T375] exit_to_user_mode_loop+0xc4/0xe0
[ 51.407712][ T375] exit_to_user_mode_prepare+0x5a/0xa0
[ 51.413399][ T375] syscall_exit_to_user_mode+0x26/0x160
[ 51.419792][ T375] do_syscall_64+0x47/0xb0
[ 51.428656][ T375] ? clear_bhb_loop+0x35/0x90
[ 51.433174][ T375] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 51.438977][ T375] RIP: 0033:0x7f3d7cbf09da
[ 51.443487][ T375] Code: 48 3d 00 f0 ff ff 77 48 c3 0f 1f 80 00 00 00 00 48 83 ec 18 89 7c 24 0c e8 03 7f 02 00 8b 7c 24 0c 89 c2 b8 03 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 36 89 d7 89 44 24 0c e8 63 7f 02 00 8b 44 24
[ 51.463501][ T375] RSP: 002b:00007fff534e7fd0 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[ 51.471924][ T375] RAX: 0000000000000000 RBX: 0000000000000004 RCX: 00007f3d7cbf09da
[ 51.480255][ T375] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003
[ 51.488157][ T375] RBP: 00007f3d7cd12980 R08: 0000001b31f60000 R09: 00007fff535d30b0
[ 51.496405][ T375] R10: 0000000000000000 R11: 0000000000000293 R12: 000000000000c9c8
[ 51.504675][ T375] R13: ffffffffffffffff R14: 00007f3d7c775000 R15: 000000000000c687
[ 51.513026][ T375]
[ 51.516022][ T375]
[ 51.518223][ T375] Allocated by task 376:
[ 51.522323][ T375] __kasan_slab_alloc+0xb1/0xe0
[ 51.527261][ T375] slab_post_alloc_hook+0x53/0x2c0
[ 51.532367][ T375] kmem_cache_alloc+0xf5/0x200
[ 51.537169][ T375] skb_clone+0x1d1/0x360
[ 51.541243][ T375] sk_psock_verdict_recv+0x53/0x840
[ 51.546371][ T375] unix_read_sock+0x132/0x370
[ 51.550888][ T375] sk_psock_verdict_data_ready+0x147/0x1a0
[ 51.556607][ T375] unix_dgram_sendmsg+0x15fa/0x2090
[ 51.561852][ T375] ____sys_sendmsg+0x59e/0x8f0
[ 51.566419][ T375] ___sys_sendmsg+0x252/0x2e0
[ 51.570977][ T375] __sys_sendmmsg+0x2bf/0x530
[ 51.575453][ T375] __x64_sys_sendmmsg+0xa0/0xb0
[ 51.580248][ T375] x64_sys_call+0x81d/0x9a0
[ 51.584973][ T375] do_syscall_64+0x3b/0xb0
[ 51.589950][ T375] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 51.595658][ T375]
[ 51.597930][ T375] Freed by task 312:
[ 51.601734][ T375] kasan_set_track+0x4b/0x70
[ 51.606160][ T375] kasan_set_free_info+0x23/0x40
[ 51.611018][ T375] ____kasan_slab_free+0x126/0x160
[ 51.616322][ T375] __kasan_slab_free+0x11/0x20
[ 51.621176][ T375] slab_free_freelist_hook+0xbd/0x190
[ 51.626381][ T375] kmem_cache_free+0x116/0x2e0
[ 51.630983][ T375] kfree_skbmem+0x104/0x170
[ 51.635678][ T375] kfree_skb+0xc2/0x360
[ 51.639832][ T375] sk_psock_backlog+0xc21/0xd90
[ 51.644519][ T375] process_one_work+0x6bb/0xc10
[ 51.649295][ T375] worker_thread+0xad5/0x12a0
[ 51.653808][ T375] kthread+0x421/0x510
[ 51.657889][ T375] ret_from_fork+0x1f/0x30
[ 51.662148][ T375]
[ 51.664664][ T375] The buggy address belongs to the object at ffff88810cda38c0
[ 51.664664][ T375] which belongs to the cache skbuff_head_cache of size 248
[ 51.680939][ T375] The buggy address is located 0 bytes inside of
[ 51.680939][ T375] 248-byte region [ffff88810cda38c0, ffff88810cda39b8)
[ 51.694048][ T375] The buggy address belongs to the page:
[ 51.699515][ T375] page:ffffea00043368c0 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10cda3
[ 51.709833][ T375] flags: 0x4000000000000200(slab|zone=1)
[ 51.715495][ T375] raw: 4000000000000200 ffffea0004336700 0000000800000008 ffff8881081b3b00
[ 51.723983][ T375] raw: 0000000000000000 00000000000c000c 00000001ffffffff 0000000000000000
[ 51.732489][ T375] page dumped because: kasan: bad access detected
[ 51.739031][ T375] page_owner tracks the page as allocated
[ 51.744581][ T375] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x12cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY), pid 90, ts 3966073705, free_ts 3960374984
[ 51.760476][ T375] post_alloc_hook+0x1a3/0x1b0
[ 51.765419][ T375] prep_new_page+0x1b/0x110
[ 51.769841][ T375] get_page_from_freelist+0x3550/0x35d0
[ 51.775320][ T375] __alloc_pages+0x27e/0x8f0
[ 51.779746][ T375] new_slab+0x9a/0x4e0
[ 51.783775][ T375] ___slab_alloc+0x39e/0x830
[ 51.788201][ T375] __slab_alloc+0x4a/0x90
[ 51.792372][ T375] kmem_cache_alloc+0x134/0x200
[ 51.797143][ T375] __alloc_skb+0xbe/0x550
[ 51.801306][ T375] alloc_skb_with_frags+0xa6/0x680
[ 51.806736][ T375] sock_alloc_send_pskb+0x915/0xa50
[ 51.812415][ T375] unix_dgram_sendmsg+0x6fd/0x2090
[ 51.817376][ T375] __sys_sendto+0x564/0x720
[ 51.821786][ T375] __x64_sys_sendto+0xe5/0x100
[ 51.826485][ T375] x64_sys_call+0x15c/0x9a0
[ 51.831257][ T375] do_syscall_64+0x3b/0xb0
[ 51.835500][ T375] page last free stack trace:
[ 51.840273][ T375] free_unref_page_prepare+0x7c8/0x7d0
[ 51.846121][ T375] free_unref_page_list+0x14b/0xa60
[ 51.851391][ T375] release_pages+0x1310/0x1370
[ 51.855983][ T375] free_pages_and_swap_cache+0x8a/0xa0
[ 51.861280][ T375] tlb_finish_mmu+0x177/0x320
[ 51.865799][ T375] exit_mmap+0x40d/0x940
[ 51.869873][ T375] __mmput+0x95/0x310
[ 51.873776][ T375] mmput+0x5b/0x170
[ 51.877520][ T375] do_exit+0xb9c/0x2ca0
[ 51.881773][ T375] do_group_exit+0x141/0x310
[ 51.886484][ T375] __x64_sys_exit_group+0x3f/0x40
[ 51.891506][ T375] x64_sys_call+0x610/0x9a0
[ 51.896022][ T375] do_syscall_64+0x3b/0xb0
[ 51.900811][ T375] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 51.906700][ T375]
[ 51.908863][ T375] Memory state around the buggy address:
[ 51.914338][ T375] ffff88810cda3780: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 51.922232][ T375] ffff88810cda3800: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fc
[ 51.930309][ T375] >ffff88810cda3880: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
[ 51.938325][ T375] ^
[ 51.944388][ T375] ffff88810cda3900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 51.952477][ T375] ffff88810cda3980: fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc fc
[ 51.960631][ T375] ==================================================================
[ 51.981793][ T379] FAULT_INJECTION: forcing a failure.
[ 51.981793][ T379] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 51.994799][ T379] CPU: 0 PID: 379 Comm: syz-executor.0 Tainted: G B 5.15.157-syzkaller-1070874-g53be7c8abe11 #0
[ 52.006544][ T379] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[ 52.016436][ T379] Call Trace:
[ 52.019588][ T379]
[ 52.022539][ T379] dump_stack_lvl+0x151/0x1c0
[ 52.027056][ T379] ? io_uring_drop_tctx_refs+0x190/0x190
[ 52.032622][ T379] dump_stack+0x15/0x20
[ 52.036598][ T379] should_fail+0x3c6/0x510
[ 52.041034][ T379] should_fail_usercopy+0x1a/0x20
[ 52.046061][ T379] _copy_to_user+0x20/0x90
[ 52.050638][ T379] simple_read_from_buffer+0xc7/0x150
[ 52.056222][ T379] proc_fail_nth_read+0x1a3/0x210
[ 52.061247][ T379] ? proc_fault_inject_write+0x390/0x390
[ 52.066888][ T379] ? fsnotify_perm+0x470/0x5d0
[ 52.071930][ T379] ? security_file_permission+0x86/0xb0
[ 52.077561][ T379] ? proc_fault_inject_write+0x390/0x390
[ 52.083227][ T379] vfs_read+0x27d/0xd40
[ 52.087213][ T379] ? kernel_read+0x1f0/0x1f0
[ 52.091675][ T379] ? __kasan_check_write+0x14/0x20
[ 52.096592][ T379] ? mutex_lock+0xb6/0x1e0
[ 52.101106][ T379] ? wait_for_completion_killable_timeout+0x10/0x10
[ 52.107531][ T379] ? __fdget_pos+0x2e7/0x3a0
[ 52.111943][ T379] ? ksys_read+0x77/0x2c0
[ 52.116225][ T379] ksys_read+0x199/0x2c0
[ 52.120435][ T379] ? __kasan_check_write+0x14/0x20
[ 52.125381][ T379] ? vfs_write+0x1110/0x1110
[ 52.129920][ T379] ? __kasan_check_read+0x11/0x20
[ 52.134776][ T379] __x64_sys_read+0x7b/0x90
[ 52.139387][ T379] x64_sys_call+0x28/0x9a0
[ 52.143657][ T379] do_syscall_64+0x3b/0xb0
[ 52.148046][ T379] ? clear_bhb_loop+0x35/0x90
[ 52.152561][ T379] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 52.158637][ T379] RIP: 0033:0x7f3d7cbf078c
[ 52.162889][ T379] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 59 81 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 af 81 02 00 48
[ 52.182877][ T379] RSP: 002b:00007f3d7c7740c0 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[ 52.191495][ T379] RAX: ffffffffffffffda RBX: 00007f3d7cd10f80 RCX: 00007f3d7cbf078c
[ 52.199363][ T379] RDX: 000000000000000f RSI: 00007f3d7c774130 RDI: 0000000000000006
[ 52.207717][ T379] RBP: 00007f3d7c774120 R08: 0000000000000000 R09: 0000000000000000
[ 52.215517][ T379] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 52.223507][ T379] R13: 000000000000000b R14: 00007f3d7cd10f80 R15: 00007fff534e7f08
[ 52.231503][ T379]
[ 52.244375][ T382] FAULT_INJECTION: forcing a failure.
[ 52.244375][ T382] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 52.257708][ T382] CPU: 1 PID: 382 Comm: syz-executor.0 Tainted: G B 5.15.157-syzkaller-1070874-g53be7c8abe11 #0
[ 52.269398][ T382] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[ 52.279287][ T382] Call Trace:
[ 52.282410][ T382]
[ 52.285190][ T382] dump_stack_lvl+0x151/0x1c0
[ 52.290062][ T382] ? io_uring_drop_tctx_refs+0x190/0x190
[ 52.295527][ T382] dump_stack+0x15/0x20
[ 52.299913][ T382] should_fail+0x3c6/0x510
[ 52.304483][ T382] should_fail_usercopy+0x1a/0x20
[ 52.309602][ T382] _copy_to_user+0x20/0x90
[ 52.314003][ T382] simple_read_from_buffer+0xc7/0x150
[ 52.319301][ T382] proc_fail_nth_read+0x1a3/0x210
[ 52.324279][ T382] ? proc_fault_inject_write+0x390/0x390
[ 52.329741][ T382] ? fsnotify_perm+0x470/0x5d0
[ 52.334344][ T382] ? security_file_permission+0x86/0xb0
[ 52.339726][ T382] ? proc_fault_inject_write+0x390/0x390
[ 52.345280][ T382] vfs_read+0x27d/0xd40
[ 52.349596][ T382] ? kernel_read+0x1f0/0x1f0
[ 52.354010][ T382] ? __kasan_check_write+0x14/0x20
[ 52.358967][ T382] ? mutex_lock+0xb6/0x1e0
[ 52.363211][ T382] ? wait_for_completion_killable_timeout+0x10/0x10
[ 52.369829][ T382] ? __fdget_pos+0x2e7/0x3a0
[ 52.374231][ T382] ? ksys_read+0x77/0x2c0
[ 52.378552][ T382] ksys_read+0x199/0x2c0
[ 52.382729][ T382] ? vfs_write+0x1110/0x1110
[ 52.387278][ T382] ? debug_smp_processor_id+0x17/0x20
[ 52.392662][ T382] ? fpregs_assert_state_consistent+0xb6/0xe0
[ 52.398709][ T382] __x64_sys_read+0x7b/0x90
[ 52.403358][ T382] x64_sys_call+0x28/0x9a0
[ 52.407704][ T382] do_syscall_64+0x3b/0xb0
[ 52.412032][ T382] ? clear_bhb_loop+0x35/0x90
[ 52.416820][ T382] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 52.422532][ T382] RIP: 0033:0x7f3d7cbf078c
[ 52.426784][ T382] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 59 81 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 af 81 02 00 48
[ 52.447000][ T382] RSP: 002b:00007f3d7c7740c0 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[ 52.455881][ T382] RAX: ffffffffffffffda RBX: 00007f3d7cd10f80 RCX: 00007f3d7cbf078c
[ 52.464179][ T382] RDX: 000000000000000f RSI: 00007f3d7c774130 RDI: 0000000000000006
[ 52.472168][ T382] RBP: 00007f3d7c774120 R08: 0000000000000000 R09: 0000000000000000
[ 52.479965][ T382] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 52.488097][ T382] R13: 000000000000000b R14: 00007f3d7cd10f80 R15: 00007fff534e7f08
[ 52.496185][ T382]
[ 52.507072][ T384] FAULT_INJECTION: forcing a failure.
[ 52.507072][ T384] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 52.520625][ T384] CPU: 0 PID: 384 Comm: syz-executor.0 Tainted: G B 5.15.157-syzkaller-1070874-g53be7c8abe11 #0
[ 52.532168][ T384] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[ 52.542448][ T384] Call Trace:
[ 52.545533][ T384]
[ 52.548310][ T384] dump_stack_lvl+0x151/0x1c0
[ 52.553014][ T384] ? io_uring_drop_tctx_refs+0x190/0x190
[ 52.558465][ T384] dump_stack+0x15/0x20
[ 52.562486][ T384] should_fail+0x3c6/0x510
[ 52.566713][ T384] should_fail_usercopy+0x1a/0x20
[ 52.571656][ T384] _copy_to_user+0x20/0x90
[ 52.575921][ T384] simple_read_from_buffer+0xc7/0x150
[ 52.581376][ T384] proc_fail_nth_read+0x1a3/0x210
[ 52.586527][ T384] ? proc_fault_inject_write+0x390/0x390
[ 52.591989][ T384] ? fsnotify_perm+0x470/0x5d0
[ 52.596833][ T384] ? security_file_permission+0x86/0xb0
[ 52.602231][ T384] ? proc_fault_inject_write+0x390/0x390
[ 52.608006][ T384] vfs_read+0x27d/0xd40
[ 52.612684][ T384] ? kernel_read+0x1f0/0x1f0
[ 52.617243][ T384] ? __kasan_check_write+0x14/0x20
[ 52.622187][ T384] ? mutex_lock+0xb6/0x1e0
[ 52.626443][ T384] ? wait_for_completion_killable_timeout+0x10/0x10
[ 52.633056][ T384] ? __fdget_pos+0x2e7/0x3a0
[ 52.637480][ T384] ? ksys_read+0x77/0x2c0
[ 52.641637][ T384] ksys_read+0x199/0x2c0
[ 52.646150][ T384] ? __kasan_check_write+0x14/0x20
[ 52.651358][ T384] ? vfs_write+0x1110/0x1110
[ 52.655951][ T384] ? __kasan_check_read+0x11/0x20
[ 52.660991][ T384] __x64_sys_read+0x7b/0x90
[ 52.665322][ T384] x64_sys_call+0x28/0x9a0
[ 52.669704][ T384] do_syscall_64+0x3b/0xb0
[ 52.673923][ T384] ? clear_bhb_loop+0x35/0x90
[ 52.678466][ T384] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 52.684416][ T384] RIP: 0033:0x7f3d7cbf078c
[ 52.688667][ T384] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 59 81 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 af 81 02 00 48
[ 52.708569][ T384] RSP: 002b:00007f3d7c7740c0 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[ 52.716812][ T384] RAX: ffffffffffffffda RBX: 00007f3d7cd10f80 RCX: 00007f3d7cbf078c
[ 52.724625][ T384] RDX: 000000000000000f RSI: 00007f3d7c774130 RDI: 0000000000000006
[ 52.732638][ T384] RBP: 00007f3d7c774120 R08: 0000000000000000 R09: 0000000000000000
2024/09/06 20:48:22 executed programs: 9
[ 52.740729][ T384] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 52.748651][ T384] R13: 000000000000000b R14: 00007f3d7cd10f80 R15: 00007fff534e7f08
[ 52.756421][ T384]
[ 52.770515][ T386] FAULT_INJECTION: forcing a failure.
[ 52.770515][ T386] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 52.783777][ T386] CPU: 1 PID: 386 Comm: syz-executor.0 Tainted: G B 5.15.157-syzkaller-1070874-g53be7c8abe11 #0
[ 52.795499][ T386] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[ 52.805655][ T386] Call Trace:
[ 52.808989][ T386]
[ 52.811818][ T386] dump_stack_lvl+0x151/0x1c0
[ 52.816278][ T386] ? io_uring_drop_tctx_refs+0x190/0x190
[ 52.821775][ T386] dump_stack+0x15/0x20
[ 52.825999][ T386] should_fail+0x3c6/0x510
[ 52.830583][ T386] should_fail_usercopy+0x1a/0x20
[ 52.835372][ T386] _copy_to_user+0x20/0x90
[ 52.839732][ T386] simple_read_from_buffer+0xc7/0x150
[ 52.845122][ T386] proc_fail_nth_read+0x1a3/0x210
[ 52.850125][ T386] ? proc_fault_inject_write+0x390/0x390
[ 52.855591][ T386] ? fsnotify_perm+0x470/0x5d0
[ 52.860382][ T386] ? security_file_permission+0x86/0xb0
[ 52.866055][ T386] ? proc_fault_inject_write+0x390/0x390
[ 52.871518][ T386] vfs_read+0x27d/0xd40
[ 52.875933][ T386] ? kernel_read+0x1f0/0x1f0
[ 52.880791][ T386] ? __kasan_check_write+0x14/0x20
[ 52.885977][ T386] ? mutex_lock+0xb6/0x1e0
[ 52.890321][ T386] ? wait_for_completion_killable_timeout+0x10/0x10
[ 52.897059][ T386] ? __fdget_pos+0x2e7/0x3a0
[ 52.901638][ T386] ? ksys_read+0x77/0x2c0
[ 52.905981][ T386] ksys_read+0x199/0x2c0
[ 52.910421][ T386] ? __kasan_check_write+0x14/0x20
[ 52.915697][ T386] ? vfs_write+0x1110/0x1110
[ 52.920158][ T386] ? __kasan_check_read+0x11/0x20
[ 52.925067][ T386] __x64_sys_read+0x7b/0x90
[ 52.929409][ T386] x64_sys_call+0x28/0x9a0
[ 52.933663][ T386] do_syscall_64+0x3b/0xb0
[ 52.937901][ T386] ? clear_bhb_loop+0x35/0x90
[ 52.942621][ T386] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 52.948325][ T386] RIP: 0033:0x7f3d7cbf078c
[ 52.952670][ T386] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 59 81 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 af 81 02 00 48
[ 52.973479][ T386] RSP: 002b:00007f3d7c7740c0 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[ 52.981733][ T386] RAX: ffffffffffffffda RBX: 00007f3d7cd10f80 RCX: 00007f3d7cbf078c
[ 52.989814][ T386] RDX: 000000000000000f RSI: 00007f3d7c774130 RDI: 0000000000000006
[ 52.998222][ T386] RBP: 00007f3d7c774120 R08: 0000000000000000 R09: 0000000000000000
[ 53.006373][ T386] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 53.014368][ T386] R13: 000000000000000b R14: 00007f3d7cd10f80 R15: 00007fff534e7f08
[ 53.022286][ T386]
[ 53.036248][ T388] FAULT_INJECTION: forcing a failure.
[ 53.036248][ T388] name failslab, interval 1, probability 0, space 0, times 0
[ 53.049943][ T388] CPU: 1 PID: 388 Comm: syz-executor.0 Tainted: G B 5.15.157-syzkaller-1070874-g53be7c8abe11 #0
[ 53.061641][ T388] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[ 53.071759][ T388] Call Trace:
[ 53.074873][ T388]
[ 53.077846][ T388] dump_stack_lvl+0x151/0x1c0
[ 53.082517][ T388] ? io_uring_drop_tctx_refs+0x190/0x190
[ 53.088744][ T388] dump_stack+0x15/0x20
[ 53.093027][ T388] should_fail+0x3c6/0x510
[ 53.097282][ T388] __should_failslab+0xa4/0xe0
[ 53.101890][ T388] should_failslab+0x9/0x20
[ 53.106396][ T388] slab_pre_alloc_hook+0x37/0xd0
[ 53.111158][ T388] kmem_cache_alloc_trace+0x48/0x210
[ 53.116274][ T388] ? sk_psock_skb_ingress_self+0x60/0x330
[ 53.122005][ T388] ? migrate_disable+0x190/0x190
[ 53.126870][ T388] sk_psock_skb_ingress_self+0x60/0x330
[ 53.132242][ T388] sk_psock_verdict_recv+0x66d/0x840
[ 53.137367][ T388] unix_read_sock+0x132/0x370
[ 53.141973][ T388] ? sk_psock_skb_redirect+0x440/0x440
[ 53.147354][ T388] ? unix_stream_splice_actor+0x120/0x120
[ 53.153021][ T388] ? _raw_spin_lock_irqsave+0xf9/0x210
[ 53.158411][ T388] ? unix_stream_splice_actor+0x120/0x120
[ 53.164198][ T388] sk_psock_verdict_data_ready+0x147/0x1a0
[ 53.170444][ T388] ? sk_psock_start_verdict+0xc0/0xc0
[ 53.175772][ T388] ? _raw_spin_lock+0xa4/0x1b0
[ 53.180462][ T388] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 53.186183][ T388] ? skb_queue_tail+0xfb/0x120
[ 53.190876][ T388] unix_dgram_sendmsg+0x15fa/0x2090
[ 53.196062][ T388] ? unix_dgram_poll+0x710/0x710
[ 53.200772][ T388] ? security_socket_sendmsg+0x82/0xb0
[ 53.206159][ T388] ? unix_dgram_poll+0x710/0x710
[ 53.210923][ T388] ____sys_sendmsg+0x59e/0x8f0
[ 53.215733][ T388] ? __sys_sendmsg_sock+0x40/0x40
[ 53.220609][ T388] ? import_iovec+0xe5/0x120
[ 53.225108][ T388] ___sys_sendmsg+0x252/0x2e0
[ 53.229610][ T388] ? __sys_sendmsg+0x260/0x260
[ 53.234321][ T388] ? __kasan_check_write+0x14/0x20
[ 53.239452][ T388] ? proc_fail_nth_write+0x20b/0x290
[ 53.244661][ T388] ? __fdget+0x1bc/0x240
[ 53.248839][ T388] __sys_sendmmsg+0x2bf/0x530
[ 53.253518][ T388] ? __ia32_sys_sendmsg+0x90/0x90
[ 53.258468][ T388] ? mutex_unlock+0xb2/0x260
[ 53.262894][ T388] ? __kasan_check_write+0x14/0x20
[ 53.268051][ T388] ? __ia32_sys_read+0x90/0x90
[ 53.272649][ T388] ? debug_smp_processor_id+0x17/0x20
[ 53.277961][ T388] ? fpregs_assert_state_consistent+0xb6/0xe0
[ 53.283856][ T388] __x64_sys_sendmmsg+0xa0/0xb0
[ 53.288763][ T388] x64_sys_call+0x81d/0x9a0
[ 53.293065][ T388] do_syscall_64+0x3b/0xb0
[ 53.297582][ T388] ? clear_bhb_loop+0x35/0x90
[ 53.302181][ T388] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 53.307918][ T388] RIP: 0033:0x7f3d7cbf1ae9
[ 53.312482][ T388] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[ 53.332557][ T388] RSP: 002b:00007f3d7c7740c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 53.340970][ T388] RAX: ffffffffffffffda RBX: 00007f3d7cd10f80 RCX: 00007f3d7cbf1ae9
[ 53.348875][ T388] RDX: 0000000000000001 RSI: 00000000200063c0 RDI: 0000000000000003
[ 53.356679][ T388] RBP: 00007f3d7c774120 R08: 0000000000000000 R09: 0000000000000000
[ 53.364574][ T388] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 53.372597][ T388] R13: 000000000000000b R14: 00007f3d7cd10f80 R15: 00007fff534e7f08
[ 53.380408][ T388]
[ 53.385255][ T387] ==================================================================
[ 53.386434][ T30] audit: type=1400 audit(1725655703.477:103): avc: denied { remove_name } for pid=83 comm="syslogd" name="messages" dev="tmpfs" ino=2 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[ 53.393148][ T387] BUG: KASAN: double-free or invalid-free in kmem_cache_free+0x116/0x2e0
[ 53.393182][ T387]
[ 53.393188][ T387] CPU: 1 PID: 387 Comm: syz-executor.0 Tainted: G B 5.15.157-syzkaller-1070874-g53be7c8abe11 #0
[ 53.393209][ T387] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[ 53.416638][ T30] audit: type=1400 audit(1725655703.477:104): avc: denied { rename } for pid=83 comm="syslogd" name="messages" dev="tmpfs" ino=2 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[ 53.424092][ T387] Call Trace:
[ 53.424104][ T387]
[ 53.424111][ T387] dump_stack_lvl+0x151/0x1c0
[ 53.424144][ T387] ? io_uring_drop_tctx_refs+0x190/0x190
[ 53.486762][ T387] ? __wake_up_klogd+0xd5/0x110
[ 53.491739][ T387] ? panic+0x760/0x760
[ 53.495850][ T387] ? kmem_cache_free+0x116/0x2e0
[ 53.500612][ T387] print_address_description+0x87/0x3b0
[ 53.506267][ T387] ? kmem_cache_free+0x116/0x2e0
[ 53.511030][ T387] ? kmem_cache_free+0x116/0x2e0
[ 53.515892][ T387] kasan_report_invalid_free+0x6b/0xa0
[ 53.521202][ T387] ____kasan_slab_free+0x13e/0x160
[ 53.526142][ T387] __kasan_slab_free+0x11/0x20
[ 53.530726][ T387] slab_free_freelist_hook+0xbd/0x190
[ 53.536032][ T387] ? kfree_skbmem+0x104/0x170
[ 53.540847][ T387] kmem_cache_free+0x116/0x2e0
[ 53.545899][ T387] kfree_skbmem+0x104/0x170
[ 53.550328][ T387] consume_skb+0xb4/0x250
[ 53.554496][ T387] __sk_msg_free+0x2dd/0x370
[ 53.559180][ T387] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 53.565057][ T387] sk_psock_stop+0x44c/0x4d0
[ 53.569828][ T387] ? unix_peer_get+0xe0/0xe0
[ 53.574364][ T387] sock_map_close+0x2b9/0x4c0
[ 53.579073][ T387] ? sock_map_remove_links+0x650/0x650
[ 53.584541][ T387] ? rwsem_mark_wake+0x770/0x770
[ 53.589412][ T387] unix_release+0x82/0xc0
[ 53.593921][ T387] sock_close+0xdf/0x270
[ 53.598009][ T387] ? sock_mmap+0xa0/0xa0
[ 53.602171][ T387] __fput+0x3fe/0x910
[ 53.606068][ T387] ____fput+0x15/0x20
[ 53.609879][ T387] task_work_run+0x129/0x190
[ 53.614394][ T387] exit_to_user_mode_loop+0xc4/0xe0
[ 53.619526][ T387] exit_to_user_mode_prepare+0x5a/0xa0
[ 53.624990][ T387] syscall_exit_to_user_mode+0x26/0x160
[ 53.630639][ T387] do_syscall_64+0x47/0xb0
[ 53.635101][ T387] ? clear_bhb_loop+0x35/0x90
[ 53.639727][ T387] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 53.645960][ T387] RIP: 0033:0x7f3d7cbf09da
[ 53.650217][ T387] Code: 48 3d 00 f0 ff ff 77 48 c3 0f 1f 80 00 00 00 00 48 83 ec 18 89 7c 24 0c e8 03 7f 02 00 8b 7c 24 0c 89 c2 b8 03 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 36 89 d7 89 44 24 0c e8 63 7f 02 00 8b 44 24
[ 53.670459][ T387] RSP: 002b:00007fff534e7fd0 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[ 53.678711][ T387] RAX: 0000000000000000 RBX: 0000000000000004 RCX: 00007f3d7cbf09da
[ 53.686493][ T387] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003
[ 53.694476][ T387] RBP: 00007f3d7cd12980 R08: 0000001b31f60000 R09: 00007fff535d30b0
[ 53.702784][ T387] R10: 0000000000000000 R11: 0000000000000293 R12: 000000000000d255
[ 53.710581][ T387] R13: ffffffffffffffff R14: 00007f3d7c775000 R15: 000000000000cf14
[ 53.718580][ T387]
[ 53.721420][ T387]
[ 53.723593][ T387] Allocated by task 388:
[ 53.727929][ T387] __kasan_slab_alloc+0xb1/0xe0
[ 53.732724][ T387] slab_post_alloc_hook+0x53/0x2c0
[ 53.737669][ T387] kmem_cache_alloc+0xf5/0x200
[ 53.742251][ T387] skb_clone+0x1d1/0x360
[ 53.746350][ T387] sk_psock_verdict_recv+0x53/0x840
[ 53.751455][ T387] unix_read_sock+0x132/0x370
[ 53.756186][ T387] sk_psock_verdict_data_ready+0x147/0x1a0
[ 53.761844][ T387] unix_dgram_sendmsg+0x15fa/0x2090
[ 53.766852][ T387] ____sys_sendmsg+0x59e/0x8f0
[ 53.771556][ T387] ___sys_sendmsg+0x252/0x2e0
[ 53.776234][ T387] __sys_sendmmsg+0x2bf/0x530
[ 53.780926][ T387] __x64_sys_sendmmsg+0xa0/0xb0
[ 53.785681][ T387] x64_sys_call+0x81d/0x9a0
[ 53.789955][ T387] do_syscall_64+0x3b/0xb0
[ 53.794324][ T387] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 53.800107][ T387]
[ 53.802283][ T387] Freed by task 311:
[ 53.806005][ T387] kasan_set_track+0x4b/0x70
[ 53.810517][ T387] kasan_set_free_info+0x23/0x40
[ 53.815299][ T387] ____kasan_slab_free+0x126/0x160
[ 53.820323][ T387] __kasan_slab_free+0x11/0x20
[ 53.824935][ T387] slab_free_freelist_hook+0xbd/0x190
[ 53.830317][ T387] kmem_cache_free+0x116/0x2e0
[ 53.834907][ T387] kfree_skbmem+0x104/0x170
[ 53.839243][ T387] kfree_skb+0xc2/0x360
[ 53.843322][ T387] sk_psock_backlog+0xc21/0xd90
[ 53.848011][ T387] process_one_work+0x6bb/0xc10
[ 53.852696][ T387] worker_thread+0xad5/0x12a0
[ 53.857209][ T387] kthread+0x421/0x510
[ 53.861117][ T387] ret_from_fork+0x1f/0x30
[ 53.865455][ T387]
[ 53.867717][ T387] The buggy address belongs to the object at ffff888121f50000
[ 53.867717][ T387] which belongs to the cache skbuff_head_cache of size 248
[ 53.882543][ T387] The buggy address is located 0 bytes inside of
[ 53.882543][ T387] 248-byte region [ffff888121f50000, ffff888121f500f8)
[ 53.895737][ T387] The buggy address belongs to the page:
[ 53.901297][ T387] page:ffffea000487d400 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x121f50
[ 53.911531][ T387] flags: 0x4000000000000200(slab|zone=1)
[ 53.917181][ T387] raw: 4000000000000200 0000000000000000 dead000000000122 ffff8881081b3b00
[ 53.925658][ T387] raw: 0000000000000000 00000000800c000c 00000001ffffffff 0000000000000000
[ 53.934099][ T387] page dumped because: kasan: bad access detected
[ 53.940521][ T387] page_owner tracks the page as allocated
[ 53.946080][ T387] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x112cc0(GFP_USER|__GFP_NOWARN|__GFP_NORETRY), pid 101, ts 53034051080, free_ts 53029939534
[ 53.962086][ T387] post_alloc_hook+0x1a3/0x1b0
[ 53.966690][ T387] prep_new_page+0x1b/0x110
[ 53.971022][ T387] get_page_from_freelist+0x3550/0x35d0
[ 53.976404][ T387] __alloc_pages+0x27e/0x8f0
[ 53.980937][ T387] new_slab+0x9a/0x4e0
[ 53.984998][ T387] ___slab_alloc+0x39e/0x830
[ 53.989510][ T387] __slab_alloc+0x4a/0x90
[ 53.993854][ T387] kmem_cache_alloc+0x134/0x200
[ 53.998858][ T387] __alloc_skb+0xbe/0x550
[ 54.003071][ T387] netlink_sendmsg+0x797/0xd20
[ 54.007942][ T387] ____sys_sendmsg+0x59e/0x8f0
[ 54.012713][ T387] ___sys_sendmsg+0x252/0x2e0
[ 54.017225][ T387] __se_sys_sendmsg+0x19a/0x260
[ 54.021914][ T387] __x64_sys_sendmsg+0x7b/0x90
[ 54.026514][ T387] x64_sys_call+0x16a/0x9a0
[ 54.030872][ T387] do_syscall_64+0x3b/0xb0
[ 54.035191][ T387] page last free stack trace:
[ 54.039714][ T387] free_unref_page_prepare+0x7c8/0x7d0
[ 54.045109][ T387] free_unref_page+0xe8/0x750
[ 54.049969][ T387] __free_pages+0x61/0xf0
[ 54.054134][ T387] free_pages+0x7c/0x90
[ 54.058138][ T387] pgd_free+0x17d/0x190
[ 54.062382][ T387] __mmdrop+0xb0/0x410
[ 54.066303][ T387] finish_task_switch+0x2cd/0x7b0
[ 54.071542][ T387] __schedule+0xcd4/0x1590
[ 54.075945][ T387] schedule+0x11f/0x1e0
[ 54.079940][ T387] schedule_hrtimeout_range_clock+0x228/0x3a0
[ 54.085828][ T387] schedule_hrtimeout_range+0x2a/0x40
[ 54.091573][ T387] do_epoll_wait+0x1913/0x1c10
[ 54.096534][ T387] do_epoll_pwait+0x5c/0x1f0
[ 54.101202][ T387] __x64_sys_epoll_pwait+0x2b4/0x300
[ 54.106849][ T387] x64_sys_call+0x767/0x9a0
[ 54.111299][ T387] do_syscall_64+0x3b/0xb0
[ 54.115854][ T387]
[ 54.118105][ T387] Memory state around the buggy address:
[ 54.123569][ T387] ffff888121f4ff00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 54.131679][ T387] ffff888121f4ff80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 54.139700][ T387] >ffff888121f50000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 54.147779][ T387] ^
[ 54.151993][ T387] ffff888121f50080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fc
[ 54.160121][ T387] ffff888121f50100: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
[ 54.168344][ T387] ==================================================================
[ 54.191049][ T391] FAULT_INJECTION: forcing a failure.
[ 54.191049][ T391] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 54.204175][ T391] CPU: 1 PID: 391 Comm: syz-executor.0 Tainted: G B 5.15.157-syzkaller-1070874-g53be7c8abe11 #0
[ 54.216325][ T391] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[ 54.226932][ T391] Call Trace:
[ 54.230058][ T391]
[ 54.233082][ T391] dump_stack_lvl+0x151/0x1c0
[ 54.237590][ T391] ? io_uring_drop_tctx_refs+0x190/0x190
[ 54.243321][ T391] dump_stack+0x15/0x20
[ 54.247398][ T391] should_fail+0x3c6/0x510
[ 54.251953][ T391] should_fail_usercopy+0x1a/0x20
[ 54.256901][ T391] _copy_to_user+0x20/0x90
[ 54.261151][ T391] simple_read_from_buffer+0xc7/0x150
[ 54.266455][ T391] proc_fail_nth_read+0x1a3/0x210
[ 54.271306][ T391] ? proc_fault_inject_write+0x390/0x390
[ 54.276864][ T391] ? fsnotify_perm+0x470/0x5d0
[ 54.281459][ T391] ? security_file_permission+0x86/0xb0
[ 54.286840][ T391] ? proc_fault_inject_write+0x390/0x390
[ 54.292414][ T391] vfs_read+0x27d/0xd40
[ 54.296620][ T391] ? kernel_read+0x1f0/0x1f0
[ 54.301025][ T391] ? __kasan_check_write+0x14/0x20
[ 54.306058][ T391] ? mutex_lock+0xb6/0x1e0
[ 54.310621][ T391] ? wait_for_completion_killable_timeout+0x10/0x10
[ 54.317143][ T391] ? __fdget_pos+0x2e7/0x3a0
[ 54.321714][ T391] ? ksys_read+0x77/0x2c0
[ 54.325871][ T391] ksys_read+0x199/0x2c0
[ 54.330050][ T391] ? __kasan_check_write+0x14/0x20
[ 54.335090][ T391] ? vfs_write+0x1110/0x1110
[ 54.339613][ T391] ? __kasan_check_read+0x11/0x20
[ 54.344475][ T391] __x64_sys_read+0x7b/0x90
[ 54.348817][ T391] x64_sys_call+0x28/0x9a0
[ 54.353089][ T391] do_syscall_64+0x3b/0xb0
[ 54.357422][ T391] ? clear_bhb_loop+0x35/0x90
[ 54.361936][ T391] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 54.367783][ T391] RIP: 0033:0x7f3d7cbf078c
[ 54.372089][ T391] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 59 81 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 af 81 02 00 48
[ 54.392188][ T391] RSP: 002b:00007f3d7c7740c0 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[ 54.400995][ T391] RAX: ffffffffffffffda RBX: 00007f3d7cd10f80 RCX: 00007f3d7cbf078c
[ 54.409047][ T391] RDX: 000000000000000f RSI: 00007f3d7c774130 RDI: 0000000000000006
[ 54.417078][ T391] RBP: 00007f3d7c774120 R08: 0000000000000000 R09: 0000000000000000
[ 54.424893][ T391] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 54.432701][ T391] R13: 000000000000000b R14: 00007f3d7cd10f80 R15: 00007fff534e7f08
[ 54.440518][ T391]
[ 54.451966][ T394] FAULT_INJECTION: forcing a failure.
[ 54.451966][ T394] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 54.465493][ T394] CPU: 1 PID: 394 Comm: syz-executor.0 Tainted: G B 5.15.157-syzkaller-1070874-g53be7c8abe11 #0
[ 54.477312][ T394] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[ 54.487516][ T394] Call Trace:
[ 54.490701][ T394]
[ 54.493472][ T394] dump_stack_lvl+0x151/0x1c0
[ 54.497985][ T394] ? io_uring_drop_tctx_refs+0x190/0x190
[ 54.503488][ T394] dump_stack+0x15/0x20
[ 54.507618][ T394] should_fail+0x3c6/0x510
[ 54.511870][ T394] should_fail_usercopy+0x1a/0x20
[ 54.516819][ T394] _copy_to_user+0x20/0x90
[ 54.521246][ T394] simple_read_from_buffer+0xc7/0x150
[ 54.526510][ T394] proc_fail_nth_read+0x1a3/0x210
[ 54.531513][ T394] ? proc_fault_inject_write+0x390/0x390
[ 54.536984][ T394] ? fsnotify_perm+0x470/0x5d0
[ 54.541752][ T394] ? security_file_permission+0x86/0xb0
[ 54.547216][ T394] ? proc_fault_inject_write+0x390/0x390
[ 54.553484][ T394] vfs_read+0x27d/0xd40
[ 54.557469][ T394] ? kernel_read+0x1f0/0x1f0
[ 54.561966][ T394] ? __kasan_check_write+0x14/0x20
[ 54.566979][ T394] ? mutex_lock+0xb6/0x1e0
[ 54.571402][ T394] ? wait_for_completion_killable_timeout+0x10/0x10
[ 54.578584][ T394] ? __fdget_pos+0x2e7/0x3a0
[ 54.583744][ T394] ? ksys_read+0x77/0x2c0
[ 54.588706][ T394] ksys_read+0x199/0x2c0
[ 54.592929][ T394] ? __kasan_check_write+0x14/0x20
[ 54.597922][ T394] ? vfs_write+0x1110/0x1110
[ 54.602358][ T394] ? __kasan_check_read+0x11/0x20
[ 54.607196][ T394] __x64_sys_read+0x7b/0x90
[ 54.611724][ T394] x64_sys_call+0x28/0x9a0
[ 54.616381][ T394] do_syscall_64+0x3b/0xb0
[ 54.620826][ T394] ? clear_bhb_loop+0x35/0x90
[ 54.625413][ T394] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 54.631263][ T394] RIP: 0033:0x7f3d7cbf078c
[ 54.635663][ T394] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 59 81 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 af 81 02 00 48
[ 54.655385][ T394] RSP: 002b:00007f3d7c7740c0 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[ 54.663954][ T394] RAX: ffffffffffffffda RBX: 00007f3d7cd10f80 RCX: 00007f3d7cbf078c
[ 54.672155][ T394] RDX: 000000000000000f RSI: 00007f3d7c774130 RDI: 0000000000000006
[ 54.680149][ T394] RBP: 00007f3d7c774120 R08: 0000000000000000 R09: 0000000000000000
[ 54.688324][ T394] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 54.696214][ T394] R13: 000000000000000b R14: 00007f3d7cd10f80 R15: 00007fff534e7f08
[ 54.704660][ T394]
[ 54.716093][ T396] FAULT_INJECTION: forcing a failure.
[ 54.716093][ T396] name failslab, interval 1, probability 0, space 0, times 0
[ 54.729847][ T396] CPU: 1 PID: 396 Comm: syz-executor.0 Tainted: G B 5.15.157-syzkaller-1070874-g53be7c8abe11 #0
[ 54.741396][ T396] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[ 54.751461][ T396] Call Trace:
[ 54.754678][ T396]
[ 54.757554][ T396] dump_stack_lvl+0x151/0x1c0
[ 54.762145][ T396] ? io_uring_drop_tctx_refs+0x190/0x190
[ 54.767606][ T396] dump_stack+0x15/0x20
[ 54.771661][ T396] should_fail+0x3c6/0x510
[ 54.775848][ T396] __should_failslab+0xa4/0xe0
[ 54.780464][ T396] should_failslab+0x9/0x20
[ 54.785170][ T396] slab_pre_alloc_hook+0x37/0xd0
[ 54.790031][ T396] kmem_cache_alloc_trace+0x48/0x210
[ 54.795141][ T396] ? sk_psock_skb_ingress_self+0x60/0x330
[ 54.800782][ T396] ? migrate_disable+0x190/0x190
[ 54.805560][ T396] sk_psock_skb_ingress_self+0x60/0x330
[ 54.810937][ T396] sk_psock_verdict_recv+0x66d/0x840
[ 54.816062][ T396] unix_read_sock+0x132/0x370
[ 54.820681][ T396] ? sk_psock_skb_redirect+0x440/0x440
[ 54.825953][ T396] ? unix_stream_splice_actor+0x120/0x120
[ 54.831513][ T396] ? _raw_spin_lock_irqsave+0xf9/0x210
[ 54.836961][ T396] ? unix_stream_splice_actor+0x120/0x120
[ 54.842560][ T396] sk_psock_verdict_data_ready+0x147/0x1a0
[ 54.848414][ T396] ? sk_psock_start_verdict+0xc0/0xc0
[ 54.854049][ T396] ? _raw_spin_lock+0xa4/0x1b0
[ 54.858736][ T396] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 54.864640][ T396] ? skb_queue_tail+0xfb/0x120
[ 54.869431][ T396] unix_dgram_sendmsg+0x15fa/0x2090
[ 54.874617][ T396] ? unix_dgram_poll+0x710/0x710
[ 54.879325][ T396] ? __kasan_check_write+0x14/0x20
[ 54.884275][ T396] ? __cpuidle_text_end+0x2/0x2
[ 54.889031][ T396] ? cgroup_rstat_updated+0xe5/0x370
[ 54.894156][ T396] ? security_socket_sendmsg+0x82/0xb0
[ 54.899841][ T396] ? unix_dgram_poll+0x710/0x710
[ 54.904768][ T396] ____sys_sendmsg+0x59e/0x8f0
[ 54.909566][ T396] ? __sys_sendmsg_sock+0x40/0x40
[ 54.914568][ T396] ? import_iovec+0xe5/0x120
[ 54.919091][ T396] ___sys_sendmsg+0x252/0x2e0
[ 54.923602][ T396] ? __sys_sendmsg+0x260/0x260
[ 54.928377][ T396] ? __kasan_check_write+0x14/0x20
[ 54.933324][ T396] ? proc_fail_nth_write+0x20b/0x290
[ 54.938595][ T396] ? __fdget+0x1bc/0x240
[ 54.942617][ T396] __sys_sendmmsg+0x2bf/0x530
[ 54.947131][ T396] ? __ia32_sys_sendmsg+0x90/0x90
[ 54.952075][ T396] ? mutex_unlock+0xb2/0x260
[ 54.956523][ T396] ? __kasan_check_write+0x14/0x20
[ 54.961547][ T396] ? __ia32_sys_read+0x90/0x90
[ 54.966303][ T396] ? debug_smp_processor_id+0x17/0x20
[ 54.971647][ T396] ? fpregs_assert_state_consistent+0xb6/0xe0
[ 54.977502][ T396] __x64_sys_sendmmsg+0xa0/0xb0
[ 54.982630][ T396] x64_sys_call+0x81d/0x9a0
[ 54.986958][ T396] do_syscall_64+0x3b/0xb0
[ 54.991210][ T396] ? clear_bhb_loop+0x35/0x90
[ 54.995823][ T396] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 55.001582][ T396] RIP: 0033:0x7f3d7cbf1ae9
[ 55.005797][ T396] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[ 55.025610][ T396] RSP: 002b:00007f3d7c7740c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 55.034145][ T396] RAX: ffffffffffffffda RBX: 00007f3d7cd10f80 RCX: 00007f3d7cbf1ae9
[ 55.042094][ T396] RDX: 0000000000000001 RSI: 00000000200063c0 RDI: 0000000000000003
[ 55.050374][ T396] RBP: 00007f3d7c774120 R08: 0000000000000000 R09: 0000000000000000
[ 55.058464][ T396] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 55.066273][ T396] R13: 000000000000000b R14: 00007f3d7cd10f80 R15: 00007fff534e7f08
[ 55.074174][ T396]
[ 55.079596][ T395] ==================================================================
[ 55.087911][ T395] BUG: KASAN: double-free or invalid-free in kmem_cache_free+0x116/0x2e0
[ 55.096146][ T395]
[ 55.098318][ T395] CPU: 1 PID: 395 Comm: syz-executor.0 Tainted: G B 5.15.157-syzkaller-1070874-g53be7c8abe11 #0
[ 55.110105][ T395] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[ 55.120198][ T395] Call Trace:
[ 55.123280][ T395]
[ 55.126064][ T395] dump_stack_lvl+0x151/0x1c0
[ 55.130586][ T395] ? io_uring_drop_tctx_refs+0x190/0x190
[ 55.136217][ T395] ? __wake_up_klogd+0xd5/0x110
[ 55.140999][ T395] ? panic+0x760/0x760
[ 55.144982][ T395] ? kmem_cache_free+0x116/0x2e0
[ 55.149759][ T395] print_address_description+0x87/0x3b0
[ 55.155371][ T395] ? kmem_cache_free+0x116/0x2e0
[ 55.160243][ T395] ? kmem_cache_free+0x116/0x2e0
[ 55.165192][ T395] kasan_report_invalid_free+0x6b/0xa0
[ 55.170492][ T395] ____kasan_slab_free+0x13e/0x160
[ 55.175615][ T395] __kasan_slab_free+0x11/0x20
[ 55.180259][ T395] slab_free_freelist_hook+0xbd/0x190
[ 55.185536][ T395] ? kfree_skbmem+0x104/0x170
[ 55.190124][ T395] kmem_cache_free+0x116/0x2e0
[ 55.195031][ T395] kfree_skbmem+0x104/0x170
[ 55.199364][ T395] consume_skb+0xb4/0x250
[ 55.203793][ T395] __sk_msg_free+0x2dd/0x370
[ 55.208215][ T395] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 55.213862][ T395] sk_psock_stop+0x44c/0x4d0
[ 55.218372][ T395] ? unix_peer_get+0xe0/0xe0
[ 55.222796][ T395] sock_map_close+0x2b9/0x4c0
[ 55.227315][ T395] ? sock_map_remove_links+0x650/0x650
[ 55.232804][ T395] ? rwsem_mark_wake+0x770/0x770
[ 55.237754][ T395] unix_release+0x82/0xc0
[ 55.242028][ T395] sock_close+0xdf/0x270
[ 55.246196][ T395] ? sock_mmap+0xa0/0xa0
[ 55.250349][ T395] __fput+0x3fe/0x910
[ 55.254182][ T395] ____fput+0x15/0x20
[ 55.258115][ T395] task_work_run+0x129/0x190
[ 55.262874][ T395] exit_to_user_mode_loop+0xc4/0xe0
[ 55.267932][ T395] exit_to_user_mode_prepare+0x5a/0xa0
[ 55.273286][ T395] syscall_exit_to_user_mode+0x26/0x160
[ 55.278774][ T395] do_syscall_64+0x47/0xb0
[ 55.283012][ T395] ? clear_bhb_loop+0x35/0x90
[ 55.287526][ T395] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 55.293350][ T395] RIP: 0033:0x7f3d7cbf09da
[ 55.297597][ T395] Code: 48 3d 00 f0 ff ff 77 48 c3 0f 1f 80 00 00 00 00 48 83 ec 18 89 7c 24 0c e8 03 7f 02 00 8b 7c 24 0c 89 c2 b8 03 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 36 89 d7 89 44 24 0c e8 63 7f 02 00 8b 44 24
[ 55.317508][ T395] RSP: 002b:00007fff534e7fd0 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[ 55.326271][ T395] RAX: 0000000000000000 RBX: 0000000000000004 RCX: 00007f3d7cbf09da
[ 55.334164][ T395] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003
[ 55.341979][ T395] RBP: 00007f3d7cd12980 R08: 0000001b31f60000 R09: 00007fff535d30b0
[ 55.350529][ T395] R10: 0000000000000000 R11: 0000000000000293 R12: 000000000000d8e4
[ 55.358429][ T395] R13: ffffffffffffffff R14: 00007f3d7c775000 R15: 000000000000d5a3
[ 55.366456][ T395]
[ 55.369305][ T395]
[ 55.371559][ T395] Allocated by task 396:
[ 55.375640][ T395] __kasan_slab_alloc+0xb1/0xe0
[ 55.380325][ T395] slab_post_alloc_hook+0x53/0x2c0
[ 55.385448][ T395] kmem_cache_alloc+0xf5/0x200
[ 55.390249][ T395] skb_clone+0x1d1/0x360
[ 55.394690][ T395] sk_psock_verdict_recv+0x53/0x840
[ 55.399814][ T395] unix_read_sock+0x132/0x370
[ 55.404453][ T395] sk_psock_verdict_data_ready+0x147/0x1a0
[ 55.410274][ T395] unix_dgram_sendmsg+0x15fa/0x2090
[ 55.415408][ T395] ____sys_sendmsg+0x59e/0x8f0
[ 55.420101][ T395] ___sys_sendmsg+0x252/0x2e0
[ 55.424888][ T395] __sys_sendmmsg+0x2bf/0x530
[ 55.429511][ T395] __x64_sys_sendmmsg+0xa0/0xb0
[ 55.434176][ T395] x64_sys_call+0x81d/0x9a0
[ 55.438684][ T395] do_syscall_64+0x3b/0xb0
[ 55.442948][ T395] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 55.448670][ T395]
[ 55.450850][ T395] Freed by task 26:
[ 55.454518][ T395] kasan_set_track+0x4b/0x70
[ 55.458917][ T395] kasan_set_free_info+0x23/0x40
[ 55.463680][ T395] ____kasan_slab_free+0x126/0x160
[ 55.468714][ T395] __kasan_slab_free+0x11/0x20
[ 55.473229][ T395] slab_free_freelist_hook+0xbd/0x190
[ 55.478489][ T395] kmem_cache_free+0x116/0x2e0
[ 55.483210][ T395] kfree_skbmem+0x104/0x170
[ 55.487739][ T395] kfree_skb+0xc2/0x360
[ 55.491812][ T395] sk_psock_backlog+0xc21/0xd90
[ 55.496517][ T395] process_one_work+0x6bb/0xc10
[ 55.501594][ T395] worker_thread+0xad5/0x12a0
[ 55.506404][ T395] kthread+0x421/0x510
[ 55.510556][ T395] ret_from_fork+0x1f/0x30
[ 55.514870][ T395]
[ 55.517040][ T395] The buggy address belongs to the object at ffff88810cbdda00
[ 55.517040][ T395] which belongs to the cache skbuff_head_cache of size 248
[ 55.531796][ T395] The buggy address is located 0 bytes inside of
[ 55.531796][ T395] 248-byte region [ffff88810cbdda00, ffff88810cbddaf8)
[ 55.544847][ T395] The buggy address belongs to the page:
[ 55.550503][ T395] page:ffffea000432f740 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10cbdd
[ 55.560642][ T395] flags: 0x4000000000000200(slab|zone=1)
[ 55.566127][ T395] raw: 4000000000000200 0000000000000000 dead000000000122 ffff8881081b3b00
[ 55.575428][ T395] raw: 0000000000000000 00000000000c000c 00000001ffffffff 0000000000000000
[ 55.584108][ T395] page dumped because: kasan: bad access detected
[ 55.590398][ T395] page_owner tracks the page as allocated
[ 55.596289][ T395] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x112a20(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_HARDWALL), pid 387, ts 54177321863, free_ts 53028320589
[ 55.613899][ T395] post_alloc_hook+0x1a3/0x1b0
[ 55.618544][ T395] prep_new_page+0x1b/0x110
[ 55.623012][ T395] get_page_from_freelist+0x3550/0x35d0
[ 55.628387][ T395] __alloc_pages+0x27e/0x8f0
[ 55.632820][ T395] new_slab+0x9a/0x4e0
[ 55.636848][ T395] ___slab_alloc+0x39e/0x830
[ 55.641555][ T395] __slab_alloc+0x4a/0x90
[ 55.645710][ T395] kmem_cache_alloc+0x134/0x200
[ 55.650383][ T395] __alloc_skb+0xbe/0x550
[ 55.654718][ T395] ndisc_alloc_skb+0xf3/0x2d0
[ 55.659674][ T395] ndisc_send_rs+0x26c/0x6a0
[ 55.664261][ T395] addrconf_rs_timer+0x2d1/0x600
[ 55.669142][ T395] call_timer_fn+0x3b/0x2d0
[ 55.673552][ T395] __run_timers+0x72a/0xa10
[ 55.678060][ T395] run_timer_softirq+0x69/0xf0
[ 55.682673][ T395] __do_softirq+0x26d/0x5bf
[ 55.687296][ T395] page last free stack trace:
[ 55.691951][ T395] free_unref_page_prepare+0x7c8/0x7d0
[ 55.697240][ T395] free_unref_page_list+0x14b/0xa60
[ 55.702310][ T395] release_pages+0x1310/0x1370
[ 55.706874][ T395] free_pages_and_swap_cache+0x8a/0xa0
[ 55.712192][ T395] tlb_finish_mmu+0x177/0x320
[ 55.716800][ T395] exit_mmap+0x40d/0x940
[ 55.721123][ T395] __mmput+0x95/0x310
[ 55.724904][ T395] mmput+0x5b/0x170
[ 55.728695][ T395] do_exit+0xb9c/0x2ca0
[ 55.732796][ T395] do_group_exit+0x141/0x310
[ 55.737218][ T395] __x64_sys_exit_group+0x3f/0x40
[ 55.742326][ T395] x64_sys_call+0x610/0x9a0
[ 55.747019][ T395] do_syscall_64+0x3b/0xb0
[ 55.751351][ T395] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 55.757141][ T395]
[ 55.759309][ T395] Memory state around the buggy address:
[ 55.765072][ T395] ffff88810cbdd900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 55.773097][ T395] ffff88810cbdd980: fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc fc
[ 55.781077][ T395] >ffff88810cbdda00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 55.789059][ T395] ^
[ 55.792968][ T395] ffff88810cbdda80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fc
[ 55.800954][ T395] ffff88810cbddb00: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
[ 55.809020][ T395] ==================================================================
[ 55.828292][ T399] FAULT_INJECTION: forcing a failure.
[ 55.828292][ T399] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 55.841348][ T399] CPU: 1 PID: 399 Comm: syz-executor.0 Tainted: G B 5.15.157-syzkaller-1070874-g53be7c8abe11 #0
[ 55.852973][ T399] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[ 55.863154][ T399] Call Trace:
[ 55.866288][ T399]
[ 55.869143][ T399] dump_stack_lvl+0x151/0x1c0
[ 55.873915][ T399] ? io_uring_drop_tctx_refs+0x190/0x190
[ 55.879505][ T399] dump_stack+0x15/0x20
[ 55.883472][ T399] should_fail+0x3c6/0x510
[ 55.887950][ T399] should_fail_usercopy+0x1a/0x20
[ 55.892942][ T399] _copy_to_user+0x20/0x90
[ 55.897528][ T399] simple_read_from_buffer+0xc7/0x150
[ 55.902850][ T399] proc_fail_nth_read+0x1a3/0x210
[ 55.907794][ T399] ? proc_fault_inject_write+0x390/0x390
[ 55.913382][ T399] ? fsnotify_perm+0x470/0x5d0
[ 55.917951][ T399] ? security_file_permission+0x86/0xb0
[ 55.923682][ T399] ? proc_fault_inject_write+0x390/0x390
[ 55.929331][ T399] vfs_read+0x27d/0xd40
[ 55.933315][ T399] ? kernel_read+0x1f0/0x1f0
[ 55.937826][ T399] ? __kasan_check_write+0x14/0x20
[ 55.943062][ T399] ? mutex_lock+0xb6/0x1e0
[ 55.947313][ T399] ? wait_for_completion_killable_timeout+0x10/0x10
[ 55.953910][ T399] ? __fdget_pos+0x2e7/0x3a0
[ 55.958690][ T399] ? ksys_read+0x77/0x2c0
[ 55.962936][ T399] ksys_read+0x199/0x2c0
[ 55.967013][ T399] ? __kasan_check_write+0x14/0x20
[ 55.971960][ T399] ? vfs_write+0x1110/0x1110
[ 55.976397][ T399] ? __kasan_check_read+0x11/0x20
[ 55.981476][ T399] __x64_sys_read+0x7b/0x90
[ 55.986012][ T399] x64_sys_call+0x28/0x9a0
[ 55.990253][ T399] do_syscall_64+0x3b/0xb0
[ 55.994512][ T399] ? clear_bhb_loop+0x35/0x90
[ 55.999101][ T399] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 56.004829][ T399] RIP: 0033:0x7f3d7cbf078c
[ 56.009085][ T399] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 59 81 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 af 81 02 00 48
[ 56.028799][ T399] RSP: 002b:00007f3d7c7740c0 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[ 56.037038][ T399] RAX: ffffffffffffffda RBX: 00007f3d7cd10f80 RCX: 00007f3d7cbf078c
[ 56.044846][ T399] RDX: 000000000000000f RSI: 00007f3d7c774130 RDI: 0000000000000006
[ 56.052992][ T399] RBP: 00007f3d7c774120 R08: 0000000000000000 R09: 0000000000000000
[ 56.061105][ T399] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 56.069271][ T399] R13: 000000000000000b R14: 00007f3d7cd10f80 R15: 00007fff534e7f08
[ 56.077348][ T399]
[ 56.088734][ T401] FAULT_INJECTION: forcing a failure.
[ 56.088734][ T401] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 56.102099][ T401] CPU: 0 PID: 401 Comm: syz-executor.0 Tainted: G B 5.15.157-syzkaller-1070874-g53be7c8abe11 #0
[ 56.113799][ T401] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[ 56.123951][ T401] Call Trace:
[ 56.127076][ T401]
[ 56.129856][ T401] dump_stack_lvl+0x151/0x1c0
[ 56.134367][ T401] ? io_uring_drop_tctx_refs+0x190/0x190
[ 56.140093][ T401] dump_stack+0x15/0x20
[ 56.144262][ T401] should_fail+0x3c6/0x510
[ 56.149065][ T401] should_fail_usercopy+0x1a/0x20
[ 56.154003][ T401] _copy_to_user+0x20/0x90
[ 56.158423][ T401] simple_read_from_buffer+0xc7/0x150
[ 56.163863][ T401] proc_fail_nth_read+0x1a3/0x210
[ 56.168718][ T401] ? proc_fault_inject_write+0x390/0x390
[ 56.174389][ T401] ? fsnotify_perm+0x470/0x5d0
[ 56.178958][ T401] ? security_file_permission+0x86/0xb0
[ 56.184339][ T401] ? proc_fault_inject_write+0x390/0x390
[ 56.189812][ T401] vfs_read+0x27d/0xd40
[ 56.193890][ T401] ? kernel_read+0x1f0/0x1f0
[ 56.198313][ T401] ? __kasan_check_write+0x14/0x20
[ 56.203259][ T401] ? mutex_lock+0xb6/0x1e0
[ 56.207523][ T401] ? wait_for_completion_killable_timeout+0x10/0x10
[ 56.214033][ T401] ? __fdget_pos+0x2e7/0x3a0
[ 56.218542][ T401] ? ksys_read+0x77/0x2c0
[ 56.222804][ T401] ksys_read+0x199/0x2c0
[ 56.227053][ T401] ? __kasan_check_write+0x14/0x20
[ 56.232080][ T401] ? vfs_write+0x1110/0x1110
[ 56.236503][ T401] ? __kasan_check_read+0x11/0x20
[ 56.241380][ T401] __x64_sys_read+0x7b/0x90
[ 56.245804][ T401] x64_sys_call+0x28/0x9a0
[ 56.250062][ T401] do_syscall_64+0x3b/0xb0
[ 56.254297][ T401] ? clear_bhb_loop+0x35/0x90
[ 56.258815][ T401] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 56.264721][ T401] RIP: 0033:0x7f3d7cbf078c
[ 56.269051][ T401] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 59 81 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 af 81 02 00 48
[ 56.288847][ T401] RSP: 002b:00007f3d7c7740c0 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[ 56.297262][ T401] RAX: ffffffffffffffda RBX: 00007f3d7cd10f80 RCX: 00007f3d7cbf078c
[ 56.305289][ T401] RDX: 000000000000000f RSI: 00007f3d7c774130 RDI: 0000000000000006
[ 56.313324][ T401] RBP: 00007f3d7c774120 R08: 0000000000000000 R09: 0000000000000000
[ 56.321164][ T401] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 56.328969][ T401] R13: 000000000000000b R14: 00007f3d7cd10f80 R15: 00007fff534e7f08
[ 56.336786][ T401]
[ 56.350501][ T404] FAULT_INJECTION: forcing a failure.
[ 56.350501][ T404] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 56.363944][ T404] CPU: 1 PID: 404 Comm: syz-executor.0 Tainted: G B 5.15.157-syzkaller-1070874-g53be7c8abe11 #0
[ 56.375767][ T404] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[ 56.385957][ T404] Call Trace:
[ 56.389085][ T404]
[ 56.391854][ T404] dump_stack_lvl+0x151/0x1c0
[ 56.396536][ T404] ? io_uring_drop_tctx_refs+0x190/0x190
[ 56.402004][ T404] dump_stack+0x15/0x20
[ 56.406002][ T404] should_fail+0x3c6/0x510
[ 56.410351][ T404] should_fail_usercopy+0x1a/0x20
[ 56.415226][ T404] _copy_to_user+0x20/0x90
[ 56.419547][ T404] simple_read_from_buffer+0xc7/0x150
[ 56.424934][ T404] proc_fail_nth_read+0x1a3/0x210
[ 56.429784][ T404] ? proc_fault_inject_write+0x390/0x390
[ 56.435426][ T404] ? fsnotify_perm+0x470/0x5d0
[ 56.440206][ T404] ? security_file_permission+0x86/0xb0
[ 56.445839][ T404] ? proc_fault_inject_write+0x390/0x390
[ 56.451396][ T404] vfs_read+0x27d/0xd40
[ 56.455445][ T404] ? kernel_read+0x1f0/0x1f0
[ 56.459908][ T404] ? __kasan_check_write+0x14/0x20
[ 56.465030][ T404] ? mutex_lock+0xb6/0x1e0
[ 56.469437][ T404] ? wait_for_completion_killable_timeout+0x10/0x10
[ 56.476158][ T404] ? __fdget_pos+0x2e7/0x3a0
[ 56.480605][ T404] ? ksys_read+0x77/0x2c0
[ 56.484840][ T404] ksys_read+0x199/0x2c0
[ 56.489008][ T404] ? vfs_write+0x1110/0x1110
[ 56.493429][ T404] ? debug_smp_processor_id+0x17/0x20
[ 56.498997][ T404] ? fpregs_assert_state_consistent+0xb6/0xe0
[ 56.504898][ T404] __x64_sys_read+0x7b/0x90
[ 56.509240][ T404] x64_sys_call+0x28/0x9a0
[ 56.513492][ T404] do_syscall_64+0x3b/0xb0
[ 56.517742][ T404] ? clear_bhb_loop+0x35/0x90
[ 56.522344][ T404] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 56.528159][ T404] RIP: 0033:0x7f3d7cbf078c
[ 56.532534][ T404] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 59 81 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 af 81 02 00 48
[ 56.552144][ T404] RSP: 002b:00007f3d7c7740c0 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[ 56.560388][ T404] RAX: ffffffffffffffda RBX: 00007f3d7cd10f80 RCX: 00007f3d7cbf078c
[ 56.568293][ T404] RDX: 000000000000000f RSI: 00007f3d7c774130 RDI: 0000000000000006
[ 56.576091][ T404] RBP: 00007f3d7c774120 R08: 0000000000000000 R09: 0000000000000000
[ 56.584260][ T404] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 56.592153][ T404] R13: 000000000000000b R14: 00007f3d7cd10f80 R15: 00007fff534e7f08
[ 56.600532][ T404]
[ 56.613146][ T406] FAULT_INJECTION: forcing a failure.
[ 56.613146][ T406] name failslab, interval 1, probability 0, space 0, times 0
[ 56.625901][ T406] CPU: 0 PID: 406 Comm: syz-executor.0 Tainted: G B 5.15.157-syzkaller-1070874-g53be7c8abe11 #0
[ 56.637543][ T406] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[ 56.647881][ T406] Call Trace:
[ 56.651004][ T406]
[ 56.653861][ T406] dump_stack_lvl+0x151/0x1c0
[ 56.658459][ T406] ? io_uring_drop_tctx_refs+0x190/0x190
[ 56.663955][ T406] dump_stack+0x15/0x20
[ 56.668092][ T406] should_fail+0x3c6/0x510
[ 56.672436][ T406] __should_failslab+0xa4/0xe0
[ 56.677359][ T406] should_failslab+0x9/0x20
[ 56.681760][ T406] slab_pre_alloc_hook+0x37/0xd0
[ 56.686639][ T406] kmem_cache_alloc_trace+0x48/0x210
[ 56.691743][ T406] ? sk_psock_skb_ingress_self+0x60/0x330
[ 56.697390][ T406] ? migrate_disable+0x190/0x190
[ 56.702263][ T406] sk_psock_skb_ingress_self+0x60/0x330
[ 56.707995][ T406] sk_psock_verdict_recv+0x66d/0x840
[ 56.713113][ T406] unix_read_sock+0x132/0x370
[ 56.717836][ T406] ? sk_psock_skb_redirect+0x440/0x440
[ 56.723301][ T406] ? unix_stream_splice_actor+0x120/0x120
[ 56.728853][ T406] ? _raw_spin_lock_irqsave+0xf9/0x210
[ 56.734154][ T406] ? unix_stream_splice_actor+0x120/0x120
[ 56.739785][ T406] sk_psock_verdict_data_ready+0x147/0x1a0
[ 56.745518][ T406] ? sk_psock_start_verdict+0xc0/0xc0
[ 56.750978][ T406] ? _raw_spin_lock+0xa4/0x1b0
[ 56.755529][ T406] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 56.761443][ T406] ? skb_queue_tail+0xfb/0x120
[ 56.765983][ T406] unix_dgram_sendmsg+0x15fa/0x2090
[ 56.771009][ T406] ? unix_dgram_poll+0x710/0x710
[ 56.775863][ T406] ? __kasan_check_write+0x14/0x20
[ 56.780819][ T406] ? __cpuidle_text_end+0x2/0x2
[ 56.785582][ T406] ? cgroup_rstat_updated+0xe5/0x370
[ 56.790816][ T406] ? security_socket_sendmsg+0x82/0xb0
[ 56.796179][ T406] ? unix_dgram_poll+0x710/0x710
[ 56.801127][ T406] ____sys_sendmsg+0x59e/0x8f0
[ 56.805810][ T406] ? __sys_sendmsg_sock+0x40/0x40
[ 56.810675][ T406] ? import_iovec+0xe5/0x120
[ 56.815097][ T406] ___sys_sendmsg+0x252/0x2e0
[ 56.819783][ T406] ? __sys_sendmsg+0x260/0x260
[ 56.824431][ T406] ? __kasan_check_write+0x14/0x20
[ 56.829701][ T406] ? proc_fail_nth_write+0x20b/0x290
[ 56.834831][ T406] ? __fdget+0x1bc/0x240
[ 56.838992][ T406] __sys_sendmmsg+0x2bf/0x530
[ 56.843511][ T406] ? __ia32_sys_sendmsg+0x90/0x90
[ 56.848558][ T406] ? mutex_unlock+0xb2/0x260
[ 56.852996][ T406] ? __kasan_check_write+0x14/0x20
[ 56.858033][ T406] ? __ia32_sys_read+0x90/0x90
[ 56.862636][ T406] ? debug_smp_processor_id+0x17/0x20
[ 56.867836][ T406] ? fpregs_assert_state_consistent+0xb6/0xe0
[ 56.873911][ T406] __x64_sys_sendmmsg+0xa0/0xb0
[ 56.878858][ T406] x64_sys_call+0x81d/0x9a0
[ 56.883431][ T406] do_syscall_64+0x3b/0xb0
[ 56.887808][ T406] ? clear_bhb_loop+0x35/0x90
[ 56.892518][ T406] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 56.898238][ T406] RIP: 0033:0x7f3d7cbf1ae9
[ 56.902601][ T406] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[ 56.922295][ T406] RSP: 002b:00007f3d7c7740c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 56.930839][ T406] RAX: ffffffffffffffda RBX: 00007f3d7cd10f80 RCX: 00007f3d7cbf1ae9
[ 56.938996][ T406] RDX: 0000000000000001 RSI: 00000000200063c0 RDI: 0000000000000003
[ 56.947417][ T406] RBP: 00007f3d7c774120 R08: 0000000000000000 R09: 0000000000000000
[ 56.955212][ T406] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 56.963295][ T406] R13: 000000000000000b R14: 00007f3d7cd10f80 R15: 00007fff534e7f08
[ 56.971233][ T406]
[ 56.976507][ T405] ==================================================================
[ 56.984401][ T405] BUG: KASAN: double-free or invalid-free in kmem_cache_free+0x116/0x2e0
[ 56.993118][ T405]
[ 56.995385][ T405] CPU: 0 PID: 405 Comm: syz-executor.0 Tainted: G B 5.15.157-syzkaller-1070874-g53be7c8abe11 #0
[ 57.007656][ T405] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[ 57.019323][ T405] Call Trace:
[ 57.022463][ T405]
[ 57.025230][ T405] dump_stack_lvl+0x151/0x1c0
[ 57.029834][ T405] ? io_uring_drop_tctx_refs+0x190/0x190
[ 57.035644][ T405] ? __wake_up_klogd+0xd5/0x110
[ 57.040501][ T405] ? panic+0x760/0x760
[ 57.044405][ T405] ? kmem_cache_free+0x116/0x2e0
[ 57.049322][ T405] print_address_description+0x87/0x3b0
[ 57.054945][ T405] ? kmem_cache_free+0x116/0x2e0
[ 57.059800][ T405] ? kmem_cache_free+0x116/0x2e0
[ 57.064603][ T405] kasan_report_invalid_free+0x6b/0xa0
[ 57.070239][ T405] ____kasan_slab_free+0x13e/0x160
[ 57.075374][ T405] __kasan_slab_free+0x11/0x20
[ 57.080296][ T405] slab_free_freelist_hook+0xbd/0x190
[ 57.086298][ T405] ? kfree_skbmem+0x104/0x170
[ 57.091283][ T405] kmem_cache_free+0x116/0x2e0
[ 57.095940][ T405] kfree_skbmem+0x104/0x170
[ 57.101086][ T405] consume_skb+0xb4/0x250
[ 57.105363][ T405] __sk_msg_free+0x2dd/0x370
[ 57.109740][ T405] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 57.115385][ T405] sk_psock_stop+0x44c/0x4d0
[ 57.119813][ T405] ? unix_peer_get+0xe0/0xe0
[ 57.124237][ T405] sock_map_close+0x2b9/0x4c0
[ 57.128756][ T405] ? sock_map_remove_links+0x650/0x650
[ 57.134038][ T405] ? rwsem_mark_wake+0x770/0x770
[ 57.138949][ T405] unix_release+0x82/0xc0
[ 57.143221][ T405] sock_close+0xdf/0x270
[ 57.147274][ T405] ? sock_mmap+0xa0/0xa0
[ 57.151472][ T405] __fput+0x3fe/0x910
[ 57.155472][ T405] ____fput+0x15/0x20
[ 57.159481][ T405] task_work_run+0x129/0x190
[ 57.164012][ T405] exit_to_user_mode_loop+0xc4/0xe0
[ 57.169117][ T405] exit_to_user_mode_prepare+0x5a/0xa0
[ 57.174413][ T405] syscall_exit_to_user_mode+0x26/0x160
[ 57.180070][ T405] do_syscall_64+0x47/0xb0
[ 57.184293][ T405] ? clear_bhb_loop+0x35/0x90
[ 57.188949][ T405] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 57.194682][ T405] RIP: 0033:0x7f3d7cbf09da
[ 57.199094][ T405] Code: 48 3d 00 f0 ff ff 77 48 c3 0f 1f 80 00 00 00 00 48 83 ec 18 89 7c 24 0c e8 03 7f 02 00 8b 7c 24 0c 89 c2 b8 03 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 36 89 d7 89 44 24 0c e8 63 7f 02 00 8b 44 24
[ 57.218726][ T405] RSP: 002b:00007fff534e7fd0 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[ 57.227059][ T405] RAX: 0000000000000000 RBX: 0000000000000004 RCX: 00007f3d7cbf09da
[ 57.234954][ T405] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003
[ 57.242779][ T405] RBP: 00007f3d7cd12980 R08: 0000001b31f60000 R09: 00007fff535d30b0
[ 57.250949][ T405] R10: 0000000000000000 R11: 0000000000000293 R12: 000000000000e04d
[ 57.259108][ T405] R13: ffffffffffffffff R14: 00007f3d7c775000 R15: 000000000000dd0c
[ 57.267015][ T405]
[ 57.269867][ T405]
[ 57.272278][ T405] Allocated by task 406:
[ 57.276499][ T405] __kasan_slab_alloc+0xb1/0xe0
[ 57.281185][ T405] slab_post_alloc_hook+0x53/0x2c0
[ 57.286224][ T405] kmem_cache_alloc+0xf5/0x200
[ 57.291155][ T405] skb_clone+0x1d1/0x360
[ 57.295212][ T405] sk_psock_verdict_recv+0x53/0x840
[ 57.300501][ T405] unix_read_sock+0x132/0x370
[ 57.305014][ T405] sk_psock_verdict_data_ready+0x147/0x1a0
[ 57.310671][ T405] unix_dgram_sendmsg+0x15fa/0x2090
[ 57.315692][ T405] ____sys_sendmsg+0x59e/0x8f0
[ 57.320721][ T405] ___sys_sendmsg+0x252/0x2e0
[ 57.325351][ T405] __sys_sendmmsg+0x2bf/0x530
[ 57.329953][ T405] __x64_sys_sendmmsg+0xa0/0xb0
[ 57.334644][ T405] x64_sys_call+0x81d/0x9a0
[ 57.339184][ T405] do_syscall_64+0x3b/0xb0
[ 57.343592][ T405] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 57.349579][ T405]
[ 57.351779][ T405] Freed by task 26:
[ 57.355577][ T405] kasan_set_track+0x4b/0x70
[ 57.360288][ T405] kasan_set_free_info+0x23/0x40
[ 57.365360][ T405] ____kasan_slab_free+0x126/0x160
[ 57.370529][ T405] __kasan_slab_free+0x11/0x20
[ 57.375127][ T405] slab_free_freelist_hook+0xbd/0x190
[ 57.380645][ T405] kmem_cache_free+0x116/0x2e0
[ 57.385413][ T405] kfree_skbmem+0x104/0x170
[ 57.390095][ T405] kfree_skb+0xc2/0x360
[ 57.394357][ T405] sk_psock_backlog+0xc21/0xd90
[ 57.399006][ T405] process_one_work+0x6bb/0xc10
[ 57.403892][ T405] worker_thread+0xad5/0x12a0
[ 57.408400][ T405] kthread+0x421/0x510
[ 57.412355][ T405] ret_from_fork+0x1f/0x30
[ 57.416785][ T405]
[ 57.418960][ T405] The buggy address belongs to the object at ffff88810e2a6c80
[ 57.418960][ T405] which belongs to the cache skbuff_head_cache of size 248
[ 57.434238][ T405] The buggy address is located 0 bytes inside of
[ 57.434238][ T405] 248-byte region [ffff88810e2a6c80, ffff88810e2a6d78)
[ 57.447453][ T405] The buggy address belongs to the page:
[ 57.453008][ T405] page:ffffea000438a980 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10e2a6
[ 57.463452][ T405] flags: 0x4000000000000200(slab|zone=1)
[ 57.468967][ T405] raw: 4000000000000200 0000000000000000 0000000c00000001 ffff8881081b3b00
[ 57.477361][ T405] raw: 0000000000000000 00000000000c000c 00000001ffffffff 0000000000000000
[ 57.486041][ T405] page dumped because: kasan: bad access detected
[ 57.492346][ T405] page_owner tracks the page as allocated
[ 57.497894][ T405] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x12cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY), pid 111, ts 4352194120, free_ts 0
[ 57.513094][ T405] post_alloc_hook+0x1a3/0x1b0
[ 57.517702][ T405] prep_new_page+0x1b/0x110
[ 57.522030][ T405] get_page_from_freelist+0x3550/0x35d0
[ 57.527414][ T405] __alloc_pages+0x27e/0x8f0
[ 57.531925][ T405] new_slab+0x9a/0x4e0
[ 57.535842][ T405] ___slab_alloc+0x39e/0x830
[ 57.540346][ T405] __slab_alloc+0x4a/0x90
[ 57.544510][ T405] kmem_cache_alloc+0x134/0x200
[ 57.549196][ T405] __alloc_skb+0xbe/0x550
[ 57.553497][ T405] alloc_skb_with_frags+0xa6/0x680
[ 57.558407][ T405] sock_alloc_send_pskb+0x915/0xa50
[ 57.563445][ T405] unix_dgram_sendmsg+0x6fd/0x2090
[ 57.568477][ T405] sock_write_iter+0x39b/0x530
[ 57.573065][ T405] vfs_write+0xd5d/0x1110
[ 57.577235][ T405] ksys_write+0x199/0x2c0
[ 57.581659][ T405] __x64_sys_write+0x7b/0x90
[ 57.586084][ T405] page_owner free stack trace missing
[ 57.591384][ T405]
[ 57.593547][ T405] Memory state around the buggy address:
[ 57.599205][ T405] ffff88810e2a6b80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 57.607487][ T405] ffff88810e2a6c00: fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc fc
[ 57.615546][ T405] >ffff88810e2a6c80: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 57.626332][ T405] ^
[ 57.630686][ T405] ffff88810e2a6d00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fc
[ 57.640058][ T405] ffff88810e2a6d80: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
[ 57.648012][ T405] ==================================================================
[ 57.668270][ T409] FAULT_INJECTION: forcing a failure.
[ 57.668270][ T409] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 57.681913][ T409] CPU: 0 PID: 409 Comm: syz-executor.0 Tainted: G B 5.15.157-syzkaller-1070874-g53be7c8abe11 #0
[ 57.694231][ T409] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[ 57.704742][ T409] Call Trace:
[ 57.707989][ T409]
[ 57.710803][ T409] dump_stack_lvl+0x151/0x1c0
[ 57.715435][ T409] ? io_uring_drop_tctx_refs+0x190/0x190
[ 57.721060][ T409] dump_stack+0x15/0x20
[ 57.725232][ T409] should_fail+0x3c6/0x510
[ 57.729484][ T409] should_fail_usercopy+0x1a/0x20
[ 57.734699][ T409] _copy_to_user+0x20/0x90
[ 57.739160][ T409] simple_read_from_buffer+0xc7/0x150
[ 57.744328][ T409] proc_fail_nth_read+0x1a3/0x210
[ 57.749415][ T409] ? proc_fault_inject_write+0x390/0x390
[ 57.754844][ T409] ? fsnotify_perm+0x470/0x5d0
[ 57.759466][ T409] ? security_file_permission+0x86/0xb0
[ 57.764914][ T409] ? proc_fault_inject_write+0x390/0x390
[ 57.770882][ T409] vfs_read+0x27d/0xd40
[ 57.774864][ T409] ? kernel_read+0x1f0/0x1f0
[ 57.779285][ T409] ? __kasan_check_write+0x14/0x20
[ 57.784328][ T409] ? mutex_lock+0xb6/0x1e0
[ 57.788680][ T409] ? wait_for_completion_killable_timeout+0x10/0x10
[ 57.795105][ T409] ? __fdget_pos+0x2e7/0x3a0
[ 57.799975][ T409] ? ksys_read+0x77/0x2c0
[ 57.804313][ T409] ksys_read+0x199/0x2c0
[ 57.808636][ T409] ? __kasan_check_write+0x14/0x20
[ 57.813838][ T409] ? vfs_write+0x1110/0x1110
[ 57.818258][ T409] ? __kasan_check_read+0x11/0x20
[ 57.823310][ T409] __x64_sys_read+0x7b/0x90
[ 57.827753][ T409] x64_sys_call+0x28/0x9a0
[ 57.832065][ T409] do_syscall_64+0x3b/0xb0
[ 57.836405][ T409] ? clear_bhb_loop+0x35/0x90
[ 57.841181][ T409] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 57.847661][ T409] RIP: 0033:0x7f3d7cbf078c
[ 57.851905][ T409] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 59 81 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 af 81 02 00 48
[ 57.872665][ T409] RSP: 002b:00007f3d7c7740c0 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[ 57.881196][ T409] RAX: ffffffffffffffda RBX: 00007f3d7cd10f80 RCX: 00007f3d7cbf078c
[ 57.889376][ T409] RDX: 000000000000000f RSI: 00007f3d7c774130 RDI: 0000000000000006
[ 57.897465][ T409] RBP: 00007f3d7c774120 R08: 0000000000000000 R09: 0000000000000000
[ 57.905457][ T409] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
2024/09/06 20:48:28 executed programs: 19
[ 57.913422][ T409] R13: 000000000000000b R14: 00007f3d7cd10f80 R15: 00007fff534e7f08
[ 57.921238][ T409]
[ 57.936313][ T411] FAULT_INJECTION: forcing a failure.
[ 57.936313][ T411] name failslab, interval 1, probability 0, space 0, times 0
[ 57.951039][ T411] CPU: 1 PID: 411 Comm: syz-executor.0 Tainted: G B 5.15.157-syzkaller-1070874-g53be7c8abe11 #0
[ 57.963022][ T411] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[ 57.973185][ T411] Call Trace:
[ 57.976386][ T411]
[ 57.979283][ T411] dump_stack_lvl+0x151/0x1c0
[ 57.983823][ T411] ? io_uring_drop_tctx_refs+0x190/0x190
[ 57.989335][ T411] dump_stack+0x15/0x20
[ 57.993417][ T411] should_fail+0x3c6/0x510
[ 57.998032][ T411] __should_failslab+0xa4/0xe0
[ 58.002612][ T411] should_failslab+0x9/0x20
[ 58.006952][ T411] slab_pre_alloc_hook+0x37/0xd0
[ 58.011916][ T411] kmem_cache_alloc_trace+0x48/0x210
[ 58.017368][ T411] ? sk_psock_skb_ingress_self+0x60/0x330
[ 58.022926][ T411] ? migrate_disable+0x190/0x190
[ 58.027903][ T411] sk_psock_skb_ingress_self+0x60/0x330
[ 58.033524][ T411] sk_psock_verdict_recv+0x66d/0x840
[ 58.038807][ T411] unix_read_sock+0x132/0x370
[ 58.043324][ T411] ? sk_psock_skb_redirect+0x440/0x440
[ 58.048790][ T411] ? unix_stream_splice_actor+0x120/0x120
[ 58.054438][ T411] ? _raw_spin_lock_irqsave+0xf9/0x210
[ 58.059909][ T411] ? unix_stream_splice_actor+0x120/0x120
[ 58.065471][ T411] sk_psock_verdict_data_ready+0x147/0x1a0
[ 58.071365][ T411] ? sk_psock_start_verdict+0xc0/0xc0
[ 58.076840][ T411] ? _raw_spin_lock+0xa4/0x1b0
[ 58.082136][ T411] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 58.088146][ T411] ? skb_queue_tail+0xfb/0x120
[ 58.093119][ T411] unix_dgram_sendmsg+0x15fa/0x2090
[ 58.098469][ T411] ? unix_dgram_poll+0x710/0x710
[ 58.103294][ T411] ? __kasan_check_write+0x14/0x20
[ 58.108186][ T411] ? __cpuidle_text_end+0x2/0x2
[ 58.113380][ T411] ? cgroup_rstat_updated+0xe5/0x370
[ 58.119031][ T411] ? security_socket_sendmsg+0x82/0xb0
[ 58.124332][ T411] ? unix_dgram_poll+0x710/0x710
[ 58.130095][ T411] ____sys_sendmsg+0x59e/0x8f0
[ 58.134717][ T411] ? __sys_sendmsg_sock+0x40/0x40
[ 58.139689][ T411] ? import_iovec+0xe5/0x120
[ 58.144084][ T411] ___sys_sendmsg+0x252/0x2e0
[ 58.148793][ T411] ? __sys_sendmsg+0x260/0x260
[ 58.153485][ T411] ? __kasan_check_write+0x14/0x20
[ 58.158515][ T411] ? proc_fail_nth_write+0x20b/0x290
[ 58.163819][ T411] ? __fdget+0x1bc/0x240
[ 58.168089][ T411] __sys_sendmmsg+0x2bf/0x530
[ 58.172846][ T411] ? __ia32_sys_sendmsg+0x90/0x90
[ 58.178057][ T411] ? mutex_unlock+0xb2/0x260
[ 58.182682][ T411] ? __kasan_check_write+0x14/0x20
[ 58.187706][ T411] ? __ia32_sys_read+0x90/0x90
[ 58.192307][ T411] ? debug_smp_processor_id+0x17/0x20
[ 58.198139][ T411] ? fpregs_assert_state_consistent+0xb6/0xe0
[ 58.204137][ T411] __x64_sys_sendmmsg+0xa0/0xb0
[ 58.208902][ T411] x64_sys_call+0x81d/0x9a0
[ 58.213288][ T411] do_syscall_64+0x3b/0xb0
[ 58.217570][ T411] ? clear_bhb_loop+0x35/0x90
[ 58.222171][ T411] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 58.227987][ T411] RIP: 0033:0x7f3d7cbf1ae9
[ 58.232351][ T411] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[ 58.252090][ T411] RSP: 002b:00007f3d7c7740c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 58.260626][ T411] RAX: ffffffffffffffda RBX: 00007f3d7cd10f80 RCX: 00007f3d7cbf1ae9
[ 58.268669][ T411] RDX: 0000000000000001 RSI: 00000000200063c0 RDI: 0000000000000003
[ 58.276901][ T411] RBP: 00007f3d7c774120 R08: 0000000000000000 R09: 0000000000000000
[ 58.284721][ T411] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 58.293184][ T411] R13: 000000000000000b R14: 00007f3d7cd10f80 R15: 00007fff534e7f08
[ 58.301085][ T411]
[ 58.305613][ T410] ==================================================================
[ 58.313675][ T410] BUG: KASAN: double-free or invalid-free in kmem_cache_free+0x116/0x2e0
[ 58.321913][ T410]
[ 58.324118][ T410] CPU: 1 PID: 410 Comm: syz-executor.0 Tainted: G B 5.15.157-syzkaller-1070874-g53be7c8abe11 #0
[ 58.335742][ T410] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[ 58.345724][ T410] Call Trace:
[ 58.349187][ T410]
[ 58.352235][ T410] dump_stack_lvl+0x151/0x1c0
[ 58.357139][ T410] ? io_uring_drop_tctx_refs+0x190/0x190
[ 58.363458][ T410] ? __wake_up_klogd+0xd5/0x110
[ 58.368124][ T410] ? panic+0x760/0x760
[ 58.372199][ T410] ? kmem_cache_free+0x116/0x2e0
[ 58.376994][ T410] print_address_description+0x87/0x3b0
[ 58.382469][ T410] ? kmem_cache_free+0x116/0x2e0
[ 58.387489][ T410] ? kmem_cache_free+0x116/0x2e0
[ 58.392430][ T410] kasan_report_invalid_free+0x6b/0xa0
[ 58.397818][ T410] ____kasan_slab_free+0x13e/0x160
[ 58.402755][ T410] __kasan_slab_free+0x11/0x20
[ 58.407624][ T410] slab_free_freelist_hook+0xbd/0x190
[ 58.413093][ T410] ? kfree_skbmem+0x104/0x170
[ 58.417608][ T410] kmem_cache_free+0x116/0x2e0
[ 58.422293][ T410] kfree_skbmem+0x104/0x170
[ 58.427147][ T410] consume_skb+0xb4/0x250
[ 58.431407][ T410] __sk_msg_free+0x2dd/0x370
[ 58.436136][ T410] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 58.442169][ T410] sk_psock_stop+0x44c/0x4d0
[ 58.446942][ T410] ? unix_peer_get+0xe0/0xe0
[ 58.453504][ T410] sock_map_close+0x2b9/0x4c0
[ 58.458590][ T410] ? sock_map_remove_links+0x650/0x650
[ 58.464284][ T410] ? rwsem_mark_wake+0x770/0x770
[ 58.469053][ T410] unix_release+0x82/0xc0
[ 58.473515][ T410] sock_close+0xdf/0x270
[ 58.477616][ T410] ? sock_mmap+0xa0/0xa0
[ 58.481709][ T410] __fput+0x3fe/0x910
[ 58.485578][ T410] ____fput+0x15/0x20
[ 58.489611][ T410] task_work_run+0x129/0x190
[ 58.494024][ T410] exit_to_user_mode_loop+0xc4/0xe0
[ 58.499244][ T410] exit_to_user_mode_prepare+0x5a/0xa0
[ 58.504697][ T410] syscall_exit_to_user_mode+0x26/0x160
[ 58.510160][ T410] do_syscall_64+0x47/0xb0
[ 58.514426][ T410] ? clear_bhb_loop+0x35/0x90
[ 58.518932][ T410] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 58.524698][ T410] RIP: 0033:0x7f3d7cbf09da
[ 58.528997][ T410] Code: 48 3d 00 f0 ff ff 77 48 c3 0f 1f 80 00 00 00 00 48 83 ec 18 89 7c 24 0c e8 03 7f 02 00 8b 7c 24 0c 89 c2 b8 03 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 36 89 d7 89 44 24 0c e8 63 7f 02 00 8b 44 24
[ 58.549331][ T410] RSP: 002b:00007fff534e7fd0 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[ 58.557662][ T410] RAX: 0000000000000000 RBX: 0000000000000004 RCX: 00007f3d7cbf09da
[ 58.565739][ T410] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003
[ 58.573779][ T410] RBP: 00007f3d7cd12980 R08: 0000001b31f60000 R09: 00007fff535d30b0
[ 58.581972][ T410] R10: 0000000000000000 R11: 0000000000000293 R12: 000000000000e579
[ 58.589963][ T410] R13: ffffffffffffffff R14: 00007f3d7c775000 R15: 000000000000e238
[ 58.597916][ T410]
[ 58.600880][ T410]
[ 58.603133][ T410] Allocated by task 411:
[ 58.607391][ T410] __kasan_slab_alloc+0xb1/0xe0
[ 58.612226][ T410] slab_post_alloc_hook+0x53/0x2c0
[ 58.617225][ T410] kmem_cache_alloc+0xf5/0x200
[ 58.621973][ T410] skb_clone+0x1d1/0x360
[ 58.626055][ T410] sk_psock_verdict_recv+0x53/0x840
[ 58.631219][ T410] unix_read_sock+0x132/0x370
[ 58.635808][ T410] sk_psock_verdict_data_ready+0x147/0x1a0
[ 58.641644][ T410] unix_dgram_sendmsg+0x15fa/0x2090
[ 58.646953][ T410] ____sys_sendmsg+0x59e/0x8f0
[ 58.651539][ T410] ___sys_sendmsg+0x252/0x2e0
[ 58.656053][ T410] __sys_sendmmsg+0x2bf/0x530
[ 58.660569][ T410] __x64_sys_sendmmsg+0xa0/0xb0
[ 58.665471][ T410] x64_sys_call+0x81d/0x9a0
[ 58.669891][ T410] do_syscall_64+0x3b/0xb0
[ 58.674269][ T410] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 58.680134][ T410]
[ 58.682388][ T410] Freed by task 20:
[ 58.686047][ T410] kasan_set_track+0x4b/0x70
[ 58.690637][ T410] kasan_set_free_info+0x23/0x40
[ 58.695588][ T410] ____kasan_slab_free+0x126/0x160
[ 58.700888][ T410] __kasan_slab_free+0x11/0x20
[ 58.705486][ T410] slab_free_freelist_hook+0xbd/0x190
[ 58.710812][ T410] kmem_cache_free+0x116/0x2e0
[ 58.715638][ T410] kfree_skbmem+0x104/0x170
[ 58.720292][ T410] kfree_skb+0xc2/0x360
[ 58.724285][ T410] sk_psock_backlog+0xc21/0xd90
[ 58.728977][ T410] process_one_work+0x6bb/0xc10
[ 58.734096][ T410] worker_thread+0xad5/0x12a0
[ 58.738605][ T410] kthread+0x421/0x510
[ 58.742519][ T410] ret_from_fork+0x1f/0x30
[ 58.746950][ T410]
[ 58.749104][ T410] The buggy address belongs to the object at ffff88810cf4c640
[ 58.749104][ T410] which belongs to the cache skbuff_head_cache of size 248
[ 58.763514][ T410] The buggy address is located 0 bytes inside of
[ 58.763514][ T410] 248-byte region [ffff88810cf4c640, ffff88810cf4c738)
[ 58.777341][ T410] The buggy address belongs to the page:
[ 58.782795][ T410] page:ffffea000433d300 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10cf4c
[ 58.792945][ T410] flags: 0x4000000000000200(slab|zone=1)
[ 58.798693][ T410] raw: 4000000000000200 0000000000000000 0000000800000001 ffff8881081b3b00
[ 58.807344][ T410] raw: 0000000000000000 00000000000c000c 00000001ffffffff 0000000000000000
[ 58.816022][ T410] page dumped because: kasan: bad access detected
[ 58.822707][ T410] page_owner tracks the page as allocated
[ 58.828604][ T410] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x12cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY), pid 102, ts 4371601456, free_ts 4371503671
[ 58.844442][ T410] post_alloc_hook+0x1a3/0x1b0
[ 58.849208][ T410] prep_new_page+0x1b/0x110
[ 58.853662][ T410] get_page_from_freelist+0x3550/0x35d0
[ 58.859244][ T410] __alloc_pages+0x27e/0x8f0
[ 58.863647][ T410] new_slab+0x9a/0x4e0
[ 58.867646][ T410] ___slab_alloc+0x39e/0x830
[ 58.872525][ T410] __slab_alloc+0x4a/0x90
[ 58.876863][ T410] kmem_cache_alloc+0x134/0x200
[ 58.881543][ T410] skb_clone+0x1d1/0x360
[ 58.885620][ T410] netlink_broadcast_filtered+0x692/0x1220
[ 58.891264][ T410] netlink_broadcast+0x3a/0x50
[ 58.895873][ T410] kobject_uevent_net_broadcast+0x3a1/0x590
[ 58.902127][ T410] kobject_uevent_env+0x525/0x700
[ 58.907118][ T410] kobject_synth_uevent+0x4eb/0xae0
[ 58.912191][ T410] uevent_store+0x4b/0x70
[ 58.916317][ T410] drv_attr_store+0x78/0xa0
[ 58.920733][ T410] page last free stack trace:
[ 58.925327][ T410] free_unref_page_prepare+0x7c8/0x7d0
[ 58.930809][ T410] free_unref_page+0xe8/0x750
[ 58.935555][ T410] __free_pages+0x61/0xf0
[ 58.939663][ T410] free_pages+0x7c/0x90
[ 58.944065][ T410] selinux_genfs_get_sid+0x24d/0x2a0
[ 58.949718][ T410] inode_doinit_with_dentry+0x8d2/0x1070
[ 58.955315][ T410] selinux_d_instantiate+0x27/0x40
[ 58.960399][ T410] security_d_instantiate+0x9f/0x100
[ 58.966100][ T410] d_splice_alias+0x6d/0x390
[ 58.970902][ T410] kernfs_iop_lookup+0x29e/0x2f0
[ 58.976109][ T410] path_openat+0x1194/0x2f40
[ 58.980622][ T410] do_filp_open+0x21c/0x460
[ 58.986319][ T410] do_sys_openat2+0x13f/0x830
[ 58.991254][ T410] __x64_sys_openat+0x243/0x290
[ 58.996249][ T410] x64_sys_call+0x6bf/0x9a0
[ 59.000799][ T410] do_syscall_64+0x3b/0xb0
[ 59.005152][ T410]
[ 59.007313][ T410] Memory state around the buggy address:
[ 59.012865][ T410] ffff88810cf4c500: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 59.020862][ T410] ffff88810cf4c580: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fc
[ 59.029009][ T410] >ffff88810cf4c600: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
[ 59.037014][ T410] ^
[ 59.043098][ T410] ffff88810cf4c680: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 59.051245][ T410] ffff88810cf4c700: fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc fc
[ 59.059400][ T410] ==================================================================
[ 59.081908][ T414] FAULT_INJECTION: forcing a failure.
[ 59.081908][ T414] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 59.095228][ T414] CPU: 0 PID: 414 Comm: syz-executor.0 Tainted: G B 5.15.157-syzkaller-1070874-g53be7c8abe11 #0
[ 59.107052][ T414] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[ 59.117108][ T414] Call Trace:
[ 59.120315][ T414]
[ 59.123109][ T414] dump_stack_lvl+0x151/0x1c0
[ 59.127615][ T414] ? io_uring_drop_tctx_refs+0x190/0x190
[ 59.133263][ T414] dump_stack+0x15/0x20
[ 59.137282][ T414] should_fail+0x3c6/0x510
[ 59.141621][ T414] should_fail_usercopy+0x1a/0x20
[ 59.146576][ T414] _copy_to_user+0x20/0x90
[ 59.150822][ T414] simple_read_from_buffer+0xc7/0x150
[ 59.156037][ T414] proc_fail_nth_read+0x1a3/0x210
[ 59.160927][ T414] ? proc_fault_inject_write+0x390/0x390
[ 59.166587][ T414] ? fsnotify_perm+0x470/0x5d0
[ 59.171288][ T414] ? security_file_permission+0x86/0xb0
[ 59.176763][ T414] ? proc_fault_inject_write+0x390/0x390
[ 59.182473][ T414] vfs_read+0x27d/0xd40
[ 59.186576][ T414] ? kernel_read+0x1f0/0x1f0
[ 59.190985][ T414] ? __kasan_check_write+0x14/0x20
[ 59.196194][ T414] ? mutex_lock+0xb6/0x1e0
[ 59.200532][ T414] ? wait_for_completion_killable_timeout+0x10/0x10
[ 59.207106][ T414] ? __fdget_pos+0x2e7/0x3a0
[ 59.211649][ T414] ? ksys_read+0x77/0x2c0
[ 59.215811][ T414] ksys_read+0x199/0x2c0
[ 59.220027][ T414] ? __kasan_check_write+0x14/0x20
[ 59.225002][ T414] ? vfs_write+0x1110/0x1110