Warning: Permanently added '10.128.1.155' (ED25519) to the list of known hosts.
2024/03/05 22:37:22 ignoring optional flag "sandboxArg"="0"
2024/03/05 22:37:23 parsed 1 programs
[ 41.392237][ T30] audit: type=1400 audit(1709678243.011:157): avc: denied { mounton } for pid=341 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1
[ 41.417613][ T30] audit: type=1400 audit(1709678243.011:158): avc: denied { mount } for pid=341 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1
[ 41.442917][ T30] audit: type=1400 audit(1709678243.061:159): avc: denied { unlink } for pid=341 comm="syz-executor" name="swap-file" dev="sda1" ino=1929 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
2024/03/05 22:37:23 executed programs: 0
[ 41.489277][ T341] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k
[ 41.543823][ T347] bridge0: port 1(bridge_slave_0) entered blocking state
[ 41.551247][ T347] bridge0: port 1(bridge_slave_0) entered disabled state
[ 41.559371][ T347] device bridge_slave_0 entered promiscuous mode
[ 41.566042][ T347] bridge0: port 2(bridge_slave_1) entered blocking state
[ 41.573023][ T347] bridge0: port 2(bridge_slave_1) entered disabled state
[ 41.580577][ T347] device bridge_slave_1 entered promiscuous mode
[ 41.625870][ T30] audit: type=1400 audit(1709678243.251:160): avc: denied { write } for pid=347 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[ 41.631250][ T347] bridge0: port 2(bridge_slave_1) entered blocking state
[ 41.646439][ T30] audit: type=1400 audit(1709678243.251:161): avc: denied { read } for pid=347 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[ 41.653385][ T347] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 41.680807][ T347] bridge0: port 1(bridge_slave_0) entered blocking state
[ 41.687793][ T347] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 41.707223][ T300] bridge0: port 1(bridge_slave_0) entered disabled state
[ 41.714390][ T300] bridge0: port 2(bridge_slave_1) entered disabled state
[ 41.722011][ T300] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[ 41.729451][ T300] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 41.738652][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 41.746729][ T39] bridge0: port 1(bridge_slave_0) entered blocking state
[ 41.753764][ T39] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 41.766045][ T300] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 41.774332][ T300] bridge0: port 2(bridge_slave_1) entered blocking state
[ 41.781295][ T300] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 41.789464][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 41.805301][ T300] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 41.814378][ T300] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 41.823425][ T347] device veth0_vlan entered promiscuous mode
[ 41.830449][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 41.838971][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[ 41.846319][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[ 41.857643][ T347] device veth1_macvtap entered promiscuous mode
[ 41.866083][ T300] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 41.877066][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 41.886371][ T62] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[ 41.900982][ T30] audit: type=1400 audit(1709678243.521:162): avc: denied { mounton } for pid=347 comm="syz-executor.0" path="/dev/binderfs" dev="devtmpfs" ino=362 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:device_t tclass=dir permissive=1
[ 41.933426][ T30] audit: type=1400 audit(1709678243.551:163): avc: denied { prog_load } for pid=351 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1
[ 41.938976][ T352] FAULT_INJECTION: forcing a failure.
[ 41.938976][ T352] name fail_usercopy, interval 1, probability 0, space 0, times 1
[ 41.953598][ T30] audit: type=1400 audit(1709678243.551:164): avc: denied { bpf } for pid=351 comm="syz-executor.0" capability=39 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1
[ 41.966167][ T352] CPU: 0 PID: 352 Comm: syz-executor.0 Not tainted 5.15.148-syzkaller-1069047-g993bed180178 #0
[ 41.987358][ T30] audit: type=1400 audit(1709678243.551:165): avc: denied { perfmon } for pid=351 comm="syz-executor.0" capability=38 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1
[ 41.996755][ T352] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[ 41.996769][ T352] Call Trace:
[ 41.996775][ T352]
[ 41.996782][ T352] dump_stack_lvl+0x151/0x1b7
[ 41.996809][ T352] ? io_uring_drop_tctx_refs+0x190/0x190
[ 42.018463][ T30] audit: type=1400 audit(1709678243.551:166): avc: denied { prog_run } for pid=351 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1
[ 42.027569][ T352] dump_stack+0x15/0x17
[ 42.027595][ T352] should_fail+0x3c6/0x510
[ 42.027615][ T352] should_fail_usercopy+0x1a/0x20
[ 42.076518][ T352] _copy_to_user+0x20/0x90
[ 42.080777][ T352] simple_read_from_buffer+0xc7/0x150
[ 42.086256][ T352] proc_fail_nth_read+0x1a3/0x210
[ 42.091203][ T352] ? proc_fault_inject_write+0x390/0x390
[ 42.096756][ T352] ? fsnotify_perm+0x470/0x5d0
[ 42.101444][ T352] ? security_file_permission+0x86/0xb0
[ 42.107000][ T352] ? proc_fault_inject_write+0x390/0x390
[ 42.112841][ T352] vfs_read+0x27d/0xd40
[ 42.116843][ T352] ? kernel_read+0x1f0/0x1f0
[ 42.121351][ T352] ? __kasan_check_write+0x14/0x20
[ 42.126385][ T352] ? mutex_lock+0xb6/0x1e0
[ 42.130730][ T352] ? wait_for_completion_killable_timeout+0x10/0x10
[ 42.137152][ T352] ? __fdget_pos+0x2e7/0x3a0
[ 42.141575][ T352] ? ksys_read+0x77/0x2c0
[ 42.145832][ T352] ksys_read+0x199/0x2c0
[ 42.150007][ T352] ? vfs_write+0x1110/0x1110
[ 42.154427][ T352] ? __kasan_check_read+0x11/0x20
[ 42.159374][ T352] __x64_sys_read+0x7b/0x90
[ 42.163709][ T352] do_syscall_64+0x3d/0xb0
[ 42.167960][ T352] entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 42.173702][ T352] RIP: 0033:0x7faa9f7d878c
[ 42.177942][ T352] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 59 81 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 af 81 02 00 48
[ 42.197557][ T352] RSP: 002b:00007faa9f35c0c0 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[ 42.205799][ T352] RAX: ffffffffffffffda RBX: 00007faa9f8f8f80 RCX: 00007faa9f7d878c
[ 42.213610][ T352] RDX: 000000000000000f RSI: 00007faa9f35c130 RDI: 0000000000000006
[ 42.221423][ T352] RBP: 00007faa9f35c120 R08: 0000000000000000 R09: 0000000000000000
[ 42.229232][ T352] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 42.237065][ T352] R13: 000000000000000b R14: 00007faa9f8f8f80 R15: 00007ffe3f38fd98
[ 42.245128][ T352]
[ 42.258922][ T356] FAULT_INJECTION: forcing a failure.
[ 42.258922][ T356] name failslab, interval 1, probability 0, space 0, times 1
[ 42.271525][ T356] CPU: 0 PID: 356 Comm: syz-executor.0 Not tainted 5.15.148-syzkaller-1069047-g993bed180178 #0
[ 42.281750][ T356] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[ 42.291727][ T356] Call Trace:
[ 42.295048][ T356]
[ 42.297809][ T356] dump_stack_lvl+0x151/0x1b7
[ 42.302596][ T356] ? io_uring_drop_tctx_refs+0x190/0x190
[ 42.308239][ T356] dump_stack+0x15/0x17
[ 42.312323][ T356] should_fail+0x3c6/0x510
[ 42.316561][ T356] __should_failslab+0xa4/0xe0
[ 42.321424][ T356] should_failslab+0x9/0x20
[ 42.325783][ T356] slab_pre_alloc_hook+0x37/0xd0
[ 42.330803][ T356] kmem_cache_alloc_trace+0x48/0x210
[ 42.335997][ T356] ? sk_psock_skb_ingress_self+0x60/0x330
[ 42.341752][ T356] ? migrate_disable+0x190/0x190
[ 42.346712][ T356] sk_psock_skb_ingress_self+0x60/0x330
[ 42.352077][ T356] sk_psock_verdict_recv+0x66d/0x840
[ 42.357289][ T356] unix_read_sock+0x132/0x370
[ 42.361900][ T356] ? sk_psock_skb_redirect+0x440/0x440
[ 42.367368][ T356] ? unix_stream_splice_actor+0x120/0x120
[ 42.373189][ T356] ? _raw_spin_lock_irqsave+0xf9/0x210
[ 42.378478][ T356] ? unix_stream_splice_actor+0x120/0x120
[ 42.384128][ T356] sk_psock_verdict_data_ready+0x147/0x1a0
[ 42.389937][ T356] ? sk_psock_start_verdict+0xc0/0xc0
[ 42.395326][ T356] ? _raw_spin_lock+0xa4/0x1b0
[ 42.400153][ T356] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 42.405763][ T356] ? skb_queue_tail+0xfb/0x120
[ 42.410372][ T356] unix_dgram_sendmsg+0x15fa/0x2090
[ 42.415571][ T356] ? unix_dgram_poll+0x710/0x710
[ 42.425214][ T356] ? _raw_spin_trylock+0xcd/0x1a0
[ 42.430233][ T356] ? security_socket_sendmsg+0x82/0xb0
[ 42.435797][ T356] ? unix_dgram_poll+0x710/0x710
[ 42.440578][ T356] ____sys_sendmsg+0x59e/0x8f0
[ 42.445162][ T356] ? __sys_sendmsg_sock+0x40/0x40
[ 42.450037][ T356] ? import_iovec+0xe5/0x120
[ 42.454455][ T356] ___sys_sendmsg+0x252/0x2e0
[ 42.458969][ T356] ? __sys_sendmsg+0x260/0x260
[ 42.463563][ T356] ? do_handle_mm_fault+0x1949/0x2330
[ 42.468770][ T356] ? __kasan_check_write+0x14/0x20
[ 42.473799][ T356] ? proc_fail_nth_write+0x20b/0x290
[ 42.479009][ T356] ? __fdget+0x1bc/0x240
[ 42.483103][ T356] __sys_sendmmsg+0x2bf/0x530
[ 42.487716][ T356] ? __ia32_sys_sendmsg+0x90/0x90
[ 42.492734][ T356] ? mutex_unlock+0xb2/0x260
[ 42.497149][ T356] ? __kasan_check_write+0x14/0x20
[ 42.502107][ T356] ? debug_smp_processor_id+0x17/0x20
[ 42.507299][ T356] ? fpregs_assert_state_consistent+0xb6/0xe0
[ 42.513288][ T356] __x64_sys_sendmmsg+0xa0/0xb0
[ 42.518069][ T356] do_syscall_64+0x3d/0xb0
[ 42.522316][ T356] entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 42.528307][ T356] RIP: 0033:0x7faa9f7d9ae9
[ 42.532660][ T356] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[ 42.552347][ T356] RSP: 002b:00007faa9f35c0c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 42.560597][ T356] RAX: ffffffffffffffda RBX: 00007faa9f8f8f80 RCX: 00007faa9f7d9ae9
[ 42.568524][ T356] RDX: 0000000000000001 RSI: 00000000200063c0 RDI: 0000000000000003
[ 42.576470][ T356] RBP: 00007faa9f35c120 R08: 0000000000000000 R09: 0000000000000000
[ 42.584372][ T356] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 42.593309][ T356] R13: 000000000000000b R14: 00007faa9f8f8f80 R15: 00007ffe3f38fd98
[ 42.601126][ T356]
[ 42.605765][ T355] ==================================================================
[ 42.613651][ T355] BUG: KASAN: use-after-free in consume_skb+0x3c/0x250
[ 42.620331][ T355] Read of size 4 at addr ffff88811fc29aec by task syz-executor.0/355
[ 42.628582][ T355]
[ 42.630868][ T355] CPU: 1 PID: 355 Comm: syz-executor.0 Not tainted 5.15.148-syzkaller-1069047-g993bed180178 #0
[ 42.641250][ T355] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[ 42.651152][ T355] Call Trace:
[ 42.654264][ T355]
[ 42.657060][ T355] dump_stack_lvl+0x151/0x1b7
[ 42.661858][ T355] ? io_uring_drop_tctx_refs+0x190/0x190
[ 42.667502][ T355] ? panic+0x751/0x751
[ 42.671584][ T355] print_address_description+0x87/0x3b0
[ 42.677059][ T355] kasan_report+0x179/0x1c0
[ 42.681637][ T355] ? consume_skb+0x3c/0x250
[ 42.685909][ T355] ? consume_skb+0x3c/0x250
[ 42.690239][ T355] kasan_check_range+0x293/0x2a0
[ 42.695014][ T355] __kasan_check_read+0x11/0x20
[ 42.699701][ T355] consume_skb+0x3c/0x250
[ 42.703868][ T355] __sk_msg_free+0x2dd/0x370
[ 42.708295][ T355] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 42.714106][ T355] sk_psock_stop+0x44c/0x4d0
[ 42.718533][ T355] ? unix_peer_get+0xe0/0xe0
[ 42.722959][ T355] sock_map_close+0x2b9/0x4c0
[ 42.727477][ T355] ? sock_map_remove_links+0x570/0x570
[ 42.732855][ T355] ? rwsem_mark_wake+0x6b0/0x6b0
[ 42.737723][ T355] unix_release+0x82/0xc0
[ 42.741968][ T355] sock_close+0xdf/0x270
[ 42.746134][ T355] ? sock_mmap+0xa0/0xa0
[ 42.750408][ T355] __fput+0x3fe/0x910
[ 42.754217][ T355] ____fput+0x15/0x20
[ 42.758031][ T355] task_work_run+0x129/0x190
[ 42.762461][ T355] exit_to_user_mode_loop+0xc4/0xe0
[ 42.767666][ T355] exit_to_user_mode_prepare+0x5a/0xa0
[ 42.772960][ T355] syscall_exit_to_user_mode+0x26/0x160
[ 42.778340][ T355] do_syscall_64+0x49/0xb0
[ 42.782596][ T355] entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 42.788407][ T355] RIP: 0033:0x7faa9f7d89da
[ 42.792664][ T355] Code: 48 3d 00 f0 ff ff 77 48 c3 0f 1f 80 00 00 00 00 48 83 ec 18 89 7c 24 0c e8 03 7f 02 00 8b 7c 24 0c 89 c2 b8 03 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 36 89 d7 89 44 24 0c e8 63 7f 02 00 8b 44 24
[ 42.812628][ T355] RSP: 002b:00007ffe3f38fe60 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[ 42.820958][ T355] RAX: 0000000000000000 RBX: 0000000000000004 RCX: 00007faa9f7d89da
[ 42.828867][ T355] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003
[ 42.837270][ T355] RBP: 0000000000000032 R08: 0000001b31660000 R09: 00007faa9f8f8f8c
[ 42.845559][ T355] R10: 00007ffe3f38ffb0 R11: 0000000000000293 R12: 00007faa9f35e0d0
[ 42.853368][ T355] R13: ffffffffffffffff R14: 00007faa9f35d000 R15: 000000000000a4f8
[ 42.861482][ T355]
[ 42.864328][ T355]
[ 42.866498][ T355] Allocated by task 356:
[ 42.870586][ T355] __kasan_slab_alloc+0xb1/0xe0
[ 42.875442][ T355] slab_post_alloc_hook+0x53/0x2c0
[ 42.880395][ T355] kmem_cache_alloc+0xf5/0x200
[ 42.884982][ T355] skb_clone+0x1d1/0x360
[ 42.889150][ T355] sk_psock_verdict_recv+0x53/0x840
[ 42.894445][ T355] unix_read_sock+0x132/0x370
[ 42.899301][ T355] sk_psock_verdict_data_ready+0x147/0x1a0
[ 42.905033][ T355] unix_dgram_sendmsg+0x15fa/0x2090
[ 42.910083][ T355] ____sys_sendmsg+0x59e/0x8f0
[ 42.914841][ T355] ___sys_sendmsg+0x252/0x2e0
[ 42.919355][ T355] __sys_sendmmsg+0x2bf/0x530
[ 42.923902][ T355] __x64_sys_sendmmsg+0xa0/0xb0
[ 42.928553][ T355] do_syscall_64+0x3d/0xb0
[ 42.932918][ T355] entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 42.938810][ T355]
[ 42.940979][ T355] Freed by task 62:
[ 42.944631][ T355] kasan_set_track+0x4b/0x70
[ 42.949304][ T355] kasan_set_free_info+0x23/0x40
[ 42.954268][ T355] ____kasan_slab_free+0x126/0x160
[ 42.959460][ T355] __kasan_slab_free+0x11/0x20
[ 42.964328][ T355] slab_free_freelist_hook+0xbd/0x190
[ 42.969614][ T355] kmem_cache_free+0x116/0x2e0
[ 42.974215][ T355] kfree_skbmem+0x104/0x170
[ 42.978553][ T355] kfree_skb+0xc2/0x360
[ 42.982556][ T355] sk_psock_backlog+0xc21/0xd90
[ 42.987317][ T355] process_one_work+0x6bb/0xc10
[ 42.992021][ T355] worker_thread+0xad5/0x12a0
[ 42.996519][ T355] kthread+0x421/0x510
[ 43.000521][ T355] ret_from_fork+0x1f/0x30
[ 43.004764][ T355]
[ 43.006934][ T355] The buggy address belongs to the object at ffff88811fc29a00
[ 43.006934][ T355] which belongs to the cache skbuff_head_cache of size 248
[ 43.021747][ T355] The buggy address is located 236 bytes inside of
[ 43.021747][ T355] 248-byte region [ffff88811fc29a00, ffff88811fc29af8)
[ 43.035326][ T355] The buggy address belongs to the page:
[ 43.040816][ T355] page:ffffea00047f0a40 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x11fc29
[ 43.051048][ T355] flags: 0x4000000000000200(slab|zone=1)
[ 43.056614][ T355] raw: 4000000000000200 0000000000000000 dead000000000122 ffff888100351680
[ 43.065386][ T355] raw: 0000000000000000 00000000000c000c 00000001ffffffff 0000000000000000
[ 43.073794][ T355] page dumped because: kasan: bad access detected
[ 43.080040][ T355] page_owner tracks the page as allocated
[ 43.085603][ T355] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x112cc0(GFP_USER|__GFP_NOWARN|__GFP_NORETRY), pid 353, ts 42257368859, free_ts 21804174449
[ 43.101302][ T355] post_alloc_hook+0x1a3/0x1b0
[ 43.106255][ T355] prep_new_page+0x1b/0x110
[ 43.110596][ T355] get_page_from_freelist+0x3550/0x35d0
[ 43.116067][ T355] __alloc_pages+0x27e/0x8f0
[ 43.120689][ T355] new_slab+0x9a/0x4e0
[ 43.124847][ T355] ___slab_alloc+0x39e/0x830
[ 43.129696][ T355] __slab_alloc+0x4a/0x90
[ 43.134119][ T355] kmem_cache_alloc+0x134/0x200
[ 43.138893][ T355] __alloc_skb+0xbe/0x550
[ 43.143061][ T355] alloc_skb_with_frags+0xa6/0x680
[ 43.148006][ T355] sock_alloc_send_pskb+0x915/0xa50
[ 43.153045][ T355] unix_dgram_sendmsg+0x6fd/0x2090
[ 43.158119][ T355] sock_write_iter+0x39b/0x530
[ 43.162846][ T355] vfs_write+0xd5d/0x1110
[ 43.167119][ T355] ksys_write+0x199/0x2c0
[ 43.171287][ T355] __x64_sys_write+0x7b/0x90
[ 43.175725][ T355] page last free stack trace:
[ 43.180324][ T355] free_unref_page_prepare+0x7c8/0x7d0
[ 43.185609][ T355] free_unref_page+0xe8/0x750
[ 43.190121][ T355] __free_pages+0x61/0xf0
[ 43.194288][ T355] __vunmap+0x7bc/0x8f0
[ 43.198371][ T355] vfree+0x7f/0xb0
[ 43.201925][ T355] kcov_close+0x2b/0x50
[ 43.206093][ T355] __fput+0x3fe/0x910
[ 43.210008][ T355] ____fput+0x15/0x20
[ 43.213913][ T355] task_work_run+0x129/0x190
[ 43.219123][ T355] do_exit+0xc48/0x2ca0
[ 43.223110][ T355] do_group_exit+0x141/0x310
[ 43.227545][ T355] get_signal+0x7a3/0x1630
[ 43.231869][ T355] arch_do_signal_or_restart+0xbd/0x1680
[ 43.237359][ T355] exit_to_user_mode_loop+0xa0/0xe0
[ 43.242464][ T355] exit_to_user_mode_prepare+0x5a/0xa0
[ 43.247855][ T355] syscall_exit_to_user_mode+0x26/0x160
[ 43.253318][ T355]
[ 43.255536][ T355] Memory state around the buggy address:
[ 43.260965][ T355] ffff88811fc29980: fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc fc
[ 43.268872][ T355] ffff88811fc29a00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 43.276765][ T355] >ffff88811fc29a80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fc
[ 43.284822][ T355] ^
[ 43.292296][ T355] ffff88811fc29b00: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
[ 43.300185][ T355] ffff88811fc29b80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 43.309059][ T355] ==================================================================
[ 43.316953][ T355] Disabling lock debugging due to kernel taint
[ 43.323008][ T355] ==================================================================
[ 43.330853][ T355] BUG: KASAN: double-free or invalid-free in kmem_cache_free+0x116/0x2e0
[ 43.339544][ T355]
[ 43.341744][ T355] CPU: 1 PID: 355 Comm: syz-executor.0 Tainted: G B 5.15.148-syzkaller-1069047-g993bed180178 #0
[ 43.353293][ T355] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[ 43.363352][ T355] Call Trace:
[ 43.366484][ T355]
[ 43.369261][ T355] dump_stack_lvl+0x151/0x1b7
[ 43.373766][ T355] ? io_uring_drop_tctx_refs+0x190/0x190
[ 43.379613][ T355] ? __wake_up_klogd+0xd5/0x110
[ 43.384365][ T355] ? panic+0x751/0x751
[ 43.388266][ T355] ? kmem_cache_free+0x116/0x2e0
[ 43.393119][ T355] print_address_description+0x87/0x3b0
[ 43.398514][ T355] ? asm_sysvec_apic_timer_interrupt+0x1b/0x20
[ 43.404494][ T355] ? kmem_cache_free+0x116/0x2e0
[ 43.409283][ T355] ? kmem_cache_free+0x116/0x2e0
[ 43.414136][ T355] kasan_report_invalid_free+0x6b/0xa0
[ 43.419594][ T355] ____kasan_slab_free+0x13e/0x160
[ 43.424559][ T355] __kasan_slab_free+0x11/0x20
[ 43.429226][ T355] slab_free_freelist_hook+0xbd/0x190
[ 43.434704][ T355] ? kfree_skbmem+0x104/0x170
[ 43.439728][ T355] kmem_cache_free+0x116/0x2e0
[ 43.444436][ T355] kfree_skbmem+0x104/0x170
[ 43.448773][ T355] consume_skb+0xb4/0x250
[ 43.453027][ T355] __sk_msg_free+0x2dd/0x370
[ 43.457463][ T355] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 43.463092][ T355] sk_psock_stop+0x44c/0x4d0
[ 43.467518][ T355] ? unix_peer_get+0xe0/0xe0
[ 43.471952][ T355] sock_map_close+0x2b9/0x4c0
[ 43.476460][ T355] ? sock_map_remove_links+0x570/0x570
[ 43.481862][ T355] ? rwsem_mark_wake+0x6b0/0x6b0
[ 43.487062][ T355] unix_release+0x82/0xc0
[ 43.491320][ T355] sock_close+0xdf/0x270
[ 43.495392][ T355] ? sock_mmap+0xa0/0xa0
[ 43.499558][ T355] __fput+0x3fe/0x910
[ 43.503378][ T355] ____fput+0x15/0x20
[ 43.507200][ T355] task_work_run+0x129/0x190
[ 43.511744][ T355] exit_to_user_mode_loop+0xc4/0xe0
[ 43.516745][ T355] exit_to_user_mode_prepare+0x5a/0xa0
[ 43.522123][ T355] syscall_exit_to_user_mode+0x26/0x160
[ 43.527854][ T355] do_syscall_64+0x49/0xb0
[ 43.532284][ T355] entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 43.538180][ T355] RIP: 0033:0x7faa9f7d89da
[ 43.542530][ T355] Code: 48 3d 00 f0 ff ff 77 48 c3 0f 1f 80 00 00 00 00 48 83 ec 18 89 7c 24 0c e8 03 7f 02 00 8b 7c 24 0c 89 c2 b8 03 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 36 89 d7 89 44 24 0c e8 63 7f 02 00 8b 44 24
[ 43.562495][ T355] RSP: 002b:00007ffe3f38fe60 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[ 43.570731][ T355] RAX: 0000000000000000 RBX: 0000000000000004 RCX: 00007faa9f7d89da
[ 43.578541][ T355] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003
[ 43.586348][ T355] RBP: 0000000000000032 R08: 0000001b31660000 R09: 00007faa9f8f8f8c
[ 43.594245][ T355] R10: 00007ffe3f38ffb0 R11: 0000000000000293 R12: 00007faa9f35e0d0
[ 43.602146][ T355] R13: ffffffffffffffff R14: 00007faa9f35d000 R15: 000000000000a4f8
[ 43.610055][ T355]
[ 43.613019][ T355]
[ 43.615282][ T355] Allocated by task 356:
[ 43.619431][ T355] __kasan_slab_alloc+0xb1/0xe0
[ 43.624212][ T355] slab_post_alloc_hook+0x53/0x2c0
[ 43.629153][ T355] kmem_cache_alloc+0xf5/0x200
[ 43.633756][ T355] skb_clone+0x1d1/0x360
[ 43.637937][ T355] sk_psock_verdict_recv+0x53/0x840
[ 43.643477][ T355] unix_read_sock+0x132/0x370
[ 43.647994][ T355] sk_psock_verdict_data_ready+0x147/0x1a0
[ 43.653757][ T355] unix_dgram_sendmsg+0x15fa/0x2090
[ 43.659373][ T355] ____sys_sendmsg+0x59e/0x8f0
[ 43.663972][ T355] ___sys_sendmsg+0x252/0x2e0
[ 43.668568][ T355] __sys_sendmmsg+0x2bf/0x530
[ 43.673081][ T355] __x64_sys_sendmmsg+0xa0/0xb0
[ 43.677872][ T355] do_syscall_64+0x3d/0xb0
[ 43.682103][ T355] entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 43.687842][ T355]
[ 43.690011][ T355] Freed by task 62:
[ 43.694259][ T355] kasan_set_track+0x4b/0x70
[ 43.698889][ T355] kasan_set_free_info+0x23/0x40
[ 43.703726][ T355] ____kasan_slab_free+0x126/0x160
[ 43.708681][ T355] __kasan_slab_free+0x11/0x20
[ 43.713364][ T355] slab_free_freelist_hook+0xbd/0x190
[ 43.718568][ T355] kmem_cache_free+0x116/0x2e0
[ 43.723167][ T355] kfree_skbmem+0x104/0x170
[ 43.727516][ T355] kfree_skb+0xc2/0x360
[ 43.732926][ T355] sk_psock_backlog+0xc21/0xd90
[ 43.737802][ T355] process_one_work+0x6bb/0xc10
[ 43.742533][ T355] worker_thread+0xad5/0x12a0
[ 43.747036][ T355] kthread+0x421/0x510
[ 43.750938][ T355] ret_from_fork+0x1f/0x30
[ 43.755205][ T355]
[ 43.757366][ T355] The buggy address belongs to the object at ffff88811fc29a00
[ 43.757366][ T355] which belongs to the cache skbuff_head_cache of size 248
[ 43.771949][ T355] The buggy address is located 0 bytes inside of
[ 43.771949][ T355] 248-byte region [ffff88811fc29a00, ffff88811fc29af8)
[ 43.784977][ T355] The buggy address belongs to the page:
[ 43.790433][ T355] page:ffffea00047f0a40 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x11fc29
[ 43.800848][ T355] flags: 0x4000000000000200(slab|zone=1)
[ 43.806332][ T355] raw: 4000000000000200 0000000000000000 dead000000000122 ffff888100351680
[ 43.814745][ T355] raw: 0000000000000000 00000000000c000c 00000001ffffffff 0000000000000000
[ 43.823525][ T355] page dumped because: kasan: bad access detected
[ 43.829848][ T355] page_owner tracks the page as allocated
[ 43.835509][ T355] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x112cc0(GFP_USER|__GFP_NOWARN|__GFP_NORETRY), pid 353, ts 42257368859, free_ts 21804174449
[ 43.851786][ T355] post_alloc_hook+0x1a3/0x1b0
[ 43.856387][ T355] prep_new_page+0x1b/0x110
[ 43.860812][ T355] get_page_from_freelist+0x3550/0x35d0
[ 43.866192][ T355] __alloc_pages+0x27e/0x8f0
[ 43.870617][ T355] new_slab+0x9a/0x4e0
[ 43.874527][ T355] ___slab_alloc+0x39e/0x830
[ 43.879437][ T355] __slab_alloc+0x4a/0x90
[ 43.883591][ T355] kmem_cache_alloc+0x134/0x200
[ 43.888360][ T355] __alloc_skb+0xbe/0x550
[ 43.893650][ T355] alloc_skb_with_frags+0xa6/0x680
[ 43.898596][ T355] sock_alloc_send_pskb+0x915/0xa50
[ 43.903636][ T355] unix_dgram_sendmsg+0x6fd/0x2090
[ 43.908673][ T355] sock_write_iter+0x39b/0x530
[ 43.913266][ T355] vfs_write+0xd5d/0x1110
[ 43.917451][ T355] ksys_write+0x199/0x2c0
[ 43.921697][ T355] __x64_sys_write+0x7b/0x90
[ 43.926201][ T355] page last free stack trace:
[ 43.930797][ T355] free_unref_page_prepare+0x7c8/0x7d0
[ 43.936176][ T355] free_unref_page+0xe8/0x750
[ 43.940691][ T355] __free_pages+0x61/0xf0
[ 43.944861][ T355] __vunmap+0x7bc/0x8f0
[ 43.948860][ T355] vfree+0x7f/0xb0
[ 43.952611][ T355] kcov_close+0x2b/0x50
[ 43.956591][ T355] __fput+0x3fe/0x910
[ 43.960410][ T355] ____fput+0x15/0x20
[ 43.964227][ T355] task_work_run+0x129/0x190
[ 43.968657][ T355] do_exit+0xc48/0x2ca0
[ 43.972653][ T355] do_group_exit+0x141/0x310
[ 43.977174][ T355] get_signal+0x7a3/0x1630
[ 43.981700][ T355] arch_do_signal_or_restart+0xbd/0x1680
[ 43.987154][ T355] exit_to_user_mode_loop+0xa0/0xe0
[ 43.992186][ T355] exit_to_user_mode_prepare+0x5a/0xa0
[ 43.997482][ T355] syscall_exit_to_user_mode+0x26/0x160
[ 44.002971][ T355]
[ 44.005181][ T355] Memory state around the buggy address:
[ 44.010876][ T355] ffff88811fc29900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 44.019039][ T355] ffff88811fc29980: fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc fc
[ 44.027203][ T355] >ffff88811fc29a00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 44.035215][ T355] ^
[ 44.039117][ T355] ffff88811fc29a80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fc
[ 44.047198][ T355] ffff88811fc29b00: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
[ 44.055369][ T355] ==================================================================
[ 44.074714][ T359] FAULT_INJECTION: forcing a failure.
[ 44.074714][ T359] name failslab, interval 1, probability 0, space 0, times 0
[ 44.087372][ T359] CPU: 1 PID: 359 Comm: syz-executor.0 Tainted: G B 5.15.148-syzkaller-1069047-g993bed180178 #0
[ 44.098929][ T359] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[ 44.108823][ T359] Call Trace:
[ 44.112068][ T359]
[ 44.114940][ T359] dump_stack_lvl+0x151/0x1b7
[ 44.119445][ T359] ? io_uring_drop_tctx_refs+0x190/0x190
[ 44.124917][ T359] dump_stack+0x15/0x17
[ 44.129091][ T359] should_fail+0x3c6/0x510
[ 44.133332][ T359] __should_failslab+0xa4/0xe0
[ 44.138202][ T359] should_failslab+0x9/0x20
[ 44.142631][ T359] slab_pre_alloc_hook+0x37/0xd0
[ 44.147403][ T359] kmem_cache_alloc_trace+0x48/0x210
[ 44.152531][ T359] ? sk_psock_skb_ingress_self+0x60/0x330
[ 44.158076][ T359] ? migrate_disable+0x190/0x190
[ 44.162964][ T359] sk_psock_skb_ingress_self+0x60/0x330
[ 44.168460][ T359] sk_psock_verdict_recv+0x66d/0x840
[ 44.173632][ T359] unix_read_sock+0x132/0x370
[ 44.178278][ T359] ? sk_psock_skb_redirect+0x440/0x440
[ 44.183650][ T359] ? unix_stream_splice_actor+0x120/0x120
[ 44.189208][ T359] ? _raw_spin_lock_irqsave+0xf9/0x210
[ 44.194772][ T359] ? unix_stream_splice_actor+0x120/0x120
[ 44.200315][ T359] sk_psock_verdict_data_ready+0x147/0x1a0
[ 44.206213][ T359] ? sk_psock_start_verdict+0xc0/0xc0
[ 44.211506][ T359] ? _raw_spin_lock+0xa4/0x1b0
[ 44.216118][ T359] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 44.221837][ T359] ? skb_queue_tail+0xfb/0x120
[ 44.226477][ T359] unix_dgram_sendmsg+0x15fa/0x2090
[ 44.231563][ T359] ? unix_dgram_poll+0x710/0x710
[ 44.236335][ T359] ? _raw_spin_trylock+0xcd/0x1a0
[ 44.241189][ T359] ? security_socket_sendmsg+0x82/0xb0
[ 44.246487][ T359] ? unix_dgram_poll+0x710/0x710
[ 44.251259][ T359] ____sys_sendmsg+0x59e/0x8f0
[ 44.255858][ T359] ? __sys_sendmsg_sock+0x40/0x40
[ 44.260717][ T359] ? import_iovec+0xe5/0x120
[ 44.265147][ T359] ___sys_sendmsg+0x252/0x2e0
[ 44.269663][ T359] ? __sys_sendmsg+0x260/0x260
[ 44.274259][ T359] ? do_handle_mm_fault+0x1949/0x2330
[ 44.279476][ T359] ? __kasan_check_write+0x14/0x20
[ 44.284545][ T359] ? proc_fail_nth_write+0x20b/0x290
[ 44.290005][ T359] ? __fdget+0x1bc/0x240
[ 44.294255][ T359] __sys_sendmmsg+0x2bf/0x530
[ 44.298768][ T359] ? __ia32_sys_sendmsg+0x90/0x90
[ 44.303790][ T359] ? mutex_unlock+0xb2/0x260
[ 44.309262][ T359] ? __kasan_check_write+0x14/0x20
[ 44.314200][ T359] ? debug_smp_processor_id+0x17/0x20
[ 44.319488][ T359] ? fpregs_assert_state_consistent+0xb6/0xe0
[ 44.325444][ T359] __x64_sys_sendmmsg+0xa0/0xb0
[ 44.330082][ T359] do_syscall_64+0x3d/0xb0
[ 44.334426][ T359] entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 44.340144][ T359] RIP: 0033:0x7faa9f7d9ae9
[ 44.344576][ T359] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[ 44.364510][ T359] RSP: 002b:00007faa9f35c0c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 44.372712][ T359] RAX: ffffffffffffffda RBX: 00007faa9f8f8f80 RCX: 00007faa9f7d9ae9
[ 44.380881][ T359] RDX: 0000000000000001 RSI: 00000000200063c0 RDI: 0000000000000003
[ 44.388796][ T359] RBP: 00007faa9f35c120 R08: 0000000000000000 R09: 0000000000000000
[ 44.397037][ T359] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 44.404858][ T359] R13: 000000000000000b R14: 00007faa9f8f8f80 R15: 00007ffe3f38fd98
[ 44.412752][ T359]
[ 44.419137][ T358] ==================================================================
[ 44.427194][ T358] BUG: KASAN: double-free or invalid-free in kmem_cache_free+0x116/0x2e0
[ 44.435533][ T358]
[ 44.437696][ T358] CPU: 1 PID: 358 Comm: syz-executor.0 Tainted: G B 5.15.148-syzkaller-1069047-g993bed180178 #0
[ 44.449320][ T358] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[ 44.459488][ T358] Call Trace:
[ 44.462604][ T358]
[ 44.465433][ T358] dump_stack_lvl+0x151/0x1b7
[ 44.469990][ T358] ? io_uring_drop_tctx_refs+0x190/0x190
[ 44.475470][ T358] ? __wake_up_klogd+0xd5/0x110
[ 44.480229][ T358] ? panic+0x751/0x751
[ 44.484136][ T358] ? kmem_cache_free+0x116/0x2e0
[ 44.488909][ T358] print_address_description+0x87/0x3b0
[ 44.494291][ T358] ? kmem_cache_free+0x116/0x2e0
[ 44.499065][ T358] ? kmem_cache_free+0x116/0x2e0
[ 44.503836][ T358] kasan_report_invalid_free+0x6b/0xa0
[ 44.509132][ T358] ____kasan_slab_free+0x13e/0x160
[ 44.514078][ T358] __kasan_slab_free+0x11/0x20
[ 44.518779][ T358] slab_free_freelist_hook+0xbd/0x190
[ 44.524075][ T358] ? kfree_skbmem+0x104/0x170
[ 44.528590][ T358] kmem_cache_free+0x116/0x2e0
[ 44.533173][ T358] kfree_skbmem+0x104/0x170
[ 44.537512][ T358] consume_skb+0xb4/0x250
[ 44.541765][ T358] __sk_msg_free+0x2dd/0x370
[ 44.546192][ T358] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 44.551950][ T358] sk_psock_stop+0x44c/0x4d0
[ 44.556374][ T358] ? unix_peer_get+0xe0/0xe0
[ 44.560806][ T358] sock_map_close+0x2b9/0x4c0
[ 44.565472][ T358] ? sock_map_remove_links+0x570/0x570
[ 44.570725][ T358] ? rwsem_mark_wake+0x6b0/0x6b0
[ 44.575586][ T358] unix_release+0x82/0xc0
[ 44.579755][ T358] sock_close+0xdf/0x270
[ 44.583836][ T358] ? sock_mmap+0xa0/0xa0
[ 44.587919][ T358] __fput+0x3fe/0x910
[ 44.591730][ T358] ____fput+0x15/0x20
[ 44.595554][ T358] task_work_run+0x129/0x190
[ 44.600062][ T358] exit_to_user_mode_loop+0xc4/0xe0
[ 44.605181][ T358] exit_to_user_mode_prepare+0x5a/0xa0
[ 44.610476][ T358] syscall_exit_to_user_mode+0x26/0x160
[ 44.616033][ T358] do_syscall_64+0x49/0xb0
[ 44.620456][ T358] entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 44.626268][ T358] RIP: 0033:0x7faa9f7d89da
[ 44.630618][ T358] Code: 48 3d 00 f0 ff ff 77 48 c3 0f 1f 80 00 00 00 00 48 83 ec 18 89 7c 24 0c e8 03 7f 02 00 8b 7c 24 0c 89 c2 b8 03 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 36 89 d7 89 44 24 0c e8 63 7f 02 00 8b 44 24
[ 44.650141][ T358] RSP: 002b:00007ffe3f38fe60 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[ 44.658400][ T358] RAX: 0000000000000000 RBX: 0000000000000004 RCX: 00007faa9f7d89da
[ 44.666388][ T358] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003
[ 44.674801][ T358] RBP: 00007faa9f8fa980 R08: 0000001b31660000 R09: 00007ffe3f3e50b0
[ 44.682608][ T358] R10: 0000000000000000 R11: 0000000000000293 R12: 000000000000af51
[ 44.690599][ T358] R13: ffffffffffffffff R14: 00007faa9f35d000 R15: 000000000000ac10
[ 44.698411][ T358]
[ 44.701269][ T358]
[ 44.703450][ T358] Allocated by task 359:
[ 44.707570][ T358] __kasan_slab_alloc+0xb1/0xe0
[ 44.712212][ T358] slab_post_alloc_hook+0x53/0x2c0
[ 44.717238][ T358] kmem_cache_alloc+0xf5/0x200
[ 44.721836][ T358] skb_clone+0x1d1/0x360
[ 44.726098][ T358] sk_psock_verdict_recv+0x53/0x840
[ 44.731122][ T358] unix_read_sock+0x132/0x370
[ 44.735636][ T358] sk_psock_verdict_data_ready+0x147/0x1a0
[ 44.741422][ T358] unix_dgram_sendmsg+0x15fa/0x2090
[ 44.746438][ T358] ____sys_sendmsg+0x59e/0x8f0
[ 44.751048][ T358] ___sys_sendmsg+0x252/0x2e0
[ 44.755723][ T358] __sys_sendmmsg+0x2bf/0x530
[ 44.760506][ T358] __x64_sys_sendmmsg+0xa0/0xb0
[ 44.765187][ T358] do_syscall_64+0x3d/0xb0
[ 44.769526][ T358] entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 44.775338][ T358]
[ 44.777517][ T358] Freed by task 39:
[ 44.781252][ T358] kasan_set_track+0x4b/0x70
[ 44.785676][ T358] kasan_set_free_info+0x23/0x40
[ 44.790897][ T358] ____kasan_slab_free+0x126/0x160
[ 44.795830][ T358] __kasan_slab_free+0x11/0x20
[ 44.800441][ T358] slab_free_freelist_hook+0xbd/0x190
[ 44.805653][ T358] kmem_cache_free+0x116/0x2e0
[ 44.810245][ T358] kfree_skbmem+0x104/0x170
[ 44.814844][ T358] kfree_skb+0xc2/0x360
[ 44.818916][ T358] sk_psock_backlog+0xc21/0xd90
[ 44.823885][ T358] process_one_work+0x6bb/0xc10
[ 44.828900][ T358] worker_thread+0xad5/0x12a0
[ 44.833421][ T358] kthread+0x421/0x510
[ 44.837406][ T358] ret_from_fork+0x1f/0x30
[ 44.841745][ T358]
[ 44.844103][ T358] The buggy address belongs to the object at ffff88811d3d6dc0
[ 44.844103][ T358] which belongs to the cache skbuff_head_cache of size 248
[ 44.859118][ T358] The buggy address is located 0 bytes inside of
[ 44.859118][ T358] 248-byte region [ffff88811d3d6dc0, ffff88811d3d6eb8)
[ 44.872231][ T358] The buggy address belongs to the page:
[ 44.877966][ T358] page:ffffea000474f580 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x11d3d6
[ 44.888024][ T358] flags: 0x4000000000000200(slab|zone=1)
[ 44.893669][ T358] raw: 4000000000000200 0000000000000000 dead000000000122 ffff888100351680
[ 44.903145][ T358] raw: 0000000000000000 00000000000c000c 00000001ffffffff 0000000000000000
[ 44.911665][ T358] page dumped because: kasan: bad access detected
[ 44.917883][ T358] page_owner tracks the page as allocated
[ 44.923437][ T358] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x112cc0(GFP_USER|__GFP_NOWARN|__GFP_NORETRY), pid 359, ts 44074630176, free_ts 41932119655
[ 44.939312][ T358] post_alloc_hook+0x1a3/0x1b0
[ 44.943945][ T358] prep_new_page+0x1b/0x110
[ 44.948251][ T358] get_page_from_freelist+0x3550/0x35d0
[ 44.953632][ T358] __alloc_pages+0x27e/0x8f0
[ 44.958061][ T358] new_slab+0x9a/0x4e0
[ 44.961965][ T358] ___slab_alloc+0x39e/0x830
[ 44.966401][ T358] __slab_alloc+0x4a/0x90
[ 44.970561][ T358] kmem_cache_alloc+0x134/0x200
[ 44.975244][ T358] __alloc_skb+0xbe/0x550
[ 44.979416][ T358] alloc_skb_with_frags+0xa6/0x680
[ 44.984384][ T358] sock_alloc_send_pskb+0x915/0xa50
[ 44.989391][ T358] unix_dgram_sendmsg+0x6fd/0x2090
[ 44.994339][ T358] ____sys_sendmsg+0x59e/0x8f0
[ 44.999026][ T358] ___sys_sendmsg+0x252/0x2e0
[ 45.003548][ T358] __sys_sendmmsg+0x2bf/0x530
[ 45.008059][ T358] __x64_sys_sendmmsg+0xa0/0xb0
[ 45.012749][ T358] page last free stack trace:
[ 45.017257][ T358] free_unref_page_prepare+0x7c8/0x7d0
[ 45.022633][ T358] free_unref_page+0xe8/0x750
[ 45.027153][ T358] __free_pages+0x61/0xf0
[ 45.031332][ T358] free_pages+0x7c/0x90
[ 45.035321][ T358] kasan_depopulate_vmalloc_pte+0x6a/0x90
[ 45.040858][ T358] __apply_to_page_range+0x8dd/0xbe0
[ 45.045985][ T358] apply_to_existing_page_range+0x38/0x50
[ 45.051536][ T358] kasan_release_vmalloc+0x9a/0xb0
[ 45.056482][ T358] __purge_vmap_area_lazy+0x154a/0x1690
[ 45.061873][ T358] _vm_unmap_aliases+0x339/0x3b0
[ 45.066635][ T358] vm_unmap_aliases+0x19/0x20
[ 45.071147][ T358] change_page_attr_set_clr+0x308/0x1050
[ 45.076615][ T358] set_memory_ro+0xa1/0xe0
[ 45.080867][ T358] bpf_int_jit_compile+0xbf42/0xc6d0
[ 45.086176][ T358] bpf_prog_select_runtime+0x706/0x9e0
[ 45.091475][ T358] bpf_prog_load+0x1315/0x1b50
[ 45.096070][ T358]
[ 45.098246][ T358] Memory state around the buggy address:
[ 45.103711][ T358] ffff88811d3d6c80: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 45.111609][ T358] ffff88811d3d6d00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fc
[ 45.119595][ T358] >ffff88811d3d6d80: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
[ 45.127583][ T358] ^
[ 45.133569][ T358] ffff88811d3d6e00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 45.141652][ T358] ffff88811d3d6e80: fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc fc
[ 45.149532][ T358] ==================================================================
[ 45.179489][ T363] FAULT_INJECTION: forcing a failure.
[ 45.179489][ T363] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 45.192937][ T363] CPU: 1 PID: 363 Comm: syz-executor.0 Tainted: G B 5.15.148-syzkaller-1069047-g993bed180178 #0
[ 45.204566][ T363] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[ 45.214630][ T363] Call Trace:
[ 45.217755][ T363]
[ 45.220532][ T363] dump_stack_lvl+0x151/0x1b7
[ 45.225529][ T363] ? io_uring_drop_tctx_refs+0x190/0x190
[ 45.230948][ T363] dump_stack+0x15/0x17
[ 45.234938][ T363] should_fail+0x3c6/0x510
[ 45.239190][ T363] should_fail_usercopy+0x1a/0x20
[ 45.244170][ T363] _copy_to_user+0x20/0x90
[ 45.248414][ T363] simple_read_from_buffer+0xc7/0x150
[ 45.253797][ T363] proc_fail_nth_read+0x1a3/0x210
[ 45.258745][ T363] ? proc_fault_inject_write+0x390/0x390
[ 45.264209][ T363] ? fsnotify_perm+0x470/0x5d0
[ 45.268982][ T363] ? security_file_permission+0x86/0xb0
[ 45.274448][ T363] ? proc_fault_inject_write+0x390/0x390
[ 45.279918][ T363] vfs_read+0x27d/0xd40
[ 45.283996][ T363] ? kernel_read+0x1f0/0x1f0
[ 45.288423][ T363] ? __kasan_check_write+0x14/0x20
[ 45.293370][ T363] ? mutex_lock+0xb6/0x1e0
[ 45.298055][ T363] ? wait_for_completion_killable_timeout+0x10/0x10
[ 45.304570][ T363] ? __fdget_pos+0x2e7/0x3a0
[ 45.308990][ T363] ? ksys_read+0x77/0x2c0
[ 45.313247][ T363] ksys_read+0x199/0x2c0
[ 45.317414][ T363] ? vfs_write+0x1110/0x1110
[ 45.321927][ T363] ? __kasan_check_read+0x11/0x20
[ 45.327048][ T363] __x64_sys_read+0x7b/0x90
[ 45.331472][ T363] do_syscall_64+0x3d/0xb0
[ 45.335734][ T363] entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 45.341454][ T363] RIP: 0033:0x7faa9f7d878c
[ 45.345883][ T363] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 59 81 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 af 81 02 00 48
[ 45.365627][ T363] RSP: 002b:00007faa9f35c0c0 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[ 45.374194][ T363] RAX: ffffffffffffffda RBX: 00007faa9f8f8f80 RCX: 00007faa9f7d878c
[ 45.382428][ T363] RDX: 000000000000000f RSI: 00007faa9f35c130 RDI: 0000000000000006
[ 45.390244][ T363] RBP: 00007faa9f35c120 R08: 0000000000000000 R09: 0000000000000000
[ 45.398139][ T363] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 45.406043][ T363] R13: 000000000000000b R14: 00007faa9f8f8f80 R15: 00007ffe3f38fd98
[ 45.413856][ T363]
[ 45.426239][ T366] FAULT_INJECTION: forcing a failure.
[ 45.426239][ T366] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 45.440349][ T366] CPU: 1 PID: 366 Comm: syz-executor.0 Tainted: G B 5.15.148-syzkaller-1069047-g993bed180178 #0
[ 45.451804][ T366] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[ 45.461771][ T366] Call Trace:
[ 45.464894][ T366]
[ 45.467674][ T366] dump_stack_lvl+0x151/0x1b7
[ 45.472185][ T366] ? io_uring_drop_tctx_refs+0x190/0x190
[ 45.477659][ T366] dump_stack+0x15/0x17
[ 45.481649][ T366] should_fail+0x3c6/0x510
[ 45.485900][ T366] should_fail_usercopy+0x1a/0x20
[ 45.490771][ T366] _copy_to_user+0x20/0x90
[ 45.495010][ T366] simple_read_from_buffer+0xc7/0x150
[ 45.500420][ T366] proc_fail_nth_read+0x1a3/0x210
[ 45.505271][ T366] ? proc_fault_inject_write+0x390/0x390
[ 45.510825][ T366] ? fsnotify_perm+0x470/0x5d0
[ 45.515616][ T366] ? security_file_permission+0x86/0xb0
[ 45.521413][ T366] ? proc_fault_inject_write+0x390/0x390
[ 45.526889][ T366] vfs_read+0x27d/0xd40
[ 45.530966][ T366] ? kernel_read+0x1f0/0x1f0
[ 45.535774][ T366] ? __kasan_check_write+0x14/0x20
[ 45.540739][ T366] ? mutex_lock+0xb6/0x1e0
[ 45.545088][ T366] ? wait_for_completion_killable_timeout+0x10/0x10
[ 45.551658][ T366] ? __fdget_pos+0x2e7/0x3a0
[ 45.556690][ T366] ? ksys_read+0x77/0x2c0
[ 45.560964][ T366] ksys_read+0x199/0x2c0
[ 45.565121][ T366] ? vfs_write+0x1110/0x1110
[ 45.569798][ T366] ? __kasan_check_read+0x11/0x20
[ 45.574742][ T366] __x64_sys_read+0x7b/0x90
[ 45.579168][ T366] do_syscall_64+0x3d/0xb0
[ 45.583491][ T366] entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 45.589236][ T366] RIP: 0033:0x7faa9f7d878c
[ 45.593497][ T366] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 59 81 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 af 81 02 00 48
[ 45.613383][ T366] RSP: 002b:00007faa9f35c0c0 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[ 45.621633][ T366] RAX: ffffffffffffffda RBX: 00007faa9f8f8f80 RCX: 00007faa9f7d878c
[ 45.629532][ T366] RDX: 000000000000000f RSI: 00007faa9f35c130 RDI: 0000000000000006
[ 45.637845][ T366] RBP: 00007faa9f35c120 R08: 0000000000000000 R09: 0000000000000000
[ 45.646012][ T366] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 45.653816][ T366] R13: 000000000000000b R14: 00007faa9f8f8f80 R15: 00007ffe3f38fd98
[ 45.661643][ T366]
[ 45.673599][ T368] FAULT_INJECTION: forcing a failure.
[ 45.673599][ T368] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 45.686764][ T368] CPU: 0 PID: 368 Comm: syz-executor.0 Tainted: G B 5.15.148-syzkaller-1069047-g993bed180178 #0
[ 45.698313][ T368] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[ 45.708644][ T368] Call Trace:
[ 45.711928][ T368]
[ 45.714702][ T368] dump_stack_lvl+0x151/0x1b7
[ 45.719492][ T368] ? io_uring_drop_tctx_refs+0x190/0x190
[ 45.724955][ T368] dump_stack+0x15/0x17
[ 45.728941][ T368] should_fail+0x3c6/0x510
[ 45.733209][ T368] should_fail_usercopy+0x1a/0x20
[ 45.738431][ T368] _copy_to_user+0x20/0x90
[ 45.742666][ T368] simple_read_from_buffer+0xc7/0x150
[ 45.747960][ T368] proc_fail_nth_read+0x1a3/0x210
[ 45.752909][ T368] ? proc_fault_inject_write+0x390/0x390
[ 45.758374][ T368] ? fsnotify_perm+0x470/0x5d0
[ 45.762973][ T368] ? security_file_permission+0x86/0xb0
[ 45.768382][ T368] ? proc_fault_inject_write+0x390/0x390
[ 45.773916][ T368] vfs_read+0x27d/0xd40
[ 45.777999][ T368] ? kernel_read+0x1f0/0x1f0
[ 45.782684][ T368] ? __kasan_check_write+0x14/0x20
[ 45.788490][ T368] ? mutex_lock+0xb6/0x1e0
[ 45.792913][ T368] ? wait_for_completion_killable_timeout+0x10/0x10
[ 45.799450][ T368] ? __fdget_pos+0x2e7/0x3a0
[ 45.803876][ T368] ? ksys_read+0x77/0x2c0
[ 45.808036][ T368] ksys_read+0x199/0x2c0
[ 45.812112][ T368] ? vfs_write+0x1110/0x1110
[ 45.816536][ T368] ? __kasan_check_read+0x11/0x20
[ 45.821400][ T368] __x64_sys_read+0x7b/0x90
[ 45.825823][ T368] do_syscall_64+0x3d/0xb0
[ 45.830533][ T368] entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 45.836431][ T368] RIP: 0033:0x7faa9f7d878c
[ 45.841407][ T368] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 59 81 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 af 81 02 00 48
[ 45.861176][ T368] RSP: 002b:00007faa9f35c0c0 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[ 45.869683][ T368] RAX: ffffffffffffffda RBX: 00007faa9f8f8f80 RCX: 00007faa9f7d878c
[ 45.877777][ T368] RDX: 000000000000000f RSI: 00007faa9f35c130 RDI: 0000000000000006
[ 45.886170][ T368] RBP: 00007faa9f35c120 R08: 0000000000000000 R09: 0000000000000000
[ 45.893978][ T368] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 45.901799][ T368] R13: 000000000000000b R14: 00007faa9f8f8f80 R15: 00007ffe3f38fd98
[ 45.909771][ T368]
[ 45.921437][ T370] FAULT_INJECTION: forcing a failure.
[ 45.921437][ T370] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 45.934601][ T370] CPU: 1 PID: 370 Comm: syz-executor.0 Tainted: G B 5.15.148-syzkaller-1069047-g993bed180178 #0
[ 45.946127][ T370] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[ 45.956107][ T370] Call Trace:
[ 45.959317][ T370]
[ 45.962095][ T370] dump_stack_lvl+0x151/0x1b7
[ 45.966608][ T370] ? io_uring_drop_tctx_refs+0x190/0x190
[ 45.972083][ T370] dump_stack+0x15/0x17
[ 45.976086][ T370] should_fail+0x3c6/0x510
[ 45.980348][ T370] should_fail_usercopy+0x1a/0x20
[ 45.985360][ T370] _copy_to_user+0x20/0x90
[ 45.989606][ T370] simple_read_from_buffer+0xc7/0x150
[ 45.994938][ T370] proc_fail_nth_read+0x1a3/0x210
[ 45.999781][ T370] ? proc_fault_inject_write+0x390/0x390
[ 46.005418][ T370] ? fsnotify_perm+0x470/0x5d0
[ 46.010025][ T370] ? security_file_permission+0x86/0xb0
[ 46.015419][ T370] ? proc_fault_inject_write+0x390/0x390
[ 46.020869][ T370] vfs_read+0x27d/0xd40
[ 46.025037][ T370] ? kernel_read+0x1f0/0x1f0
[ 46.029460][ T370] ? __kasan_check_write+0x14/0x20
[ 46.034494][ T370] ? mutex_lock+0xb6/0x1e0
[ 46.038857][ T370] ? wait_for_completion_killable_timeout+0x10/0x10
[ 46.045435][ T370] ? __fdget_pos+0x2e7/0x3a0
[ 46.049850][ T370] ? ksys_read+0x77/0x2c0
[ 46.054009][ T370] ksys_read+0x199/0x2c0
[ 46.058101][ T370] ? vfs_write+0x1110/0x1110
[ 46.062842][ T370] ? debug_smp_processor_id+0x17/0x20
[ 46.069354][ T370] ? fpregs_assert_state_consistent+0xb6/0xe0
[ 46.075602][ T370] __x64_sys_read+0x7b/0x90
[ 46.080559][ T370] do_syscall_64+0x3d/0xb0
[ 46.084849][ T370] entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 46.091455][ T370] RIP: 0033:0x7faa9f7d878c
[ 46.095892][ T370] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 59 81 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 af 81 02 00 48
[ 46.115680][ T370] RSP: 002b:00007faa9f35c0c0 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[ 46.124021][ T370] RAX: ffffffffffffffda RBX: 00007faa9f8f8f80 RCX: 00007faa9f7d878c
[ 46.132180][ T370] RDX: 000000000000000f RSI: 00007faa9f35c130 RDI: 0000000000000006
[ 46.140427][ T370] RBP: 00007faa9f35c120 R08: 0000000000000000 R09: 0000000000000000
[ 46.148398][ T370] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 46.156321][ T370] R13: 000000000000000b R14: 00007faa9f8f8f80 R15: 00007ffe3f38fd98
[ 46.164219][ T370]
[ 46.179134][ T372] FAULT_INJECTION: forcing a failure.
[ 46.179134][ T372] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 46.192050][ T372] CPU: 0 PID: 372 Comm: syz-executor.0 Tainted: G B 5.15.148-syzkaller-1069047-g993bed180178 #0
[ 46.203978][ T372] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[ 46.214180][ T372] Call Trace:
[ 46.217393][ T372]
[ 46.220164][ T372] dump_stack_lvl+0x151/0x1b7
[ 46.224949][ T372] ? io_uring_drop_tctx_refs+0x190/0x190
[ 46.230507][ T372] dump_stack+0x15/0x17
[ 46.234580][ T372] should_fail+0x3c6/0x510
[ 46.238839][ T372] should_fail_usercopy+0x1a/0x20
[ 46.243950][ T372] _copy_to_user+0x20/0x90
[ 46.248208][ T372] simple_read_from_buffer+0xc7/0x150
[ 46.253503][ T372] proc_fail_nth_read+0x1a3/0x210
[ 46.260521][ T372] ? proc_fault_inject_write+0x390/0x390
[ 46.266097][ T372] ? fsnotify_perm+0x470/0x5d0
[ 46.270694][ T372] ? security_file_permission+0x86/0xb0
[ 46.276066][ T372] ? proc_fault_inject_write+0x390/0x390
[ 46.281536][ T372] vfs_read+0x27d/0xd40
[ 46.285561][ T372] ? kernel_read+0x1f0/0x1f0
[ 46.289952][ T372] ? __kasan_check_write+0x14/0x20
[ 46.295084][ T372] ? mutex_lock+0xb6/0x1e0
[ 46.299326][ T372] ? wait_for_completion_killable_timeout+0x10/0x10
[ 46.305837][ T372] ? __fdget_pos+0x2e7/0x3a0
[ 46.310450][ T372] ? ksys_read+0x77/0x2c0
[ 46.314786][ T372] ksys_read+0x199/0x2c0
[ 46.318865][ T372] ? vfs_write+0x1110/0x1110
[ 46.323389][ T372] ? __kasan_check_read+0x11/0x20
[ 46.328562][ T372] __x64_sys_read+0x7b/0x90
[ 46.332848][ T372] do_syscall_64+0x3d/0xb0
[ 46.337451][ T372] entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 46.343264][ T372] RIP: 0033:0x7faa9f7d878c
[ 46.347785][ T372] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 59 81 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 af 81 02 00 48
[ 46.367397][ T372] RSP: 002b:00007faa9f35c0c0 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[ 46.375812][ T372] RAX: ffffffffffffffda RBX: 00007faa9f8f8f80 RCX: 00007faa9f7d878c
[ 46.383997][ T372] RDX: 000000000000000f RSI: 00007faa9f35c130 RDI: 0000000000000006
[ 46.391896][ T372] RBP: 00007faa9f35c120 R08: 0000000000000000 R09: 0000000000000000
[ 46.399705][ T372] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 46.407606][ T372] R13: 000000000000000b R14: 00007faa9f8f8f80 R15: 00007ffe3f38fd98
[ 46.415429][ T372]
[ 46.426854][ T375] FAULT_INJECTION: forcing a failure.
[ 46.426854][ T375] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 46.439913][ T375] CPU: 1 PID: 375 Comm: syz-executor.0 Tainted: G B 5.15.148-syzkaller-1069047-g993bed180178 #0
[ 46.451543][ T375] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[ 46.461706][ T375] Call Trace:
[ 46.465004][ T375]
[ 46.467869][ T375] dump_stack_lvl+0x151/0x1b7
[ 46.472391][ T375] ? io_uring_drop_tctx_refs+0x190/0x190
[ 46.477850][ T375] dump_stack+0x15/0x17
[ 46.481844][ T375] should_fail+0x3c6/0x510
[ 46.486613][ T375] should_fail_usercopy+0x1a/0x20
[ 46.491560][ T375] _copy_to_user+0x20/0x90
[ 46.495923][ T375] simple_read_from_buffer+0xc7/0x150
[ 46.501133][ T375] proc_fail_nth_read+0x1a3/0x210
[ 46.506003][ T375] ? proc_fault_inject_write+0x390/0x390
[ 46.511547][ T375] ? fsnotify_perm+0x470/0x5d0
[ 46.516143][ T375] ? security_file_permission+0x86/0xb0
[ 46.521697][ T375] ? proc_fault_inject_write+0x390/0x390
[ 46.527363][ T375] vfs_read+0x27d/0xd40
[ 46.531587][ T375] ? kernel_read+0x1f0/0x1f0
[ 46.536057][ T375] ? __kasan_check_write+0x14/0x20
[ 46.540996][ T375] ? mutex_lock+0xb6/0x1e0
[ 46.545274][ T375] ? wait_for_completion_killable_timeout+0x10/0x10
[ 46.552015][ T375] ? __fdget_pos+0x2e7/0x3a0
[ 46.556446][ T375] ? ksys_read+0x77/0x2c0
[ 46.560608][ T375] ksys_read+0x199/0x2c0
[ 46.565192][ T375] ? vfs_write+0x1110/0x1110
[ 46.569543][ T375] ? __kasan_check_read+0x11/0x20
[ 46.574422][ T375] __x64_sys_read+0x7b/0x90
[ 46.578746][ T375] do_syscall_64+0x3d/0xb0
[ 46.583090][ T375] entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 46.588811][ T375] RIP: 0033:0x7faa9f7d878c
[ 46.593250][ T375] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 59 81 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 af 81 02 00 48
[ 46.613040][ T375] RSP: 002b:00007faa9f35c0c0 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[ 46.621370][ T375] RAX: ffffffffffffffda RBX: 00007faa9f8f8f80 RCX: 00007faa9f7d878c
[ 46.629267][ T375] RDX: 000000000000000f RSI: 00007faa9f35c130 RDI: 0000000000000006
[ 46.637078][ T375] RBP: 00007faa9f35c120 R08: 0000000000000000 R09: 0000000000000000
[ 46.645237][ T375] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
2024/03/05 22:37:28 executed programs: 9
[ 46.653046][ T375] R13: 000000000000000b R14: 00007faa9f8f8f80 R15: 00007ffe3f38fd98
[ 46.661482][ T375]
[ 46.676024][ T377] FAULT_INJECTION: forcing a failure.
[ 46.676024][ T377] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 46.689540][ T377] CPU: 1 PID: 377 Comm: syz-executor.0 Tainted: G B 5.15.148-syzkaller-1069047-g993bed180178 #0
[ 46.701199][ T377] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[ 46.711601][ T377] Call Trace:
[ 46.715112][ T377]
[ 46.718149][ T377] dump_stack_lvl+0x151/0x1b7
[ 46.722654][ T377] ? io_uring_drop_tctx_refs+0x190/0x190
[ 46.728136][ T377] dump_stack+0x15/0x17
[ 46.732115][ T377] should_fail+0x3c6/0x510
[ 46.736370][ T377] should_fail_usercopy+0x1a/0x20
[ 46.742879][ T377] _copy_to_user+0x20/0x90
[ 46.747391][ T377] simple_read_from_buffer+0xc7/0x150
[ 46.752684][ T377] proc_fail_nth_read+0x1a3/0x210
[ 46.757558][ T377] ? proc_fault_inject_write+0x390/0x390
[ 46.763104][ T377] ? fsnotify_perm+0x470/0x5d0
[ 46.767711][ T377] ? security_file_permission+0x86/0xb0
[ 46.773182][ T377] ? proc_fault_inject_write+0x390/0x390
[ 46.778638][ T377] vfs_read+0x27d/0xd40
[ 46.782634][ T377] ? kernel_read+0x1f0/0x1f0
[ 46.787055][ T377] ? __kasan_check_write+0x14/0x20
[ 46.792001][ T377] ? mutex_lock+0xb6/0x1e0
[ 46.796437][ T377] ? wait_for_completion_killable_timeout+0x10/0x10
[ 46.802875][ T377] ? __fdget_pos+0x2e7/0x3a0
[ 46.807288][ T377] ? ksys_read+0x77/0x2c0
[ 46.811457][ T377] ksys_read+0x199/0x2c0
[ 46.815535][ T377] ? vfs_write+0x1110/0x1110
[ 46.819960][ T377] ? __kasan_check_read+0x11/0x20
[ 46.824841][ T377] __x64_sys_read+0x7b/0x90
[ 46.829254][ T377] do_syscall_64+0x3d/0xb0
[ 46.833497][ T377] entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 46.839225][ T377] RIP: 0033:0x7faa9f7d878c
[ 46.843478][ T377] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 59 81 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 af 81 02 00 48
[ 46.863313][ T377] RSP: 002b:00007faa9f35c0c0 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[ 46.871514][ T377] RAX: ffffffffffffffda RBX: 00007faa9f8f8f80 RCX: 00007faa9f7d878c
[ 46.879324][ T377] RDX: 000000000000000f RSI: 00007faa9f35c130 RDI: 0000000000000006
[ 46.887141][ T377] RBP: 00007faa9f35c120 R08: 0000000000000000 R09: 0000000000000000
[ 46.895399][ T377] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 46.903190][ T377] R13: 000000000000000b R14: 00007faa9f8f8f80 R15: 00007ffe3f38fd98
[ 46.911093][ T377]
[ 46.923819][ T379] FAULT_INJECTION: forcing a failure.
[ 46.923819][ T379] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 46.936833][ T379] CPU: 1 PID: 379 Comm: syz-executor.0 Tainted: G B 5.15.148-syzkaller-1069047-g993bed180178 #0
[ 46.948576][ T379] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[ 46.958498][ T379] Call Trace:
[ 46.961596][ T379]
[ 46.964368][ T379] dump_stack_lvl+0x151/0x1b7
[ 46.968967][ T379] ? io_uring_drop_tctx_refs+0x190/0x190
[ 46.974611][ T379] dump_stack+0x15/0x17
[ 46.978603][ T379] should_fail+0x3c6/0x510
[ 46.982856][ T379] should_fail_usercopy+0x1a/0x20
[ 46.987812][ T379] _copy_to_user+0x20/0x90
[ 46.992145][ T379] simple_read_from_buffer+0xc7/0x150
[ 46.997460][ T379] proc_fail_nth_read+0x1a3/0x210
[ 47.002466][ T379] ? proc_fault_inject_write+0x390/0x390
[ 47.007964][ T379] ? fsnotify_perm+0x470/0x5d0
[ 47.012560][ T379] ? security_file_permission+0x86/0xb0
[ 47.017942][ T379] ? proc_fault_inject_write+0x390/0x390
[ 47.023497][ T379] vfs_read+0x27d/0xd40
[ 47.027498][ T379] ? kernel_read+0x1f0/0x1f0
[ 47.031916][ T379] ? __kasan_check_write+0x14/0x20
[ 47.036863][ T379] ? mutex_lock+0xb6/0x1e0
[ 47.041116][ T379] ? wait_for_completion_killable_timeout+0x10/0x10
[ 47.047542][ T379] ? __fdget_pos+0x2e7/0x3a0
[ 47.052146][ T379] ? ksys_read+0x77/0x2c0
[ 47.056312][ T379] ksys_read+0x199/0x2c0
[ 47.060575][ T379] ? vfs_write+0x1110/0x1110
[ 47.065084][ T379] ? __kasan_check_read+0x11/0x20
[ 47.070121][ T379] __x64_sys_read+0x7b/0x90
[ 47.074453][ T379] do_syscall_64+0x3d/0xb0
[ 47.078703][ T379] entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 47.084520][ T379] RIP: 0033:0x7faa9f7d878c
[ 47.088869][ T379] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 59 81 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 af 81 02 00 48
[ 47.108398][ T379] RSP: 002b:00007faa9f35c0c0 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[ 47.116725][ T379] RAX: ffffffffffffffda RBX: 00007faa9f8f8f80 RCX: 00007faa9f7d878c
[ 47.124545][ T379] RDX: 000000000000000f RSI: 00007faa9f35c130 RDI: 0000000000000006
[ 47.132354][ T379] RBP: 00007faa9f35c120 R08: 0000000000000000 R09: 0000000000000000
[ 47.140163][ T379] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 47.147981][ T379] R13: 000000000000000b R14: 00007faa9f8f8f80 R15: 00007ffe3f38fd98
[ 47.155787][ T379]
[ 47.166294][ T381] FAULT_INJECTION: forcing a failure.
[ 47.166294][ T381] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 47.179784][ T381] CPU: 1 PID: 381 Comm: syz-executor.0 Tainted: G B 5.15.148-syzkaller-1069047-g993bed180178 #0
[ 47.191319][ T381] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[ 47.201386][ T381] Call Trace:
[ 47.204686][ T381]
[ 47.207473][ T381] dump_stack_lvl+0x151/0x1b7
[ 47.212068][ T381] ? io_uring_drop_tctx_refs+0x190/0x190
[ 47.217616][ T381] dump_stack+0x15/0x17
[ 47.221607][ T381] should_fail+0x3c6/0x510
[ 47.225860][ T381] should_fail_usercopy+0x1a/0x20
[ 47.230736][ T381] _copy_to_user+0x20/0x90
[ 47.235156][ T381] simple_read_from_buffer+0xc7/0x150
[ 47.240805][ T381] proc_fail_nth_read+0x1a3/0x210
[ 47.245769][ T381] ? proc_fault_inject_write+0x390/0x390
[ 47.251324][ T381] ? fsnotify_perm+0x470/0x5d0
[ 47.255890][ T381] ? security_file_permission+0x86/0xb0
[ 47.261529][ T381] ? proc_fault_inject_write+0x390/0x390
[ 47.267088][ T381] vfs_read+0x27d/0xd40
[ 47.271266][ T381] ? kernel_read+0x1f0/0x1f0
[ 47.275711][ T381] ? __kasan_check_write+0x14/0x20
[ 47.280649][ T381] ? mutex_lock+0xb6/0x1e0
[ 47.285201][ T381] ? wait_for_completion_killable_timeout+0x10/0x10
[ 47.291754][ T381] ? __fdget_pos+0x2e7/0x3a0
[ 47.296375][ T381] ? ksys_read+0x77/0x2c0
[ 47.300542][ T381] ksys_read+0x199/0x2c0
[ 47.304628][ T381] ? vfs_write+0x1110/0x1110
[ 47.309217][ T381] ? __kasan_check_read+0x11/0x20
[ 47.314080][ T381] __x64_sys_read+0x7b/0x90
[ 47.318416][ T381] do_syscall_64+0x3d/0xb0
[ 47.322756][ T381] entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 47.328484][ T381] RIP: 0033:0x7faa9f7d878c
[ 47.332741][ T381] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 59 81 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 af 81 02 00 48
[ 47.352821][ T381] RSP: 002b:00007faa9f35c0c0 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[ 47.361098][ T381] RAX: ffffffffffffffda RBX: 00007faa9f8f8f80 RCX: 00007faa9f7d878c
[ 47.369085][ T381] RDX: 000000000000000f RSI: 00007faa9f35c130 RDI: 0000000000000006
[ 47.376906][ T381] RBP: 00007faa9f35c120 R08: 0000000000000000 R09: 0000000000000000
[ 47.385055][ T381] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 47.393565][ T381] R13: 000000000000000b R14: 00007faa9f8f8f80 R15: 00007ffe3f38fd98
[ 47.401682][ T381]
[ 47.407084][ T30] kauditd_printk_skb: 2 callbacks suppressed
[ 47.407098][ T30] audit: type=1400 audit(1709678249.031:169): avc: denied { remove_name } for pid=82 comm="syslogd" name="messages" dev="tmpfs" ino=2 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[ 47.438105][ T30] audit: type=1400 audit(1709678249.031:170): avc: denied { rename } for pid=82 comm="syslogd" name="messages" dev="tmpfs" ino=2 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[ 47.461183][ T384] FAULT_INJECTION: forcing a failure.
[ 47.461183][ T384] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 47.474824][ T384] CPU: 1 PID: 384 Comm: syz-executor.0 Tainted: G B 5.15.148-syzkaller-1069047-g993bed180178 #0
[ 47.487332][ T384] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[ 47.497908][ T384] Call Trace:
[ 47.501038][ T384]
[ 47.503910][ T384] dump_stack_lvl+0x151/0x1b7
[ 47.508558][ T384] ? io_uring_drop_tctx_refs+0x190/0x190
[ 47.514237][ T384] dump_stack+0x15/0x17
[ 47.518228][ T384] should_fail+0x3c6/0x510
[ 47.522568][ T384] should_fail_usercopy+0x1a/0x20
[ 47.527525][ T384] _copy_to_user+0x20/0x90
[ 47.531865][ T384] simple_read_from_buffer+0xc7/0x150
[ 47.537075][ T384] proc_fail_nth_read+0x1a3/0x210
[ 47.541939][ T384] ? proc_fault_inject_write+0x390/0x390
[ 47.547402][ T384] ? fsnotify_perm+0x470/0x5d0
[ 47.552084][ T384] ? security_file_permission+0x86/0xb0
[ 47.557546][ T384] ? proc_fault_inject_write+0x390/0x390
[ 47.563015][ T384] vfs_read+0x27d/0xd40
[ 47.567007][ T384] ? kernel_read+0x1f0/0x1f0
[ 47.571524][ T384] ? __kasan_check_write+0x14/0x20
[ 47.576471][ T384] ? mutex_lock+0xb6/0x1e0
[ 47.580719][ T384] ? wait_for_completion_killable_timeout+0x10/0x10
[ 47.587141][ T384] ? __fdget_pos+0x2e7/0x3a0
[ 47.591743][ T384] ? ksys_read+0x77/0x2c0
[ 47.596001][ T384] ksys_read+0x199/0x2c0
[ 47.600162][ T384] ? vfs_write+0x1110/0x1110
[ 47.604585][ T384] ? __kasan_check_read+0x11/0x20
[ 47.609621][ T384] __x64_sys_read+0x7b/0x90
[ 47.613962][ T384] do_syscall_64+0x3d/0xb0
[ 47.618336][ T384] entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 47.624044][ T384] RIP: 0033:0x7faa9f7d878c
[ 47.628306][ T384] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 59 81 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 af 81 02 00 48
[ 47.647913][ T384] RSP: 002b:00007faa9f35c0c0 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[ 47.656272][ T384] RAX: ffffffffffffffda RBX: 00007faa9f8f8f80 RCX: 00007faa9f7d878c
[ 47.664278][ T384] RDX: 000000000000000f RSI: 00007faa9f35c130 RDI: 0000000000000006
[ 47.672204][ T384] RBP: 00007faa9f35c120 R08: 0000000000000000 R09: 0000000000000000
[ 47.680255][ T384] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 47.688371][ T384] R13: 000000000000000b R14: 00007faa9f8f8f80 R15: 00007ffe3f38fd98
[ 47.696255][ T384]
[ 47.699624][ T30] audit: type=1400 audit(1709678249.031:171): avc: denied { create } for pid=82 comm="syslogd" name="messages" scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[ 47.727934][ T386] FAULT_INJECTION: forcing a failure.
[ 47.727934][ T386] name failslab, interval 1, probability 0, space 0, times 0
[ 47.742905][ T386] CPU: 1 PID: 386 Comm: syz-executor.0 Tainted: G B 5.15.148-syzkaller-1069047-g993bed180178 #0
[ 47.754595][ T386] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[ 47.764794][ T386] Call Trace:
[ 47.767925][ T386]
[ 47.770691][ T386] dump_stack_lvl+0x151/0x1b7
[ 47.775232][ T386] ? io_uring_drop_tctx_refs+0x190/0x190
[ 47.781154][ T386] dump_stack+0x15/0x17
[ 47.785157][ T386] should_fail+0x3c6/0x510
[ 47.789559][ T386] __should_failslab+0xa4/0xe0
[ 47.794132][ T386] should_failslab+0x9/0x20
[ 47.798471][ T386] slab_pre_alloc_hook+0x37/0xd0
[ 47.803246][ T386] kmem_cache_alloc_trace+0x48/0x210
[ 47.808367][ T386] ? sk_psock_skb_ingress_self+0x60/0x330
[ 47.813919][ T386] ? migrate_disable+0x190/0x190
[ 47.818868][ T386] sk_psock_skb_ingress_self+0x60/0x330
[ 47.824790][ T386] sk_psock_verdict_recv+0x66d/0x840
[ 47.829977][ T386] unix_read_sock+0x132/0x370
[ 47.840489][ T386] ? sk_psock_skb_redirect+0x440/0x440
[ 47.845779][ T386] ? unix_stream_splice_actor+0x120/0x120
[ 47.851416][ T386] ? _raw_spin_lock_irqsave+0xf9/0x210
[ 47.856709][ T386] ? unix_stream_splice_actor+0x120/0x120
[ 47.862265][ T386] sk_psock_verdict_data_ready+0x147/0x1a0
[ 47.867919][ T386] ? sk_psock_start_verdict+0xc0/0xc0
[ 47.873200][ T386] ? _raw_spin_lock+0xa4/0x1b0
[ 47.878241][ T386] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 47.883876][ T386] ? skb_queue_tail+0xfb/0x120
[ 47.888571][ T386] unix_dgram_sendmsg+0x15fa/0x2090
[ 47.893786][ T386] ? unix_dgram_poll+0x710/0x710
[ 47.898633][ T386] ? _raw_spin_trylock+0xcd/0x1a0
[ 47.903589][ T386] ? security_socket_sendmsg+0x82/0xb0
[ 47.908955][ T386] ? unix_dgram_poll+0x710/0x710
[ 47.913995][ T386] ____sys_sendmsg+0x59e/0x8f0
[ 47.918851][ T386] ? __sys_sendmsg_sock+0x40/0x40
[ 47.923738][ T386] ? import_iovec+0xe5/0x120
[ 47.928136][ T386] ___sys_sendmsg+0x252/0x2e0
[ 47.932653][ T386] ? __sys_sendmsg+0x260/0x260
[ 47.937424][ T386] ? do_handle_mm_fault+0x1949/0x2330
[ 47.942722][ T386] ? __kasan_check_write+0x14/0x20
[ 47.947762][ T386] ? proc_fail_nth_write+0x20b/0x290
[ 47.952972][ T386] ? __fdget+0x1bc/0x240
[ 47.957143][ T386] __sys_sendmmsg+0x2bf/0x530
[ 47.961662][ T386] ? __ia32_sys_sendmsg+0x90/0x90
[ 47.966517][ T386] ? mutex_unlock+0xb2/0x260
[ 47.971035][ T386] ? __kasan_check_write+0x14/0x20
[ 47.975986][ T386] ? debug_smp_processor_id+0x17/0x20
[ 47.981441][ T386] ? fpregs_assert_state_consistent+0xb6/0xe0
[ 47.987428][ T386] __x64_sys_sendmmsg+0xa0/0xb0
[ 47.992327][ T386] do_syscall_64+0x3d/0xb0
[ 47.996557][ T386] entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 48.002295][ T386] RIP: 0033:0x7faa9f7d9ae9
[ 48.006538][ T386] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[ 48.026267][ T386] RSP: 002b:00007faa9f35c0c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 48.034855][ T386] RAX: ffffffffffffffda RBX: 00007faa9f8f8f80 RCX: 00007faa9f7d9ae9
[ 48.042846][ T386] RDX: 0000000000000001 RSI: 00000000200063c0 RDI: 0000000000000003
[ 48.050917][ T386] RBP: 00007faa9f35c120 R08: 0000000000000000 R09: 0000000000000000
[ 48.059277][ T386] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 48.067315][ T386] R13: 000000000000000b R14: 00007faa9f8f8f80 R15: 00007ffe3f38fd98
[ 48.075220][ T386]
[ 48.078887][ T385] ==================================================================
[ 48.086855][ T385] BUG: KASAN: double-free or invalid-free in kmem_cache_free+0x116/0x2e0
[ 48.095278][ T385]
[ 48.097566][ T385] CPU: 0 PID: 385 Comm: syz-executor.0 Tainted: G B 5.15.148-syzkaller-1069047-g993bed180178 #0
[ 48.109545][ T385] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[ 48.119712][ T385] Call Trace:
[ 48.122823][ T385]
[ 48.125607][ T385] dump_stack_lvl+0x151/0x1b7
[ 48.130114][ T385] ? io_uring_drop_tctx_refs+0x190/0x190
[ 48.135906][ T385] ? __wake_up_klogd+0xd5/0x110
[ 48.140721][ T385] ? panic+0x751/0x751
[ 48.144627][ T385] ? kmem_cache_free+0x116/0x2e0
[ 48.149397][ T385] print_address_description+0x87/0x3b0
[ 48.154779][ T385] ? kmem_cache_free+0x116/0x2e0
[ 48.159639][ T385] ? kmem_cache_free+0x116/0x2e0
[ 48.164412][ T385] kasan_report_invalid_free+0x6b/0xa0
[ 48.169903][ T385] ____kasan_slab_free+0x13e/0x160
[ 48.174843][ T385] __kasan_slab_free+0x11/0x20
[ 48.179537][ T385] slab_free_freelist_hook+0xbd/0x190
[ 48.184915][ T385] ? kfree_skbmem+0x104/0x170
[ 48.189431][ T385] kmem_cache_free+0x116/0x2e0
[ 48.194114][ T385] kfree_skbmem+0x104/0x170
[ 48.198451][ T385] consume_skb+0xb4/0x250
[ 48.202618][ T385] __sk_msg_free+0x2dd/0x370
[ 48.207042][ T385] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 48.212690][ T385] sk_psock_stop+0x44c/0x4d0
[ 48.217112][ T385] ? unix_peer_get+0xe0/0xe0
[ 48.221830][ T385] sock_map_close+0x2b9/0x4c0
[ 48.226342][ T385] ? sock_map_remove_links+0x570/0x570
[ 48.231634][ T385] ? rwsem_mark_wake+0x6b0/0x6b0
[ 48.236417][ T385] unix_release+0x82/0xc0
[ 48.240665][ T385] sock_close+0xdf/0x270
[ 48.244824][ T385] ? sock_mmap+0xa0/0xa0
[ 48.248906][ T385] __fput+0x3fe/0x910
[ 48.252728][ T385] ____fput+0x15/0x20
[ 48.256551][ T385] task_work_run+0x129/0x190
[ 48.260979][ T385] exit_to_user_mode_loop+0xc4/0xe0
[ 48.266211][ T385] exit_to_user_mode_prepare+0x5a/0xa0
[ 48.271469][ T385] syscall_exit_to_user_mode+0x26/0x160
[ 48.276851][ T385] do_syscall_64+0x49/0xb0
[ 48.281286][ T385] entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 48.287007][ T385] RIP: 0033:0x7faa9f7d89da
[ 48.291260][ T385] Code: 48 3d 00 f0 ff ff 77 48 c3 0f 1f 80 00 00 00 00 48 83 ec 18 89 7c 24 0c e8 03 7f 02 00 8b 7c 24 0c 89 c2 b8 03 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 36 89 d7 89 44 24 0c e8 63 7f 02 00 8b 44 24
[ 48.310701][ T385] RSP: 002b:00007ffe3f38fe60 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[ 48.318956][ T385] RAX: 0000000000000000 RBX: 0000000000000004 RCX: 00007faa9f7d89da
[ 48.326775][ T385] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003
[ 48.334570][ T385] RBP: 0000000000000032 R08: 0000001b31660000 R09: 00007faa9f8f8f8c
[ 48.342475][ T385] R10: 00007ffe3f38ffb0 R11: 0000000000000293 R12: 00007faa9f35e0d0
[ 48.350653][ T385] R13: ffffffffffffffff R14: 00007faa9f35d000 R15: 000000000000ba55
[ 48.358459][ T385]
[ 48.361314][ T385]
[ 48.363481][ T385] Allocated by task 386:
[ 48.367564][ T385] __kasan_slab_alloc+0xb1/0xe0
[ 48.372609][ T385] slab_post_alloc_hook+0x53/0x2c0
[ 48.377677][ T385] kmem_cache_alloc+0xf5/0x200
[ 48.382371][ T385] skb_clone+0x1d1/0x360
[ 48.386518][ T385] sk_psock_verdict_recv+0x53/0x840
[ 48.391640][ T385] unix_read_sock+0x132/0x370
[ 48.396229][ T385] sk_psock_verdict_data_ready+0x147/0x1a0
[ 48.401958][ T385] unix_dgram_sendmsg+0x15fa/0x2090
[ 48.407011][ T385] ____sys_sendmsg+0x59e/0x8f0
[ 48.411693][ T385] ___sys_sendmsg+0x252/0x2e0
[ 48.416200][ T385] __sys_sendmmsg+0x2bf/0x530
[ 48.420724][ T385] __x64_sys_sendmmsg+0xa0/0xb0
[ 48.426211][ T385] do_syscall_64+0x3d/0xb0
[ 48.430461][ T385] entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 48.436352][ T385]
[ 48.438613][ T385] Freed by task 20:
[ 48.442362][ T385] kasan_set_track+0x4b/0x70
[ 48.446786][ T385] kasan_set_free_info+0x23/0x40
[ 48.451550][ T385] ____kasan_slab_free+0x126/0x160
[ 48.456590][ T385] __kasan_slab_free+0x11/0x20
[ 48.461271][ T385] slab_free_freelist_hook+0xbd/0x190
[ 48.466486][ T385] kmem_cache_free+0x116/0x2e0
[ 48.471165][ T385] kfree_skbmem+0x104/0x170
[ 48.475680][ T385] kfree_skb+0xc2/0x360
[ 48.480714][ T385] sk_psock_backlog+0xc21/0xd90
[ 48.485502][ T385] process_one_work+0x6bb/0xc10
[ 48.490268][ T385] worker_thread+0xad5/0x12a0
[ 48.494788][ T385] kthread+0x421/0x510
[ 48.499029][ T385] ret_from_fork+0x1f/0x30
[ 48.503280][ T385]
[ 48.505449][ T385] The buggy address belongs to the object at ffff88810e8a6000
[ 48.505449][ T385] which belongs to the cache skbuff_head_cache of size 248
[ 48.520125][ T385] The buggy address is located 0 bytes inside of
[ 48.520125][ T385] 248-byte region [ffff88810e8a6000, ffff88810e8a60f8)
[ 48.533407][ T385] The buggy address belongs to the page:
[ 48.538867][ T385] page:ffffea00043a2980 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10e8a6
[ 48.549197][ T385] flags: 0x4000000000000200(slab|zone=1)
[ 48.554767][ T385] raw: 4000000000000200 ffffea000437fb00 0000000300000003 ffff888100351680
[ 48.563536][ T385] raw: 0000000000000000 00000000000c000c 00000001ffffffff 0000000000000000
[ 48.571932][ T385] page dumped because: kasan: bad access detected
[ 48.578183][ T385] page_owner tracks the page as allocated
[ 48.583822][ T385] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x12cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY), pid 101, ts 4588481781, free_ts 4588426996
[ 48.599543][ T385] post_alloc_hook+0x1a3/0x1b0
[ 48.604225][ T385] prep_new_page+0x1b/0x110
[ 48.608560][ T385] get_page_from_freelist+0x3550/0x35d0
[ 48.614062][ T385] __alloc_pages+0x27e/0x8f0
[ 48.618540][ T385] new_slab+0x9a/0x4e0
[ 48.623500][ T385] ___slab_alloc+0x39e/0x830
[ 48.627922][ T385] __slab_alloc+0x4a/0x90
[ 48.632078][ T385] kmem_cache_alloc+0x134/0x200
[ 48.636873][ T385] __alloc_skb+0xbe/0x550
[ 48.641027][ T385] alloc_uevent_skb+0x80/0x230
[ 48.645625][ T385] kobject_uevent_net_broadcast+0x311/0x590
[ 48.651345][ T385] kobject_uevent_env+0x525/0x700
[ 48.656403][ T385] kobject_synth_uevent+0x4eb/0xae0
[ 48.661680][ T385] store_uevent+0x16/0x30
[ 48.666012][ T385] module_attr_store+0x5c/0x80
[ 48.670615][ T385] sysfs_kf_write+0x123/0x140
[ 48.675131][ T385] page last free stack trace:
[ 48.679637][ T385] free_unref_page_prepare+0x7c8/0x7d0
[ 48.684935][ T385] free_unref_page+0xe8/0x750
[ 48.689484][ T385] __free_pages+0x61/0xf0
[ 48.693702][ T385] free_pages+0x7c/0x90
[ 48.697817][ T385] selinux_genfs_get_sid+0x24d/0x2a0
[ 48.702903][ T385] inode_doinit_with_dentry+0x8d2/0x1070
[ 48.708988][ T385] selinux_d_instantiate+0x27/0x40
[ 48.713937][ T385] security_d_instantiate+0x9f/0x100
[ 48.719217][ T385] d_splice_alias+0x6d/0x390
[ 48.723647][ T385] kernfs_iop_lookup+0x29e/0x2f0
[ 48.728515][ T385] path_openat+0x1194/0x2f40
[ 48.732936][ T385] do_filp_open+0x21c/0x460
[ 48.737277][ T385] do_sys_openat2+0x13f/0x830
[ 48.741786][ T385] __x64_sys_openat+0x243/0x290
[ 48.746471][ T385] do_syscall_64+0x3d/0xb0
[ 48.750897][ T385] entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 48.756739][ T385]
[ 48.758900][ T385] Memory state around the buggy address:
[ 48.764370][ T385] ffff88810e8a5f00: fb fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc
[ 48.772354][ T385] ffff88810e8a5f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 48.780341][ T385] >ffff88810e8a6000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 48.788418][ T385] ^
[ 48.792324][ T385] ffff88810e8a6080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fc
[ 48.800243][ T385] ffff88810e8a6100: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
[ 48.808118][ T385] ==================================================================
[ 48.827677][ T389] FAULT_INJECTION: forcing a failure.
[ 48.827677][ T389] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 48.840659][ T389] CPU: 0 PID: 389 Comm: syz-executor.0 Tainted: G B 5.15.148-syzkaller-1069047-g993bed180178 #0
[ 48.852294][ T389] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[ 48.862636][ T389] Call Trace:
[ 48.865748][ T389]
[ 48.868700][ T389] dump_stack_lvl+0x151/0x1b7
[ 48.873321][ T389] ? io_uring_drop_tctx_refs+0x190/0x190
[ 48.878873][ T389] dump_stack+0x15/0x17
[ 48.882854][ T389] should_fail+0x3c6/0x510
[ 48.887276][ T389] should_fail_usercopy+0x1a/0x20
[ 48.892158][ T389] _copy_to_user+0x20/0x90
[ 48.896569][ T389] simple_read_from_buffer+0xc7/0x150
[ 48.901768][ T389] proc_fail_nth_read+0x1a3/0x210
[ 48.906712][ T389] ? proc_fault_inject_write+0x390/0x390
[ 48.912268][ T389] ? fsnotify_perm+0x470/0x5d0
[ 48.917044][ T389] ? security_file_permission+0x86/0xb0
[ 48.922513][ T389] ? proc_fault_inject_write+0x390/0x390
[ 48.927991][ T389] vfs_read+0x27d/0xd40
[ 48.936325][ T389] ? kernel_read+0x1f0/0x1f0
[ 48.940832][ T389] ? __kasan_check_write+0x14/0x20
[ 48.945839][ T389] ? mutex_lock+0xb6/0x1e0
[ 48.950058][ T389] ? wait_for_completion_killable_timeout+0x10/0x10
[ 48.956549][ T389] ? __fdget_pos+0x2e7/0x3a0
[ 48.961049][ T389] ? ksys_read+0x77/0x2c0
[ 48.965233][ T389] ksys_read+0x199/0x2c0
[ 48.969294][ T389] ? vfs_write+0x1110/0x1110
[ 48.973714][ T389] ? __kasan_check_read+0x11/0x20
[ 48.978690][ T389] __x64_sys_read+0x7b/0x90
[ 48.983280][ T389] do_syscall_64+0x3d/0xb0
[ 48.987529][ T389] entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 48.993305][ T389] RIP: 0033:0x7faa9f7d878c
[ 48.997514][ T389] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 59 81 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 af 81 02 00 48
[ 49.017567][ T389] RSP: 002b:00007faa9f35c0c0 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[ 49.025811][ T389] RAX: ffffffffffffffda RBX: 00007faa9f8f8f80 RCX: 00007faa9f7d878c
[ 49.033707][ T389] RDX: 000000000000000f RSI: 00007faa9f35c130 RDI: 0000000000000006
[ 49.041523][ T389] RBP: 00007faa9f35c120 R08: 0000000000000000 R09: 0000000000000000
[ 49.049418][ T389] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 49.057320][ T389] R13: 000000000000000b R14: 00007faa9f8f8f80 R15: 00007ffe3f38fd98
[ 49.065357][ T389]
[ 49.076914][ T391] FAULT_INJECTION: forcing a failure.
[ 49.076914][ T391] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 49.090032][ T391] CPU: 0 PID: 391 Comm: syz-executor.0 Tainted: G B 5.15.148-syzkaller-1069047-g993bed180178 #0
[ 49.101747][ T391] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[ 49.111986][ T391] Call Trace:
[ 49.115104][ T391]
[ 49.117970][ T391] dump_stack_lvl+0x151/0x1b7
[ 49.122563][ T391] ? io_uring_drop_tctx_refs+0x190/0x190
[ 49.128036][ T391] dump_stack+0x15/0x17
[ 49.132025][ T391] should_fail+0x3c6/0x510
[ 49.136548][ T391] should_fail_usercopy+0x1a/0x20
[ 49.141401][ T391] _copy_to_user+0x20/0x90
[ 49.145739][ T391] simple_read_from_buffer+0xc7/0x150
[ 49.150945][ T391] proc_fail_nth_read+0x1a3/0x210
[ 49.156070][ T391] ? proc_fault_inject_write+0x390/0x390
[ 49.161540][ T391] ? fsnotify_perm+0x470/0x5d0
[ 49.166304][ T391] ? security_file_permission+0x86/0xb0
[ 49.171785][ T391] ? proc_fault_inject_write+0x390/0x390
[ 49.177512][ T391] vfs_read+0x27d/0xd40
[ 49.181579][ T391] ? kernel_read+0x1f0/0x1f0
[ 49.186093][ T391] ? __kasan_check_write+0x14/0x20
[ 49.191042][ T391] ? mutex_lock+0xb6/0x1e0
[ 49.195576][ T391] ? wait_for_completion_killable_timeout+0x10/0x10
[ 49.202337][ T391] ? __fdget_pos+0x2e7/0x3a0
[ 49.206768][ T391] ? ksys_read+0x77/0x2c0
[ 49.210937][ T391] ksys_read+0x199/0x2c0
[ 49.215265][ T391] ? vfs_write+0x1110/0x1110
[ 49.219702][ T391] ? __kasan_check_read+0x11/0x20
[ 49.224557][ T391] __x64_sys_read+0x7b/0x90
[ 49.228903][ T391] do_syscall_64+0x3d/0xb0
[ 49.233154][ T391] entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 49.238871][ T391] RIP: 0033:0x7faa9f7d878c
[ 49.243124][ T391] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 59 81 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 af 81 02 00 48
[ 49.262834][ T391] RSP: 002b:00007faa9f35c0c0 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[ 49.271159][ T391] RAX: ffffffffffffffda RBX: 00007faa9f8f8f80 RCX: 00007faa9f7d878c
[ 49.278972][ T391] RDX: 000000000000000f RSI: 00007faa9f35c130 RDI: 0000000000000006
[ 49.286782][ T391] RBP: 00007faa9f35c120 R08: 0000000000000000 R09: 0000000000000000
[ 49.294590][ T391] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 49.302582][ T391] R13: 000000000000000b R14: 00007faa9f8f8f80 R15: 00007ffe3f38fd98
[ 49.310478][ T391]
[ 49.328833][ T393] FAULT_INJECTION: forcing a failure.
[ 49.328833][ T393] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 49.341918][ T393] CPU: 0 PID: 393 Comm: syz-executor.0 Tainted: G B 5.15.148-syzkaller-1069047-g993bed180178 #0
[ 49.353481][ T393] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[ 49.363565][ T393] Call Trace:
[ 49.366785][ T393]
[ 49.369563][ T393] dump_stack_lvl+0x151/0x1b7
[ 49.374106][ T393] ? io_uring_drop_tctx_refs+0x190/0x190
[ 49.379633][ T393] dump_stack+0x15/0x17
[ 49.383631][ T393] should_fail+0x3c6/0x510
[ 49.387874][ T393] should_fail_usercopy+0x1a/0x20
[ 49.392751][ T393] _copy_to_user+0x20/0x90
[ 49.396991][ T393] simple_read_from_buffer+0xc7/0x150
[ 49.402212][ T393] proc_fail_nth_read+0x1a3/0x210
[ 49.407150][ T393] ? proc_fault_inject_write+0x390/0x390
[ 49.412816][ T393] ? fsnotify_perm+0x470/0x5d0
[ 49.417407][ T393] ? security_file_permission+0x86/0xb0
[ 49.422855][ T393] ? proc_fault_inject_write+0x390/0x390
[ 49.428329][ T393] vfs_read+0x27d/0xd40
[ 49.432504][ T393] ? kernel_read+0x1f0/0x1f0
[ 49.437270][ T393] ? __kasan_check_write+0x14/0x20
[ 49.442225][ T393] ? mutex_lock+0xb6/0x1e0
[ 49.446558][ T393] ? wait_for_completion_killable_timeout+0x10/0x10
[ 49.452982][ T393] ? __fdget_pos+0x2e7/0x3a0
[ 49.457404][ T393] ? ksys_read+0x77/0x2c0
[ 49.461657][ T393] ksys_read+0x199/0x2c0
[ 49.465912][ T393] ? vfs_write+0x1110/0x1110
[ 49.470344][ T393] ? __kasan_check_read+0x11/0x20
[ 49.475463][ T393] __x64_sys_read+0x7b/0x90
[ 49.479803][ T393] do_syscall_64+0x3d/0xb0
[ 49.484052][ T393] entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 49.489841][ T393] RIP: 0033:0x7faa9f7d878c
[ 49.494139][ T393] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 59 81 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 af 81 02 00 48
[ 49.513679][ T393] RSP: 002b:00007faa9f35c0c0 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[ 49.522186][ T393] RAX: ffffffffffffffda RBX: 00007faa9f8f8f80 RCX: 00007faa9f7d878c
[ 49.530250][ T393] RDX: 000000000000000f RSI: 00007faa9f35c130 RDI: 0000000000000006
[ 49.538141][ T393] RBP: 00007faa9f35c120 R08: 0000000000000000 R09: 0000000000000000
[ 49.545999][ T393] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 49.553883][ T393] R13: 000000000000000b R14: 00007faa9f8f8f80 R15: 00007ffe3f38fd98
[ 49.561699][ T393]
[ 49.578592][ T395] FAULT_INJECTION: forcing a failure.
[ 49.578592][ T395] name failslab, interval 1, probability 0, space 0, times 0
[ 49.591073][ T395] CPU: 0 PID: 395 Comm: syz-executor.0 Tainted: G B 5.15.148-syzkaller-1069047-g993bed180178 #0
[ 49.602625][ T395] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[ 49.612517][ T395] Call Trace:
[ 49.615651][ T395]
[ 49.618679][ T395] dump_stack_lvl+0x151/0x1b7
[ 49.623201][ T395] ? io_uring_drop_tctx_refs+0x190/0x190
[ 49.628838][ T395] dump_stack+0x15/0x17
[ 49.632922][ T395] should_fail+0x3c6/0x510
[ 49.637167][ T395] __should_failslab+0xa4/0xe0
[ 49.641788][ T395] should_failslab+0x9/0x20
[ 49.646191][ T395] slab_pre_alloc_hook+0x37/0xd0
[ 49.650969][ T395] kmem_cache_alloc_trace+0x48/0x210
[ 49.656084][ T395] ? sk_psock_skb_ingress_self+0x60/0x330
[ 49.661640][ T395] ? migrate_disable+0x190/0x190
[ 49.666597][ T395] sk_psock_skb_ingress_self+0x60/0x330
[ 49.672059][ T395] sk_psock_verdict_recv+0x66d/0x840
[ 49.677316][ T395] unix_read_sock+0x132/0x370
[ 49.681998][ T395] ? sk_psock_skb_redirect+0x440/0x440
[ 49.687287][ T395] ? unix_stream_splice_actor+0x120/0x120
[ 49.692926][ T395] ? _raw_spin_lock_irqsave+0xf9/0x210
[ 49.698221][ T395] ? unix_stream_splice_actor+0x120/0x120
[ 49.703776][ T395] sk_psock_verdict_data_ready+0x147/0x1a0
[ 49.709431][ T395] ? sk_psock_start_verdict+0xc0/0xc0
[ 49.714635][ T395] ? _raw_spin_lock+0xa4/0x1b0
[ 49.719326][ T395] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 49.724966][ T395] ? skb_queue_tail+0xfb/0x120
[ 49.729652][ T395] unix_dgram_sendmsg+0x15fa/0x2090
[ 49.734946][ T395] ? unix_dgram_poll+0x710/0x710
[ 49.739733][ T395] ? _raw_spin_trylock+0xcd/0x1a0
[ 49.744584][ T395] ? security_socket_sendmsg+0x82/0xb0
[ 49.749882][ T395] ? unix_dgram_poll+0x710/0x710
[ 49.754649][ T395] ____sys_sendmsg+0x59e/0x8f0
[ 49.759334][ T395] ? __sys_sendmsg_sock+0x40/0x40
[ 49.764231][ T395] ? import_iovec+0xe5/0x120
[ 49.768627][ T395] ___sys_sendmsg+0x252/0x2e0
[ 49.773136][ T395] ? __sys_sendmsg+0x260/0x260
[ 49.777740][ T395] ? do_handle_mm_fault+0x1949/0x2330
[ 49.782949][ T395] ? __kasan_check_write+0x14/0x20
[ 49.787975][ T395] ? proc_fail_nth_write+0x20b/0x290
[ 49.793155][ T395] ? __fdget+0x1bc/0x240
[ 49.797518][ T395] __sys_sendmmsg+0x2bf/0x530
[ 49.802258][ T395] ? __ia32_sys_sendmsg+0x90/0x90
[ 49.807166][ T395] ? mutex_unlock+0xb2/0x260
[ 49.811590][ T395] ? __kasan_check_write+0x14/0x20
[ 49.816535][ T395] ? debug_smp_processor_id+0x17/0x20
[ 49.821919][ T395] ? fpregs_assert_state_consistent+0xb6/0xe0
[ 49.828203][ T395] __x64_sys_sendmmsg+0xa0/0xb0
[ 49.832891][ T395] do_syscall_64+0x3d/0xb0
[ 49.837146][ T395] entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 49.843361][ T395] RIP: 0033:0x7faa9f7d9ae9
[ 49.847620][ T395] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[ 49.867759][ T395] RSP: 002b:00007faa9f35c0c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 49.876078][ T395] RAX: ffffffffffffffda RBX: 00007faa9f8f8f80 RCX: 00007faa9f7d9ae9
[ 49.883891][ T395] RDX: 0000000000000001 RSI: 00000000200063c0 RDI: 0000000000000003
[ 49.891982][ T395] RBP: 00007faa9f35c120 R08: 0000000000000000 R09: 0000000000000000
[ 49.899863][ T395] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 49.907768][ T395] R13: 000000000000000b R14: 00007faa9f8f8f80 R15: 00007ffe3f38fd98
[ 49.915663][ T395]
[ 49.919926][ T394] ==================================================================
[ 49.928165][ T394] BUG: KASAN: double-free or invalid-free in kmem_cache_free+0x116/0x2e0
[ 49.936394][ T394]
[ 49.938563][ T394] CPU: 1 PID: 394 Comm: syz-executor.0 Tainted: G B 5.15.148-syzkaller-1069047-g993bed180178 #0
[ 49.950451][ T394] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[ 49.960349][ T394] Call Trace:
[ 49.963473][ T394]
[ 49.966265][ T394] dump_stack_lvl+0x151/0x1b7
[ 49.970857][ T394] ? io_uring_drop_tctx_refs+0x190/0x190
[ 49.976325][ T394] ? __wake_up_klogd+0xd5/0x110
[ 49.981021][ T394] ? panic+0x751/0x751
[ 49.984920][ T394] ? kmem_cache_free+0x116/0x2e0
[ 49.989694][ T394] print_address_description+0x87/0x3b0
[ 49.995080][ T394] ? kmem_cache_free+0x116/0x2e0
[ 49.999933][ T394] ? kmem_cache_free+0x116/0x2e0
[ 50.004798][ T394] kasan_report_invalid_free+0x6b/0xa0
[ 50.010107][ T394] ____kasan_slab_free+0x13e/0x160
[ 50.015220][ T394] __kasan_slab_free+0x11/0x20
[ 50.019908][ T394] slab_free_freelist_hook+0xbd/0x190
[ 50.025221][ T394] ? kfree_skbmem+0x104/0x170
[ 50.029712][ T394] kmem_cache_free+0x116/0x2e0
[ 50.034309][ T394] kfree_skbmem+0x104/0x170
[ 50.038643][ T394] consume_skb+0xb4/0x250
[ 50.042811][ T394] __sk_msg_free+0x2dd/0x370
[ 50.047235][ T394] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 50.052896][ T394] sk_psock_stop+0x44c/0x4d0
[ 50.057391][ T394] ? unix_peer_get+0xe0/0xe0
[ 50.061817][ T394] sock_map_close+0x2b9/0x4c0
[ 50.066452][ T394] ? sock_map_remove_links+0x570/0x570
[ 50.072092][ T394] ? rwsem_mark_wake+0x6b0/0x6b0
[ 50.076864][ T394] unix_release+0x82/0xc0
[ 50.081138][ T394] sock_close+0xdf/0x270
[ 50.085214][ T394] ? sock_mmap+0xa0/0xa0
[ 50.089909][ T394] __fput+0x3fe/0x910
[ 50.093739][ T394] ____fput+0x15/0x20
[ 50.097543][ T394] task_work_run+0x129/0x190
[ 50.101969][ T394] exit_to_user_mode_loop+0xc4/0xe0
[ 50.107080][ T394] exit_to_user_mode_prepare+0x5a/0xa0
[ 50.112465][ T394] syscall_exit_to_user_mode+0x26/0x160
[ 50.118192][ T394] do_syscall_64+0x49/0xb0
[ 50.122446][ T394] entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 50.128359][ T394] RIP: 0033:0x7faa9f7d89da
[ 50.132685][ T394] Code: 48 3d 00 f0 ff ff 77 48 c3 0f 1f 80 00 00 00 00 48 83 ec 18 89 7c 24 0c e8 03 7f 02 00 8b 7c 24 0c 89 c2 b8 03 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 36 89 d7 89 44 24 0c e8 63 7f 02 00 8b 44 24
[ 50.152745][ T394] RSP: 002b:00007ffe3f38fe60 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[ 50.160988][ T394] RAX: 0000000000000000 RBX: 0000000000000004 RCX: 00007faa9f7d89da
[ 50.169058][ T394] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003
[ 50.176913][ T394] RBP: 00007faa9f8fa980 R08: 0000001b31660000 R09: 00007ffe3f3e50b0
[ 50.184685][ T394] R10: 0000000000000000 R11: 0000000000000293 R12: 000000000000c4d1
[ 50.192491][ T394] R13: ffffffffffffffff R14: 00007faa9f35d000 R15: 000000000000c190
[ 50.200431][ T394]
[ 50.203431][ T394]
[ 50.205606][ T394] Allocated by task 395:
[ 50.209852][ T394] __kasan_slab_alloc+0xb1/0xe0
[ 50.214542][ T394] slab_post_alloc_hook+0x53/0x2c0
[ 50.219485][ T394] kmem_cache_alloc+0xf5/0x200
[ 50.224168][ T394] skb_clone+0x1d1/0x360
[ 50.228258][ T394] sk_psock_verdict_recv+0x53/0x840
[ 50.233283][ T394] unix_read_sock+0x132/0x370
[ 50.237798][ T394] sk_psock_verdict_data_ready+0x147/0x1a0
[ 50.243446][ T394] unix_dgram_sendmsg+0x15fa/0x2090
[ 50.248471][ T394] ____sys_sendmsg+0x59e/0x8f0
[ 50.254915][ T394] ___sys_sendmsg+0x252/0x2e0
[ 50.259510][ T394] __sys_sendmmsg+0x2bf/0x530
[ 50.264101][ T394] __x64_sys_sendmmsg+0xa0/0xb0
[ 50.268891][ T394] do_syscall_64+0x3d/0xb0
[ 50.273226][ T394] entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 50.278946][ T394]
[ 50.281218][ T394] Freed by task 62:
[ 50.284934][ T394] kasan_set_track+0x4b/0x70
[ 50.289359][ T394] kasan_set_free_info+0x23/0x40
[ 50.294133][ T394] ____kasan_slab_free+0x126/0x160
[ 50.299081][ T394] __kasan_slab_free+0x11/0x20
[ 50.303855][ T394] slab_free_freelist_hook+0xbd/0x190
[ 50.309062][ T394] kmem_cache_free+0x116/0x2e0
[ 50.313661][ T394] kfree_skbmem+0x104/0x170
[ 50.318175][ T394] kfree_skb+0xc2/0x360
[ 50.322165][ T394] sk_psock_backlog+0xc21/0xd90
[ 50.326855][ T394] process_one_work+0x6bb/0xc10
[ 50.331542][ T394] worker_thread+0xad5/0x12a0
[ 50.336056][ T394] kthread+0x421/0x510
[ 50.339975][ T394] ret_from_fork+0x1f/0x30
[ 50.344318][ T394]
[ 50.346477][ T394] The buggy address belongs to the object at ffff88810dfee3c0
[ 50.346477][ T394] which belongs to the cache skbuff_head_cache of size 248
[ 50.360966][ T394] The buggy address is located 0 bytes inside of
[ 50.360966][ T394] 248-byte region [ffff88810dfee3c0, ffff88810dfee4b8)
[ 50.375203][ T394] The buggy address belongs to the page:
[ 50.380767][ T394] page:ffffea000437fb80 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10dfee
[ 50.391094][ T394] flags: 0x4000000000000200(slab|zone=1)
[ 50.396648][ T394] raw: 4000000000000200 0000000000000000 0000000700000001 ffff888100351680
[ 50.405248][ T394] raw: 0000000000000000 00000000000c000c 00000001ffffffff 0000000000000000
[ 50.414224][ T394] page dumped because: kasan: bad access detected
[ 50.420629][ T394] page_owner tracks the page as allocated
[ 50.426266][ T394] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x12cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY), pid 103, ts 4590663261, free_ts 0
[ 50.441196][ T394] post_alloc_hook+0x1a3/0x1b0
[ 50.445794][ T394] prep_new_page+0x1b/0x110
[ 50.450226][ T394] get_page_from_freelist+0x3550/0x35d0
[ 50.455603][ T394] __alloc_pages+0x27e/0x8f0
[ 50.460028][ T394] new_slab+0x9a/0x4e0
[ 50.464109][ T394] ___slab_alloc+0x39e/0x830
[ 50.468534][ T394] __slab_alloc+0x4a/0x90
[ 50.472699][ T394] kmem_cache_alloc+0x134/0x200
[ 50.477474][ T394] __alloc_skb+0xbe/0x550
[ 50.481637][ T394] alloc_skb_with_frags+0xa6/0x680
[ 50.486760][ T394] sock_alloc_send_pskb+0x915/0xa50
[ 50.491799][ T394] unix_dgram_sendmsg+0x6fd/0x2090
[ 50.497351][ T394] sock_write_iter+0x39b/0x530
[ 50.501948][ T394] vfs_write+0xd5d/0x1110
[ 50.506113][ T394] ksys_write+0x199/0x2c0
[ 50.510343][ T394] __x64_sys_write+0x7b/0x90
[ 50.515178][ T394] page_owner free stack trace missing
[ 50.520439][ T394]
[ 50.522699][ T394] Memory state around the buggy address:
[ 50.528339][ T394] ffff88810dfee280: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 50.536542][ T394] ffff88810dfee300: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fc
[ 50.544447][ T394] >ffff88810dfee380: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
[ 50.552422][ T394] ^
[ 50.558415][ T394] ffff88810dfee400: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 50.566521][ T394] ffff88810dfee480: fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc fc
[ 50.574623][ T394] ==================================================================
[ 50.595565][ T398] FAULT_INJECTION: forcing a failure.
[ 50.595565][ T398] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 50.608533][ T398] CPU: 0 PID: 398 Comm: syz-executor.0 Tainted: G B 5.15.148-syzkaller-1069047-g993bed180178 #0
[ 50.620177][ T398] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[ 50.630156][ T398] Call Trace:
[ 50.633452][ T398]
[ 50.636228][ T398] dump_stack_lvl+0x151/0x1b7
[ 50.640843][ T398] ? io_uring_drop_tctx_refs+0x190/0x190
[ 50.646480][ T398] dump_stack+0x15/0x17
[ 50.650549][ T398] should_fail+0x3c6/0x510
[ 50.654974][ T398] should_fail_usercopy+0x1a/0x20
[ 50.659921][ T398] _copy_to_user+0x20/0x90
[ 50.664177][ T398] simple_read_from_buffer+0xc7/0x150
[ 50.669384][ T398] proc_fail_nth_read+0x1a3/0x210
[ 50.674362][ T398] ? proc_fault_inject_write+0x390/0x390
[ 50.679895][ T398] ? fsnotify_perm+0x470/0x5d0
[ 50.684494][ T398] ? security_file_permission+0x86/0xb0
[ 50.689962][ T398] ? proc_fault_inject_write+0x390/0x390
[ 50.695516][ T398] vfs_read+0x27d/0xd40
[ 50.699515][ T398] ? kernel_read+0x1f0/0x1f0
[ 50.704042][ T398] ? __kasan_check_write+0x14/0x20
[ 50.708969][ T398] ? mutex_lock+0xb6/0x1e0
[ 50.713231][ T398] ? wait_for_completion_killable_timeout+0x10/0x10
[ 50.719819][ T398] ? __fdget_pos+0x2e7/0x3a0
[ 50.724252][ T398] ? ksys_read+0x77/0x2c0
[ 50.728412][ T398] ksys_read+0x199/0x2c0
[ 50.732505][ T398] ? vfs_write+0x1110/0x1110
[ 50.737002][ T398] ? __kasan_check_read+0x11/0x20
[ 50.741879][ T398] __x64_sys_read+0x7b/0x90
[ 50.746206][ T398] do_syscall_64+0x3d/0xb0
[ 50.750477][ T398] entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 50.756450][ T398] RIP: 0033:0x7faa9f7d878c
[ 50.760686][ T398] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 59 81 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 af 81 02 00 48
[ 50.780613][ T398] RSP: 002b:00007faa9f35c0c0 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[ 50.789109][ T398] RAX: ffffffffffffffda RBX: 00007faa9f8f8f80 RCX: 00007faa9f7d878c
[ 50.797082][ T398] RDX: 000000000000000f RSI: 00007faa9f35c130 RDI: 0000000000000006
[ 50.804998][ T398] RBP: 00007faa9f35c120 R08: 0000000000000000 R09: 0000000000000000
[ 50.812799][ T398] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 50.821392][ T398] R13: 000000000000000b R14: 00007faa9f8f8f80 R15: 00007ffe3f38fd98
[ 50.829379][ T398]
[ 50.840868][ T401] FAULT_INJECTION: forcing a failure.
[ 50.840868][ T401] name failslab, interval 1, probability 0, space 0, times 0
[ 50.854044][ T401] CPU: 0 PID: 401 Comm: syz-executor.0 Tainted: G B 5.15.148-syzkaller-1069047-g993bed180178 #0
[ 50.867574][ T401] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[ 50.879512][ T401] Call Trace:
[ 50.882890][ T401]
[ 50.885669][ T401] dump_stack_lvl+0x151/0x1b7
[ 50.890251][ T401] ? io_uring_drop_tctx_refs+0x190/0x190
[ 50.895898][ T401] dump_stack+0x15/0x17
[ 50.900071][ T401] should_fail+0x3c6/0x510
[ 50.904572][ T401] __should_failslab+0xa4/0xe0
[ 50.909274][ T401] should_failslab+0x9/0x20
[ 50.913596][ T401] slab_pre_alloc_hook+0x37/0xd0
[ 50.918467][ T401] kmem_cache_alloc_trace+0x48/0x210
[ 50.923582][ T401] ? sk_psock_skb_ingress_self+0x60/0x330
[ 50.929202][ T401] ? migrate_disable+0x190/0x190
[ 50.933994][ T401] sk_psock_skb_ingress_self+0x60/0x330
[ 50.939555][ T401] sk_psock_verdict_recv+0x66d/0x840
[ 50.944678][ T401] unix_read_sock+0x132/0x370
[ 50.949282][ T401] ? sk_psock_skb_redirect+0x440/0x440
[ 50.954661][ T401] ? unix_stream_splice_actor+0x120/0x120
[ 50.960316][ T401] ? _raw_spin_lock_irqsave+0xf9/0x210
[ 50.965610][ T401] ? unix_stream_splice_actor+0x120/0x120
[ 50.971238][ T401] sk_psock_verdict_data_ready+0x147/0x1a0
[ 50.976972][ T401] ? sk_psock_start_verdict+0xc0/0xc0
[ 50.982187][ T401] ? _raw_spin_lock+0xa4/0x1b0
[ 50.986957][ T401] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 50.992600][ T401] ? skb_queue_tail+0xfb/0x120
[ 50.997197][ T401] unix_dgram_sendmsg+0x15fa/0x2090
[ 51.002398][ T401] ? unix_dgram_poll+0x710/0x710
[ 51.007255][ T401] ? _raw_spin_trylock+0xcd/0x1a0
[ 51.012117][ T401] ? security_socket_sendmsg+0x82/0xb0
[ 51.017532][ T401] ? unix_dgram_poll+0x710/0x710
[ 51.022271][ T401] ____sys_sendmsg+0x59e/0x8f0
[ 51.027400][ T401] ? __sys_sendmsg_sock+0x40/0x40
[ 51.032376][ T401] ? import_iovec+0xe5/0x120
[ 51.036791][ T401] ___sys_sendmsg+0x252/0x2e0
[ 51.041403][ T401] ? __sys_sendmsg+0x260/0x260
[ 51.045999][ T401] ? do_handle_mm_fault+0x1949/0x2330
[ 51.051552][ T401] ? __kasan_check_write+0x14/0x20
[ 51.056494][ T401] ? proc_fail_nth_write+0x20b/0x290
[ 51.062321][ T401] ? __fdget+0x1bc/0x240
[ 51.066502][ T401] __sys_sendmmsg+0x2bf/0x530
[ 51.071502][ T401] ? __ia32_sys_sendmsg+0x90/0x90
[ 51.076367][ T401] ? mutex_unlock+0xb2/0x260
[ 51.080875][ T401] ? __kasan_check_write+0x14/0x20
[ 51.085819][ T401] ? debug_smp_processor_id+0x17/0x20
[ 51.091031][ T401] ? fpregs_assert_state_consistent+0xb6/0xe0
[ 51.096927][ T401] __x64_sys_sendmmsg+0xa0/0xb0
[ 51.101613][ T401] do_syscall_64+0x3d/0xb0
[ 51.105864][ T401] entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 51.111731][ T401] RIP: 0033:0x7faa9f7d9ae9
[ 51.115973][ T401] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[ 51.136026][ T401] RSP: 002b:00007faa9f35c0c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 51.144270][ T401] RAX: ffffffffffffffda RBX: 00007faa9f8f8f80 RCX: 00007faa9f7d9ae9
[ 51.152113][ T401] RDX: 0000000000000001 RSI: 00000000200063c0 RDI: 0000000000000003
[ 51.159891][ T401] RBP: 00007faa9f35c120 R08: 0000000000000000 R09: 0000000000000000
[ 51.167700][ T401] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 51.175514][ T401] R13: 000000000000000b R14: 00007faa9f8f8f80 R15: 00007ffe3f38fd98
[ 51.183339][ T401]
[ 51.186969][ T400] ==================================================================
[ 51.194880][ T400] BUG: KASAN: double-free or invalid-free in kmem_cache_free+0x116/0x2e0
[ 51.203185][ T400]
[ 51.205361][ T400] CPU: 1 PID: 400 Comm: syz-executor.0 Tainted: G B 5.15.148-syzkaller-1069047-g993bed180178 #0
[ 51.216902][ T400] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[ 51.226965][ T400] Call Trace:
[ 51.230097][ T400]
[ 51.232894][ T400] dump_stack_lvl+0x151/0x1b7
[ 51.237573][ T400] ? io_uring_drop_tctx_refs+0x190/0x190
[ 51.243139][ T400] ? __wake_up_klogd+0xd5/0x110
[ 51.247974][ T400] ? panic+0x751/0x751
[ 51.251872][ T400] ? kmem_cache_free+0x116/0x2e0
[ 51.256648][ T400] print_address_description+0x87/0x3b0
[ 51.262030][ T400] ? kmem_cache_free+0x116/0x2e0
[ 51.267072][ T400] ? kmem_cache_free+0x116/0x2e0
[ 51.272096][ T400] kasan_report_invalid_free+0x6b/0xa0
[ 51.277470][ T400] ____kasan_slab_free+0x13e/0x160
[ 51.282533][ T400] __kasan_slab_free+0x11/0x20
[ 51.288311][ T400] slab_free_freelist_hook+0xbd/0x190
[ 51.293507][ T400] ? kfree_skbmem+0x104/0x170
[ 51.298022][ T400] kmem_cache_free+0x116/0x2e0
[ 51.302620][ T400] kfree_skbmem+0x104/0x170
[ 51.307051][ T400] consume_skb+0xb4/0x250
[ 51.311211][ T400] __sk_msg_free+0x2dd/0x370
[ 51.315735][ T400] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 51.321368][ T400] sk_psock_stop+0x44c/0x4d0
[ 51.326066][ T400] ? unix_peer_get+0xe0/0xe0
[ 51.330563][ T400] sock_map_close+0x2b9/0x4c0
[ 51.335080][ T400] ? sock_map_remove_links+0x570/0x570
[ 51.340373][ T400] ? rwsem_mark_wake+0x6b0/0x6b0
[ 51.345156][ T400] unix_release+0x82/0xc0
[ 51.349326][ T400] sock_close+0xdf/0x270
[ 51.353391][ T400] ? sock_mmap+0xa0/0xa0
[ 51.357474][ T400] __fput+0x3fe/0x910
[ 51.361296][ T400] ____fput+0x15/0x20
[ 51.365115][ T400] task_work_run+0x129/0x190
[ 51.369540][ T400] exit_to_user_mode_loop+0xc4/0xe0
[ 51.374570][ T400] exit_to_user_mode_prepare+0x5a/0xa0
[ 51.379866][ T400] syscall_exit_to_user_mode+0x26/0x160
[ 51.385254][ T400] do_syscall_64+0x49/0xb0
[ 51.389497][ T400] entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 51.395312][ T400] RIP: 0033:0x7faa9f7d89da
[ 51.399697][ T400] Code: 48 3d 00 f0 ff ff 77 48 c3 0f 1f 80 00 00 00 00 48 83 ec 18 89 7c 24 0c e8 03 7f 02 00 8b 7c 24 0c 89 c2 b8 03 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 36 89 d7 89 44 24 0c e8 63 7f 02 00 8b 44 24
[ 51.419469][ T400] RSP: 002b:00007ffe3f38fe60 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[ 51.427854][ T400] RAX: 0000000000000000 RBX: 0000000000000004 RCX: 00007faa9f7d89da
[ 51.435615][ T400] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003
[ 51.443421][ T400] RBP: 0000000000000032 R08: 0000001b31660000 R09: 00007faa9f8f8f8c
[ 51.451237][ T400] R10: 00007ffe3f38ffb0 R11: 0000000000000293 R12: 00007faa9f35e0d0
[ 51.459139][ T400] R13: ffffffffffffffff R14: 00007faa9f35d000 R15: 000000000000c67e
[ 51.467035][ T400]
[ 51.469907][ T400]
[ 51.472065][ T400] Allocated by task 401:
[ 51.476228][ T400] __kasan_slab_alloc+0xb1/0xe0
[ 51.481098][ T400] slab_post_alloc_hook+0x53/0x2c0
[ 51.486212][ T400] kmem_cache_alloc+0xf5/0x200
[ 51.490899][ T400] skb_clone+0x1d1/0x360
[ 51.494975][ T400] sk_psock_verdict_recv+0x53/0x840
[ 51.500015][ T400] unix_read_sock+0x132/0x370
[ 51.504703][ T400] sk_psock_verdict_data_ready+0x147/0x1a0
[ 51.510350][ T400] unix_dgram_sendmsg+0x15fa/0x2090
[ 51.515382][ T400] ____sys_sendmsg+0x59e/0x8f0
[ 51.520176][ T400] ___sys_sendmsg+0x252/0x2e0
[ 51.524679][ T400] __sys_sendmmsg+0x2bf/0x530
[ 51.529279][ T400] __x64_sys_sendmmsg+0xa0/0xb0
[ 51.533965][ T400] do_syscall_64+0x3d/0xb0
[ 51.538217][ T400] entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 51.544220][ T400]
[ 51.546390][ T400] Freed by task 39:
[ 51.550035][ T400] kasan_set_track+0x4b/0x70
[ 51.554644][ T400] kasan_set_free_info+0x23/0x40
[ 51.559408][ T400] ____kasan_slab_free+0x126/0x160
[ 51.564441][ T400] __kasan_slab_free+0x11/0x20
[ 51.569043][ T400] slab_free_freelist_hook+0xbd/0x190
[ 51.574248][ T400] kmem_cache_free+0x116/0x2e0
[ 51.578846][ T400] kfree_skbmem+0x104/0x170
[ 51.583190][ T400] kfree_skb+0xc2/0x360
[ 51.587180][ T400] sk_psock_backlog+0xc21/0xd90
[ 51.591872][ T400] process_one_work+0x6bb/0xc10
[ 51.596643][ T400] worker_thread+0xad5/0x12a0
[ 51.601157][ T400] kthread+0x421/0x510
[ 51.605242][ T400] ret_from_fork+0x1f/0x30
[ 51.609598][ T400]
[ 51.611792][ T400] The buggy address belongs to the object at ffff88810e4028c0
[ 51.611792][ T400] which belongs to the cache skbuff_head_cache of size 248
[ 51.626345][ T400] The buggy address is located 0 bytes inside of
[ 51.626345][ T400] 248-byte region [ffff88810e4028c0, ffff88810e4029b8)
[ 51.639284][ T400] The buggy address belongs to the page:
[ 51.644786][ T400] page:ffffea0004390080 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10e402
[ 51.654991][ T400] flags: 0x4000000000000200(slab|zone=1)
[ 51.660436][ T400] raw: 4000000000000200 0000000000000000 0000000c00000001 ffff888100351680
[ 51.668854][ T400] raw: 0000000000000000 00000000000c000c 00000001ffffffff 0000000000000000
[ 51.677452][ T400] page dumped because: kasan: bad access detected
[ 51.683724][ T400] page_owner tracks the page as allocated
[ 51.689251][ T400] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x12cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY), pid 100, ts 4628969551, free_ts 0
[ 51.704090][ T400] post_alloc_hook+0x1a3/0x1b0
[ 51.708826][ T400] prep_new_page+0x1b/0x110
[ 51.713408][ T400] get_page_from_freelist+0x3550/0x35d0
[ 51.718806][ T400] __alloc_pages+0x27e/0x8f0
[ 51.723281][ T400] new_slab+0x9a/0x4e0
[ 51.727372][ T400] ___slab_alloc+0x39e/0x830
[ 51.732220][ T400] __slab_alloc+0x4a/0x90
[ 51.736386][ T400] kmem_cache_alloc+0x134/0x200
[ 51.741179][ T400] __alloc_skb+0xbe/0x550
[ 51.745341][ T400] netlink_sendmsg+0x797/0xd20
[ 51.749927][ T400] ____sys_sendmsg+0x59e/0x8f0
[ 51.754613][ T400] ___sys_sendmsg+0x252/0x2e0
[ 51.759125][ T400] __se_sys_sendmsg+0x19a/0x260
[ 51.763810][ T400] __x64_sys_sendmsg+0x7b/0x90
[ 51.768465][ T400] do_syscall_64+0x3d/0xb0
[ 51.772667][ T400] entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 51.778393][ T400] page_owner free stack trace missing
[ 51.783601][ T400]
[ 51.785773][ T400] Memory state around the buggy address:
[ 51.791243][ T400] ffff88810e402780: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
2024/03/05 22:37:33 executed programs: 20
[ 51.799141][ T400] ffff88810e402800: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fc
[ 51.807041][ T400] >ffff88810e402880: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
[ 51.814935][ T400] ^
[ 51.820928][ T400] ffff88810e402900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 51.828827][ T400] ffff88810e402980: fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc fc
[ 51.836722][ T400] ==================================================================
[ 51.860099][ T404] FAULT_INJECTION: forcing a failure.
[ 51.860099][ T404] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 51.873002][ T404] CPU: 0 PID: 404 Comm: syz-executor.0 Tainted: G B 5.15.148-syzkaller-1069047-g993bed180178 #0
[ 51.884502][ T404] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[ 51.894473][ T404] Call Trace:
[ 51.897597][ T404]
[ 51.900366][ T404] dump_stack_lvl+0x151/0x1b7
[ 51.904881][ T404] ? io_uring_drop_tctx_refs+0x190/0x190
[ 51.910349][ T404] dump_stack+0x15/0x17
[ 51.914441][ T404] should_fail+0x3c6/0x510
[ 51.918698][ T404] should_fail_usercopy+0x1a/0x20
[ 51.923550][ T404] _copy_to_user+0x20/0x90
[ 51.927977][ T404] simple_read_from_buffer+0xc7/0x150
[ 51.933447][ T404] proc_fail_nth_read+0x1a3/0x210
[ 51.938304][ T404] ? proc_fault_inject_write+0x390/0x390
[ 51.944182][ T404] ? fsnotify_perm+0x470/0x5d0
[ 51.948814][ T404] ? security_file_permission+0x86/0xb0
[ 51.954156][ T404] ? proc_fault_inject_write+0x390/0x390
[ 51.959805][ T404] vfs_read+0x27d/0xd40
[ 51.963808][ T404] ? kernel_read+0x1f0/0x1f0
[ 51.968223][ T404] ? __kasan_check_write+0x14/0x20
[ 51.973173][ T404] ? mutex_lock+0xb6/0x1e0
[ 51.977424][ T404] ? wait_for_completion_killable_timeout+0x10/0x10
[ 51.983943][ T404] ? __fdget_pos+0x2e7/0x3a0
[ 51.988373][ T404] ? ksys_read+0x77/0x2c0
[ 51.992624][ T404] ksys_read+0x199/0x2c0
[ 51.996701][ T404] ? vfs_write+0x1110/0x1110
[ 52.001132][ T404] ? __kasan_check_read+0x11/0x20
[ 52.006113][ T404] __x64_sys_read+0x7b/0x90
[ 52.010534][ T404] do_syscall_64+0x3d/0xb0
[ 52.014974][ T404] entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 52.021308][ T404] RIP: 0033:0x7faa9f7d878c
[ 52.025561][ T404] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 59 81 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 af 81 02 00 48
[ 52.045439][ T404] RSP: 002b:00007faa9f35c0c0 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[ 52.055082][ T404] RAX: ffffffffffffffda RBX: 00007faa9f8f8f80 RCX: 00007faa9f7d878c
[ 52.063252][ T404] RDX: 000000000000000f RSI: 00007faa9f35c130 RDI: 0000000000000006
[ 52.071237][ T404] RBP: 00007faa9f35c120 R08: 0000000000000000 R09: 0000000000000000
[ 52.079648][ T404] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 52.087659][ T404] R13: 000000000000000b R14: 00007faa9f8f8f80 R15: 00007ffe3f38fd98
[ 52.095479][ T404]
[ 52.109293][ T406] FAULT_INJECTION: forcing a failure.
[ 52.109293][ T406] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 52.122636][ T406] CPU: 0 PID: 406 Comm: syz-executor.0 Tainted: G B 5.15.148-syzkaller-1069047-g993bed180178 #0
[ 52.135634][ T406] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[ 52.145600][ T406] Call Trace:
[ 52.148717][ T406]
[ 52.151483][ T406] dump_stack_lvl+0x151/0x1b7
[ 52.155996][ T406] ? io_uring_drop_tctx_refs+0x190/0x190
[ 52.161641][ T406] dump_stack+0x15/0x17
[ 52.165630][ T406] should_fail+0x3c6/0x510
[ 52.170067][ T406] should_fail_usercopy+0x1a/0x20
[ 52.174935][ T406] _copy_to_user+0x20/0x90
[ 52.179180][ T406] simple_read_from_buffer+0xc7/0x150
[ 52.184485][ T406] proc_fail_nth_read+0x1a3/0x210
[ 52.189433][ T406] ? proc_fault_inject_write+0x390/0x390
[ 52.195258][ T406] ? fsnotify_perm+0x470/0x5d0
[ 52.199851][ T406] ? security_file_permission+0x86/0xb0
[ 52.205403][ T406] ? proc_fault_inject_write+0x390/0x390
[ 52.210882][ T406] vfs_read+0x27d/0xd40
[ 52.214866][ T406] ? kernel_read+0x1f0/0x1f0
[ 52.219289][ T406] ? __kasan_check_write+0x14/0x20
[ 52.224257][ T406] ? mutex_lock+0xb6/0x1e0
[ 52.228590][ T406] ? wait_for_completion_killable_timeout+0x10/0x10
[ 52.235097][ T406] ? __fdget_pos+0x2e7/0x3a0
[ 52.239656][ T406] ? ksys_read+0x77/0x2c0
[ 52.243854][ T406] ksys_read+0x199/0x2c0
[ 52.248460][ T406] ? vfs_write+0x1110/0x1110
[ 52.252887][ T406] ? __kasan_check_read+0x11/0x20
[ 52.257757][ T406] __x64_sys_read+0x7b/0x90
[ 52.262081][ T406] do_syscall_64+0x3d/0xb0
[ 52.266414][ T406] entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 52.272320][ T406] RIP: 0033:0x7faa9f7d878c
[ 52.276784][ T406] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 59 81 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 af 81 02 00 48
[ 52.296643][ T406] RSP: 002b:00007faa9f35c0c0 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[ 52.305067][ T406] RAX: ffffffffffffffda RBX: 00007faa9f8f8f80 RCX: 00007faa9f7d878c
[ 52.312880][ T406] RDX: 000000000000000f RSI: 00007faa9f35c130 RDI: 0000000000000006
[ 52.321498][ T406] RBP: 00007faa9f35c120 R08: 0000000000000000 R09: 0000000000000000
[ 52.329642][ T406] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 52.337805][ T406] R13: 000000000000000b R14: 00007faa9f8f8f80 R15: 00007ffe3f38fd98
[ 52.345764][ T406]
[ 52.358200][ T408] FAULT_INJECTION: forcing a failure.
[ 52.358200][ T408] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 52.371861][ T408] CPU: 0 PID: 408 Comm: syz-executor.0 Tainted: G B 5.15.148-syzkaller-1069047-g993bed180178 #0
[ 52.383605][ T408] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[ 52.393583][ T408] Call Trace:
[ 52.396706][ T408]
[ 52.399497][ T408] dump_stack_lvl+0x151/0x1b7
[ 52.404009][ T408] ? io_uring_drop_tctx_refs+0x190/0x190
[ 52.410426][ T408] dump_stack+0x15/0x17
[ 52.414421][ T408] should_fail+0x3c6/0x510
[ 52.418786][ T408] should_fail_usercopy+0x1a/0x20
[ 52.423651][ T408] _copy_to_user+0x20/0x90
[ 52.427895][ T408] simple_read_from_buffer+0xc7/0x150
[ 52.433278][ T408] proc_fail_nth_read+0x1a3/0x210
[ 52.438137][ T408] ? proc_fault_inject_write+0x390/0x390
[ 52.443789][ T408] ? fsnotify_perm+0x470/0x5d0
[ 52.448674][ T408] ? security_file_permission+0x86/0xb0
[ 52.454172][ T408] ? proc_fault_inject_write+0x390/0x390
[ 52.459602][ T408] vfs_read+0x27d/0xd40
[ 52.463688][ T408] ? kernel_read+0x1f0/0x1f0
[ 52.468206][ T408] ? __kasan_check_write+0x14/0x20
[ 52.473143][ T408] ? mutex_lock+0xb6/0x1e0
[ 52.477495][ T408] ? wait_for_completion_killable_timeout+0x10/0x10
[ 52.484449][ T408] ? __fdget_pos+0x2e7/0x3a0
[ 52.488861][ T408] ? ksys_read+0x77/0x2c0
[ 52.493048][ T408] ksys_read+0x199/0x2c0
[ 52.499623][ T408] ? vfs_write+0x1110/0x1110
[ 52.504135][ T408] ? __kasan_check_read+0x11/0x20
[ 52.509179][ T408] __x64_sys_read+0x7b/0x90
[ 52.513682][ T408] do_syscall_64+0x3d/0xb0
[ 52.518053][ T408] entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 52.524201][ T408] RIP: 0033:0x7faa9f7d878c
[ 52.528455][ T408] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 59 81 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 af 81 02 00 48
[ 52.548849][ T408] RSP: 002b:00007faa9f35c0c0 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[ 52.557443][ T408] RAX: ffffffffffffffda RBX: 00007faa9f8f8f80 RCX: 00007faa9f7d878c
[ 52.565937][ T408] RDX: 000000000000000f RSI: 00007faa9f35c130 RDI: 0000000000000006
[ 52.574013][ T408] RBP: 00007faa9f35c120 R08: 0000000000000000 R09: 0000000000000000
[ 52.582155][ T408] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 52.589967][ T408] R13: 000000000000000b R14: 00007faa9f8f8f80 R15: 00007ffe3f38fd98
[ 52.597786][ T408]