Warning: Permanently added '10.128.0.100' (ED25519) to the list of known hosts.
2024/12/12 13:18:29 ignoring optional flag "sandboxArg"="0"
2024/12/12 13:18:29 ignoring optional flag "type"="gce"
2024/12/12 13:18:30 parsed 1 programs
[ 46.382806][ T30] kauditd_printk_skb: 19 callbacks suppressed
[ 46.382823][ T30] audit: type=1400 audit(1734009510.174:95): avc: denied { unlink } for pid=348 comm="syz-executor" name="swap-file" dev="sda1" ino=1930 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
2024/12/12 13:18:30 executed programs: 0
[ 46.442795][ T348] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k
[ 46.500004][ T354] bridge0: port 1(bridge_slave_0) entered blocking state
[ 46.507017][ T354] bridge0: port 1(bridge_slave_0) entered disabled state
[ 46.514370][ T354] device bridge_slave_0 entered promiscuous mode
[ 46.521079][ T354] bridge0: port 2(bridge_slave_1) entered blocking state
[ 46.528029][ T354] bridge0: port 2(bridge_slave_1) entered disabled state
[ 46.535174][ T354] device bridge_slave_1 entered promiscuous mode
[ 46.581011][ T354] bridge0: port 2(bridge_slave_1) entered blocking state
[ 46.587977][ T354] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 46.595082][ T354] bridge0: port 1(bridge_slave_0) entered blocking state
[ 46.601839][ T354] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 46.620904][ T8] bridge0: port 1(bridge_slave_0) entered disabled state
[ 46.628109][ T8] bridge0: port 2(bridge_slave_1) entered disabled state
[ 46.635393][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[ 46.642872][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 46.651542][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 46.659793][ T8] bridge0: port 1(bridge_slave_0) entered blocking state
[ 46.666648][ T8] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 46.675187][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 46.683240][ T8] bridge0: port 2(bridge_slave_1) entered blocking state
[ 46.690087][ T8] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 46.702267][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 46.711432][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 46.725046][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 46.736067][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 46.744149][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[ 46.751374][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[ 46.759623][ T354] device veth0_vlan entered promiscuous mode
[ 46.769754][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 46.778746][ T354] device veth1_macvtap entered promiscuous mode
[ 46.787955][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 46.797957][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[ 46.820136][ T30] audit: type=1400 audit(1734009510.604:96): avc: denied { prog_load } for pid=358 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1
[ 46.844885][ T30] audit: type=1400 audit(1734009510.604:97): avc: denied { bpf } for pid=358 comm="syz-executor.0" capability=39 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1
[ 46.877509][ T361] FAULT_INJECTION: forcing a failure.
[ 46.877509][ T361] name fail_usercopy, interval 1, probability 0, space 0, times 1
[ 46.890631][ T30] audit: type=1400 audit(1734009510.664:98): avc: denied { map_create } for pid=358 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1
[ 46.909882][ T361] CPU: 0 PID: 361 Comm: syz-executor.0 Not tainted 5.15.170-syzkaller-1076701-g1f9202a6d83b #0
[ 46.920038][ T361] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[ 46.929943][ T361] Call Trace:
[ 46.933052][ T361]
[ 46.935826][ T361] dump_stack_lvl+0x151/0x1c0
[ 46.940342][ T361] ? io_uring_drop_tctx_refs+0x190/0x190
[ 46.942389][ T30] audit: type=1400 audit(1734009510.664:99): avc: denied { map_read map_write } for pid=358 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1
[ 46.945822][ T361] dump_stack+0x15/0x20
[ 46.969514][ T361] should_fail+0x3c6/0x510
[ 46.973865][ T361] should_fail_usercopy+0x1a/0x20
[ 46.978727][ T361] _copy_to_user+0x20/0x90
[ 46.983064][ T361] simple_read_from_buffer+0xc7/0x150
[ 46.988272][ T361] proc_fail_nth_read+0x1a3/0x210
[ 46.993131][ T361] ? proc_fault_inject_write+0x390/0x390
[ 46.998599][ T361] ? fsnotify_perm+0x269/0x5b0
[ 47.003200][ T361] ? security_file_permission+0x86/0xb0
[ 47.008589][ T361] ? proc_fault_inject_write+0x390/0x390
[ 47.014054][ T361] vfs_read+0x27d/0xd40
[ 47.018042][ T361] ? kernel_read+0x1f0/0x1f0
[ 47.022470][ T361] ? __kasan_check_write+0x14/0x20
[ 47.027413][ T361] ? mutex_lock+0xb6/0x1e0
[ 47.031668][ T361] ? wait_for_completion_killable_timeout+0x10/0x10
[ 47.038105][ T361] ? __fdget_pos+0x2e7/0x3a0
[ 47.042606][ T361] ? ksys_read+0x77/0x2c0
[ 47.046774][ T361] ksys_read+0x199/0x2c0
[ 47.050859][ T361] ? vfs_write+0x1110/0x1110
[ 47.055281][ T361] ? debug_smp_processor_id+0x17/0x20
[ 47.060570][ T361] ? fpregs_assert_state_consistent+0xb6/0xe0
[ 47.066488][ T361] __x64_sys_read+0x7b/0x90
[ 47.070818][ T361] x64_sys_call+0x28/0x9a0
[ 47.075153][ T361] do_syscall_64+0x3b/0xb0
[ 47.079403][ T361] ? clear_bhb_loop+0x35/0x90
[ 47.083917][ T361] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 47.089648][ T361] RIP: 0033:0x7f8bc396578c
[ 47.093898][ T361] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 59 81 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 af 81 02 00 48
[ 47.113337][ T361] RSP: 002b:00007f8bc34c80c0 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[ 47.121587][ T361] RAX: ffffffffffffffda RBX: 00007f8bc3a86050 RCX: 00007f8bc396578c
[ 47.129396][ T361] RDX: 000000000000000f RSI: 00007f8bc34c8130 RDI: 0000000000000005
[ 47.137209][ T361] RBP: 00007f8bc34c8120 R08: 0000000000000000 R09: 0000000000000000
[ 47.142767][ T30] audit: type=1400 audit(1734009510.934:100): avc: denied { perfmon } for pid=358 comm="syz-executor.0" capability=38 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1
[ 47.145098][ T361] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 47.173747][ T361] R13: 000000000000006e R14: 00007f8bc3a86050 R15: 00007fffcedcf298
[ 47.181559][ T361]
[ 47.186208][ T30] audit: type=1400 audit(1734009510.974:101): avc: denied { prog_run } for pid=358 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1
[ 47.213611][ T364] FAULT_INJECTION: forcing a failure.
[ 47.213611][ T364] name failslab, interval 1, probability 0, space 0, times 1
[ 47.226261][ T364] CPU: 1 PID: 364 Comm: syz-executor.0 Not tainted 5.15.170-syzkaller-1076701-g1f9202a6d83b #0
[ 47.236357][ T364] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[ 47.246426][ T364] Call Trace:
[ 47.249552][ T364]
[ 47.252333][ T364] dump_stack_lvl+0x151/0x1c0
[ 47.256859][ T364] ? io_uring_drop_tctx_refs+0x190/0x190
[ 47.262310][ T364] dump_stack+0x15/0x20
[ 47.266301][ T364] should_fail+0x3c6/0x510
[ 47.270673][ T364] __should_failslab+0xa4/0xe0
[ 47.275350][ T364] should_failslab+0x9/0x20
[ 47.279701][ T364] slab_pre_alloc_hook+0x37/0xd0
[ 47.284481][ T364] kmem_cache_alloc_trace+0x48/0x210
[ 47.289590][ T364] ? sk_psock_skb_ingress_self+0x60/0x330
[ 47.295137][ T364] ? migrate_disable+0x190/0x190
[ 47.299915][ T364] sk_psock_skb_ingress_self+0x60/0x330
[ 47.305293][ T364] sk_psock_verdict_recv+0x66d/0x840
[ 47.310534][ T364] unix_read_sock+0x132/0x370
[ 47.315033][ T364] ? sk_psock_skb_redirect+0x440/0x440
[ 47.320322][ T364] ? unix_stream_splice_actor+0x120/0x120
[ 47.325880][ T364] ? _raw_spin_lock_irqsave+0xf9/0x210
[ 47.331170][ T364] ? unix_stream_splice_actor+0x120/0x120
[ 47.336729][ T364] sk_psock_verdict_data_ready+0x147/0x1a0
[ 47.342371][ T364] ? sk_psock_start_verdict+0xc0/0xc0
[ 47.347580][ T364] ? _raw_spin_lock+0xa4/0x1b0
[ 47.352175][ T364] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 47.357819][ T364] ? skb_queue_tail+0xfb/0x120
[ 47.362454][ T364] unix_dgram_sendmsg+0x15fa/0x2090
[ 47.367473][ T364] ? unix_dgram_poll+0x690/0x690
[ 47.372229][ T364] ? __kasan_check_write+0x14/0x20
[ 47.377171][ T364] ? __cpuidle_text_end+0x2/0x2
[ 47.381856][ T364] ? cgroup_rstat_updated+0xe5/0x370
[ 47.386981][ T364] ? security_socket_sendmsg+0x82/0xb0
[ 47.392282][ T364] ? unix_dgram_poll+0x690/0x690
[ 47.397048][ T364] ____sys_sendmsg+0x59e/0x8f0
[ 47.401671][ T364] ? __sys_sendmsg_sock+0x40/0x40
[ 47.406534][ T364] ? import_iovec+0xe5/0x120
[ 47.410938][ T364] ___sys_sendmsg+0x252/0x2e0
[ 47.415448][ T364] ? __sys_sendmsg+0x260/0x260
[ 47.420056][ T364] ? __kasan_check_write+0x14/0x20
[ 47.424995][ T364] ? proc_fail_nth_write+0x20b/0x290
[ 47.430122][ T364] ? __fdget+0x1bc/0x240
[ 47.434197][ T364] __sys_sendmmsg+0x2bf/0x530
[ 47.438712][ T364] ? __ia32_sys_sendmsg+0x90/0x90
[ 47.443565][ T364] ? mutex_unlock+0xb2/0x260
[ 47.448086][ T364] ? __kasan_check_write+0x14/0x20
[ 47.453040][ T364] ? __ia32_sys_read+0x90/0x90
[ 47.457630][ T364] ? debug_smp_processor_id+0x17/0x20
[ 47.462950][ T364] ? fpregs_assert_state_consistent+0xb6/0xe0
[ 47.468861][ T364] __x64_sys_sendmmsg+0xa0/0xb0
[ 47.473512][ T364] x64_sys_call+0x81d/0x9a0
[ 47.477852][ T364] do_syscall_64+0x3b/0xb0
[ 47.482104][ T364] ? clear_bhb_loop+0x35/0x90
[ 47.486623][ T364] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 47.492398][ T364] RIP: 0033:0x7f8bc3966ae9
[ 47.496598][ T364] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[ 47.516599][ T364] RSP: 002b:00007f8bc34e90c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 47.524909][ T364] RAX: ffffffffffffffda RBX: 00007f8bc3a85f80 RCX: 00007f8bc3966ae9
[ 47.532724][ T364] RDX: 0000000000000001 RSI: 00000000200063c0 RDI: 0000000000000003
[ 47.540532][ T364] RBP: 00007f8bc34e9120 R08: 0000000000000000 R09: 0000000000000000
[ 47.548343][ T364] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 47.556157][ T364] R13: 000000000000000b R14: 00007f8bc3a85f80 R15: 00007fffcedcf298
[ 47.563972][ T364]
[ 47.567757][ T30] audit: type=1400 audit(1734009511.354:102): avc: denied { read } for pid=83 comm="syslogd" name="log" dev="sda1" ino=1915 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:var_t tclass=lnk_file permissive=1
[ 47.572202][ T363] ==================================================================
[ 47.597291][ T363] BUG: KASAN: use-after-free in consume_skb+0x3c/0x250
[ 47.603969][ T363] Read of size 4 at addr ffff888121edcc2c by task syz-executor.0/363
[ 47.611956][ T363]
[ 47.614125][ T363] CPU: 0 PID: 363 Comm: syz-executor.0 Not tainted 5.15.170-syzkaller-1076701-g1f9202a6d83b #0
[ 47.624281][ T363] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[ 47.634173][ T363] Call Trace:
[ 47.637301][ T363]
[ 47.640082][ T363] dump_stack_lvl+0x151/0x1c0
[ 47.644681][ T363] ? io_uring_drop_tctx_refs+0x190/0x190
[ 47.650146][ T363] ? panic+0x760/0x760
[ 47.654059][ T363] ? __update_load_avg_cfs_rq+0xb1/0x2f0
[ 47.659519][ T363] print_address_description+0x87/0x3b0
[ 47.664999][ T363] kasan_report+0x179/0x1c0
[ 47.669330][ T363] ? consume_skb+0x3c/0x250
[ 47.673669][ T363] ? consume_skb+0x3c/0x250
[ 47.678027][ T363] kasan_check_range+0x293/0x2a0
[ 47.682781][ T363] __kasan_check_read+0x11/0x20
[ 47.687464][ T363] consume_skb+0x3c/0x250
[ 47.691633][ T363] __sk_msg_free+0x2dd/0x370
[ 47.696098][ T363] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 47.701703][ T363] sk_psock_stop+0x44c/0x4d0
[ 47.706170][ T363] sk_psock_drop+0x219/0x310
[ 47.710559][ T363] sock_map_unref+0x48f/0x4d0
[ 47.715065][ T363] ? __local_bh_enable_ip+0x58/0x80
[ 47.720113][ T363] ? _raw_spin_unlock_bh+0x51/0x60
[ 47.725047][ T363] sock_map_remove_links+0x41c/0x650
[ 47.730174][ T363] ? __kasan_record_aux_stack+0xd3/0xf0
[ 47.735552][ T363] ? kasan_record_aux_stack+0xe/0x10
[ 47.740670][ T363] ? task_work_add+0x27/0x1d0
[ 47.745185][ T363] ? sock_map_unhash+0x120/0x120
[ 47.749956][ T363] ? x64_sys_call+0x3d/0x9a0
[ 47.754382][ T363] ? locks_remove_posix+0x610/0x610
[ 47.759418][ T363] sock_map_close+0x114/0x530
[ 47.763932][ T363] ? unix_peer_get+0xe0/0xe0
[ 47.768355][ T363] ? sock_map_remove_links+0x650/0x650
[ 47.773651][ T363] ? rwsem_mark_wake+0x770/0x770
[ 47.778423][ T363] unix_release+0x82/0xc0
[ 47.782589][ T363] sock_close+0xdf/0x270
[ 47.786676][ T363] ? sock_mmap+0xa0/0xa0
[ 47.790747][ T363] __fput+0x228/0x8c0
[ 47.794567][ T363] ____fput+0x15/0x20
[ 47.798383][ T363] task_work_run+0x129/0x190
[ 47.802814][ T363] exit_to_user_mode_loop+0xc4/0xe0
[ 47.807847][ T363] exit_to_user_mode_prepare+0x5a/0xa0
[ 47.813141][ T363] syscall_exit_to_user_mode+0x26/0x160
[ 47.818524][ T363] do_syscall_64+0x47/0xb0
[ 47.822776][ T363] ? clear_bhb_loop+0x35/0x90
[ 47.827295][ T363] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 47.833016][ T363] RIP: 0033:0x7f8bc39659da
[ 47.837270][ T363] Code: 48 3d 00 f0 ff ff 77 48 c3 0f 1f 80 00 00 00 00 48 83 ec 18 89 7c 24 0c e8 03 7f 02 00 8b 7c 24 0c 89 c2 b8 03 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 36 89 d7 89 44 24 0c e8 63 7f 02 00 8b 44 24
[ 47.856724][ T363] RSP: 002b:00007fffcedcf360 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[ 47.864955][ T363] RAX: 0000000000000000 RBX: 0000000000000004 RCX: 00007f8bc39659da
[ 47.872779][ T363] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003
[ 47.880577][ T363] RBP: 00007f8bc3a87980 R08: 0000001b31d60000 R09: 00007fffcedd80b0
[ 47.888409][ T363] R10: 0000000000000000 R11: 0000000000000293 R12: 000000000000bbaa
[ 47.896200][ T363] R13: ffffffffffffffff R14: 00007f8bc34ea000 R15: 000000000000b869
[ 47.904019][ T363]
[ 47.906897][ T363]
[ 47.909050][ T363] Allocated by task 364:
[ 47.913131][ T363] __kasan_slab_alloc+0xb1/0xe0
[ 47.917814][ T363] slab_post_alloc_hook+0x53/0x2c0
[ 47.922760][ T363] kmem_cache_alloc+0xf5/0x200
[ 47.927358][ T363] skb_clone+0x1d1/0x360
[ 47.931443][ T363] sk_psock_verdict_recv+0x53/0x840
[ 47.936479][ T363] unix_read_sock+0x132/0x370
[ 47.940988][ T363] sk_psock_verdict_data_ready+0x147/0x1a0
[ 47.946635][ T363] unix_dgram_sendmsg+0x15fa/0x2090
[ 47.951661][ T363] ____sys_sendmsg+0x59e/0x8f0
[ 47.956370][ T363] ___sys_sendmsg+0x252/0x2e0
[ 47.960879][ T363] __sys_sendmmsg+0x2bf/0x530
[ 47.965393][ T363] __x64_sys_sendmmsg+0xa0/0xb0
[ 47.970078][ T363] x64_sys_call+0x81d/0x9a0
[ 47.974434][ T363] do_syscall_64+0x3b/0xb0
[ 47.978675][ T363] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 47.984401][ T363]
[ 47.986569][ T363] Freed by task 20:
[ 47.990215][ T363] kasan_set_track+0x4b/0x70
[ 47.994642][ T363] kasan_set_free_info+0x23/0x40
[ 47.999534][ T363] ____kasan_slab_free+0x126/0x160
[ 48.004481][ T363] __kasan_slab_free+0x11/0x20
[ 48.009077][ T363] slab_free_freelist_hook+0xbd/0x190
[ 48.014312][ T363] kmem_cache_free+0x116/0x2e0
[ 48.018896][ T363] kfree_skbmem+0x104/0x170
[ 48.023228][ T363] kfree_skb+0xc2/0x360
[ 48.027226][ T363] sk_psock_backlog+0xc21/0xd90
[ 48.031904][ T363] process_one_work+0x6bb/0xc10
[ 48.036607][ T363] worker_thread+0xad5/0x12a0
[ 48.041102][ T363] kthread+0x421/0x510
[ 48.045009][ T363] ret_from_fork+0x1f/0x30
[ 48.049264][ T363]
[ 48.051433][ T363] The buggy address belongs to the object at ffff888121edcb40
[ 48.051433][ T363] which belongs to the cache skbuff_head_cache of size 248
[ 48.066025][ T363] The buggy address is located 236 bytes inside of
[ 48.066025][ T363] 248-byte region [ffff888121edcb40, ffff888121edcc38)
[ 48.079121][ T363] The buggy address belongs to the page:
[ 48.084691][ T363] page:ffffea000487b700 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x121edc
[ 48.094831][ T363] flags: 0x4000000000000200(slab|zone=1)
[ 48.100391][ T363] raw: 4000000000000200 0000000000000000 dead000000000122 ffff8881081ab200
[ 48.108811][ T363] raw: 0000000000000000 00000000000c000c 00000001ffffffff 0000000000000000
[ 48.117223][ T363] page dumped because: kasan: bad access detected
[ 48.123488][ T363] page_owner tracks the page as allocated
[ 48.129024][ T363] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x112a20(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_HARDWALL), pid 39, ts 47205616807, free_ts 47185974923
[ 48.146214][ T363] post_alloc_hook+0x1a3/0x1b0
[ 48.150808][ T363] prep_new_page+0x1b/0x110
[ 48.155258][ T363] get_page_from_freelist+0x3550/0x35d0
[ 48.160640][ T363] __alloc_pages+0x27e/0x8f0
[ 48.165065][ T363] new_slab+0x9a/0x4e0
[ 48.168968][ T363] ___slab_alloc+0x39e/0x830
[ 48.173400][ T363] __slab_alloc+0x4a/0x90
[ 48.177563][ T363] kmem_cache_alloc+0x134/0x200
[ 48.182261][ T363] __alloc_skb+0xbe/0x550
[ 48.186460][ T363] ndisc_alloc_skb+0xf3/0x2d0
[ 48.190926][ T363] ndisc_send_ns+0x29d/0x830
[ 48.195379][ T363] addrconf_dad_work+0xb29/0x1710
[ 48.200217][ T363] process_one_work+0x6bb/0xc10
[ 48.204902][ T363] worker_thread+0xad5/0x12a0
[ 48.209416][ T363] kthread+0x421/0x510
[ 48.213322][ T363] ret_from_fork+0x1f/0x30
[ 48.217591][ T363] page last free stack trace:
[ 48.222085][ T363] free_unref_page_prepare+0x7c8/0x7d0
[ 48.227388][ T363] free_unref_page+0xe8/0x750
[ 48.231893][ T363] __free_pages+0x61/0xf0
[ 48.236061][ T363] free_pages+0x7c/0x90
[ 48.240052][ T363] kasan_depopulate_vmalloc_pte+0x6a/0x90
[ 48.245608][ T363] __apply_to_page_range+0x8dd/0xbe0
[ 48.250738][ T363] apply_to_existing_page_range+0x38/0x50
[ 48.256286][ T363] kasan_release_vmalloc+0x9a/0xb0
[ 48.261236][ T363] __purge_vmap_area_lazy+0x154a/0x1690
[ 48.266624][ T363] _vm_unmap_aliases+0x339/0x3b0
[ 48.271385][ T363] vm_unmap_aliases+0x19/0x20
[ 48.275898][ T363] change_page_attr_set_clr+0x308/0x1050
[ 48.281369][ T363] set_memory_ro+0xa1/0xe0
[ 48.285624][ T363] bpf_int_jit_compile+0xbf21/0xc6b0
[ 48.290753][ T363] bpf_prog_select_runtime+0x724/0xa10
[ 48.296123][ T363] bpf_prog_load+0x1315/0x1b50
[ 48.300724][ T363]
[ 48.302889][ T363] Memory state around the buggy address:
[ 48.308366][ T363] ffff888121edcb00: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
[ 48.316271][ T363] ffff888121edcb80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 48.324206][ T363] >ffff888121edcc00: fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc fc
[ 48.332144][ T363] ^
[ 48.337354][ T363] ffff888121edcc80: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 48.345253][ T363] ffff888121edcd00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fc
[ 48.353158][ T363] ==================================================================
[ 48.361053][ T363] Disabling lock debugging due to kernel taint
[ 48.367091][ T363] ==================================================================
[ 48.374938][ T363] BUG: KASAN: double-free or invalid-free in kmem_cache_free+0x116/0x2e0
[ 48.383178][ T363]
[ 48.385344][ T363] CPU: 0 PID: 363 Comm: syz-executor.0 Tainted: G B 5.15.170-syzkaller-1076701-g1f9202a6d83b #0
[ 48.396889][ T363] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[ 48.406961][ T363] Call Trace:
[ 48.410111][ T363]
[ 48.412858][ T363] dump_stack_lvl+0x151/0x1c0
[ 48.417372][ T363] ? io_uring_drop_tctx_refs+0x190/0x190
[ 48.422843][ T363] ? __wake_up_klogd+0xd5/0x110
[ 48.427529][ T363] ? panic+0x760/0x760
[ 48.431431][ T363] ? kmem_cache_free+0x116/0x2e0
[ 48.436204][ T363] print_address_description+0x87/0x3b0
[ 48.441585][ T363] ? asm_sysvec_apic_timer_interrupt+0x1b/0x20
[ 48.447587][ T363] ? kmem_cache_free+0x116/0x2e0
[ 48.452351][ T363] ? kmem_cache_free+0x116/0x2e0
[ 48.457122][ T363] kasan_report_invalid_free+0x6b/0xa0
[ 48.462415][ T363] ____kasan_slab_free+0x13e/0x160
[ 48.467364][ T363] __kasan_slab_free+0x11/0x20
[ 48.472054][ T363] slab_free_freelist_hook+0xbd/0x190
[ 48.477364][ T363] ? kfree_skbmem+0x104/0x170
[ 48.481971][ T363] kmem_cache_free+0x116/0x2e0
[ 48.486575][ T363] kfree_skbmem+0x104/0x170
[ 48.490917][ T363] consume_skb+0xb4/0x250
[ 48.495083][ T363] __sk_msg_free+0x2dd/0x370
[ 48.499504][ T363] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 48.505159][ T363] sk_psock_stop+0x44c/0x4d0
[ 48.509574][ T363] sk_psock_drop+0x219/0x310
[ 48.514020][ T363] sock_map_unref+0x48f/0x4d0
[ 48.518510][ T363] ? __local_bh_enable_ip+0x58/0x80
[ 48.523544][ T363] ? _raw_spin_unlock_bh+0x51/0x60
[ 48.528492][ T363] sock_map_remove_links+0x41c/0x650
[ 48.533622][ T363] ? __kasan_record_aux_stack+0xd3/0xf0
[ 48.538997][ T363] ? kasan_record_aux_stack+0xe/0x10
[ 48.544124][ T363] ? task_work_add+0x27/0x1d0
[ 48.548627][ T363] ? sock_map_unhash+0x120/0x120
[ 48.553413][ T363] ? x64_sys_call+0x3d/0x9a0
[ 48.557837][ T363] ? locks_remove_posix+0x610/0x610
[ 48.562864][ T363] sock_map_close+0x114/0x530
[ 48.567376][ T363] ? unix_peer_get+0xe0/0xe0
[ 48.571806][ T363] ? sock_map_remove_links+0x650/0x650
[ 48.577099][ T363] ? rwsem_mark_wake+0x770/0x770
[ 48.581871][ T363] unix_release+0x82/0xc0
[ 48.586036][ T363] sock_close+0xdf/0x270
[ 48.590117][ T363] ? sock_mmap+0xa0/0xa0
[ 48.594198][ T363] __fput+0x228/0x8c0
[ 48.598014][ T363] ____fput+0x15/0x20
[ 48.601837][ T363] task_work_run+0x129/0x190
[ 48.606258][ T363] exit_to_user_mode_loop+0xc4/0xe0
[ 48.611292][ T363] exit_to_user_mode_prepare+0x5a/0xa0
[ 48.616588][ T363] syscall_exit_to_user_mode+0x26/0x160
[ 48.621983][ T363] do_syscall_64+0x47/0xb0
[ 48.626226][ T363] ? clear_bhb_loop+0x35/0x90
[ 48.630732][ T363] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 48.636462][ T363] RIP: 0033:0x7f8bc39659da
[ 48.640716][ T363] Code: 48 3d 00 f0 ff ff 77 48 c3 0f 1f 80 00 00 00 00 48 83 ec 18 89 7c 24 0c e8 03 7f 02 00 8b 7c 24 0c 89 c2 b8 03 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 36 89 d7 89 44 24 0c e8 63 7f 02 00 8b 44 24
[ 48.660170][ T363] RSP: 002b:00007fffcedcf360 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[ 48.668404][ T363] RAX: 0000000000000000 RBX: 0000000000000004 RCX: 00007f8bc39659da
[ 48.676219][ T363] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003
[ 48.684023][ T363] RBP: 00007f8bc3a87980 R08: 0000001b31d60000 R09: 00007fffcedd80b0
[ 48.691841][ T363] R10: 0000000000000000 R11: 0000000000000293 R12: 000000000000bbaa
[ 48.699647][ T363] R13: ffffffffffffffff R14: 00007f8bc34ea000 R15: 000000000000b869
[ 48.707465][ T363]
[ 48.710321][ T363]
[ 48.712490][ T363] Allocated by task 364:
[ 48.716570][ T363] __kasan_slab_alloc+0xb1/0xe0
[ 48.721256][ T363] slab_post_alloc_hook+0x53/0x2c0
[ 48.726210][ T363] kmem_cache_alloc+0xf5/0x200
[ 48.730805][ T363] skb_clone+0x1d1/0x360
[ 48.735061][ T363] sk_psock_verdict_recv+0x53/0x840
[ 48.740098][ T363] unix_read_sock+0x132/0x370
[ 48.744717][ T363] sk_psock_verdict_data_ready+0x147/0x1a0
[ 48.750359][ T363] unix_dgram_sendmsg+0x15fa/0x2090
[ 48.755498][ T363] ____sys_sendmsg+0x59e/0x8f0
[ 48.760097][ T363] ___sys_sendmsg+0x252/0x2e0
[ 48.764609][ T363] __sys_sendmmsg+0x2bf/0x530
[ 48.769332][ T363] __x64_sys_sendmmsg+0xa0/0xb0
[ 48.774075][ T363] x64_sys_call+0x81d/0x9a0
[ 48.778676][ T363] do_syscall_64+0x3b/0xb0
[ 48.782926][ T363] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 48.788658][ T363]
[ 48.790832][ T363] Freed by task 20:
[ 48.794467][ T363] kasan_set_track+0x4b/0x70
[ 48.798890][ T363] kasan_set_free_info+0x23/0x40
[ 48.803666][ T363] ____kasan_slab_free+0x126/0x160
[ 48.808613][ T363] __kasan_slab_free+0x11/0x20
[ 48.813242][ T363] slab_free_freelist_hook+0xbd/0x190
[ 48.818423][ T363] kmem_cache_free+0x116/0x2e0
[ 48.823025][ T363] kfree_skbmem+0x104/0x170
[ 48.827360][ T363] kfree_skb+0xc2/0x360
[ 48.831361][ T363] sk_psock_backlog+0xc21/0xd90
[ 48.836050][ T363] process_one_work+0x6bb/0xc10
[ 48.840731][ T363] worker_thread+0xad5/0x12a0
[ 48.845274][ T363] kthread+0x421/0x510
[ 48.849145][ T363] ret_from_fork+0x1f/0x30
[ 48.853425][ T363]
[ 48.855568][ T363] The buggy address belongs to the object at ffff888121edcb40
[ 48.855568][ T363] which belongs to the cache skbuff_head_cache of size 248
[ 48.870100][ T363] The buggy address is located 0 bytes inside of
[ 48.870100][ T363] 248-byte region [ffff888121edcb40, ffff888121edcc38)
[ 48.883033][ T363] The buggy address belongs to the page:
[ 48.888501][ T363] page:ffffea000487b700 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x121edc
[ 48.898571][ T363] flags: 0x4000000000000200(slab|zone=1)
[ 48.904039][ T363] raw: 4000000000000200 0000000000000000 dead000000000122 ffff8881081ab200
[ 48.912458][ T363] raw: 0000000000000000 00000000000c000c 00000001ffffffff 0000000000000000
[ 48.920867][ T363] page dumped because: kasan: bad access detected
[ 48.927120][ T363] page_owner tracks the page as allocated
[ 48.932676][ T363] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x112a20(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_HARDWALL), pid 39, ts 47205616807, free_ts 47185974923
[ 48.949841][ T363] post_alloc_hook+0x1a3/0x1b0
[ 48.954467][ T363] prep_new_page+0x1b/0x110
[ 48.958800][ T363] get_page_from_freelist+0x3550/0x35d0
[ 48.964184][ T363] __alloc_pages+0x27e/0x8f0
[ 48.968608][ T363] new_slab+0x9a/0x4e0
[ 48.972515][ T363] ___slab_alloc+0x39e/0x830
[ 48.976937][ T363] __slab_alloc+0x4a/0x90
[ 48.981111][ T363] kmem_cache_alloc+0x134/0x200
[ 48.985790][ T363] __alloc_skb+0xbe/0x550
[ 48.989955][ T363] ndisc_alloc_skb+0xf3/0x2d0
[ 48.994478][ T363] ndisc_send_ns+0x29d/0x830
[ 48.998896][ T363] addrconf_dad_work+0xb29/0x1710
[ 49.003761][ T363] process_one_work+0x6bb/0xc10
[ 49.008448][ T363] worker_thread+0xad5/0x12a0
[ 49.012968][ T363] kthread+0x421/0x510
[ 49.016869][ T363] ret_from_fork+0x1f/0x30
[ 49.021124][ T363] page last free stack trace:
[ 49.025718][ T363] free_unref_page_prepare+0x7c8/0x7d0
[ 49.031112][ T363] free_unref_page+0xe8/0x750
[ 49.035717][ T363] __free_pages+0x61/0xf0
[ 49.039894][ T363] free_pages+0x7c/0x90
[ 49.043870][ T363] kasan_depopulate_vmalloc_pte+0x6a/0x90
[ 49.049427][ T363] __apply_to_page_range+0x8dd/0xbe0
[ 49.054550][ T363] apply_to_existing_page_range+0x38/0x50
[ 49.060101][ T363] kasan_release_vmalloc+0x9a/0xb0
[ 49.065180][ T363] __purge_vmap_area_lazy+0x154a/0x1690
[ 49.070538][ T363] _vm_unmap_aliases+0x339/0x3b0
[ 49.075314][ T363] vm_unmap_aliases+0x19/0x20
[ 49.079823][ T363] change_page_attr_set_clr+0x308/0x1050
[ 49.085304][ T363] set_memory_ro+0xa1/0xe0
[ 49.089561][ T363] bpf_int_jit_compile+0xbf21/0xc6b0
[ 49.094667][ T363] bpf_prog_select_runtime+0x724/0xa10
[ 49.100046][ T363] bpf_prog_load+0x1315/0x1b50
[ 49.104646][ T363]
[ 49.106813][ T363] Memory state around the buggy address:
[ 49.112299][ T363] ffff888121edca00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 49.120368][ T363] ffff888121edca80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fc
[ 49.128257][ T363] >ffff888121edcb00: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
[ 49.136155][ T363] ^
[ 49.142172][ T363] ffff888121edcb80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 49.150045][ T363] ffff888121edcc00: fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc fc
[ 49.157943][ T363] ==================================================================
[ 49.179757][ T367] FAULT_INJECTION: forcing a failure.
[ 49.179757][ T367] name failslab, interval 1, probability 0, space 0, times 0
[ 49.192428][ T367] CPU: 0 PID: 367 Comm: syz-executor.0 Tainted: G B 5.15.170-syzkaller-1076701-g1f9202a6d83b #0
[ 49.204145][ T367] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[ 49.214279][ T367] Call Trace:
[ 49.217406][ T367]
[ 49.220188][ T367] dump_stack_lvl+0x151/0x1c0
[ 49.224772][ T367] ? io_uring_drop_tctx_refs+0x190/0x190
[ 49.230239][ T367] dump_stack+0x15/0x20
[ 49.234233][ T367] should_fail+0x3c6/0x510
[ 49.238482][ T367] __should_failslab+0xa4/0xe0
[ 49.243089][ T367] should_failslab+0x9/0x20
[ 49.247425][ T367] slab_pre_alloc_hook+0x37/0xd0
[ 49.252195][ T367] kmem_cache_alloc_trace+0x48/0x210
[ 49.257312][ T367] ? sk_psock_skb_ingress_self+0x60/0x330
[ 49.262872][ T367] ? migrate_disable+0x190/0x190
[ 49.267645][ T367] sk_psock_skb_ingress_self+0x60/0x330
[ 49.273030][ T367] sk_psock_verdict_recv+0x66d/0x840
[ 49.278151][ T367] unix_read_sock+0x132/0x370
[ 49.282664][ T367] ? sk_psock_skb_redirect+0x440/0x440
[ 49.287949][ T367] ? unix_stream_splice_actor+0x120/0x120
[ 49.293741][ T367] ? _raw_spin_lock_irqsave+0xf9/0x210
[ 49.299062][ T367] ? unix_stream_splice_actor+0x120/0x120
[ 49.304592][ T367] sk_psock_verdict_data_ready+0x147/0x1a0
[ 49.310241][ T367] ? sk_psock_start_verdict+0xc0/0xc0
[ 49.315433][ T367] ? _raw_spin_lock+0xa4/0x1b0
[ 49.320478][ T367] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 49.326120][ T367] ? skb_queue_tail+0xfb/0x120
[ 49.330727][ T367] unix_dgram_sendmsg+0x15fa/0x2090
[ 49.335751][ T367] ? unix_dgram_poll+0x690/0x690
[ 49.340523][ T367] ? __kasan_check_write+0x14/0x20
[ 49.345572][ T367] ? __cpuidle_text_end+0x2/0x2
[ 49.350260][ T367] ? cgroup_rstat_updated+0xe5/0x370
[ 49.355372][ T367] ? security_socket_sendmsg+0x82/0xb0
[ 49.360769][ T367] ? unix_dgram_poll+0x690/0x690
[ 49.365571][ T367] ____sys_sendmsg+0x59e/0x8f0
[ 49.370153][ T367] ? __sys_sendmsg_sock+0x40/0x40
[ 49.375238][ T367] ? import_iovec+0xe5/0x120
[ 49.379627][ T367] ___sys_sendmsg+0x252/0x2e0
[ 49.384226][ T367] ? __sys_sendmsg+0x260/0x260
[ 49.388826][ T367] ? __kasan_check_write+0x14/0x20
[ 49.393782][ T367] ? proc_fail_nth_write+0x20b/0x290
[ 49.398896][ T367] ? __fdget+0x1bc/0x240
[ 49.402972][ T367] __sys_sendmmsg+0x2bf/0x530
[ 49.407484][ T367] ? __ia32_sys_sendmsg+0x90/0x90
[ 49.412345][ T367] ? mutex_unlock+0xb2/0x260
[ 49.416783][ T367] ? __kasan_check_write+0x14/0x20
[ 49.421720][ T367] ? __ia32_sys_read+0x90/0x90
[ 49.426602][ T367] ? debug_smp_processor_id+0x17/0x20
[ 49.431810][ T367] ? fpregs_assert_state_consistent+0xb6/0xe0
[ 49.437712][ T367] __x64_sys_sendmmsg+0xa0/0xb0
[ 49.442404][ T367] x64_sys_call+0x81d/0x9a0
[ 49.446823][ T367] do_syscall_64+0x3b/0xb0
[ 49.451088][ T367] ? clear_bhb_loop+0x35/0x90
[ 49.455607][ T367] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 49.461320][ T367] RIP: 0033:0x7f8bc3966ae9
[ 49.465581][ T367] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[ 49.485029][ T367] RSP: 002b:00007f8bc34e90c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 49.493271][ T367] RAX: ffffffffffffffda RBX: 00007f8bc3a85f80 RCX: 00007f8bc3966ae9
[ 49.501111][ T367] RDX: 0000000000000001 RSI: 00000000200063c0 RDI: 0000000000000003
[ 49.508890][ T367] RBP: 00007f8bc34e9120 R08: 0000000000000000 R09: 0000000000000000
[ 49.516693][ T367] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 49.524509][ T367] R13: 000000000000000b R14: 00007f8bc3a85f80 R15: 00007fffcedcf298
[ 49.532324][ T367]
[ 49.536208][ T366] ==================================================================
[ 49.544089][ T366] BUG: KASAN: double-free or invalid-free in kmem_cache_free+0x116/0x2e0
[ 49.552332][ T366]
[ 49.554517][ T366] CPU: 0 PID: 366 Comm: syz-executor.0 Tainted: G B 5.15.170-syzkaller-1076701-g1f9202a6d83b #0
[ 49.566137][ T366] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[ 49.576030][ T366] Call Trace:
[ 49.579157][ T366]
[ 49.581930][ T366] dump_stack_lvl+0x151/0x1c0
[ 49.586450][ T366] ? io_uring_drop_tctx_refs+0x190/0x190
[ 49.591907][ T366] ? __wake_up_klogd+0xd5/0x110
[ 49.596601][ T366] ? panic+0x760/0x760
[ 49.600585][ T366] ? kmem_cache_free+0x116/0x2e0
[ 49.605375][ T366] print_address_description+0x87/0x3b0
[ 49.610918][ T366] ? kmem_cache_free+0x116/0x2e0
[ 49.615685][ T366] ? kmem_cache_free+0x116/0x2e0
[ 49.620468][ T366] kasan_report_invalid_free+0x6b/0xa0
[ 49.625754][ T366] ____kasan_slab_free+0x13e/0x160
[ 49.630702][ T366] __kasan_slab_free+0x11/0x20
[ 49.635388][ T366] slab_free_freelist_hook+0xbd/0x190
[ 49.640711][ T366] ? kfree_skbmem+0x104/0x170
[ 49.645202][ T366] kmem_cache_free+0x116/0x2e0
[ 49.649807][ T366] kfree_skbmem+0x104/0x170
[ 49.654192][ T366] consume_skb+0xb4/0x250
[ 49.658311][ T366] __sk_msg_free+0x2dd/0x370
[ 49.662734][ T366] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 49.668389][ T366] sk_psock_stop+0x44c/0x4d0
[ 49.672810][ T366] sk_psock_drop+0x219/0x310
[ 49.677236][ T366] sock_map_unref+0x48f/0x4d0
[ 49.681753][ T366] ? __local_bh_enable_ip+0x58/0x80
[ 49.686777][ T366] ? _raw_spin_unlock_bh+0x51/0x60
[ 49.691820][ T366] sock_map_remove_links+0x41c/0x650
[ 49.696941][ T366] ? __kasan_record_aux_stack+0xd3/0xf0
[ 49.702322][ T366] ? kasan_record_aux_stack+0xe/0x10
[ 49.707434][ T366] ? task_work_add+0x27/0x1d0
[ 49.711950][ T366] ? sock_map_unhash+0x120/0x120
[ 49.716722][ T366] ? x64_sys_call+0x3d/0x9a0
[ 49.721146][ T366] ? locks_remove_posix+0x610/0x610
[ 49.726182][ T366] sock_map_close+0x114/0x530
[ 49.730783][ T366] ? unix_peer_get+0xe0/0xe0
[ 49.735208][ T366] ? sock_map_remove_links+0x650/0x650
[ 49.740511][ T366] ? rwsem_mark_wake+0x770/0x770
[ 49.745283][ T366] unix_release+0x82/0xc0
[ 49.749451][ T366] sock_close+0xdf/0x270
[ 49.753524][ T366] ? sock_mmap+0xa0/0xa0
[ 49.757810][ T366] __fput+0x228/0x8c0
[ 49.761598][ T366] ____fput+0x15/0x20
[ 49.765412][ T366] task_work_run+0x129/0x190
[ 49.769840][ T366] exit_to_user_mode_loop+0xc4/0xe0
[ 49.774875][ T366] exit_to_user_mode_prepare+0x5a/0xa0
[ 49.780185][ T366] syscall_exit_to_user_mode+0x26/0x160
[ 49.785548][ T366] do_syscall_64+0x47/0xb0
[ 49.789800][ T366] ? clear_bhb_loop+0x35/0x90
[ 49.794312][ T366] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 49.800047][ T366] RIP: 0033:0x7f8bc39659da
[ 49.804305][ T366] Code: 48 3d 00 f0 ff ff 77 48 c3 0f 1f 80 00 00 00 00 48 83 ec 18 89 7c 24 0c e8 03 7f 02 00 8b 7c 24 0c 89 c2 b8 03 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 36 89 d7 89 44 24 0c e8 63 7f 02 00 8b 44 24
[ 49.823737][ T366] RSP: 002b:00007fffcedcf360 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[ 49.831991][ T366] RAX: 0000000000000000 RBX: 0000000000000004 RCX: 00007f8bc39659da
[ 49.839793][ T366] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003
[ 49.847604][ T366] RBP: 00007f8bc3a87980 R08: 0000001b31d60000 R09: 00007fffcedd80b0
[ 49.855418][ T366] R10: 0000000000000000 R11: 0000000000000293 R12: 000000000000c358
[ 49.863227][ T366] R13: ffffffffffffffff R14: 00007f8bc34ea000 R15: 000000000000c017
[ 49.871043][ T366]
[ 49.873911][ T366]
[ 49.876070][ T366] Allocated by task 367:
[ 49.880326][ T366] __kasan_slab_alloc+0xb1/0xe0
[ 49.885014][ T366] slab_post_alloc_hook+0x53/0x2c0
[ 49.889957][ T366] kmem_cache_alloc+0xf5/0x200
[ 49.894563][ T366] skb_clone+0x1d1/0x360
[ 49.898640][ T366] sk_psock_verdict_recv+0x53/0x840
[ 49.903676][ T366] unix_read_sock+0x132/0x370
[ 49.908191][ T366] sk_psock_verdict_data_ready+0x147/0x1a0
[ 49.913835][ T366] unix_dgram_sendmsg+0x15fa/0x2090
[ 49.918859][ T366] ____sys_sendmsg+0x59e/0x8f0
[ 49.923459][ T366] ___sys_sendmsg+0x252/0x2e0
[ 49.927975][ T366] __sys_sendmmsg+0x2bf/0x530
[ 49.932496][ T366] __x64_sys_sendmmsg+0xa0/0xb0
[ 49.937177][ T366] x64_sys_call+0x81d/0x9a0
[ 49.941516][ T366] do_syscall_64+0x3b/0xb0
[ 49.945767][ T366] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 49.951493][ T366]
[ 49.953665][ T366] Freed by task 60:
[ 49.957329][ T366] kasan_set_track+0x4b/0x70
[ 49.961740][ T366] kasan_set_free_info+0x23/0x40
[ 49.966530][ T366] ____kasan_slab_free+0x126/0x160
[ 49.971460][ T366] __kasan_slab_free+0x11/0x20
[ 49.976069][ T366] slab_free_freelist_hook+0xbd/0x190
[ 49.981267][ T366] kmem_cache_free+0x116/0x2e0
[ 49.985864][ T366] kfree_skbmem+0x104/0x170
[ 49.990203][ T366] kfree_skb+0xc2/0x360
[ 49.994195][ T366] sk_psock_backlog+0xc21/0xd90
[ 49.998882][ T366] process_one_work+0x6bb/0xc10
[ 50.003567][ T366] worker_thread+0xad5/0x12a0
[ 50.008080][ T366] kthread+0x421/0x510
[ 50.011984][ T366] ret_from_fork+0x1f/0x30
[ 50.016237][ T366]
[ 50.018412][ T366] The buggy address belongs to the object at ffff888121efd780
[ 50.018412][ T366] which belongs to the cache skbuff_head_cache of size 248
[ 50.032829][ T366] The buggy address is located 0 bytes inside of
[ 50.032829][ T366] 248-byte region [ffff888121efd780, ffff888121efd878)
[ 50.045840][ T366] The buggy address belongs to the page:
[ 50.051310][ T366] page:ffffea000487bf40 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x121efd
[ 50.061387][ T366] flags: 0x4000000000000200(slab|zone=1)
[ 50.066851][ T366] raw: 4000000000000200 0000000000000000 dead000000000122 ffff8881081ab200
[ 50.075266][ T366] raw: 0000000000000000 00000000000c000c 00000001ffffffff 0000000000000000
[ 50.083678][ T366] page dumped because: kasan: bad access detected
[ 50.090053][ T366] page_owner tracks the page as allocated
[ 50.095579][ T366] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x112cc0(GFP_USER|__GFP_NOWARN|__GFP_NORETRY), pid 90, ts 49174422139, free_ts 47185806410
[ 50.111191][ T366] post_alloc_hook+0x1a3/0x1b0
[ 50.115798][ T366] prep_new_page+0x1b/0x110
[ 50.120131][ T366] get_page_from_freelist+0x3550/0x35d0
[ 50.125515][ T366] __alloc_pages+0x27e/0x8f0
[ 50.129941][ T366] new_slab+0x9a/0x4e0
[ 50.133841][ T366] ___slab_alloc+0x39e/0x830
[ 50.138363][ T366] __slab_alloc+0x4a/0x90
[ 50.142523][ T366] kmem_cache_alloc+0x134/0x200
[ 50.147208][ T366] __alloc_skb+0xbe/0x550
[ 50.151376][ T366] alloc_skb_with_frags+0xa6/0x680
[ 50.156327][ T366] sock_alloc_send_pskb+0x915/0xa50
[ 50.161356][ T366] unix_dgram_sendmsg+0x6fd/0x2090
[ 50.166303][ T366] __sys_sendto+0x564/0x720
[ 50.170646][ T366] __x64_sys_sendto+0xe5/0x100
[ 50.175248][ T366] x64_sys_call+0x15c/0x9a0
[ 50.179589][ T366] do_syscall_64+0x3b/0xb0
[ 50.183838][ T366] page last free stack trace:
[ 50.188390][ T366] free_unref_page_prepare+0x7c8/0x7d0
[ 50.193653][ T366] free_unref_page+0xe8/0x750
[ 50.198157][ T366] __free_pages+0x61/0xf0
[ 50.202324][ T366] free_pages+0x7c/0x90
[ 50.206323][ T366] kasan_depopulate_vmalloc_pte+0x6a/0x90
[ 50.211883][ T366] __apply_to_page_range+0x8dd/0xbe0
[ 50.216991][ T366] apply_to_existing_page_range+0x38/0x50
[ 50.222548][ T366] kasan_release_vmalloc+0x9a/0xb0
[ 50.227493][ T366] __purge_vmap_area_lazy+0x154a/0x1690
[ 50.232875][ T366] _vm_unmap_aliases+0x339/0x3b0
[ 50.237647][ T366] vm_unmap_aliases+0x19/0x20
[ 50.242278][ T366] change_page_attr_set_clr+0x308/0x1050
[ 50.247735][ T366] set_memory_ro+0xa1/0xe0
[ 50.251988][ T366] bpf_int_jit_compile+0xbf21/0xc6b0
[ 50.257182][ T366] bpf_prog_select_runtime+0x724/0xa10
[ 50.262411][ T366] bpf_prog_load+0x1315/0x1b50
[ 50.267005][ T366]
[ 50.269172][ T366] Memory state around the buggy address:
[ 50.274645][ T366] ffff888121efd680: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 50.282543][ T366] ffff888121efd700: fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc fc
[ 50.290529][ T366] >ffff888121efd780: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 50.298422][ T366] ^
[ 50.302335][ T366] ffff888121efd800: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fc
[ 50.310506][ T366] ffff888121efd880: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
[ 50.318383][ T366] ==================================================================
[ 50.339146][ T370] FAULT_INJECTION: forcing a failure.
[ 50.339146][ T370] name failslab, interval 1, probability 0, space 0, times 0
[ 50.351626][ T370] CPU: 1 PID: 370 Comm: syz-executor.0 Tainted: G B 5.15.170-syzkaller-1076701-g1f9202a6d83b #0
[ 50.363225][ T370] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[ 50.373086][ T370] Call Trace:
[ 50.376215][ T370]
[ 50.378988][ T370] dump_stack_lvl+0x151/0x1c0
[ 50.383502][ T370] ? io_uring_drop_tctx_refs+0x190/0x190
[ 50.388973][ T370] dump_stack+0x15/0x20
[ 50.392963][ T370] should_fail+0x3c6/0x510
[ 50.397229][ T370] __should_failslab+0xa4/0xe0
[ 50.401816][ T370] should_failslab+0x9/0x20
[ 50.406182][ T370] slab_pre_alloc_hook+0x37/0xd0
[ 50.410942][ T370] kmem_cache_alloc_trace+0x48/0x210
[ 50.416051][ T370] ? sk_psock_skb_ingress_self+0x60/0x330
[ 50.421603][ T370] ? migrate_disable+0x190/0x190
[ 50.426375][ T370] sk_psock_skb_ingress_self+0x60/0x330
[ 50.431759][ T370] sk_psock_verdict_recv+0x66d/0x840
[ 50.436880][ T370] unix_read_sock+0x132/0x370
[ 50.441393][ T370] ? sk_psock_skb_redirect+0x440/0x440
[ 50.446686][ T370] ? unix_stream_splice_actor+0x120/0x120
[ 50.452241][ T370] ? _raw_spin_lock_irqsave+0xf9/0x210
[ 50.457534][ T370] ? unix_stream_splice_actor+0x120/0x120
[ 50.463092][ T370] sk_psock_verdict_data_ready+0x147/0x1a0
[ 50.468732][ T370] ? sk_psock_start_verdict+0xc0/0xc0
[ 50.473939][ T370] ? _raw_spin_lock+0xa4/0x1b0
[ 50.478555][ T370] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 50.484189][ T370] ? skb_queue_tail+0xfb/0x120
[ 50.488791][ T370] unix_dgram_sendmsg+0x15fa/0x2090
[ 50.493907][ T370] ? unix_dgram_poll+0x690/0x690
[ 50.498677][ T370] ? __kasan_check_write+0x14/0x20
[ 50.503623][ T370] ? __cpuidle_text_end+0x2/0x2
[ 50.508309][ T370] ? cgroup_rstat_updated+0xe5/0x370
[ 50.513432][ T370] ? security_socket_sendmsg+0x82/0xb0
[ 50.518729][ T370] ? unix_dgram_poll+0x690/0x690
[ 50.523948][ T370] ____sys_sendmsg+0x59e/0x8f0
[ 50.528632][ T370] ? __sys_sendmsg_sock+0x40/0x40
[ 50.533568][ T370] ? import_iovec+0xe5/0x120
[ 50.538057][ T370] ___sys_sendmsg+0x252/0x2e0
[ 50.542515][ T370] ? __sys_sendmsg+0x260/0x260
[ 50.547105][ T370] ? __kasan_check_write+0x14/0x20
[ 50.552056][ T370] ? proc_fail_nth_write+0x20b/0x290
[ 50.557178][ T370] ? __fdget+0x1bc/0x240
[ 50.561250][ T370] __sys_sendmmsg+0x2bf/0x530
[ 50.565807][ T370] ? __ia32_sys_sendmsg+0x90/0x90
[ 50.570637][ T370] ? mutex_unlock+0xb2/0x260
[ 50.575058][ T370] ? __kasan_check_write+0x14/0x20
[ 50.580447][ T370] ? __ia32_sys_read+0x90/0x90
[ 50.585121][ T370] ? debug_smp_processor_id+0x17/0x20
[ 50.590329][ T370] ? fpregs_assert_state_consistent+0xb6/0xe0
[ 50.596230][ T370] __x64_sys_sendmmsg+0xa0/0xb0
[ 50.600926][ T370] x64_sys_call+0x81d/0x9a0
[ 50.605255][ T370] do_syscall_64+0x3b/0xb0
[ 50.609509][ T370] ? clear_bhb_loop+0x35/0x90
[ 50.614021][ T370] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 50.620101][ T370] RIP: 0033:0x7f8bc3966ae9
[ 50.624529][ T370] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[ 50.644231][ T370] RSP: 002b:00007f8bc34e90c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 50.652475][ T370] RAX: ffffffffffffffda RBX: 00007f8bc3a85f80 RCX: 00007f8bc3966ae9
[ 50.660288][ T370] RDX: 0000000000000001 RSI: 00000000200063c0 RDI: 0000000000000003
[ 50.668099][ T370] RBP: 00007f8bc34e9120 R08: 0000000000000000 R09: 0000000000000000
[ 50.675921][ T370] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 50.683730][ T370] R13: 000000000000000b R14: 00007f8bc3a85f80 R15: 00007fffcedcf298
[ 50.691626][ T370]
[ 50.695933][ T369] ==================================================================
[ 50.696524][ T30] audit: type=1400 audit(1734009514.484:103): avc: denied { remove_name } for pid=83 comm="syslogd" name="messages" dev="tmpfs" ino=2 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[ 50.703820][ T369] BUG: KASAN: double-free or invalid-free in kmem_cache_free+0x116/0x2e0
[ 50.703848][ T369]
[ 50.703855][ T369] CPU: 0 PID: 369 Comm: syz-executor.0 Tainted: G B 5.15.170-syzkaller-1076701-g1f9202a6d83b #0
[ 50.703878][ T369] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[ 50.703888][ T369] Call Trace:
[ 50.703894][ T369]
[ 50.703901][ T369] dump_stack_lvl+0x151/0x1c0
[ 50.703942][ T369] ? io_uring_drop_tctx_refs+0x190/0x190
[ 50.703964][ T369] ? __wake_up_klogd+0xd5/0x110
[ 50.703985][ T369] ? panic+0x760/0x760
[ 50.704006][ T369] ? kmem_cache_free+0x116/0x2e0
[ 50.704027][ T369] print_address_description+0x87/0x3b0
[ 50.727409][ T30] audit: type=1400 audit(1734009514.484:104): avc: denied { rename } for pid=83 comm="syslogd" name="messages" dev="tmpfs" ino=2 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[ 50.734387][ T369] ? kmem_cache_free+0x116/0x2e0
[ 50.734418][ T369] ? kmem_cache_free+0x116/0x2e0
[ 50.824124][ T369] kasan_report_invalid_free+0x6b/0xa0
[ 50.829508][ T369] ____kasan_slab_free+0x13e/0x160
[ 50.834450][ T369] __kasan_slab_free+0x11/0x20
[ 50.839055][ T369] slab_free_freelist_hook+0xbd/0x190
[ 50.844374][ T369] ? kfree_skbmem+0x104/0x170
[ 50.848866][ T369] kmem_cache_free+0x116/0x2e0
[ 50.853464][ T369] kfree_skbmem+0x104/0x170
[ 50.857801][ T369] consume_skb+0xb4/0x250
[ 50.861967][ T369] __sk_msg_free+0x2dd/0x370
[ 50.866529][ T369] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 50.872156][ T369] sk_psock_stop+0x44c/0x4d0
[ 50.876581][ T369] sk_psock_drop+0x219/0x310
[ 50.881011][ T369] sock_map_unref+0x48f/0x4d0
[ 50.885512][ T369] ? __local_bh_enable_ip+0x58/0x80
[ 50.890548][ T369] ? _raw_spin_unlock_bh+0x51/0x60
[ 50.895495][ T369] sock_map_remove_links+0x41c/0x650
[ 50.900656][ T369] ? __kasan_record_aux_stack+0xd3/0xf0
[ 50.906000][ T369] ? kasan_record_aux_stack+0xe/0x10
[ 50.911121][ T369] ? task_work_add+0x27/0x1d0
[ 50.915639][ T369] ? sock_map_unhash+0x120/0x120
[ 50.920404][ T369] ? x64_sys_call+0x3d/0x9a0
[ 50.924830][ T369] ? locks_remove_posix+0x610/0x610
[ 50.929863][ T369] sock_map_close+0x114/0x530
[ 50.934378][ T369] ? unix_peer_get+0xe0/0xe0
[ 50.938804][ T369] ? sock_map_remove_links+0x650/0x650
[ 50.944100][ T369] ? rwsem_mark_wake+0x770/0x770
[ 50.948873][ T369] unix_release+0x82/0xc0
[ 50.953037][ T369] sock_close+0xdf/0x270
[ 50.957130][ T369] ? sock_mmap+0xa0/0xa0
[ 50.961196][ T369] __fput+0x228/0x8c0
[ 50.965018][ T369] ____fput+0x15/0x20
[ 50.968838][ T369] task_work_run+0x129/0x190
[ 50.973259][ T369] exit_to_user_mode_loop+0xc4/0xe0
[ 50.978301][ T369] exit_to_user_mode_prepare+0x5a/0xa0
[ 50.983603][ T369] syscall_exit_to_user_mode+0x26/0x160
[ 50.988974][ T369] do_syscall_64+0x47/0xb0
[ 50.993394][ T369] ? clear_bhb_loop+0x35/0x90
[ 50.997896][ T369] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 51.003627][ T369] RIP: 0033:0x7f8bc39659da
[ 51.007959][ T369] Code: 48 3d 00 f0 ff ff 77 48 c3 0f 1f 80 00 00 00 00 48 83 ec 18 89 7c 24 0c e8 03 7f 02 00 8b 7c 24 0c 89 c2 b8 03 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 36 89 d7 89 44 24 0c e8 63 7f 02 00 8b 44 24
[ 51.027928][ T369] RSP: 002b:00007fffcedcf360 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[ 51.036249][ T369] RAX: 0000000000000000 RBX: 0000000000000004 RCX: 00007f8bc39659da
[ 51.044063][ T369] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003
[ 51.051878][ T369] RBP: 0000000000000032 R08: 0000001b31d60000 R09: 00007f8bc3a85f8c
[ 51.059781][ T369] R10: 00007fffcedcf4b0 R11: 0000000000000293 R12: 00007f8bc34eb0d0
[ 51.067584][ T369] R13: ffffffffffffffff R14: 00007f8bc34ea000 R15: 000000000000c49f
[ 51.075507][ T369]
[ 51.078369][ T369]
[ 51.080538][ T369] Allocated by task 370:
[ 51.084616][ T369] __kasan_slab_alloc+0xb1/0xe0
[ 51.089301][ T369] slab_post_alloc_hook+0x53/0x2c0
[ 51.094263][ T369] kmem_cache_alloc+0xf5/0x200
[ 51.098849][ T369] skb_clone+0x1d1/0x360
[ 51.102929][ T369] sk_psock_verdict_recv+0x53/0x840
[ 51.108061][ T369] unix_read_sock+0x132/0x370
[ 51.112572][ T369] sk_psock_verdict_data_ready+0x147/0x1a0
[ 51.118215][ T369] unix_dgram_sendmsg+0x15fa/0x2090
[ 51.123247][ T369] ____sys_sendmsg+0x59e/0x8f0
[ 51.127847][ T369] ___sys_sendmsg+0x252/0x2e0
[ 51.132362][ T369] __sys_sendmmsg+0x2bf/0x530
[ 51.136879][ T369] __x64_sys_sendmmsg+0xa0/0xb0
[ 51.141572][ T369] x64_sys_call+0x81d/0x9a0
[ 51.145902][ T369] do_syscall_64+0x3b/0xb0
[ 51.150156][ T369] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 51.155887][ T369]
[ 51.158053][ T369] Freed by task 20:
[ 51.161701][ T369] kasan_set_track+0x4b/0x70
[ 51.166127][ T369] kasan_set_free_info+0x23/0x40
[ 51.170905][ T369] ____kasan_slab_free+0x126/0x160
[ 51.175850][ T369] __kasan_slab_free+0x11/0x20
[ 51.180455][ T369] slab_free_freelist_hook+0xbd/0x190
[ 51.185751][ T369] kmem_cache_free+0x116/0x2e0
[ 51.190487][ T369] kfree_skbmem+0x104/0x170
[ 51.194929][ T369] kfree_skb+0xc2/0x360
[ 51.198912][ T369] sk_psock_backlog+0xc21/0xd90
[ 51.203712][ T369] process_one_work+0x6bb/0xc10
[ 51.208390][ T369] worker_thread+0xad5/0x12a0
[ 51.212902][ T369] kthread+0x421/0x510
[ 51.216807][ T369] ret_from_fork+0x1f/0x30
[ 51.221076][ T369]
[ 51.223235][ T369] The buggy address belongs to the object at ffff8881246cec80
[ 51.223235][ T369] which belongs to the cache skbuff_head_cache of size 248
[ 51.237648][ T369] The buggy address is located 0 bytes inside of
[ 51.237648][ T369] 248-byte region [ffff8881246cec80, ffff8881246ced78)
[ 51.250683][ T369] The buggy address belongs to the page:
[ 51.256130][ T369] page:ffffea000491b380 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1246ce
[ 51.266324][ T369] flags: 0x4000000000000200(slab|zone=1)
[ 51.271780][ T369] raw: 4000000000000200 0000000000000000 dead000000000122 ffff8881081ab200
[ 51.280295][ T369] raw: 0000000000000000 00000000000c000c 00000001ffffffff 0000000000000000
[ 51.288708][ T369] page dumped because: kasan: bad access detected
[ 51.294940][ T369] page_owner tracks the page as allocated
[ 51.300490][ T369] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x112cc0(GFP_USER|__GFP_NOWARN|__GFP_NORETRY), pid 90, ts 50333898088, free_ts 46900168864
[ 51.316114][ T369] post_alloc_hook+0x1a3/0x1b0
[ 51.320714][ T369] prep_new_page+0x1b/0x110
[ 51.325051][ T369] get_page_from_freelist+0x3550/0x35d0
[ 51.330476][ T369] __alloc_pages+0x27e/0x8f0
[ 51.334866][ T369] new_slab+0x9a/0x4e0
[ 51.338773][ T369] ___slab_alloc+0x39e/0x830
[ 51.343194][ T369] __slab_alloc+0x4a/0x90
[ 51.347383][ T369] kmem_cache_alloc+0x134/0x200
[ 51.352139][ T369] __alloc_skb+0xbe/0x550
[ 51.356304][ T369] alloc_skb_with_frags+0xa6/0x680
[ 51.361248][ T369] sock_alloc_send_pskb+0x915/0xa50
[ 51.366552][ T369] unix_dgram_sendmsg+0x6fd/0x2090
[ 51.371606][ T369] __sys_sendto+0x564/0x720
[ 51.375915][ T369] __x64_sys_sendto+0xe5/0x100
[ 51.380514][ T369] x64_sys_call+0x15c/0x9a0
[ 51.384853][ T369] do_syscall_64+0x3b/0xb0
[ 51.389115][ T369] page last free stack trace:
[ 51.393622][ T369] __free_pages_ok+0x985/0xa50
[ 51.398218][ T369] __free_pages+0xe9/0xf0
[ 51.402405][ T369] free_nonslab_page+0x82/0xc0
[ 51.406996][ T369] kfree+0x19e/0x220
[ 51.410719][ T369] kvfree+0x35/0x40
[ 51.414365][ T369] btf_check_all_metas+0x5c4/0xa40
[ 51.419318][ T369] btf_parse_vmlinux+0x403/0xe00
[ 51.424085][ T369] bpf_check+0x757/0x12bf0
[ 51.428350][ T369] bpf_prog_load+0x12ac/0x1b50
[ 51.432940][ T369] __sys_bpf+0x4bc/0x760
[ 51.437175][ T369] __x64_sys_bpf+0x7c/0x90
[ 51.441432][ T369] x64_sys_call+0x87f/0x9a0
[ 51.445784][ T369] do_syscall_64+0x3b/0xb0
[ 51.450043][ T369] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 51.455751][ T369]
[ 51.457914][ T369] Memory state around the buggy address:
[ 51.463385][ T369] ffff8881246ceb80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 51.471384][ T369] ffff8881246cec00: fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc fc
[ 51.479273][ T369] >ffff8881246cec80: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 51.487163][ T369] ^
[ 51.491084][ T369] ffff8881246ced00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fc
2024/12/12 13:18:35 executed programs: 4
[ 51.499284][ T369] ffff8881246ced80: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
[ 51.507175][ T369] ==================================================================
[ 51.540901][ T373] FAULT_INJECTION: forcing a failure.
[ 51.540901][ T373] name failslab, interval 1, probability 0, space 0, times 0
[ 51.553421][ T373] CPU: 0 PID: 373 Comm: syz-executor.0 Tainted: G B 5.15.170-syzkaller-1076701-g1f9202a6d83b #0
[ 51.565058][ T373] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[ 51.575032][ T373] Call Trace:
[ 51.578156][ T373]
[ 51.580941][ T373] dump_stack_lvl+0x151/0x1c0
[ 51.585453][ T373] ? io_uring_drop_tctx_refs+0x190/0x190
[ 51.590920][ T373] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 51.596644][ T373] ? __skb_try_recv_datagram+0x495/0x6a0
[ 51.602182][ T373] dump_stack+0x15/0x20
[ 51.606115][ T373] should_fail+0x3c6/0x510
[ 51.610359][ T373] __should_failslab+0xa4/0xe0
[ 51.614975][ T373] ? skb_clone+0x1d1/0x360
[ 51.619213][ T373] should_failslab+0x9/0x20
[ 51.623551][ T373] slab_pre_alloc_hook+0x37/0xd0
[ 51.628324][ T373] ? skb_clone+0x1d1/0x360
[ 51.632579][ T373] kmem_cache_alloc+0x44/0x200
[ 51.637176][ T373] skb_clone+0x1d1/0x360
[ 51.641261][ T373] sk_psock_verdict_recv+0x53/0x840
[ 51.646295][ T373] ? avc_has_perm_noaudit+0x430/0x430
[ 51.651499][ T373] ? mntput_no_expire+0xfc/0x6b0
[ 51.656277][ T373] unix_read_sock+0x132/0x370
[ 51.660791][ T373] ? sk_psock_skb_redirect+0x440/0x440
[ 51.666086][ T373] ? unix_stream_splice_actor+0x120/0x120
[ 51.671634][ T373] ? _raw_spin_lock_irqsave+0xf9/0x210
[ 51.676930][ T373] ? unix_stream_splice_actor+0x120/0x120
[ 51.682493][ T373] sk_psock_verdict_data_ready+0x147/0x1a0
[ 51.688130][ T373] ? sk_psock_start_verdict+0xc0/0xc0
[ 51.693332][ T373] ? _raw_spin_lock+0xa4/0x1b0
[ 51.697942][ T373] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 51.703584][ T373] ? skb_queue_tail+0xfb/0x120
[ 51.708200][ T373] unix_dgram_sendmsg+0x15fa/0x2090
[ 51.713215][ T373] ? unix_dgram_poll+0x690/0x690
[ 51.718093][ T373] ? __kasan_check_write+0x14/0x20
[ 51.723170][ T373] ? __cpuidle_text_end+0x2/0x2
[ 51.727866][ T373] ? cgroup_rstat_updated+0xe5/0x370
[ 51.732975][ T373] ? security_socket_sendmsg+0x82/0xb0
[ 51.738280][ T373] ? unix_dgram_poll+0x690/0x690
[ 51.743044][ T373] ____sys_sendmsg+0x59e/0x8f0
[ 51.747663][ T373] ? __sys_sendmsg_sock+0x40/0x40
[ 51.752594][ T373] ? import_iovec+0xe5/0x120
[ 51.757015][ T373] ___sys_sendmsg+0x252/0x2e0
[ 51.761529][ T373] ? __sys_sendmsg+0x260/0x260
[ 51.766133][ T373] ? __kasan_check_write+0x14/0x20
[ 51.771080][ T373] ? proc_fail_nth_write+0x20b/0x290
[ 51.776211][ T373] ? __fdget+0x1bc/0x240
[ 51.780379][ T373] __sys_sendmmsg+0x2bf/0x530
[ 51.784913][ T373] ? __ia32_sys_sendmsg+0x90/0x90
[ 51.789754][ T373] ? mutex_unlock+0xb2/0x260
[ 51.794182][ T373] ? __kasan_check_write+0x14/0x20
[ 51.799127][ T373] ? __ia32_sys_read+0x90/0x90
[ 51.803832][ T373] ? debug_smp_processor_id+0x17/0x20
[ 51.809024][ T373] ? fpregs_assert_state_consistent+0xb6/0xe0
[ 51.814929][ T373] __x64_sys_sendmmsg+0xa0/0xb0
[ 51.819616][ T373] x64_sys_call+0x81d/0x9a0
[ 51.823968][ T373] do_syscall_64+0x3b/0xb0
[ 51.828209][ T373] ? clear_bhb_loop+0x35/0x90
[ 51.832736][ T373] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 51.838449][ T373] RIP: 0033:0x7f8bc3966ae9
[ 51.842698][ T373] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[ 51.862656][ T373] RSP: 002b:00007f8bc34e90c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 51.870904][ T373] RAX: ffffffffffffffda RBX: 00007f8bc3a85f80 RCX: 00007f8bc3966ae9
[ 51.878690][ T373] RDX: 0000000000000001 RSI: 00000000200063c0 RDI: 0000000000000003
[ 51.886675][ T373] RBP: 00007f8bc34e9120 R08: 0000000000000000 R09: 0000000000000000
[ 51.894496][ T373] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 51.902825][ T373] R13: 000000000000000b R14: 00007f8bc3a85f80 R15: 00007fffcedcf298
[ 51.910750][ T373]
[ 51.924262][ T376] FAULT_INJECTION: forcing a failure.
[ 51.924262][ T376] name failslab, interval 1, probability 0, space 0, times 0
[ 51.936833][ T376] CPU: 0 PID: 376 Comm: syz-executor.0 Tainted: G B 5.15.170-syzkaller-1076701-g1f9202a6d83b #0
[ 51.948562][ T376] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[ 51.958454][ T376] Call Trace:
[ 51.961578][ T376]
[ 51.964357][ T376] dump_stack_lvl+0x151/0x1c0
[ 51.968883][ T376] ? io_uring_drop_tctx_refs+0x190/0x190
[ 51.974345][ T376] dump_stack+0x15/0x20
[ 51.978336][ T376] should_fail+0x3c6/0x510
[ 51.982696][ T376] __should_failslab+0xa4/0xe0
[ 51.987284][ T376] should_failslab+0x9/0x20
[ 51.991627][ T376] slab_pre_alloc_hook+0x37/0xd0
[ 51.996402][ T376] kmem_cache_alloc_trace+0x48/0x210
[ 52.001608][ T376] ? sk_psock_skb_ingress_self+0x60/0x330
[ 52.007168][ T376] ? migrate_disable+0x190/0x190
[ 52.012026][ T376] sk_psock_skb_ingress_self+0x60/0x330
[ 52.017412][ T376] sk_psock_verdict_recv+0x66d/0x840
[ 52.022652][ T376] unix_read_sock+0x132/0x370
[ 52.027156][ T376] ? sk_psock_skb_redirect+0x440/0x440
[ 52.032446][ T376] ? unix_stream_splice_actor+0x120/0x120
[ 52.038008][ T376] ? _raw_spin_lock_irqsave+0xf9/0x210
[ 52.043303][ T376] ? unix_stream_splice_actor+0x120/0x120
[ 52.048859][ T376] sk_psock_verdict_data_ready+0x147/0x1a0
[ 52.054500][ T376] ? sk_psock_start_verdict+0xc0/0xc0
[ 52.059787][ T376] ? _raw_spin_lock+0xa4/0x1b0
[ 52.064390][ T376] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 52.070046][ T376] ? skb_queue_tail+0xfb/0x120
[ 52.074638][ T376] unix_dgram_sendmsg+0x15fa/0x2090
[ 52.079678][ T376] ? unix_dgram_poll+0x690/0x690
[ 52.084435][ T376] ? __kasan_check_write+0x14/0x20
[ 52.089404][ T376] ? __cpuidle_text_end+0x2/0x2
[ 52.094070][ T376] ? cgroup_rstat_updated+0xe5/0x370
[ 52.099194][ T376] ? security_socket_sendmsg+0x82/0xb0
[ 52.104487][ T376] ? unix_dgram_poll+0x690/0x690
[ 52.109267][ T376] ____sys_sendmsg+0x59e/0x8f0
[ 52.113972][ T376] ? __sys_sendmsg_sock+0x40/0x40
[ 52.118823][ T376] ? import_iovec+0xe5/0x120
[ 52.123250][ T376] ___sys_sendmsg+0x252/0x2e0
[ 52.127892][ T376] ? __sys_sendmsg+0x260/0x260
[ 52.132452][ T376] ? __kasan_check_write+0x14/0x20
[ 52.137828][ T376] ? proc_fail_nth_write+0x20b/0x290
[ 52.142953][ T376] ? __fdget+0x1bc/0x240
[ 52.147033][ T376] __sys_sendmmsg+0x2bf/0x530
[ 52.151543][ T376] ? __ia32_sys_sendmsg+0x90/0x90
[ 52.156400][ T376] ? mutex_unlock+0xb2/0x260
[ 52.160917][ T376] ? __kasan_check_write+0x14/0x20
[ 52.165875][ T376] ? __ia32_sys_read+0x90/0x90
[ 52.170464][ T376] ? debug_smp_processor_id+0x17/0x20
[ 52.175672][ T376] ? fpregs_assert_state_consistent+0xb6/0xe0
[ 52.181574][ T376] __x64_sys_sendmmsg+0xa0/0xb0
[ 52.186274][ T376] x64_sys_call+0x81d/0x9a0
[ 52.190697][ T376] do_syscall_64+0x3b/0xb0
[ 52.194938][ T376] ? clear_bhb_loop+0x35/0x90
[ 52.199452][ T376] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 52.205201][ T376] RIP: 0033:0x7f8bc3966ae9
[ 52.209431][ T376] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[ 52.228880][ T376] RSP: 002b:00007f8bc34e90c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 52.237117][ T376] RAX: ffffffffffffffda RBX: 00007f8bc3a85f80 RCX: 00007f8bc3966ae9
[ 52.245039][ T376] RDX: 0000000000000001 RSI: 00000000200063c0 RDI: 0000000000000003
[ 52.252940][ T376] RBP: 00007f8bc34e9120 R08: 0000000000000000 R09: 0000000000000000
[ 52.260745][ T376] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 52.268738][ T376] R13: 000000000000000b R14: 00007f8bc3a85f80 R15: 00007fffcedcf298
[ 52.276554][ T376]
[ 52.281606][ T375] ==================================================================
[ 52.289498][ T375] BUG: KASAN: double-free or invalid-free in kmem_cache_free+0x116/0x2e0
[ 52.297736][ T375]
[ 52.299908][ T375] CPU: 0 PID: 375 Comm: syz-executor.0 Tainted: G B 5.15.170-syzkaller-1076701-g1f9202a6d83b #0
[ 52.311451][ T375] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[ 52.321351][ T375] Call Trace:
[ 52.324471][ T375]
[ 52.327247][ T375] dump_stack_lvl+0x151/0x1c0
[ 52.331770][ T375] ? io_uring_drop_tctx_refs+0x190/0x190
[ 52.337234][ T375] ? __wake_up_klogd+0xd5/0x110
[ 52.341914][ T375] ? panic+0x760/0x760
[ 52.345919][ T375] ? kmem_cache_free+0x116/0x2e0
[ 52.350698][ T375] print_address_description+0x87/0x3b0
[ 52.356199][ T375] ? kmem_cache_free+0x116/0x2e0
[ 52.360977][ T375] ? kmem_cache_free+0x116/0x2e0
[ 52.365911][ T375] kasan_report_invalid_free+0x6b/0xa0
[ 52.371206][ T375] ____kasan_slab_free+0x13e/0x160
[ 52.376151][ T375] __kasan_slab_free+0x11/0x20
[ 52.380757][ T375] slab_free_freelist_hook+0xbd/0x190
[ 52.385991][ T375] ? kfree_skbmem+0x104/0x170
[ 52.390502][ T375] kmem_cache_free+0x116/0x2e0
[ 52.395076][ T375] kfree_skbmem+0x104/0x170
[ 52.399426][ T375] consume_skb+0xb4/0x250
[ 52.403583][ T375] __sk_msg_free+0x2dd/0x370
[ 52.408005][ T375] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 52.413735][ T375] sk_psock_stop+0x44c/0x4d0
[ 52.418172][ T375] sk_psock_drop+0x219/0x310
[ 52.422672][ T375] sock_map_unref+0x48f/0x4d0
[ 52.427187][ T375] ? __local_bh_enable_ip+0x58/0x80
[ 52.432227][ T375] ? _raw_spin_unlock_bh+0x51/0x60
[ 52.437215][ T375] sock_map_remove_links+0x41c/0x650
[ 52.442376][ T375] ? __kasan_record_aux_stack+0xd3/0xf0
[ 52.447757][ T375] ? kasan_record_aux_stack+0xe/0x10
[ 52.452873][ T375] ? task_work_add+0x27/0x1d0
[ 52.457391][ T375] ? sock_map_unhash+0x120/0x120
[ 52.462250][ T375] ? x64_sys_call+0x3d/0x9a0
[ 52.466674][ T375] ? locks_remove_posix+0x610/0x610
[ 52.472141][ T375] sock_map_close+0x114/0x530
[ 52.476656][ T375] ? unix_peer_get+0xe0/0xe0
[ 52.481085][ T375] ? sock_map_remove_links+0x650/0x650
[ 52.486386][ T375] ? rwsem_mark_wake+0x770/0x770
[ 52.491152][ T375] unix_release+0x82/0xc0
[ 52.495317][ T375] sock_close+0xdf/0x270
[ 52.499396][ T375] ? sock_mmap+0xa0/0xa0
[ 52.503473][ T375] __fput+0x228/0x8c0
[ 52.507300][ T375] ____fput+0x15/0x20
[ 52.511293][ T375] task_work_run+0x129/0x190
[ 52.515717][ T375] exit_to_user_mode_loop+0xc4/0xe0
[ 52.521187][ T375] exit_to_user_mode_prepare+0x5a/0xa0
[ 52.526485][ T375] syscall_exit_to_user_mode+0x26/0x160
[ 52.531855][ T375] do_syscall_64+0x47/0xb0
[ 52.536110][ T375] ? clear_bhb_loop+0x35/0x90
[ 52.540625][ T375] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 52.546354][ T375] RIP: 0033:0x7f8bc39659da
[ 52.550692][ T375] Code: 48 3d 00 f0 ff ff 77 48 c3 0f 1f 80 00 00 00 00 48 83 ec 18 89 7c 24 0c e8 03 7f 02 00 8b 7c 24 0c 89 c2 b8 03 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 36 89 d7 89 44 24 0c e8 63 7f 02 00 8b 44 24
[ 52.570133][ T375] RSP: 002b:00007fffcedcf360 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[ 52.578462][ T375] RAX: 0000000000000000 RBX: 0000000000000004 RCX: 00007f8bc39659da
[ 52.586275][ T375] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003
[ 52.594087][ T375] RBP: 00007f8bc3a87980 R08: 0000001b31d60000 R09: 00007fffcedd80b0
[ 52.601898][ T375] R10: 0000000000000000 R11: 0000000000000293 R12: 000000000000ce11
[ 52.609710][ T375] R13: ffffffffffffffff R14: 00007f8bc34ea000 R15: 000000000000cad0
[ 52.617529][ T375]
[ 52.620383][ T375]
[ 52.622556][ T375] Allocated by task 376:
[ 52.626637][ T375] __kasan_slab_alloc+0xb1/0xe0
[ 52.631325][ T375] slab_post_alloc_hook+0x53/0x2c0
[ 52.636268][ T375] kmem_cache_alloc+0xf5/0x200
[ 52.640870][ T375] skb_clone+0x1d1/0x360
[ 52.644943][ T375] sk_psock_verdict_recv+0x53/0x840
[ 52.649980][ T375] unix_read_sock+0x132/0x370
[ 52.654492][ T375] sk_psock_verdict_data_ready+0x147/0x1a0
[ 52.660228][ T375] unix_dgram_sendmsg+0x15fa/0x2090
[ 52.665262][ T375] ____sys_sendmsg+0x59e/0x8f0
[ 52.669865][ T375] ___sys_sendmsg+0x252/0x2e0
[ 52.674379][ T375] __sys_sendmmsg+0x2bf/0x530
[ 52.678973][ T375] __x64_sys_sendmmsg+0xa0/0xb0
[ 52.683665][ T375] x64_sys_call+0x81d/0x9a0
[ 52.688014][ T375] do_syscall_64+0x3b/0xb0
[ 52.692259][ T375] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 52.697993][ T375]
[ 52.700153][ T375] Freed by task 20:
[ 52.703796][ T375] kasan_set_track+0x4b/0x70
[ 52.708311][ T375] kasan_set_free_info+0x23/0x40
[ 52.713085][ T375] ____kasan_slab_free+0x126/0x160
[ 52.718121][ T375] __kasan_slab_free+0x11/0x20
[ 52.722719][ T375] slab_free_freelist_hook+0xbd/0x190
[ 52.727925][ T375] kmem_cache_free+0x116/0x2e0
[ 52.732528][ T375] kfree_skbmem+0x104/0x170
[ 52.736864][ T375] kfree_skb+0xc2/0x360
[ 52.740856][ T375] sk_psock_backlog+0xc21/0xd90
[ 52.745621][ T375] process_one_work+0x6bb/0xc10
[ 52.750318][ T375] worker_thread+0xad5/0x12a0
[ 52.754833][ T375] kthread+0x421/0x510
[ 52.758744][ T375] ret_from_fork+0x1f/0x30
[ 52.762990][ T375]
[ 52.765590][ T375] The buggy address belongs to the object at ffff8881245c9dc0
[ 52.765590][ T375] which belongs to the cache skbuff_head_cache of size 248
[ 52.780094][ T375] The buggy address is located 0 bytes inside of
[ 52.780094][ T375] 248-byte region [ffff8881245c9dc0, ffff8881245c9eb8)
[ 52.793037][ T375] The buggy address belongs to the page:
[ 52.798756][ T375] page:ffffea0004917240 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1245c9
[ 52.808906][ T375] flags: 0x4000000000000200(slab|zone=1)
[ 52.814476][ T375] raw: 4000000000000200 0000000000000000 dead000000000122 ffff8881081ab200
[ 52.822883][ T375] raw: 0000000000000000 00000000000c000c 00000001ffffffff 0000000000000000
[ 52.831295][ T375] page dumped because: kasan: bad access detected
[ 52.837635][ T375] page_owner tracks the page as allocated
[ 52.843275][ T375] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x112cc0(GFP_USER|__GFP_NOWARN|__GFP_NORETRY), pid 90, ts 51915665063, free_ts 49172161781
[ 52.858909][ T375] post_alloc_hook+0x1a3/0x1b0
[ 52.863500][ T375] prep_new_page+0x1b/0x110
[ 52.867837][ T375] get_page_from_freelist+0x3550/0x35d0
[ 52.873305][ T375] __alloc_pages+0x27e/0x8f0
[ 52.877767][ T375] new_slab+0x9a/0x4e0
[ 52.881635][ T375] ___slab_alloc+0x39e/0x830
[ 52.886063][ T375] __slab_alloc+0x4a/0x90
[ 52.890229][ T375] kmem_cache_alloc+0x134/0x200
[ 52.894919][ T375] __alloc_skb+0xbe/0x550
[ 52.899080][ T375] alloc_skb_with_frags+0xa6/0x680
[ 52.904032][ T375] sock_alloc_send_pskb+0x915/0xa50
[ 52.909068][ T375] unix_dgram_sendmsg+0x6fd/0x2090
[ 52.914013][ T375] __sys_sendto+0x564/0x720
[ 52.918350][ T375] __x64_sys_sendto+0xe5/0x100
[ 52.923147][ T375] x64_sys_call+0x15c/0x9a0
[ 52.927461][ T375] do_syscall_64+0x3b/0xb0
[ 52.931714][ T375] page last free stack trace:
[ 52.936226][ T375] free_unref_page_prepare+0x7c8/0x7d0
[ 52.941525][ T375] free_unref_page+0xe8/0x750
[ 52.946032][ T375] __free_pages+0x61/0xf0
[ 52.950203][ T375] __vunmap+0x7bc/0x8f0
[ 52.954278][ T375] free_work+0x5b/0x80
[ 52.958186][ T375] process_one_work+0x6bb/0xc10
[ 52.962874][ T375] worker_thread+0xad5/0x12a0
[ 52.967388][ T375] kthread+0x421/0x510
[ 52.971290][ T375] ret_from_fork+0x1f/0x30
[ 52.975547][ T375]
[ 52.977714][ T375] Memory state around the buggy address:
[ 52.983187][ T375] ffff8881245c9c80: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 52.991188][ T375] ffff8881245c9d00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fc
[ 52.999082][ T375] >ffff8881245c9d80: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
[ 53.006980][ T375] ^
[ 53.012977][ T375] ffff8881245c9e00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 53.021046][ T375] ffff8881245c9e80: fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc fc
[ 53.028936][ T375] ==================================================================
[ 53.051615][ T379] FAULT_INJECTION: forcing a failure.
[ 53.051615][ T379] name failslab, interval 1, probability 0, space 0, times 0
[ 53.064285][ T379] CPU: 0 PID: 379 Comm: syz-executor.0 Tainted: G B 5.15.170-syzkaller-1076701-g1f9202a6d83b #0
[ 53.075725][ T379] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[ 53.085621][ T379] Call Trace:
[ 53.088754][ T379]
[ 53.091523][ T379] dump_stack_lvl+0x151/0x1c0
[ 53.096036][ T379] ? io_uring_drop_tctx_refs+0x190/0x190
[ 53.101512][ T379] dump_stack+0x15/0x20
[ 53.105525][ T379] should_fail+0x3c6/0x510
[ 53.109761][ T379] __should_failslab+0xa4/0xe0
[ 53.114350][ T379] should_failslab+0x9/0x20
[ 53.118687][ T379] slab_pre_alloc_hook+0x37/0xd0
[ 53.123470][ T379] kmem_cache_alloc_trace+0x48/0x210
[ 53.128586][ T379] ? sk_psock_skb_ingress_self+0x60/0x330
[ 53.134139][ T379] ? migrate_disable+0x190/0x190
[ 53.138921][ T379] sk_psock_skb_ingress_self+0x60/0x330
[ 53.144292][ T379] sk_psock_verdict_recv+0x66d/0x840
[ 53.149425][ T379] unix_read_sock+0x132/0x370
[ 53.153953][ T379] ? sk_psock_skb_redirect+0x440/0x440
[ 53.159225][ T379] ? unix_stream_splice_actor+0x120/0x120
[ 53.164951][ T379] ? _raw_spin_lock_irqsave+0xf9/0x210
[ 53.170246][ T379] ? unix_stream_splice_actor+0x120/0x120
[ 53.175802][ T379] sk_psock_verdict_data_ready+0x147/0x1a0
[ 53.181438][ T379] ? sk_psock_start_verdict+0xc0/0xc0
[ 53.186659][ T379] ? _raw_spin_lock+0xa4/0x1b0
[ 53.191248][ T379] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 53.196893][ T379] ? skb_queue_tail+0xfb/0x120
[ 53.201490][ T379] unix_dgram_sendmsg+0x15fa/0x2090
[ 53.206528][ T379] ? unix_dgram_poll+0x690/0x690
[ 53.211294][ T379] ? __kasan_check_write+0x14/0x20
[ 53.216245][ T379] ? __cpuidle_text_end+0x2/0x2
[ 53.220928][ T379] ? cgroup_rstat_updated+0xe5/0x370
[ 53.226062][ T379] ? security_socket_sendmsg+0x82/0xb0
[ 53.231352][ T379] ? unix_dgram_poll+0x690/0x690
[ 53.236118][ T379] ____sys_sendmsg+0x59e/0x8f0
[ 53.240858][ T379] ? __sys_sendmsg_sock+0x40/0x40
[ 53.245731][ T379] ? import_iovec+0xe5/0x120
[ 53.250244][ T379] ___sys_sendmsg+0x252/0x2e0
[ 53.254756][ T379] ? __sys_sendmsg+0x260/0x260
[ 53.259357][ T379] ? __kasan_check_write+0x14/0x20
[ 53.264386][ T379] ? proc_fail_nth_write+0x20b/0x290
[ 53.269510][ T379] ? __fdget+0x1bc/0x240
[ 53.273781][ T379] __sys_sendmmsg+0x2bf/0x530
[ 53.278294][ T379] ? __ia32_sys_sendmsg+0x90/0x90
[ 53.283153][ T379] ? mutex_unlock+0xb2/0x260
[ 53.287665][ T379] ? __kasan_check_write+0x14/0x20
[ 53.292611][ T379] ? __ia32_sys_read+0x90/0x90
[ 53.297207][ T379] ? debug_smp_processor_id+0x17/0x20
[ 53.302416][ T379] ? fpregs_assert_state_consistent+0xb6/0xe0
[ 53.308320][ T379] __x64_sys_sendmmsg+0xa0/0xb0
[ 53.313036][ T379] x64_sys_call+0x81d/0x9a0
[ 53.317482][ T379] do_syscall_64+0x3b/0xb0
[ 53.321715][ T379] ? clear_bhb_loop+0x35/0x90
[ 53.326238][ T379] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 53.331956][ T379] RIP: 0033:0x7f8bc3966ae9
[ 53.336212][ T379] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[ 53.355954][ T379] RSP: 002b:00007f8bc34e90c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 53.364197][ T379] RAX: ffffffffffffffda RBX: 00007f8bc3a85f80 RCX: 00007f8bc3966ae9
[ 53.372102][ T379] RDX: 0000000000000001 RSI: 00000000200063c0 RDI: 0000000000000003
[ 53.379910][ T379] RBP: 00007f8bc34e9120 R08: 0000000000000000 R09: 0000000000000000
[ 53.387767][ T379] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 53.395608][ T379] R13: 000000000000000b R14: 00007f8bc3a85f80 R15: 00007fffcedcf298
[ 53.403424][ T379]
[ 53.407387][ T378] ==================================================================
[ 53.415267][ T378] BUG: KASAN: double-free or invalid-free in kmem_cache_free+0x116/0x2e0
[ 53.423519][ T378]
[ 53.425768][ T378] CPU: 0 PID: 378 Comm: syz-executor.0 Tainted: G B 5.15.170-syzkaller-1076701-g1f9202a6d83b #0
[ 53.437718][ T378] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[ 53.447612][ T378] Call Trace:
[ 53.450739][ T378]
[ 53.453508][ T378] dump_stack_lvl+0x151/0x1c0
[ 53.458022][ T378] ? io_uring_drop_tctx_refs+0x190/0x190
[ 53.463773][ T378] ? __wake_up_klogd+0xd5/0x110
[ 53.468552][ T378] ? panic+0x760/0x760
[ 53.472571][ T378] ? kmem_cache_free+0x116/0x2e0
[ 53.477339][ T378] print_address_description+0x87/0x3b0
[ 53.482726][ T378] ? kmem_cache_free+0x116/0x2e0
[ 53.487493][ T378] ? kmem_cache_free+0x116/0x2e0
[ 53.492280][ T378] kasan_report_invalid_free+0x6b/0xa0
[ 53.497559][ T378] ____kasan_slab_free+0x13e/0x160
[ 53.502524][ T378] __kasan_slab_free+0x11/0x20
[ 53.507220][ T378] slab_free_freelist_hook+0xbd/0x190
[ 53.512505][ T378] ? kfree_skbmem+0x104/0x170
[ 53.517199][ T378] kmem_cache_free+0x116/0x2e0
[ 53.521799][ T378] kfree_skbmem+0x104/0x170
[ 53.526143][ T378] consume_skb+0xb4/0x250
[ 53.530305][ T378] __sk_msg_free+0x2dd/0x370
[ 53.534834][ T378] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 53.540916][ T378] sk_psock_stop+0x44c/0x4d0
[ 53.545336][ T378] sk_psock_drop+0x219/0x310
[ 53.549853][ T378] sock_map_unref+0x48f/0x4d0
[ 53.554360][ T378] ? __local_bh_enable_ip+0x58/0x80
[ 53.559392][ T378] ? _raw_spin_unlock_bh+0x51/0x60
[ 53.564344][ T378] sock_map_remove_links+0x41c/0x650
[ 53.569552][ T378] ? __kasan_record_aux_stack+0xd3/0xf0
[ 53.575105][ T378] ? kasan_record_aux_stack+0xe/0x10
[ 53.580221][ T378] ? task_work_add+0x27/0x1d0
[ 53.584786][ T378] ? sock_map_unhash+0x120/0x120
[ 53.589513][ T378] ? x64_sys_call+0x3d/0x9a0
[ 53.593937][ T378] ? locks_remove_posix+0x610/0x610
[ 53.598971][ T378] sock_map_close+0x114/0x530
[ 53.603485][ T378] ? unix_peer_get+0xe0/0xe0
[ 53.607910][ T378] ? sock_map_remove_links+0x650/0x650
[ 53.613204][ T378] ? rwsem_mark_wake+0x770/0x770
[ 53.617979][ T378] unix_release+0x82/0xc0
[ 53.622145][ T378] sock_close+0xdf/0x270
[ 53.626224][ T378] ? sock_mmap+0xa0/0xa0
[ 53.630315][ T378] __fput+0x228/0x8c0
[ 53.634124][ T378] ____fput+0x15/0x20
[ 53.637941][ T378] task_work_run+0x129/0x190
[ 53.642368][ T378] exit_to_user_mode_loop+0xc4/0xe0
[ 53.647401][ T378] exit_to_user_mode_prepare+0x5a/0xa0
[ 53.652753][ T378] syscall_exit_to_user_mode+0x26/0x160
[ 53.658084][ T378] do_syscall_64+0x47/0xb0
[ 53.662337][ T378] ? clear_bhb_loop+0x35/0x90
[ 53.666842][ T378] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 53.672570][ T378] RIP: 0033:0x7f8bc39659da
[ 53.676824][ T378] Code: 48 3d 00 f0 ff ff 77 48 c3 0f 1f 80 00 00 00 00 48 83 ec 18 89 7c 24 0c e8 03 7f 02 00 8b 7c 24 0c 89 c2 b8 03 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 36 89 d7 89 44 24 0c e8 63 7f 02 00 8b 44 24
[ 53.696358][ T378] RSP: 002b:00007fffcedcf360 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[ 53.704597][ T378] RAX: 0000000000000000 RBX: 0000000000000004 RCX: 00007f8bc39659da
[ 53.712410][ T378] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003
[ 53.720226][ T378] RBP: 00007f8bc3a87980 R08: 0000001b31d60000 R09: 00007fffcedd80b0
[ 53.728030][ T378] R10: 0000000000000000 R11: 0000000000000293 R12: 000000000000d278
[ 53.735937][ T378] R13: ffffffffffffffff R14: 00007f8bc34ea000 R15: 000000000000cf37
[ 53.743744][ T378]
[ 53.746611][ T378]
[ 53.748776][ T378] Allocated by task 379:
[ 53.752864][ T378] __kasan_slab_alloc+0xb1/0xe0
[ 53.757539][ T378] slab_post_alloc_hook+0x53/0x2c0
[ 53.762488][ T378] kmem_cache_alloc+0xf5/0x200
[ 53.767089][ T378] skb_clone+0x1d1/0x360
[ 53.771174][ T378] sk_psock_verdict_recv+0x53/0x840
[ 53.776197][ T378] unix_read_sock+0x132/0x370
[ 53.780720][ T378] sk_psock_verdict_data_ready+0x147/0x1a0
[ 53.786356][ T378] unix_dgram_sendmsg+0x15fa/0x2090
[ 53.791398][ T378] ____sys_sendmsg+0x59e/0x8f0
[ 53.795991][ T378] ___sys_sendmsg+0x252/0x2e0
[ 53.800501][ T378] __sys_sendmmsg+0x2bf/0x530
[ 53.805013][ T378] __x64_sys_sendmmsg+0xa0/0xb0
[ 53.809703][ T378] x64_sys_call+0x81d/0x9a0
[ 53.814063][ T378] do_syscall_64+0x3b/0xb0
[ 53.818295][ T378] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 53.824022][ T378]
[ 53.826188][ T378] Freed by task 20:
[ 53.829844][ T378] kasan_set_track+0x4b/0x70
[ 53.834263][ T378] kasan_set_free_info+0x23/0x40
[ 53.839039][ T378] ____kasan_slab_free+0x126/0x160
[ 53.843989][ T378] __kasan_slab_free+0x11/0x20
[ 53.848585][ T378] slab_free_freelist_hook+0xbd/0x190
[ 53.853792][ T378] kmem_cache_free+0x116/0x2e0
[ 53.858394][ T378] kfree_skbmem+0x104/0x170
[ 53.862738][ T378] kfree_skb+0xc2/0x360
[ 53.866725][ T378] sk_psock_backlog+0xc21/0xd90
[ 53.871413][ T378] process_one_work+0x6bb/0xc10
[ 53.876102][ T378] worker_thread+0xad5/0x12a0
[ 53.880715][ T378] kthread+0x421/0x510
[ 53.884615][ T378] ret_from_fork+0x1f/0x30
[ 53.888869][ T378]
[ 53.891041][ T378] The buggy address belongs to the object at ffff888121f86c80
[ 53.891041][ T378] which belongs to the cache skbuff_head_cache of size 248
[ 53.905449][ T378] The buggy address is located 0 bytes inside of
[ 53.905449][ T378] 248-byte region [ffff888121f86c80, ffff888121f86d78)
[ 53.918474][ T378] The buggy address belongs to the page:
[ 53.923936][ T378] page:ffffea000487e180 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x121f86
[ 53.934293][ T378] flags: 0x4000000000000200(slab|zone=1)
[ 53.939767][ T378] raw: 4000000000000200 0000000000000000 dead000000000122 ffff8881081ab200
[ 53.948182][ T378] raw: 0000000000000000 00000000000c000c 00000001ffffffff 0000000000000000
[ 53.956597][ T378] page dumped because: kasan: bad access detected
[ 53.962845][ T378] page_owner tracks the page as allocated
[ 53.968710][ T378] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x112cc0(GFP_USER|__GFP_NOWARN|__GFP_NORETRY), pid 90, ts 53041656706, free_ts 51916492604
[ 53.984298][ T378] post_alloc_hook+0x1a3/0x1b0
[ 53.988901][ T378] prep_new_page+0x1b/0x110
[ 53.993244][ T378] get_page_from_freelist+0x3550/0x35d0
[ 53.998618][ T378] __alloc_pages+0x27e/0x8f0
[ 54.003043][ T378] new_slab+0x9a/0x4e0
[ 54.006951][ T378] ___slab_alloc+0x39e/0x830
[ 54.011375][ T378] __slab_alloc+0x4a/0x90
[ 54.015629][ T378] kmem_cache_alloc+0x134/0x200
[ 54.020313][ T378] __alloc_skb+0xbe/0x550
[ 54.024579][ T378] alloc_skb_with_frags+0xa6/0x680
[ 54.029522][ T378] sock_alloc_send_pskb+0x915/0xa50
[ 54.034579][ T378] unix_dgram_sendmsg+0x6fd/0x2090
[ 54.039494][ T378] __sys_sendto+0x564/0x720
[ 54.043845][ T378] __x64_sys_sendto+0xe5/0x100
[ 54.048436][ T378] x64_sys_call+0x15c/0x9a0
[ 54.052785][ T378] do_syscall_64+0x3b/0xb0
[ 54.057036][ T378] page last free stack trace:
[ 54.061541][ T378] free_unref_page_prepare+0x7c8/0x7d0
[ 54.066843][ T378] free_unref_page_list+0x14b/0xa60
[ 54.071932][ T378] release_pages+0x1310/0x1370
[ 54.076469][ T378] free_pages_and_swap_cache+0x8a/0xa0
[ 54.081764][ T378] tlb_finish_mmu+0x177/0x320
[ 54.086276][ T378] exit_mmap+0x40d/0x940
[ 54.090354][ T378] __mmput+0x95/0x310
[ 54.094222][ T378] mmput+0x5b/0x170
[ 54.097819][ T378] do_exit+0xb9c/0x2ca0
[ 54.101811][ T378] do_group_exit+0x141/0x310
[ 54.106242][ T378] get_signal+0x7a3/0x1630
[ 54.110499][ T378] arch_do_signal_or_restart+0xbd/0x1680
[ 54.115960][ T378] exit_to_user_mode_loop+0xa0/0xe0
[ 54.120993][ T378] exit_to_user_mode_prepare+0x5a/0xa0
[ 54.126288][ T378] syscall_exit_to_user_mode+0x26/0x160
[ 54.131669][ T378] do_syscall_64+0x47/0xb0
[ 54.135922][ T378]
[ 54.138194][ T378] Memory state around the buggy address:
[ 54.143678][ T378] ffff888121f86b80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 54.151685][ T378] ffff888121f86c00: fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc fc
[ 54.159666][ T378] >ffff888121f86c80: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 54.167552][ T378] ^
[ 54.171458][ T378] ffff888121f86d00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fc
[ 54.179443][ T378] ffff888121f86d80: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
[ 54.187523][ T378] ==================================================================
[ 54.206245][ T382] FAULT_INJECTION: forcing a failure.
[ 54.206245][ T382] name failslab, interval 1, probability 0, space 0, times 0
[ 54.218728][ T382] CPU: 0 PID: 382 Comm: syz-executor.0 Tainted: G B 5.15.170-syzkaller-1076701-g1f9202a6d83b #0
[ 54.230207][ T382] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[ 54.240123][ T382] Call Trace:
[ 54.243227][ T382]
[ 54.246019][ T382] dump_stack_lvl+0x151/0x1c0
[ 54.250522][ T382] ? io_uring_drop_tctx_refs+0x190/0x190
[ 54.256198][ T382] dump_stack+0x15/0x20
[ 54.260198][ T382] should_fail+0x3c6/0x510
[ 54.264428][ T382] __should_failslab+0xa4/0xe0
[ 54.269030][ T382] should_failslab+0x9/0x20
[ 54.273370][ T382] slab_pre_alloc_hook+0x37/0xd0
[ 54.278142][ T382] kmem_cache_alloc_trace+0x48/0x210
[ 54.283263][ T382] ? sk_psock_skb_ingress_self+0x60/0x330
[ 54.288820][ T382] ? migrate_disable+0x190/0x190
[ 54.293593][ T382] sk_psock_skb_ingress_self+0x60/0x330
[ 54.299064][ T382] sk_psock_verdict_recv+0x66d/0x840
[ 54.304181][ T382] unix_read_sock+0x132/0x370
[ 54.308698][ T382] ? sk_psock_skb_redirect+0x440/0x440
[ 54.313983][ T382] ? unix_stream_splice_actor+0x120/0x120
[ 54.319540][ T382] ? _raw_spin_lock_irqsave+0xf9/0x210
[ 54.325011][ T382] ? unix_stream_splice_actor+0x120/0x120
[ 54.330561][ T382] sk_psock_verdict_data_ready+0x147/0x1a0
[ 54.336204][ T382] ? sk_psock_start_verdict+0xc0/0xc0
[ 54.341625][ T382] ? _raw_spin_lock+0xa4/0x1b0
[ 54.346226][ T382] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 54.351863][ T382] ? skb_queue_tail+0xfb/0x120
[ 54.356478][ T382] unix_dgram_sendmsg+0x15fa/0x2090
[ 54.361501][ T382] ? unix_dgram_poll+0x690/0x690
[ 54.366370][ T382] ? __kasan_check_write+0x14/0x20
[ 54.371437][ T382] ? __cpuidle_text_end+0x2/0x2
[ 54.376113][ T382] ? cgroup_rstat_updated+0xe5/0x370
[ 54.381234][ T382] ? security_socket_sendmsg+0x82/0xb0
[ 54.386547][ T382] ? unix_dgram_poll+0x690/0x690
[ 54.391417][ T382] ____sys_sendmsg+0x59e/0x8f0
[ 54.395989][ T382] ? __sys_sendmsg_sock+0x40/0x40
[ 54.401012][ T382] ? import_iovec+0xe5/0x120
[ 54.405401][ T382] ___sys_sendmsg+0x252/0x2e0
[ 54.409918][ T382] ? __sys_sendmsg+0x260/0x260
[ 54.414699][ T382] ? __kasan_check_write+0x14/0x20
[ 54.419639][ T382] ? proc_fail_nth_write+0x20b/0x290
[ 54.424774][ T382] ? __fdget+0x1bc/0x240
[ 54.428923][ T382] __sys_sendmmsg+0x2bf/0x530
[ 54.433445][ T382] ? __ia32_sys_sendmsg+0x90/0x90
[ 54.438419][ T382] ? mutex_unlock+0xb2/0x260
[ 54.442881][ T382] ? __kasan_check_write+0x14/0x20
[ 54.448181][ T382] ? __ia32_sys_read+0x90/0x90
[ 54.452781][ T382] ? debug_smp_processor_id+0x17/0x20
[ 54.457992][ T382] ? fpregs_assert_state_consistent+0xb6/0xe0
[ 54.463896][ T382] __x64_sys_sendmmsg+0xa0/0xb0
[ 54.468577][ T382] x64_sys_call+0x81d/0x9a0
[ 54.472916][ T382] do_syscall_64+0x3b/0xb0
[ 54.477166][ T382] ? clear_bhb_loop+0x35/0x90
[ 54.481678][ T382] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 54.487405][ T382] RIP: 0033:0x7f8bc3966ae9
[ 54.491658][ T382] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[ 54.511217][ T382] RSP: 002b:00007f8bc34e90c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 54.519459][ T382] RAX: ffffffffffffffda RBX: 00007f8bc3a85f80 RCX: 00007f8bc3966ae9
[ 54.527273][ T382] RDX: 0000000000000001 RSI: 00000000200063c0 RDI: 0000000000000003
[ 54.535287][ T382] RBP: 00007f8bc34e9120 R08: 0000000000000000 R09: 0000000000000000
[ 54.543087][ T382] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 54.551101][ T382] R13: 000000000000000b R14: 00007f8bc3a85f80 R15: 00007fffcedcf298
[ 54.558903][ T382]
[ 54.563184][ T381] ==================================================================
[ 54.571063][ T381] BUG: KASAN: double-free or invalid-free in kmem_cache_free+0x116/0x2e0
[ 54.579396][ T381]
[ 54.581564][ T381] CPU: 0 PID: 381 Comm: syz-executor.0 Tainted: G B 5.15.170-syzkaller-1076701-g1f9202a6d83b #0
[ 54.593115][ T381] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[ 54.603030][ T381] Call Trace:
[ 54.606135][ T381]
[ 54.608905][ T381] dump_stack_lvl+0x151/0x1c0
[ 54.613421][ T381] ? io_uring_drop_tctx_refs+0x190/0x190
[ 54.618883][ T381] ? __wake_up_klogd+0xd5/0x110
[ 54.623578][ T381] ? panic+0x760/0x760
[ 54.627478][ T381] ? kmem_cache_free+0x116/0x2e0
[ 54.632352][ T381] print_address_description+0x87/0x3b0
[ 54.637729][ T381] ? kmem_cache_free+0x116/0x2e0
[ 54.642507][ T381] ? kmem_cache_free+0x116/0x2e0
[ 54.647273][ T381] kasan_report_invalid_free+0x6b/0xa0
[ 54.652579][ T381] ____kasan_slab_free+0x13e/0x160
[ 54.657517][ T381] __kasan_slab_free+0x11/0x20
[ 54.662119][ T381] slab_free_freelist_hook+0xbd/0x190
[ 54.667330][ T381] ? kfree_skbmem+0x104/0x170
[ 54.671933][ T381] kmem_cache_free+0x116/0x2e0
[ 54.676525][ T381] kfree_skbmem+0x104/0x170
[ 54.680868][ T381] consume_skb+0xb4/0x250
[ 54.685039][ T381] __sk_msg_free+0x2dd/0x370
[ 54.689458][ T381] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 54.695108][ T381] sk_psock_stop+0x44c/0x4d0
[ 54.699530][ T381] sk_psock_drop+0x219/0x310
[ 54.703960][ T381] sock_map_unref+0x48f/0x4d0
[ 54.708466][ T381] ? __local_bh_enable_ip+0x58/0x80
[ 54.713498][ T381] ? _raw_spin_unlock_bh+0x51/0x60
[ 54.718449][ T381] sock_map_remove_links+0x41c/0x650
[ 54.723573][ T381] ? __kasan_record_aux_stack+0xd3/0xf0
[ 54.728947][ T381] ? kasan_record_aux_stack+0xe/0x10
[ 54.734068][ T381] ? task_work_add+0x27/0x1d0
[ 54.738581][ T381] ? sock_map_unhash+0x120/0x120
[ 54.743354][ T381] ? x64_sys_call+0x3d/0x9a0
[ 54.747781][ T381] ? locks_remove_posix+0x610/0x610
[ 54.752817][ T381] sock_map_close+0x114/0x530
[ 54.757328][ T381] ? unix_peer_get+0xe0/0xe0
[ 54.761765][ T381] ? sock_map_remove_links+0x650/0x650
[ 54.767052][ T381] ? rwsem_mark_wake+0x770/0x770
[ 54.771826][ T381] unix_release+0x82/0xc0
[ 54.775996][ T381] sock_close+0xdf/0x270
[ 54.780070][ T381] ? sock_mmap+0xa0/0xa0
[ 54.784145][ T381] __fput+0x228/0x8c0
[ 54.787978][ T381] ____fput+0x15/0x20
[ 54.791795][ T381] task_work_run+0x129/0x190
[ 54.796213][ T381] exit_to_user_mode_loop+0xc4/0xe0
[ 54.801364][ T381] exit_to_user_mode_prepare+0x5a/0xa0
[ 54.806655][ T381] syscall_exit_to_user_mode+0x26/0x160
[ 54.812038][ T381] do_syscall_64+0x47/0xb0
[ 54.816292][ T381] ? clear_bhb_loop+0x35/0x90
[ 54.820815][ T381] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 54.826530][ T381] RIP: 0033:0x7f8bc39659da
[ 54.830783][ T381] Code: 48 3d 00 f0 ff ff 77 48 c3 0f 1f 80 00 00 00 00 48 83 ec 18 89 7c 24 0c e8 03 7f 02 00 8b 7c 24 0c 89 c2 b8 03 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 36 89 d7 89 44 24 0c e8 63 7f 02 00 8b 44 24
[ 54.850227][ T381] RSP: 002b:00007fffcedcf360 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[ 54.858468][ T381] RAX: 0000000000000000 RBX: 0000000000000004 RCX: 00007f8bc39659da
[ 54.866294][ T381] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003
[ 54.874182][ T381] RBP: 00007f8bc3a87980 R08: 0000001b31d60000 R09: 00007fffcedd80b0
[ 54.882027][ T381] R10: 0000000000000000 R11: 0000000000000293 R12: 000000000000d6fb
[ 54.889832][ T381] R13: ffffffffffffffff R14: 00007f8bc34ea000 R15: 000000000000d3ba
[ 54.897618][ T381]
[ 54.900506][ T381]
[ 54.902647][ T381] Allocated by task 382:
[ 54.906774][ T381] __kasan_slab_alloc+0xb1/0xe0
[ 54.911416][ T381] slab_post_alloc_hook+0x53/0x2c0
[ 54.916359][ T381] kmem_cache_alloc+0xf5/0x200
[ 54.920965][ T381] skb_clone+0x1d1/0x360
[ 54.925178][ T381] sk_psock_verdict_recv+0x53/0x840
[ 54.930184][ T381] unix_read_sock+0x132/0x370
[ 54.934700][ T381] sk_psock_verdict_data_ready+0x147/0x1a0
[ 54.940460][ T381] unix_dgram_sendmsg+0x15fa/0x2090
[ 54.945493][ T381] ____sys_sendmsg+0x59e/0x8f0
[ 54.950114][ T381] ___sys_sendmsg+0x252/0x2e0
[ 54.954625][ T381] __sys_sendmmsg+0x2bf/0x530
[ 54.959118][ T381] __x64_sys_sendmmsg+0xa0/0xb0
[ 54.963889][ T381] x64_sys_call+0x81d/0x9a0
[ 54.968234][ T381] do_syscall_64+0x3b/0xb0
[ 54.972485][ T381] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 54.978299][ T381]
[ 54.980471][ T381] Freed by task 20:
[ 54.984124][ T381] kasan_set_track+0x4b/0x70
[ 54.988562][ T381] kasan_set_free_info+0x23/0x40
[ 54.993312][ T381] ____kasan_slab_free+0x126/0x160
[ 54.998408][ T381] __kasan_slab_free+0x11/0x20
[ 55.003240][ T381] slab_free_freelist_hook+0xbd/0x190
[ 55.008446][ T381] kmem_cache_free+0x116/0x2e0
[ 55.013048][ T381] kfree_skbmem+0x104/0x170
[ 55.017506][ T381] kfree_skb+0xc2/0x360
[ 55.021493][ T381] sk_psock_backlog+0xc21/0xd90
[ 55.026183][ T381] process_one_work+0x6bb/0xc10
[ 55.030890][ T381] worker_thread+0xad5/0x12a0
[ 55.035469][ T381] kthread+0x421/0x510
[ 55.039384][ T381] ret_from_fork+0x1f/0x30
[ 55.043632][ T381]
[ 55.045800][ T381] The buggy address belongs to the object at ffff888120683a00
[ 55.045800][ T381] which belongs to the cache skbuff_head_cache of size 248
[ 55.060293][ T381] The buggy address is located 0 bytes inside of
[ 55.060293][ T381] 248-byte region [ffff888120683a00, ffff888120683af8)
[ 55.073228][ T381] The buggy address belongs to the page:
[ 55.078694][ T381] page:ffffea000481a0c0 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x120683
[ 55.088792][ T381] flags: 0x4000000000000200(slab|zone=1)
[ 55.094241][ T381] raw: 4000000000000200 0000000000000000 dead000000000122 ffff8881081ab200
[ 55.102858][ T381] raw: 0000000000000000 00000000800c000c 00000001ffffffff 0000000000000000
[ 55.111270][ T381] page dumped because: kasan: bad access detected
[ 55.117524][ T381] page_owner tracks the page as allocated
[ 55.123101][ T381] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x112cc0(GFP_USER|__GFP_NOWARN|__GFP_NORETRY), pid 380, ts 54197923122, free_ts 53050448694
[ 55.138788][ T381] post_alloc_hook+0x1a3/0x1b0
[ 55.143390][ T381] prep_new_page+0x1b/0x110
[ 55.147719][ T381] get_page_from_freelist+0x3550/0x35d0
[ 55.153189][ T381] __alloc_pages+0x27e/0x8f0
[ 55.157630][ T381] new_slab+0x9a/0x4e0
[ 55.161693][ T381] ___slab_alloc+0x39e/0x830
[ 55.166119][ T381] __slab_alloc+0x4a/0x90
[ 55.170289][ T381] kmem_cache_alloc+0x134/0x200
[ 55.175025][ T381] __alloc_skb+0xbe/0x550
[ 55.179139][ T381] alloc_skb_with_frags+0xa6/0x680
[ 55.184111][ T381] sock_alloc_send_pskb+0x915/0xa50
[ 55.189132][ T381] unix_dgram_sendmsg+0x6fd/0x2090
[ 55.194072][ T381] __sys_sendto+0x564/0x720
[ 55.198408][ T381] __x64_sys_sendto+0xe5/0x100
[ 55.203010][ T381] x64_sys_call+0x15c/0x9a0
[ 55.207346][ T381] do_syscall_64+0x3b/0xb0
[ 55.211601][ T381] page last free stack trace:
[ 55.216113][ T381] free_unref_page_prepare+0x7c8/0x7d0
[ 55.221493][ T381] free_unref_page+0xe8/0x750
[ 55.226011][ T381] __free_pages+0x61/0xf0
[ 55.230175][ T381] __vunmap+0x7bc/0x8f0
[ 55.234171][ T381] vfree+0x7f/0xb0
[ 55.237730][ T381] bpf_patch_insn_data+0x7f0/0xde0
[ 55.242682][ T381] bpf_check+0x6653/0x12bf0
[ 55.247016][ T381] bpf_prog_load+0x12ac/0x1b50
[ 55.251620][ T381] __sys_bpf+0x4bc/0x760
[ 55.255863][ T381] __x64_sys_bpf+0x7c/0x90
[ 55.260117][ T381] x64_sys_call+0x87f/0x9a0
[ 55.264453][ T381] do_syscall_64+0x3b/0xb0
[ 55.268715][ T381] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 55.274444][ T381]
[ 55.276701][ T381] Memory state around the buggy address:
[ 55.282182][ T381] ffff888120683900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 55.290079][ T381] ffff888120683980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 55.298065][ T381] >ffff888120683a00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 55.305953][ T381] ^
[ 55.309863][ T381] ffff888120683a80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fc
[ 55.317762][ T381] ffff888120683b00: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
[ 55.325653][ T381] ==================================================================
[ 55.347550][ T385] FAULT_INJECTION: forcing a failure.
[ 55.347550][ T385] name failslab, interval 1, probability 0, space 0, times 0
[ 55.360016][ T385] CPU: 0 PID: 385 Comm: syz-executor.0 Tainted: G B 5.15.170-syzkaller-1076701-g1f9202a6d83b #0
[ 55.371509][ T385] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[ 55.381401][ T385] Call Trace:
[ 55.384528][ T385]
[ 55.387310][ T385] dump_stack_lvl+0x151/0x1c0
[ 55.391816][ T385] ? io_uring_drop_tctx_refs+0x190/0x190
[ 55.397292][ T385] dump_stack+0x15/0x20
[ 55.401274][ T385] should_fail+0x3c6/0x510
[ 55.405533][ T385] __should_failslab+0xa4/0xe0
[ 55.410130][ T385] should_failslab+0x9/0x20
[ 55.414474][ T385] slab_pre_alloc_hook+0x37/0xd0
[ 55.419248][ T385] kmem_cache_alloc_trace+0x48/0x210
[ 55.424466][ T385] ? sk_psock_skb_ingress_self+0x60/0x330
[ 55.430020][ T385] ? migrate_disable+0x190/0x190
[ 55.434795][ T385] sk_psock_skb_ingress_self+0x60/0x330
[ 55.440177][ T385] sk_psock_verdict_recv+0x66d/0x840
[ 55.445294][ T385] unix_read_sock+0x132/0x370
[ 55.449822][ T385] ? sk_psock_skb_redirect+0x440/0x440
[ 55.455104][ T385] ? unix_stream_splice_actor+0x120/0x120
[ 55.460653][ T385] ? _raw_spin_lock_irqsave+0xf9/0x210
[ 55.465955][ T385] ? unix_stream_splice_actor+0x120/0x120
[ 55.471506][ T385] sk_psock_verdict_data_ready+0x147/0x1a0
[ 55.477157][ T385] ? sk_psock_start_verdict+0xc0/0xc0
[ 55.482351][ T385] ? _raw_spin_lock+0xa4/0x1b0
[ 55.486952][ T385] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 55.492599][ T385] ? skb_queue_tail+0xfb/0x120
[ 55.497194][ T385] unix_dgram_sendmsg+0x15fa/0x2090
[ 55.502232][ T385] ? unix_dgram_poll+0x690/0x690
[ 55.507000][ T385] ? __kasan_check_write+0x14/0x20
[ 55.511961][ T385] ? __cpuidle_text_end+0x2/0x2
[ 55.516636][ T385] ? cgroup_rstat_updated+0xe5/0x370
[ 55.521767][ T385] ? security_socket_sendmsg+0x82/0xb0
[ 55.527187][ T385] ? unix_dgram_poll+0x690/0x690
[ 55.532065][ T385] ____sys_sendmsg+0x59e/0x8f0
[ 55.536671][ T385] ? __sys_sendmsg_sock+0x40/0x40
[ 55.541523][ T385] ? import_iovec+0xe5/0x120
[ 55.545924][ T385] ___sys_sendmsg+0x252/0x2e0
[ 55.550445][ T385] ? __sys_sendmsg+0x260/0x260
[ 55.555040][ T385] ? __kasan_check_write+0x14/0x20
[ 55.559983][ T385] ? proc_fail_nth_write+0x20b/0x290
[ 55.565352][ T385] ? __fdget+0x1bc/0x240
[ 55.569428][ T385] __sys_sendmmsg+0x2bf/0x530
[ 55.573948][ T385] ? __ia32_sys_sendmsg+0x90/0x90
[ 55.578807][ T385] ? mutex_unlock+0xb2/0x260
[ 55.583341][ T385] ? __kasan_check_write+0x14/0x20
[ 55.588396][ T385] ? __ia32_sys_read+0x90/0x90
[ 55.593003][ T385] ? debug_smp_processor_id+0x17/0x20
[ 55.598196][ T385] ? fpregs_assert_state_consistent+0xb6/0xe0
[ 55.604220][ T385] __x64_sys_sendmmsg+0xa0/0xb0
[ 55.608900][ T385] x64_sys_call+0x81d/0x9a0
[ 55.613239][ T385] do_syscall_64+0x3b/0xb0
[ 55.617488][ T385] ? clear_bhb_loop+0x35/0x90
[ 55.622005][ T385] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 55.627733][ T385] RIP: 0033:0x7f8bc3966ae9
[ 55.631987][ T385] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[ 55.651633][ T385] RSP: 002b:00007f8bc34e90c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 55.660044][ T385] RAX: ffffffffffffffda RBX: 00007f8bc3a85f80 RCX: 00007f8bc3966ae9
[ 55.668033][ T385] RDX: 0000000000000001 RSI: 00000000200063c0 RDI: 0000000000000003
[ 55.676198][ T385] RBP: 00007f8bc34e9120 R08: 0000000000000000 R09: 0000000000000000
[ 55.684008][ T385] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 55.691822][ T385] R13: 000000000000000b R14: 00007f8bc3a85f80 R15: 00007fffcedcf298
[ 55.699629][ T385]
[ 55.704053][ T384] ==================================================================
[ 55.711940][ T384] BUG: KASAN: double-free or invalid-free in kmem_cache_free+0x116/0x2e0
[ 55.720183][ T384]
[ 55.722437][ T384] CPU: 1 PID: 384 Comm: syz-executor.0 Tainted: G B 5.15.170-syzkaller-1076701-g1f9202a6d83b #0
[ 55.733979][ T384] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[ 55.743874][ T384] Call Trace:
[ 55.746994][ T384]
[ 55.749775][ T384] dump_stack_lvl+0x151/0x1c0
[ 55.754312][ T384] ? io_uring_drop_tctx_refs+0x190/0x190
[ 55.759848][ T384] ? __wake_up_klogd+0xd5/0x110
[ 55.764531][ T384] ? panic+0x760/0x760
[ 55.768440][ T384] ? kvm_sched_clock_read+0x18/0x40
[ 55.773473][ T384] ? kmem_cache_free+0x116/0x2e0
[ 55.778241][ T384] print_address_description+0x87/0x3b0
[ 55.783636][ T384] ? kmem_cache_free+0x116/0x2e0
[ 55.788424][ T384] ? kmem_cache_free+0x116/0x2e0
[ 55.793174][ T384] kasan_report_invalid_free+0x6b/0xa0
[ 55.798464][ T384] ____kasan_slab_free+0x13e/0x160
[ 55.803411][ T384] __kasan_slab_free+0x11/0x20
[ 55.808010][ T384] slab_free_freelist_hook+0xbd/0x190
[ 55.813220][ T384] ? kfree_skbmem+0x104/0x170
[ 55.817732][ T384] kmem_cache_free+0x116/0x2e0
[ 55.822337][ T384] kfree_skbmem+0x104/0x170
[ 55.826677][ T384] consume_skb+0xb4/0x250
[ 55.830834][ T384] __sk_msg_free+0x2dd/0x370
[ 55.835271][ T384] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 55.840920][ T384] sk_psock_stop+0x44c/0x4d0
[ 55.845334][ T384] sk_psock_drop+0x219/0x310
[ 55.849869][ T384] sock_map_unref+0x48f/0x4d0
[ 55.854374][ T384] ? __local_bh_enable_ip+0x58/0x80
[ 55.859415][ T384] ? _raw_spin_unlock_bh+0x51/0x60
[ 55.864356][ T384] sock_map_remove_links+0x41c/0x650
[ 55.869503][ T384] ? __kasan_record_aux_stack+0xd3/0xf0
[ 55.874949][ T384] ? kasan_record_aux_stack+0xe/0x10
[ 55.880061][ T384] ? task_work_add+0x27/0x1d0
[ 55.884578][ T384] ? sock_map_unhash+0x120/0x120
[ 55.889348][ T384] ? x64_sys_call+0x3d/0x9a0
[ 55.893777][ T384] ? locks_remove_posix+0x610/0x610
[ 55.898811][ T384] sock_map_close+0x114/0x530
[ 55.903335][ T384] ? unix_peer_get+0xe0/0xe0
[ 55.907749][ T384] ? sock_map_remove_links+0x650/0x650
[ 55.913042][ T384] ? rwsem_mark_wake+0x770/0x770
[ 55.917816][ T384] unix_release+0x82/0xc0
[ 55.921998][ T384] sock_close+0xdf/0x270
[ 55.926107][ T384] ? sock_mmap+0xa0/0xa0
[ 55.930238][ T384] __fput+0x228/0x8c0
[ 55.934140][ T384] ____fput+0x15/0x20
[ 55.937956][ T384] task_work_run+0x129/0x190
[ 55.942383][ T384] exit_to_user_mode_loop+0xc4/0xe0
[ 55.947419][ T384] exit_to_user_mode_prepare+0x5a/0xa0
[ 55.952708][ T384] syscall_exit_to_user_mode+0x26/0x160
[ 55.958093][ T384] do_syscall_64+0x47/0xb0
[ 55.962345][ T384] ? clear_bhb_loop+0x35/0x90
[ 55.966856][ T384] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 55.972671][ T384] RIP: 0033:0x7f8bc39659da
[ 55.976925][ T384] Code: 48 3d 00 f0 ff ff 77 48 c3 0f 1f 80 00 00 00 00 48 83 ec 18 89 7c 24 0c e8 03 7f 02 00 8b 7c 24 0c 89 c2 b8 03 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 36 89 d7 89 44 24 0c e8 63 7f 02 00 8b 44 24
[ 55.996378][ T384] RSP: 002b:00007fffcedcf360 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[ 56.004709][ T384] RAX: 0000000000000000 RBX: 0000000000000004 RCX: 00007f8bc39659da
[ 56.012515][ T384] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003
[ 56.020319][ T384] RBP: 00007f8bc3a87980 R08: 0000001b31d60000 R09: 00007fffcedd80b0
[ 56.028128][ T384] R10: 0000000000000000 R11: 0000000000000293 R12: 000000000000db70
[ 56.035953][ T384] R13: ffffffffffffffff R14: 00007f8bc34ea000 R15: 000000000000d82f
[ 56.043761][ T384]
[ 56.046624][ T384]
[ 56.048788][ T384] Allocated by task 385:
[ 56.052865][ T384] __kasan_slab_alloc+0xb1/0xe0
[ 56.057552][ T384] slab_post_alloc_hook+0x53/0x2c0
[ 56.062499][ T384] kmem_cache_alloc+0xf5/0x200
[ 56.067098][ T384] skb_clone+0x1d1/0x360
[ 56.071176][ T384] sk_psock_verdict_recv+0x53/0x840
[ 56.076209][ T384] unix_read_sock+0x132/0x370
[ 56.080811][ T384] sk_psock_verdict_data_ready+0x147/0x1a0
[ 56.086455][ T384] unix_dgram_sendmsg+0x15fa/0x2090
[ 56.091495][ T384] ____sys_sendmsg+0x59e/0x8f0
[ 56.096088][ T384] ___sys_sendmsg+0x252/0x2e0
[ 56.100600][ T384] __sys_sendmmsg+0x2bf/0x530
[ 56.105115][ T384] __x64_sys_sendmmsg+0xa0/0xb0
[ 56.109889][ T384] x64_sys_call+0x81d/0x9a0
[ 56.114227][ T384] do_syscall_64+0x3b/0xb0
[ 56.118486][ T384] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 56.124211][ T384]
[ 56.126378][ T384] Freed by task 6:
[ 56.129936][ T384] kasan_set_track+0x4b/0x70
[ 56.134362][ T384] kasan_set_free_info+0x23/0x40
[ 56.139136][ T384] ____kasan_slab_free+0x126/0x160
[ 56.144087][ T384] __kasan_slab_free+0x11/0x20
[ 56.148687][ T384] slab_free_freelist_hook+0xbd/0x190
[ 56.153898][ T384] kmem_cache_free+0x116/0x2e0
[ 56.158577][ T384] kfree_skbmem+0x104/0x170
[ 56.162925][ T384] kfree_skb+0xc2/0x360
[ 56.166909][ T384] sk_psock_backlog+0xc21/0xd90
[ 56.171595][ T384] process_one_work+0x6bb/0xc10
[ 56.176291][ T384] worker_thread+0xad5/0x12a0
[ 56.180805][ T384] kthread+0x421/0x510
[ 56.184702][ T384] ret_from_fork+0x1f/0x30
[ 56.188956][ T384]
[ 56.191134][ T384] The buggy address belongs to the object at ffff8881206838c0
[ 56.191134][ T384] which belongs to the cache skbuff_head_cache of size 248
[ 56.205534][ T384] The buggy address is located 0 bytes inside of
[ 56.205534][ T384] 248-byte region [ffff8881206838c0, ffff8881206839b8)
[ 56.218469][ T384] The buggy address belongs to the page:
[ 56.223936][ T384] page:ffffea000481a0c0 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x120683
[ 56.234007][ T384] flags: 0x4000000000000200(slab|zone=1)
[ 56.239503][ T384] raw: 4000000000000200 0000000000000000 dead000000000122 ffff8881081ab200
[ 56.247899][ T384] raw: 0000000000000000 00000000000c000c 00000001ffffffff 0000000000000000
[ 56.256391][ T384] page dumped because: kasan: bad access detected
[ 56.262642][ T384] page_owner tracks the page as allocated
[ 56.268195][ T384] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x112cc0(GFP_USER|__GFP_NOWARN|__GFP_NORETRY), pid 380, ts 54197923122, free_ts 53050448694
[ 56.283922][ T384] post_alloc_hook+0x1a3/0x1b0
[ 56.288531][ T384] prep_new_page+0x1b/0x110
[ 56.292931][ T384] get_page_from_freelist+0x3550/0x35d0
[ 56.298336][ T384] __alloc_pages+0x27e/0x8f0
[ 56.302740][ T384] new_slab+0x9a/0x4e0
[ 56.306646][ T384] ___slab_alloc+0x39e/0x830
[ 56.311070][ T384] __slab_alloc+0x4a/0x90
[ 56.315239][ T384] kmem_cache_alloc+0x134/0x200
[ 56.319924][ T384] __alloc_skb+0xbe/0x550
[ 56.324094][ T384] alloc_skb_with_frags+0xa6/0x680
[ 56.329036][ T384] sock_alloc_send_pskb+0x915/0xa50
[ 56.334071][ T384] unix_dgram_sendmsg+0x6fd/0x2090
[ 56.339020][ T384] __sys_sendto+0x564/0x720
[ 56.343358][ T384] __x64_sys_sendto+0xe5/0x100
[ 56.347957][ T384] x64_sys_call+0x15c/0x9a0
[ 56.352311][ T384] do_syscall_64+0x3b/0xb0
[ 56.356554][ T384] page last free stack trace:
[ 56.361070][ T384] free_unref_page_prepare+0x7c8/0x7d0
[ 56.366392][ T384] free_unref_page+0xe8/0x750
[ 56.370879][ T384] __free_pages+0x61/0xf0
[ 56.375038][ T384] __vunmap+0x7bc/0x8f0
[ 56.379035][ T384] vfree+0x7f/0xb0
[ 56.382591][ T384] bpf_patch_insn_data+0x7f0/0xde0
[ 56.387647][ T384] bpf_check+0x6653/0x12bf0
[ 56.391987][ T384] bpf_prog_load+0x12ac/0x1b50
[ 56.396581][ T384] __sys_bpf+0x4bc/0x760
[ 56.400688][ T384] __x64_sys_bpf+0x7c/0x90
[ 56.404923][ T384] x64_sys_call+0x87f/0x9a0
[ 56.409428][ T384] do_syscall_64+0x3b/0xb0
[ 56.413766][ T384] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 56.419499][ T384]
[ 56.421754][ T384] Memory state around the buggy address:
[ 56.427310][ T384] ffff888120683780: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 56.435210][ T384] ffff888120683800: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fc
[ 56.443109][ T384] >ffff888120683880: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
[ 56.450999][ T384] ^
[ 56.456990][ T384] ffff888120683900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 56.464899][ T384] ffff888120683980: fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc fc
[ 56.472787][ T384] ==================================================================
[ 56.493060][ T388] FAULT_INJECTION: forcing a failure.
[ 56.493060][ T388] name failslab, interval 1, probability 0, space 0, times 0
[ 56.505672][ T388] CPU: 0 PID: 388 Comm: syz-executor.0 Tainted: G B 5.15.170-syzkaller-1076701-g1f9202a6d83b #0
[ 56.517223][ T388] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[ 56.527109][ T388] Call Trace:
[ 56.530232][ T388]
[ 56.533009][ T388] dump_stack_lvl+0x151/0x1c0
[ 56.537527][ T388] ? io_uring_drop_tctx_refs+0x190/0x190
[ 56.542993][ T388] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 56.548633][ T388] ? __skb_try_recv_datagram+0x495/0x6a0
[ 56.554101][ T388] dump_stack+0x15/0x20
[ 56.558089][ T388] should_fail+0x3c6/0x510
[ 56.562475][ T388] __should_failslab+0xa4/0xe0
[ 56.567122][ T388] ? skb_clone+0x1d1/0x360
[ 56.571381][ T388] should_failslab+0x9/0x20
[ 56.575715][ T388] slab_pre_alloc_hook+0x37/0xd0
[ 56.580497][ T388] ? skb_clone+0x1d1/0x360
[ 56.584736][ T388] kmem_cache_alloc+0x44/0x200
[ 56.589337][ T388] skb_clone+0x1d1/0x360
[ 56.593445][ T388] sk_psock_verdict_recv+0x53/0x840
[ 56.598470][ T388] ? avc_has_perm_noaudit+0x430/0x430
[ 56.603661][ T388] ? mntput_no_expire+0xfc/0x6b0
[ 56.608540][ T388] unix_read_sock+0x132/0x370
[ 56.613053][ T388] ? sk_psock_skb_redirect+0x440/0x440
[ 56.618654][ T388] ? unix_stream_splice_actor+0x120/0x120
[ 56.624195][ T388] ? _raw_spin_lock_irqsave+0xf9/0x210
[ 56.629493][ T388] ? unix_stream_splice_actor+0x120/0x120
[ 56.635046][ T388] sk_psock_verdict_data_ready+0x147/0x1a0
[ 56.640688][ T388] ? sk_psock_start_verdict+0xc0/0xc0
[ 56.645902][ T388] ? _raw_spin_lock+0xa4/0x1b0
[ 56.650590][ T388] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 56.656220][ T388] ? skb_queue_tail+0xfb/0x120
[ 56.660911][ T388] unix_dgram_sendmsg+0x15fa/0x2090
[ 56.665953][ T388] ? unix_dgram_poll+0x690/0x690
[ 56.670713][ T388] ? __kasan_check_write+0x14/0x20
[ 56.675663][ T388] ? __cpuidle_text_end+0x2/0x2
[ 56.680347][ T388] ? cgroup_rstat_updated+0xe5/0x370
[ 56.685475][ T388] ? security_socket_sendmsg+0x82/0xb0
[ 56.690762][ T388] ? unix_dgram_poll+0x690/0x690
[ 56.695538][ T388] ____sys_sendmsg+0x59e/0x8f0
[ 56.700140][ T388] ? __sys_sendmsg_sock+0x40/0x40
[ 56.705003][ T388] ? import_iovec+0xe5/0x120
[ 56.709439][ T388] ___sys_sendmsg+0x252/0x2e0
[ 56.713942][ T388] ? __sys_sendmsg+0x260/0x260
[ 56.718540][ T388] ? __kasan_check_write+0x14/0x20
[ 56.723484][ T388] ? proc_fail_nth_write+0x20b/0x290
[ 56.728608][ T388] ? __fdget+0x1bc/0x240
[ 56.732689][ T388] __sys_sendmmsg+0x2bf/0x530
[ 56.737200][ T388] ? __ia32_sys_sendmsg+0x90/0x90
[ 56.742075][ T388] ? mutex_unlock+0xb2/0x260
[ 56.746509][ T388] ? __kasan_check_write+0x14/0x20
[ 56.751435][ T388] ? __ia32_sys_read+0x90/0x90
[ 56.756050][ T388] ? debug_smp_processor_id+0x17/0x20
[ 56.761285][ T388] ? fpregs_assert_state_consistent+0xb6/0xe0
[ 56.767169][ T388] __x64_sys_sendmmsg+0xa0/0xb0
[ 56.771839][ T388] x64_sys_call+0x81d/0x9a0
[ 56.776312][ T388] do_syscall_64+0x3b/0xb0
[ 56.780683][ T388] ? clear_bhb_loop+0x35/0x90
[ 56.785201][ T388] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 56.790920][ T388] RIP: 0033:0x7f8bc3966ae9
[ 56.795179][ T388] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[ 56.814705][ T388] RSP: 002b:00007f8bc34e90c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
2024/12/12 13:18:40 executed programs: 10
[ 56.822948][ T388] RAX: ffffffffffffffda RBX: 00007f8bc3a85f80 RCX: 00007f8bc3966ae9
[ 56.830757][ T388] RDX: 0000000000000001 RSI: 00000000200063c0 RDI: 0000000000000003
[ 56.838572][ T388] RBP: 00007f8bc34e9120 R08: 0000000000000000 R09: 0000000000000000
[ 56.846495][ T388] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 56.854295][ T388] R13: 000000000000000b R14: 00007f8bc3a85f80 R15: 00007fffcedcf298
[ 56.862127][ T388]
[ 56.876986][ T390] FAULT_INJECTION: forcing a failure.
[ 56.876986][ T390] name failslab, interval 1, probability 0, space 0, times 0
[ 56.889521][ T390] CPU: 1 PID: 390 Comm: syz-executor.0 Tainted: G B 5.15.170-syzkaller-1076701-g1f9202a6d83b #0
[ 56.901020][ T390] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[ 56.911016][ T390] Call Trace:
[ 56.914138][ T390]
[ 56.916917][ T390] dump_stack_lvl+0x151/0x1c0
[ 56.921431][ T390] ? io_uring_drop_tctx_refs+0x190/0x190
[ 56.926899][ T390] dump_stack+0x15/0x20
[ 56.930889][ T390] should_fail+0x3c6/0x510
[ 56.935143][ T390] __should_failslab+0xa4/0xe0
[ 56.939744][ T390] should_failslab+0x9/0x20
[ 56.944094][ T390] slab_pre_alloc_hook+0x37/0xd0
[ 56.948868][ T390] kmem_cache_alloc_trace+0x48/0x210
[ 56.953980][ T390] ? sk_psock_skb_ingress_self+0x60/0x330
[ 56.959532][ T390] ? migrate_disable+0x190/0x190
[ 56.964307][ T390] sk_psock_skb_ingress_self+0x60/0x330
[ 56.969786][ T390] sk_psock_verdict_recv+0x66d/0x840
[ 56.974896][ T390] unix_read_sock+0x132/0x370
[ 56.979409][ T390] ? sk_psock_skb_redirect+0x440/0x440
[ 56.984703][ T390] ? unix_stream_splice_actor+0x120/0x120
[ 56.990255][ T390] ? _raw_spin_lock_irqsave+0xf9/0x210
[ 56.995552][ T390] ? unix_stream_splice_actor+0x120/0x120
[ 57.001126][ T390] sk_psock_verdict_data_ready+0x147/0x1a0
[ 57.006752][ T390] ? sk_psock_start_verdict+0xc0/0xc0
[ 57.011955][ T390] ? _raw_spin_lock+0xa4/0x1b0
[ 57.016554][ T390] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 57.022195][ T390] ? skb_queue_tail+0xfb/0x120
[ 57.026801][ T390] unix_dgram_sendmsg+0x15fa/0x2090
[ 57.031840][ T390] ? unix_dgram_poll+0x690/0x690
[ 57.036603][ T390] ? __kasan_check_write+0x14/0x20
[ 57.041553][ T390] ? __cpuidle_text_end+0x2/0x2
[ 57.046322][ T390] ? cgroup_rstat_updated+0xe5/0x370
[ 57.051448][ T390] ? security_socket_sendmsg+0x82/0xb0
[ 57.056753][ T390] ? unix_dgram_poll+0x690/0x690
[ 57.061515][ T390] ____sys_sendmsg+0x59e/0x8f0
[ 57.066116][ T390] ? __sys_sendmsg_sock+0x40/0x40
[ 57.071003][ T390] ? import_iovec+0xe5/0x120
[ 57.075398][ T390] ___sys_sendmsg+0x252/0x2e0
[ 57.079917][ T390] ? __sys_sendmsg+0x260/0x260
[ 57.084516][ T390] ? __kasan_check_write+0x14/0x20
[ 57.089573][ T390] ? proc_fail_nth_write+0x20b/0x290
[ 57.094696][ T390] ? __fdget+0x1bc/0x240
[ 57.099034][ T390] __sys_sendmmsg+0x2bf/0x530
[ 57.103560][ T390] ? __ia32_sys_sendmsg+0x90/0x90
[ 57.108403][ T390] ? mutex_unlock+0xb2/0x260
[ 57.112926][ T390] ? __kasan_check_write+0x14/0x20
[ 57.117896][ T390] ? __ia32_sys_read+0x90/0x90
[ 57.122575][ T390] ? debug_smp_processor_id+0x17/0x20
[ 57.127785][ T390] ? fpregs_assert_state_consistent+0xb6/0xe0
[ 57.133681][ T390] __x64_sys_sendmmsg+0xa0/0xb0
[ 57.138375][ T390] x64_sys_call+0x81d/0x9a0
[ 57.142707][ T390] do_syscall_64+0x3b/0xb0
[ 57.146962][ T390] ? clear_bhb_loop+0x35/0x90
[ 57.151481][ T390] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 57.157384][ T390] RIP: 0033:0x7f8bc3966ae9
[ 57.161639][ T390] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[ 57.181121][ T390] RSP: 002b:00007f8bc34e90c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 57.189409][ T390] RAX: ffffffffffffffda RBX: 00007f8bc3a85f80 RCX: 00007f8bc3966ae9
[ 57.197571][ T390] RDX: 0000000000000001 RSI: 00000000200063c0 RDI: 0000000000000003
[ 57.205390][ T390] RBP: 00007f8bc34e9120 R08: 0000000000000000 R09: 0000000000000000
[ 57.213202][ T390] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 57.221015][ T390] R13: 000000000000000b R14: 00007f8bc3a85f80 R15: 00007fffcedcf298
[ 57.228822][ T390]
[ 57.232233][ T389] ==================================================================
[ 57.240113][ T389] BUG: KASAN: double-free or invalid-free in kmem_cache_free+0x116/0x2e0
[ 57.248353][ T389]
[ 57.250545][ T389] CPU: 0 PID: 389 Comm: syz-executor.0 Tainted: G B 5.15.170-syzkaller-1076701-g1f9202a6d83b #0
[ 57.262065][ T389] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[ 57.271961][ T389] Call Trace:
[ 57.275089][ T389]
[ 57.277869][ T389] dump_stack_lvl+0x151/0x1c0
[ 57.282375][ T389] ? io_uring_drop_tctx_refs+0x190/0x190
[ 57.287844][ T389] ? __wake_up_klogd+0xd5/0x110
[ 57.292531][ T389] ? panic+0x760/0x760
[ 57.296457][ T389] ? kmem_cache_free+0x116/0x2e0
[ 57.301213][ T389] print_address_description+0x87/0x3b0
[ 57.306596][ T389] ? kmem_cache_free+0x116/0x2e0
[ 57.311367][ T389] ? kmem_cache_free+0x116/0x2e0
[ 57.316142][ T389] kasan_report_invalid_free+0x6b/0xa0
[ 57.321438][ T389] ____kasan_slab_free+0x13e/0x160
[ 57.326383][ T389] __kasan_slab_free+0x11/0x20
[ 57.330983][ T389] slab_free_freelist_hook+0xbd/0x190
[ 57.336188][ T389] ? kfree_skbmem+0x104/0x170
[ 57.340701][ T389] kmem_cache_free+0x116/0x2e0
[ 57.345547][ T389] kfree_skbmem+0x104/0x170
[ 57.349818][ T389] consume_skb+0xb4/0x250
[ 57.354003][ T389] __sk_msg_free+0x2dd/0x370
[ 57.358411][ T389] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 57.364057][ T389] sk_psock_stop+0x44c/0x4d0
[ 57.368586][ T389] sk_psock_drop+0x219/0x310
[ 57.372990][ T389] sock_map_unref+0x48f/0x4d0
[ 57.377617][ T389] ? __local_bh_enable_ip+0x58/0x80
[ 57.382869][ T389] ? _raw_spin_unlock_bh+0x51/0x60
[ 57.387839][ T389] sock_map_remove_links+0x41c/0x650
[ 57.393106][ T389] ? __kasan_record_aux_stack+0xd3/0xf0
[ 57.398501][ T389] ? kasan_record_aux_stack+0xe/0x10
[ 57.403605][ T389] ? task_work_add+0x27/0x1d0
[ 57.408123][ T389] ? sock_map_unhash+0x120/0x120
[ 57.412893][ T389] ? x64_sys_call+0x3d/0x9a0
[ 57.417319][ T389] ? locks_remove_posix+0x610/0x610
[ 57.422355][ T389] sock_map_close+0x114/0x530
[ 57.426867][ T389] ? unix_peer_get+0xe0/0xe0
[ 57.431291][ T389] ? sock_map_remove_links+0x650/0x650
[ 57.436610][ T389] ? rwsem_mark_wake+0x770/0x770
[ 57.441448][ T389] unix_release+0x82/0xc0
[ 57.445650][ T389] sock_close+0xdf/0x270
[ 57.449821][ T389] ? sock_mmap+0xa0/0xa0
[ 57.453908][ T389] __fput+0x228/0x8c0
[ 57.457721][ T389] ____fput+0x15/0x20
[ 57.461528][ T389] task_work_run+0x129/0x190
[ 57.465956][ T389] exit_to_user_mode_loop+0xc4/0xe0
[ 57.470997][ T389] exit_to_user_mode_prepare+0x5a/0xa0
[ 57.476299][ T389] syscall_exit_to_user_mode+0x26/0x160
[ 57.481670][ T389] do_syscall_64+0x47/0xb0
[ 57.486038][ T389] ? clear_bhb_loop+0x35/0x90
[ 57.490539][ T389] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 57.496444][ T389] RIP: 0033:0x7f8bc39659da
[ 57.500786][ T389] Code: 48 3d 00 f0 ff ff 77 48 c3 0f 1f 80 00 00 00 00 48 83 ec 18 89 7c 24 0c e8 03 7f 02 00 8b 7c 24 0c 89 c2 b8 03 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 36 89 d7 89 44 24 0c e8 63 7f 02 00 8b 44 24
[ 57.520231][ T389] RSP: 002b:00007fffcedcf360 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[ 57.528462][ T389] RAX: 0000000000000000 RBX: 0000000000000004 RCX: 00007f8bc39659da
[ 57.536456][ T389] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003
[ 57.544269][ T389] RBP: 0000000000000032 R08: 0000001b31d60000 R09: 00007f8bc3a85f8c
[ 57.552204][ T389] R10: 00007fffcedcf4b0 R11: 0000000000000293 R12: 00007f8bc34eb0d0
[ 57.560023][ T389] R13: ffffffffffffffff R14: 00007f8bc34ea000 R15: 000000000000de28
[ 57.567830][ T389]
[ 57.570705][ T389]
[ 57.572968][ T389] Allocated by task 390:
[ 57.577070][ T389] __kasan_slab_alloc+0xb1/0xe0
[ 57.581734][ T389] slab_post_alloc_hook+0x53/0x2c0
[ 57.586686][ T389] kmem_cache_alloc+0xf5/0x200
[ 57.591385][ T389] skb_clone+0x1d1/0x360
[ 57.595466][ T389] sk_psock_verdict_recv+0x53/0x840
[ 57.600507][ T389] unix_read_sock+0x132/0x370
[ 57.605101][ T389] sk_psock_verdict_data_ready+0x147/0x1a0
[ 57.610744][ T389] unix_dgram_sendmsg+0x15fa/0x2090
[ 57.615777][ T389] ____sys_sendmsg+0x59e/0x8f0
[ 57.620376][ T389] ___sys_sendmsg+0x252/0x2e0
[ 57.624894][ T389] __sys_sendmmsg+0x2bf/0x530